################################################################ # ThreatFox IOCs: recent ip-port - CSV format # # Last updated: 2025-04-25 13:38:38 UTC # # # # Terms Of Use: https://threatfox.abuse.ch/faq/#tos # # For questions please contact threatfox [at] abuse.ch # ################################################################ # # "first_seen_utc","ioc_id","ioc_value","ioc_type","threat_type","fk_malware","malware_alias","malware_printable","last_seen_utc","confidence_level","reference","tags","anonymous","reporter" "2025-04-25 13:38:38", "1511419", "31.9.48.183:5555", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "50", "", "c2,njrat", "0", "juroots" "2025-04-25 13:25:21", "1511411", "3.112.192.119:443", "ip:port", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "50", "https://blogs.jpcert.or.jp/en/2025/04/dslogdrat.html", "c2,DslogdRAT", "0", "juroots" "2025-04-25 12:56:41", "1511403", "123.207.79.51:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-04-25 12:01:52", "1511401", "209.145.56.66:8443", "ip:port", "botnet_cc", "win.crimson", "SEEDOOR,Scarimson", "Crimson RAT", "", "100", "https://search.censys.io/hosts/209.145.56.66", "AS40021,C2,censys,Crimson,NL-811-40021,RAT", "0", "DonPasci" "2025-04-25 12:01:51", "1511400", "93.198.191.241:82", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://search.censys.io/hosts/93.198.191.241", "AS3320,C2,censys,DTAG,Netsupport,RAT", "0", "DonPasci" "2025-04-25 12:01:50", "1511399", "156.208.38.51:4445", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "https://search.censys.io/hosts/156.208.38.51", "AS8452,C2,censys,DcRAT,RAT,TE-AS", "0", "DonPasci" "2025-04-25 12:01:46", "1511398", "77.83.198.61:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "100", "https://search.censys.io/hosts/77.83.198.61", "AS59711,C2,censys,Havoc,HZ-EU-AS", "0", "DonPasci" "2025-04-25 12:01:41", "1511397", "139.99.25.131:8082", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "", "100", "https://search.censys.io/hosts/139.99.25.131", "AS16276,C2,censys,Hookbot,OVH", "0", "DonPasci" "2025-04-25 12:01:40", "1511396", "139.99.25.131:80", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "", "100", "https://search.censys.io/hosts/139.99.25.131", "AS16276,C2,censys,Hookbot,OVH", "0", "DonPasci" "2025-04-25 12:01:39", "1511394", "144.172.87.71:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/144.172.87.71", "AS14956,C2,censys,Mythic,ROUTERHOSTING", "0", "DonPasci" "2025-04-25 12:01:00", "1511393", "104.37.4.101:6002", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/104.37.4.101", "ACEHOSTONLINE,AS214059,C2,censys,RAT,Remcos", "0", "DonPasci" "2025-04-25 12:00:44", "1511392", "47.109.177.97:8082", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/47.109.177.97", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-04-25 12:00:43", "1511390", "194.102.104.25:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/194.102.104.25", "AS48753,AVAHOHST,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-04-25 12:00:43", "1511391", "149.104.30.130:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/149.104.30.130", "AS139659,C2,censys,CobaltStrike,cs-watermark-987654321,LUCID-AS-AP", "0", "DonPasci" "2025-04-25 12:00:42", "1511389", "116.198.229.197:9999", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/116.198.229.197", "AS137699,C2,censys,CHINATELECOM-JIANGSU-SUQIAN-IDC,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-04-25 10:45:19", "1511258", "149.210.66.4:443", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "", "50", "https://www.shodan.io/host/149.210.66.4#443", "c2,gh0st,shodan", "0", "juroots" "2025-04-25 10:45:17", "1511257", "45.114.60.209:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/45.114.60.209#31337", "c2,shodan,sliver", "0", "juroots" "2025-04-25 09:10:38", "1511254", "196.251.86.114:5050", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "75", "https://bazaar.abuse.ch/sample/3d1aa1b4d3e7d1f5c333fde0c188bb73ddcb2a6c07b50fce6dd84a735b37063d/", "XWorm", "0", "abuse_ch" "2025-04-25 09:09:24", "1511251", "172.111.163.162:2983", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://bazaar.abuse.ch/sample/b9aa64a363590b45a781f17b09f8ccb75727071281d26b4394d8174df1f87a53/", "AsyncRAT,RAT", "0", "abuse_ch" "2025-04-25 09:05:15", "1511249", "89.185.84.127:443", "ip:port", "botnet_cc", "win.metastealer", "None", "MetaStealer", "", "75", "https://bazaar.abuse.ch/sample/17ad6e2c8fb12b9c3d587cf7a4814bf6e20758589e82517420f196599c75f1ec/", "MetaStealer", "0", "abuse_ch" "2025-04-25 08:44:07", "1511241", "117.24.3.176:4506", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-04-25 08:43:02", "1511240", "1.161.124.86:443", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "", "75", "None", "drb-ra,Qakbot,Qbot,Quakbot", "0", "abuse_ch" "2025-04-25 08:27:24", "1511227", "154.81.179.131:9645", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "75", "https://bazaar.abuse.ch/sample/a19462aa4e4ef8ac23ee40366abae865b40501536c09c4efbb91c8418df1fd7a/", "Rhadamanthys", "0", "abuse_ch" "2025-04-25 08:24:59", "1511225", "193.161.193.99:29924", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "", "c2,xworm", "0", "juroots" "2025-04-25 08:24:59", "1511226", "147.185.221.27:58573", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "", "c2,xworm", "0", "juroots" "2025-04-25 08:22:59", "1511190", "194.87.232.26:443", "ip:port", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "None", "SocGholish", "0", "threatcat_ch" "2025-04-25 08:22:28", "1511216", "62.60.226.139:30303", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots" "2025-04-25 08:22:28", "1511217", "62.60.226.139:30304", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots" "2025-04-25 08:22:28", "1511218", "62.60.226.139:30305", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots" "2025-04-25 08:21:52", "1511213", "80.64.16.35:1912", "ip:port", "botnet_cc", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "50", "", "c2,redline", "0", "juroots" "2025-04-25 08:21:17", "1511208", "147.185.221.27:54782", "ip:port", "botnet_cc", "win.orcus_rat", "Schnorchel", "Orcus RAT", "", "50", "", "c2,orcus", "0", "juroots" "2025-04-25 08:18:45", "1511201", "114.66.58.133:8995", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-04-25 08:13:07", "1511196", "177.234.144.240:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://www.shodan.io/host/177.234.144.240#3333", "c2,gophish,phishing,shodan", "0", "juroots" "2025-04-25 08:12:49", "1511195", "54.70.105.247:11065", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://www.shodan.io/host/54.70.105.247#11065", "c2,netbus,shodan", "0", "juroots" "2025-04-25 08:12:34", "1511194", "13.232.77.18:427", "ip:port", "botnet_cc", "win.blackshades", "None", "BlackShades", "", "50", "https://www.shodan.io/host/13.232.77.18#427", "blackshades,c2,shodan", "0", "juroots" "2025-04-25 08:12:18", "1511193", "105.197.154.83:1177", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "50", "https://www.shodan.io/host/105.197.154.83#1177", "c2,njrat,shodan", "0", "juroots" "2025-04-25 08:12:06", "1511192", "196.251.84.27:443", "ip:port", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "50", "https://www.shodan.io/host/196.251.84.27#443", "c2,nanocore,shodan", "0", "juroots" "2025-04-25 08:11:50", "1511191", "95.182.122.252:80", "ip:port", "botnet_cc", "win.poshc2", "None", "PoshC2", "", "50", "https://www.shodan.io/host/95.182.122.252#80", "c2,posh,shodan", "0", "juroots" "2025-04-25 08:11:15", "1511189", "60.17.15.218:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://www.shodan.io/host/60.17.15.218#7443", "c2,covenant,shodan", "0", "juroots" "2025-04-25 08:10:43", "1511187", "158.247.247.157:80", "ip:port", "botnet_cc", "win.kimsuky", "None", "Kimsuky", "", "50", "https://www.shodan.io/host/158.247.247.157#80", "c2,kimsuky,shodan", "0", "juroots" "2025-04-25 08:10:43", "1511188", "158.247.243.223:443", "ip:port", "botnet_cc", "win.kimsuky", "None", "Kimsuky", "", "50", "https://www.shodan.io/host/158.247.243.223#443", "c2,kimsuky,shodan", "0", "juroots" "2025-04-25 08:10:27", "1511185", "177.136.225.145:9443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "50", "https://www.shodan.io/host/177.136.225.145#9443", "c2,havoc,shodan", "0", "juroots" "2025-04-25 08:10:27", "1511186", "23.254.215.118:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "50", "https://www.shodan.io/host/23.254.215.118#443", "c2,havoc,shodan", "0", "juroots" "2025-04-25 08:09:55", "1511184", "3.26.24.29:14082", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "50", "https://www.shodan.io/host/3.26.24.29#14082", "c2,netsupport,shodan", "0", "juroots" "2025-04-25 08:09:54", "1511183", "3.91.49.221:15", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "50", "https://www.shodan.io/host/3.91.49.221#15", "c2,netsupport,shodan", "0", "juroots" "2025-04-25 08:09:37", "1511181", "157.20.182.6:1337", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "https://www.shodan.io/host/157.20.182.6#1337", "asyncrat,c2,shodan", "0", "juroots" "2025-04-25 08:09:37", "1511182", "172.111.139.42:4444", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "https://www.shodan.io/host/172.111.139.42#4444", "asyncrat,c2,shodan", "0", "juroots" "2025-04-25 08:09:13", "1511180", "84.247.148.249:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/84.247.148.249#31337", "c2,shodan,sliver", "0", "juroots" "2025-04-25 08:09:12", "1511178", "43.163.196.208:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/43.163.196.208#31337", "c2,shodan,sliver", "0", "juroots" "2025-04-25 08:09:12", "1511179", "139.84.172.231:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/139.84.172.231#31337", "c2,shodan,sliver", "0", "juroots" "2025-04-25 08:08:54", "1511177", "119.91.49.133:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/119.91.49.133#443", "c2,cobaltstrike,shodan", "0", "juroots" "2025-04-25 08:08:53", "1511176", "119.45.178.251:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/119.45.178.251#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2025-04-25 08:08:52", "1511173", "185.243.96.104:5556", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/185.243.96.104#5556", "c2,cobaltstrike,shodan", "0", "juroots" "2025-04-25 08:08:52", "1511174", "207.2.122.10:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/207.2.122.10#443", "c2,cobaltstrike,shodan", "0", "juroots" "2025-04-25 08:08:52", "1511175", "18.159.210.194:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/18.159.210.194#443", "c2,cobaltstrike,shodan", "0", "juroots" "2025-04-25 08:08:28", "1511171", "185.43.4.70:8005", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/185.43.4.70#8005", "c2,cobaltstrike,cs-watermark-987654321,shodan", "0", "juroots" "2025-04-25 08:08:28", "1511172", "160.19.79.251:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/160.19.79.251#8443", "c2,cobaltstrike,cs-watermark-987654321,shodan", "0", "juroots" "2025-04-25 08:01:49", "1511168", "3.96.191.215:2761", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://search.censys.io/hosts/3.96.191.215", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-04-25 08:01:48", "1511167", "18.185.33.50:4841", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://search.censys.io/hosts/18.185.33.50", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-04-25 08:01:47", "1511166", "86.54.42.245:591", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "https://search.censys.io/hosts/86.54.42.245", "AS42624,C2,censys,DcRAT,RAT,SWISSNETWORK02", "0", "DonPasci" "2025-04-25 08:01:43", "1511165", "45.61.151.127:2096", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "100", "https://search.censys.io/hosts/45.61.151.127", "AS14956,C2,censys,Havoc,ROUTERHOSTING", "0", "DonPasci" "2025-04-25 08:01:31", "1511163", "49.113.75.76:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/49.113.75.76", "AS4134,C2,censys,CHINANET-BACKBONE,Supershell", "0", "DonPasci" "2025-04-25 08:01:31", "1511164", "16.162.136.113:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/16.162.136.113", "AMAZON-02,AS16509,C2,censys,Supershell", "0", "DonPasci" "2025-04-25 08:01:06", "1511162", "57.128.219.114:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "100", "https://search.censys.io/hosts/57.128.219.114", "AS16276,C2,censys,OVH,Sliver", "0", "DonPasci" "2025-04-25 08:01:03", "1511161", "147.93.146.25:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/147.93.146.25", "AS40021,C2,censys,NL-811-40021,RAT,Remcos", "0", "DonPasci" "2025-04-25 08:01:01", "1511160", "104.37.4.100:6001", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/104.37.4.100", "ACEHOSTONLINE,AS214059,C2,censys,RAT,Remcos", "0", "DonPasci" "2025-04-25 08:00:44", "1511159", "47.109.82.220:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/47.109.82.220", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-391144938", "0", "DonPasci" "2025-04-25 08:00:42", "1511158", "194.36.171.78:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/194.36.171.78", "AS56971,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-04-25 08:00:41", "1511157", "49.232.56.252:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/49.232.56.252", "AS45090,C2,censys,CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP", "0", "DonPasci" "2025-04-25 05:27:07", "1511133", "1.94.255.158:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2025-04-25 05:27:06", "1511132", "121.40.154.130:7777", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2025-04-25 05:27:05", "1511129", "43.137.42.33:1234", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-1234567890", "0", "abuse_ch" "2025-04-25 05:27:05", "1511130", "47.121.222.227:9999", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2025-04-25 05:27:05", "1511131", "160.202.227.54:9999", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2025-04-25 05:26:48", "1511128", "47.111.125.229:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2025-04-25 05:26:46", "1511127", "139.159.212.103:7777", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-666666", "0", "abuse_ch" "2025-04-25 05:24:11", "1511089", "194.36.171.78:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/194.36.171.78", "AS56971,C2,censys", "0", "dyingbreeds_" "2025-04-25 05:24:11", "1511090", "113.45.10.142:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/113.45.10.142", "AS55990,C2,censys", "0", "dyingbreeds_" "2025-04-25 05:24:10", "1511091", "111.173.104.176:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/111.173.104.176", "AS148981,C2,censys", "0", "dyingbreeds_" "2025-04-25 05:24:09", "1511092", "176.65.142.74:3371", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/176.65.142.74", "AS215240,C2,censys,NETRESEARCH,RAT", "0", "dyingbreeds_" "2025-04-25 05:24:09", "1511093", "128.90.106.101:4000", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/128.90.106.101", "AS40861,C2,censys,PARAD-40-ASN,RAT", "0", "dyingbreeds_" "2025-04-25 05:24:08", "1511096", "192.24.224.215:8880", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/192.24.224.215", "AS6181,C2,censys,FUSE-NET,Mythic", "0", "dyingbreeds_" "2025-04-25 05:24:07", "1511095", "192.24.224.215:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/192.24.224.215", "AS6181,C2,censys,FUSE-NET,Mythic", "0", "dyingbreeds_" "2025-04-25 05:24:06", "1511094", "128.90.106.101:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/128.90.106.101", "AS40861,C2,censys,PARAD-40-ASN,RAT", "0", "dyingbreeds_" "2025-04-25 05:24:06", "1511097", "194.164.93.107:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "100", "https://search.censys.io/hosts/194.164.93.107", "AS8560,C2,censys", "0", "dyingbreeds_" "2025-04-25 05:24:05", "1511098", "192.153.57.116:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "100", "https://search.censys.io/hosts/192.153.57.116", "AS399629,BLNWX,C2,censys", "0", "dyingbreeds_" "2025-04-25 05:24:05", "1511103", "181.32.34.147:8080", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/181.32.34.147", "AS3816,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-04-25 05:24:04", "1511099", "86.54.42.245:4444", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "https://search.censys.io/hosts/86.54.42.245", "AS42624,C2,censys,RAT,SWISSNETWORK02", "0", "dyingbreeds_" "2025-04-25 05:24:04", "1511102", "80.98.145.41:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/80.98.145.41", "AS21334,ASN-VODAFONE-,C2,censys,Covenant", "0", "dyingbreeds_" "2025-04-25 05:24:03", "1511104", "51.68.26.225:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/51.68.26.225", "AS16276,censys,GoPhish,OVH,Phishing", "0", "dyingbreeds_" "2025-04-25 05:24:03", "1511105", "157.10.73.118:8443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/157.10.73.118", "AS152301,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-04-25 05:24:03", "1511106", "217.125.90.31:4433", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/217.125.90.31", "AS3352,censys,GoPhish,Phishing,TELEFONICA_DE_ESPANA", "0", "dyingbreeds_" "2025-04-25 05:23:52", "1511107", "13.127.79.254:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/13.127.79.254", "AMAZON-02,AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-04-25 05:23:51", "1511108", "3.126.234.72:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/3.126.234.72", "AMAZON-02,AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-04-25 05:23:51", "1511109", "128.85.35.85:38935", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/128.85.35.85", "AS8075,censys,GoPhish,MICROSOFT-CORP-MSN-AS-BLOCK,Phishing", "0", "dyingbreeds_" "2025-04-25 05:23:50", "1511110", "13.49.223.229:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/13.49.223.229", "AMAZON-02,AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-04-25 05:23:50", "1511111", "188.213.174.59:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/188.213.174.59", "ARUBA-ASN,AS31034,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-04-25 05:23:49", "1511114", "35.202.11.12:10443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/35.202.11.12", "AS396982,censys,GOOGLE-CLOUD-PLATFORM,GoPhish,Phishing", "0", "dyingbreeds_" "2025-04-25 05:23:48", "1511112", "3.82.48.232:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/3.82.48.232", "AMAZON-AES,AS14618,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-04-25 05:23:48", "1511113", "41.78.75.244:8443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/41.78.75.244", "AS37371,censys,GoPhish,HORMUUD,Phishing", "0", "dyingbreeds_" "2025-04-25 05:23:48", "1511115", "3.228.32.116:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/3.228.32.116", "AMAZON-AES,AS14618,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-04-25 05:23:47", "1511116", "188.166.208.112:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/188.166.208.112", "AS14061,censys,DIGITALOCEAN-ASN,GoPhish,Phishing", "0", "dyingbreeds_" "2025-04-25 04:01:57", "1511118", "124.71.199.135:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/124.71.199.135", "AS55990,c2,c2-redirector,censys,HWCSNET,RedGuard", "0", "DonPasci" "2025-04-25 04:01:43", "1511117", "167.86.174.240:443", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://search.censys.io/hosts/167.86.174.240", "AS25019,C2,censys,Netsupport,RAT,SAUDINETSTC-AS", "0", "DonPasci" "2025-04-25 04:01:00", "1511101", "140.228.29.33:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/140.228.29.33", "AS396073,C2,censys,MAJESTIC-HOSTING-01,RAT,Remcos", "0", "DonPasci" "2025-04-25 04:00:59", "1511100", "94.26.90.48:443", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/94.26.90.48", "AS214943,C2,censys,RAILNET,RAT,Remcos", "0", "DonPasci" "2025-04-25 00:01:46", "1511074", "13.246.39.244:6005", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://search.censys.io/hosts/13.246.39.244", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-04-25 00:01:36", "1511071", "104.248.194.142:80", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "", "100", "https://search.censys.io/hosts/104.248.194.142", "AS14061,C2,censys,DIGITALOCEAN-ASN,Hookbot", "0", "DonPasci" "2025-04-25 00:01:35", "1511070", "176.57.188.16:80", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "", "100", "https://search.censys.io/hosts/176.57.188.16", "AS51167,C2,censys,CONTABO,Hookbot", "0", "DonPasci" "2025-04-25 00:01:28", "1511069", "45.10.154.125:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/45.10.154.125", "AS51167,AsyncRAT,C2,censys,CONTABO,RAT", "0", "DonPasci" "2025-04-25 00:01:27", "1511068", "161.129.65.68:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/161.129.65.68", "AS19318,C2,censys,IS-AS-1,Supershell", "0", "DonPasci" "2025-04-25 00:01:02", "1511067", "15.235.37.196:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "100", "https://search.censys.io/hosts/15.235.37.196", "AS16276,C2,censys,OVH,Sliver", "0", "DonPasci" "2025-04-25 00:00:59", "1511066", "194.102.105.105:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/194.102.105.105", "ALEXHOST,AS200019,C2,censys,RAT,Remcos", "0", "DonPasci" "2025-04-25 00:00:58", "1511064", "85.9.204.228:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/85.9.204.228", "AS202053,C2,censys,RAT,Remcos,UPCLOUD", "0", "DonPasci" "2025-04-25 00:00:58", "1511065", "51.89.177.234:443", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/51.89.177.234", "AS16276,C2,censys,OVH,RAT,Remcos", "0", "DonPasci" "2025-04-25 00:00:41", "1511063", "47.115.139.118:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/47.115.139.118", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-100000", "0", "DonPasci" "2025-04-25 00:00:40", "1511062", "43.250.174.95:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/43.250.174.95", "AS62468,C2,censys,CobaltStrike,cs-watermark-987654321,HKCLOUDX", "0", "DonPasci" "2025-04-24 22:59:10", "1511060", "23.146.40.13:2082", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-04-24 20:57:26", "1511042", "185.237.206.213:8443", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "75", "None", "drb-ra,Metasploit,Meterpreter", "0", "abuse_ch" "2025-04-24 20:54:15", "1511041", "88.237.133.108:443", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "", "75", "None", "drb-ra,Qakbot,Qbot,Quakbot", "0", "abuse_ch" "2025-04-24 20:52:50", "1511040", "52.237.80.94:40000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "75", "None", "drb-ra,RAT", "0", "abuse_ch" "2025-04-24 20:52:46", "1511039", "51.84.110.214:47223", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "75", "None", "drb-ra,NetSupport,RAT", "0", "abuse_ch" "2025-04-24 20:51:55", "1511038", "45.197.150.76:60000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "75", "None", "drb-ra,RAT", "0", "abuse_ch" "2025-04-24 20:49:47", "1511037", "2.88.143.171:443", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "", "75", "None", "drb-ra,Qakbot,Qbot,Quakbot", "0", "abuse_ch" "2025-04-24 20:48:17", "1511036", "38.60.203.20:8088", "ip:port", "botnet_cc", "win.doplugs", "None", "DOPLUGS", "", "100", "None", "DarkPeony,Operation ControlPlug", "0", "Rony" "2025-04-24 20:45:12", "1511035", "141.95.33.218:443", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-04-24 20:43:58", "1511034", "111.229.202.115:8888", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "75", "None", "drb-ra,Sliver", "0", "abuse_ch" "2025-04-24 20:24:03", "1511033", "45.207.210.146:55667", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://bazaar.abuse.ch/sample/bee3cac78cd7537a3ab177f68496c1005d1d5c2b69abaac3a57f32874f578e58/", "Unknown", "0", "NDA0E" "2025-04-24 20:02:09", "1511031", "95.216.184.3:8080", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "", "100", "https://search.censys.io/hosts/95.216.184.3", "AS24940,censys,Chaos,HETZNER-AS,panel", "0", "DonPasci" "2025-04-24 20:02:07", "1511030", "45.11.229.230:80", "ip:port", "botnet_cc", "elf.moobot", "None", "MooBot", "", "100", "https://search.censys.io/hosts/45.11.229.230", "AS58087,C2,censys,FLORIANKOLB,moobot", "0", "DonPasci" "2025-04-24 20:01:55", "1511029", "86.54.42.245:8080", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "https://search.censys.io/hosts/86.54.42.245", "AS42624,C2,censys,DcRAT,RAT,SWISSNETWORK02", "0", "DonPasci" "2025-04-24 20:01:53", "1511028", "179.43.186.237:8081", "ip:port", "botnet_cc", "win.venom", "None", "Venom RAT", "", "100", "https://search.censys.io/hosts/179.43.186.237", "AS51852,C2,censys,PLI-AS,RAT,Venom", "0", "DonPasci" "2025-04-24 20:01:52", "1511027", "8.134.82.30:8888", "ip:port", "botnet_cc", "win.venom", "None", "Venom RAT", "", "100", "https://search.censys.io/hosts/8.134.82.30", "ALIBABA-CN-NET,AS37963,C2,censys,RAT,Venom", "0", "DonPasci" "2025-04-24 20:01:42", "1511026", "13.229.27.66:80", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "", "100", "https://search.censys.io/hosts/13.229.27.66", "AMAZON-02,AS16509,C2,censys,Hookbot", "0", "DonPasci" "2025-04-24 20:01:41", "1511025", "102.117.170.93:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/102.117.170.93", "AS23889,C2,censys,MauritiusTelecom,Mythic", "0", "DonPasci" "2025-04-24 20:01:35", "1511023", "108.181.218.70:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/108.181.218.70", "AS40676,AsyncRAT,C2,censys,RAT", "0", "DonPasci" "2025-04-24 20:01:35", "1511024", "176.65.134.81:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/176.65.134.81", "-Reserved,AS215240,AsyncRAT,C2,censys,RAT", "0", "DonPasci" "2025-04-24 20:01:10", "1511022", "152.42.172.255:8443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "100", "https://search.censys.io/hosts/152.42.172.255", "AS14061,C2,censys,DIGITALOCEAN-ASN,Sliver", "0", "DonPasci" "2025-04-24 20:01:00", "1511019", "179.61.237.133:9090", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/179.61.237.133", "AS30823,AUROLOGIC,C2,censys,RAT,Remcos", "0", "DonPasci" "2025-04-24 20:01:00", "1511020", "85.158.108.187:40106", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/85.158.108.187", "AS59711,C2,censys,HZ-EU-AS,RAT,Remcos", "0", "DonPasci" "2025-04-24 20:01:00", "1511021", "82.24.182.111:9090", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/82.24.182.111", "AS212238,C2,CDNEXT,censys,RAT,Remcos", "0", "DonPasci" "2025-04-24 20:00:39", "1511017", "120.46.217.53:8000", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/120.46.217.53", "AS55990,C2,censys,CobaltStrike,cs-watermark-987654321,HWCSNET", "0", "DonPasci" "2025-04-24 20:00:39", "1511018", "38.207.176.43:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/38.207.176.43", "AS139659,C2,censys,CobaltStrike,cs-watermark-987654321,LUCID-AS-AP", "0", "DonPasci" "2025-04-24 18:27:20", "1511008", "43.248.78.215:51200", "ip:port", "botnet_cc", "ios.lightspy", "None", "lightSpy", "", "100", "", "AS23650,c2,censys,CHINANET-JIANGSU-PROVINCE-IDC,LightSpy", "0", "DonPasci" "2025-04-24 16:56:22", "1510996", "212.34.130.72:15072", "ip:port", "botnet_cc", "win.ghostsocks", "None", "GhostSocks", "", "100", "", "T1 Relay", "0", "Cryptolaemus1" "2025-04-24 16:56:22", "1510997", "77.238.237.190:15072", "ip:port", "botnet_cc", "win.ghostsocks", "None", "GhostSocks", "", "100", "", "T1 Relay", "0", "Cryptolaemus1" "2025-04-24 16:56:22", "1510998", "185.245.106.67:15072", "ip:port", "botnet_cc", "win.ghostsocks", "None", "GhostSocks", "", "100", "", "T1 Relay", "0", "Cryptolaemus1" "2025-04-24 16:52:30", "1510995", "193.187.172.163:443", "ip:port", "botnet_cc", "win.ghostsocks", "None", "GhostSocks", "", "100", "", "T1C2", "0", "Cryptolaemus1" "2025-04-24 16:14:34", "1510993", "62.60.154.3:443", "ip:port", "botnet_cc", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "None", "FAKEUPDATES,SocGholish", "0", "pancak3lullz" "2025-04-24 16:01:47", "1510991", "111.67.206.166:808", "ip:port", "botnet_cc", "elf.kaiji", "None", "Kaiji", "", "100", "https://search.censys.io/hosts/111.67.206.166", "AS4808,C2,censys,CHINA169-BJ", "0", "DonPasci" "2025-04-24 16:01:41", "1510989", "18.144.20.237:54443", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://search.censys.io/hosts/18.144.20.237", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-04-24 16:01:41", "1510990", "18.185.239.0:27236", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://search.censys.io/hosts/18.185.239.0", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-04-24 16:01:38", "1510987", "115.74.25.138:5000", "ip:port", "botnet_cc", "win.venom", "None", "Venom RAT", "", "100", "https://search.censys.io/hosts/115.74.25.138", "AS7552,C2,censys,RAT,Venom,VIETEL-AS-AP", "0", "DonPasci" "2025-04-24 16:01:38", "1510988", "115.74.25.138:5002", "ip:port", "botnet_cc", "win.venom", "None", "Venom RAT", "", "100", "https://search.censys.io/hosts/115.74.25.138", "AS7552,C2,censys,RAT,Venom,VIETEL-AS-AP", "0", "DonPasci" "2025-04-24 16:01:30", "1510986", "49.12.197.66:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/49.12.197.66", "AS24940,C2,censys,HETZNER-AS,Mythic", "0", "DonPasci" "2025-04-24 16:01:26", "1510985", "80.209.243.125:15747", "ip:port", "botnet_cc", "win.sectop_rat", "1xxbot,ArechClient", "SectopRAT", "", "100", "https://search.censys.io/hosts/80.209.243.125", "AS395839,C2,censys,HOSTKEY-USA,RAT,Sectop", "0", "DonPasci" "2025-04-24 16:01:24", "1510984", "66.55.77.28:443", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/66.55.77.28", "AS36007,AsyncRAT,C2,censys,KAMATERA,RAT", "0", "DonPasci" "2025-04-24 16:01:00", "1510983", "34.102.113.135:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "100", "https://search.censys.io/hosts/34.102.113.135", "AS396982,C2,censys,GOOGLE-CLOUD-PLATFORM,Sliver", "0", "DonPasci" "2025-04-24 16:00:56", "1510981", "18.222.49.62:3755", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/18.222.49.62", "AMAZON-02,AS16509,C2,censys,RAT,Remcos", "0", "DonPasci" "2025-04-24 16:00:56", "1510982", "154.26.154.57:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/154.26.154.57", "AS141995,C2,CAPL-AS-AP,censys,RAT,Remcos", "0", "DonPasci" "2025-04-24 16:00:41", "1510980", "1.94.233.201:8001", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/1.94.233.201", "AS55990,C2,censys,CobaltStrike,cs-watermark-666666666,HWCSNET", "0", "DonPasci" "2025-04-24 13:57:14", "1510967", "166.88.164.240:443", "ip:port", "botnet_cc", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "None", "fakeupdates,SocGholish", "0", "pancak3lullz" "2025-04-24 13:02:49", "1510962", "121.43.63.183:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-04-24 13:02:02", "1510961", "112.196.222.13:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-04-24 13:00:59", "1510960", "101.132.91.240:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-04-24 12:02:16", "1510922", "120.27.10.43:9999", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/120.27.10.43", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,open-dir", "0", "DonPasci" "2025-04-24 12:02:15", "1510921", "104.233.210.195:8000", "ip:port", "botnet_cc", "win.xmrig", "None", "xmrig", "", "100", "https://search.censys.io/hosts/104.233.210.195", "AS54600,C2,censys,open-dir,PEG-SV,Xmrig", "0", "DonPasci" "2025-04-24 12:02:11", "1510920", "37.143.15.110:8888", "ip:port", "botnet_cc", "win.mimikatz", "None", "MimiKatz", "", "100", "https://search.censys.io/hosts/37.143.15.110", "AS210079,C2,censys,EUROBYTE,hacktool,Mimikatz,open-dir", "0", "DonPasci" "2025-04-24 12:01:56", "1510919", "79.133.51.132:8443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/79.133.51.132", "AS44066,censys,DE-FIRSTCOLO,EvilGoPhish,panel,Phishing", "0", "DonPasci" "2025-04-24 12:01:43", "1510918", "18.185.239.0:2086", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://search.censys.io/hosts/18.185.239.0", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-04-24 12:01:42", "1510917", "86.54.42.245:8090", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "https://search.censys.io/hosts/86.54.42.245", "AS42624,C2,censys,DcRAT,RAT,SWISSNETWORK02", "0", "DonPasci" "2025-04-24 12:01:41", "1510915", "154.197.69.143:7000", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "https://search.censys.io/hosts/154.197.69.143", "AS147176,C2,censys,DcRAT,NNECL-AS-AP,RAT", "0", "DonPasci" "2025-04-24 12:01:41", "1510916", "185.208.159.120:4444", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "https://search.censys.io/hosts/185.208.159.120", "AS42624,C2,censys,DcRAT,RAT,SWISSNETWORK02", "0", "DonPasci" "2025-04-24 12:01:37", "1510914", "107.172.230.178:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "100", "https://search.censys.io/hosts/107.172.230.178", "AS-COLOCROSSING,AS36352,C2,censys,Havoc", "0", "DonPasci" "2025-04-24 12:01:31", "1510913", "103.74.100.219:8082", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "", "100", "https://search.censys.io/hosts/103.74.100.219", "AS135918,C2,censys,DVS-AS-VN,Hookbot", "0", "DonPasci" "2025-04-24 12:01:24", "1510910", "66.55.77.28:8080", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/66.55.77.28", "AS36007,AsyncRAT,C2,censys,KAMATERA,RAT", "0", "DonPasci" "2025-04-24 12:01:24", "1510911", "176.65.144.162:5222", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/176.65.144.162", "AS215240,AsyncRAT,C2,censys,NETRESEARCH,RAT", "0", "DonPasci" "2025-04-24 12:01:24", "1510912", "188.218.81.203:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/188.218.81.203", "AS30722,AsyncRAT,C2,censys,RAT,VODAFONE-IT-ASN", "0", "DonPasci" "2025-04-24 12:00:38", "1510907", "66.103.199.102:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/66.103.199.102", "AS35916,C2,censys,CobaltStrike,cs-watermark-987654321,MULTA-ASN1", "0", "DonPasci" "2025-04-24 12:00:38", "1510908", "8.130.111.109:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/8.130.111.109", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-04-24 12:00:38", "1510909", "101.35.228.105:3333", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/101.35.228.105", "AS45090,C2,censys,CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP", "0", "DonPasci" "2025-04-24 12:00:37", "1510905", "43.134.117.243:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/43.134.117.243", "AS132203,C2,censys,CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP-CN", "0", "DonPasci" "2025-04-24 12:00:37", "1510906", "45.136.125.85:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/45.136.125.85", "AS-GEOHOSTING,AS41111,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-04-24 08:52:39", "1510894", "51.89.54.13:8888", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "75", "None", "drb-ra,Sliver", "0", "abuse_ch" "2025-04-24 08:47:00", "1510893", "173.207.107.203:443", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "", "75", "None", "drb-ra,Qakbot,Qbot,Quakbot", "0", "abuse_ch" "2025-04-24 08:44:42", "1510892", "13.248.204.3:10004", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-04-24 08:01:49", "1510891", "51.68.128.171:80", "ip:port", "botnet_cc", "elf.moobot", "None", "MooBot", "", "100", "https://search.censys.io/hosts/51.68.128.171", "AS16276,C2,censys,moobot,OVH", "0", "DonPasci" "2025-04-24 08:01:39", "1510889", "54.180.250.167:10001", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://search.censys.io/hosts/54.180.250.167", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-04-24 08:01:39", "1510890", "54.180.250.167:27651", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://search.censys.io/hosts/54.180.250.167", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-04-24 08:01:38", "1510888", "13.208.169.228:10260", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://search.censys.io/hosts/13.208.169.228", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-04-24 08:01:37", "1510887", "111.92.242.209:5671", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "https://search.censys.io/hosts/111.92.242.209", "AS142032,C2,censys,DcRAT,HFTCL-AS-AP,RAT", "0", "DonPasci" "2025-04-24 08:01:29", "1510886", "47.17.64.199:5555", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://search.censys.io/hosts/47.17.64.199", "AS6128,C2,CABLE-NET-1,censys,Quasar,RAT", "0", "DonPasci" "2025-04-24 08:01:26", "1510884", "18.169.110.44:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/18.169.110.44", "AMAZON-02,AS16509,C2,censys,Mythic", "0", "DonPasci" "2025-04-24 08:01:21", "1510882", "191.93.113.197:9000", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/191.93.113.197", "AS27831,AsyncRAT,C2,censys,Colombia,RAT", "0", "DonPasci" "2025-04-24 08:01:21", "1510883", "82.223.48.201:1433", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/82.223.48.201", "AS8560,AsyncRAT,C2,censys,IONOS-AS,RAT", "0", "DonPasci" "2025-04-24 08:00:55", "1510881", "20.89.67.216:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "100", "https://search.censys.io/hosts/20.89.67.216", "AS8075,C2,censys,MICROSOFT-CORP-MSN-AS-BLOCK,Sliver", "0", "DonPasci" "2025-04-24 08:00:40", "1510879", "154.219.104.89:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/154.219.104.89", "AS137899,C2,censys,CobaltStrike,cs-watermark-1234567890,ILAYERLIMITED-AS-AP", "0", "DonPasci" "2025-04-24 08:00:37", "1510878", "47.122.55.128:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/47.122.55.128", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-391144938", "0", "DonPasci" "2025-04-24 08:00:36", "1510876", "107.173.191.16:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/107.173.191.16", "AS-COLOCROSSING,AS36352,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-04-24 08:00:36", "1510877", "43.138.81.232:50051", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/43.138.81.232", "AS45090,C2,censys,CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP", "0", "DonPasci" "2025-04-24 05:58:20", "1510768", "193.56.135.115:8080", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/193.56.135.115", "AS215311,Botnet,byob,C2,censys,REGXA-CLOUD", "0", "dyingbreeds_" "2025-04-24 05:58:20", "1510769", "172.105.213.140:4433", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/172.105.213.140", "AS63949,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-04-24 05:58:20", "1510770", "172.105.213.140:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/172.105.213.140", "AS63949,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-04-24 05:58:19", "1510771", "45.33.7.49:4433", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/45.33.7.49", "AS63949,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-04-24 05:58:19", "1510773", "154.44.10.33:60000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/154.44.10.33", "AS979,censys,NETLAB-SDN,Viper", "0", "dyingbreeds_" "2025-04-24 05:58:17", "1510777", "54.37.136.114:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/54.37.136.114", "AS16276,censys,GoPhish,OVH,Phishing", "0", "dyingbreeds_" "2025-04-24 05:58:17", "1510779", "34.211.59.218:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/34.211.59.218", "AMAZON-02,AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-04-24 05:58:16", "1510778", "172.210.176.139:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/172.210.176.139", "AS8075,censys,GoPhish,MICROSOFT-CORP-MSN-AS-BLOCK,Phishing", "0", "dyingbreeds_" "2025-04-24 05:58:16", "1510780", "82.112.244.87:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/82.112.244.87", "AS-HOSTINGER,AS47583,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-04-24 05:58:15", "1510781", "121.40.87.143:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/121.40.87.143", "AS37963,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-04-24 05:58:15", "1510782", "18.211.221.99:2083", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/18.211.221.99", "AMAZON-AES,AS14618,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-04-24 05:58:14", "1510783", "3.126.234.72:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/3.126.234.72", "AMAZON-02,AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-04-24 05:58:14", "1510784", "128.199.172.144:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/128.199.172.144", "AS14061,censys,DIGITALOCEAN-ASN,GoPhish,Phishing", "0", "dyingbreeds_" "2025-04-24 05:58:13", "1510785", "120.26.234.98:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/120.26.234.98", "AS37963,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-04-24 05:58:13", "1510786", "161.97.108.198:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/161.97.108.198", "AS51167,censys,CONTABO,GoPhish,Phishing", "0", "dyingbreeds_" "2025-04-24 05:58:13", "1510787", "13.49.225.120:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/13.49.225.120", "AMAZON-02,AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-04-24 05:58:12", "1510788", "34.16.115.86:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/34.16.115.86", "AS396982,censys,GOOGLE-CLOUD-PLATFORM,GoPhish,Phishing", "0", "dyingbreeds_" "2025-04-24 05:58:12", "1510789", "103.196.155.17:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/103.196.155.17", "AS133800,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-04-24 05:58:11", "1510790", "43.203.56.212:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/43.203.56.212", "AMAZON-02,AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-04-24 05:58:11", "1510791", "103.180.165.159:3399", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/103.180.165.159", "AS138131,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-04-24 05:58:10", "1510794", "64.227.181.100:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/64.227.181.100", "AS14061,censys,DIGITALOCEAN-ASN,GoPhish,Phishing", "0", "dyingbreeds_" "2025-04-24 05:58:09", "1510766", "193.56.135.115:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/193.56.135.115", "AS215311,Botnet,byob,C2,censys,REGXA-CLOUD", "0", "dyingbreeds_" "2025-04-24 05:58:08", "1510763", "95.129.234.5:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/95.129.234.5", "AS57724,C2,censys,DDOS-GUARD,RAT", "0", "dyingbreeds_" "2025-04-24 05:58:08", "1510767", "193.56.135.115:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/193.56.135.115", "AS215311,Botnet,byob,C2,censys,REGXA-CLOUD", "0", "dyingbreeds_" "2025-04-24 05:58:07", "1510760", "101.132.91.240:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/101.132.91.240", "AS37963,C2,censys", "0", "dyingbreeds_" "2025-04-24 05:58:07", "1510761", "51.89.54.13:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "90", "https://search.censys.io/hosts/51.89.54.13", "AS16276,C2,censys,OVH", "0", "dyingbreeds_" "2025-04-24 05:58:07", "1510762", "38.60.199.31:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/38.60.199.31", "AS138915,C2,censys,Supershell", "0", "dyingbreeds_" "2025-04-24 05:58:06", "1510758", "23.146.40.13:2086", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/23.146.40.13", "1GSERVERS,AS14315,C2,censys", "0", "dyingbreeds_" "2025-04-24 05:58:06", "1510759", "111.124.203.18:8088", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/111.124.203.18", "AS139203,C2,censys", "0", "dyingbreeds_" "2025-04-24 05:58:05", "1510757", "60.205.183.232:4433", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/60.205.183.232", "AS37963,C2,censys", "0", "dyingbreeds_" "2025-04-24 05:58:02", "1510792", "194.87.190.73:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/194.87.190.73", "AS9123,censys,GoPhish,Phishing,TIMEWEB-AS", "0", "dyingbreeds_" "2025-04-24 05:58:02", "1510793", "146.190.236.178:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/146.190.236.178", "AS14061,censys,DIGITALOCEAN-ASN,GoPhish,Phishing", "0", "dyingbreeds_" "2025-04-24 05:58:01", "1510795", "38.47.255.181:9999", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/38.47.255.181", "AS8796,censys,FD-298-8796,GoPhish,Phishing", "0", "dyingbreeds_" "2025-04-24 05:58:00", "1510796", "18.222.246.200:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/18.222.246.200", "AMAZON-02,AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-04-24 05:58:00", "1510797", "193.57.27.25:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/193.57.27.25", "AS196819,censys,GoPhish,Phishing,TWK-KL-AS", "0", "dyingbreeds_" "2025-04-24 05:58:00", "1510799", "52.33.244.242:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/52.33.244.242", "AMAZON-02,AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-04-24 05:57:59", "1510800", "47.86.224.163:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/47.86.224.163", "AS45102,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-04-24 05:55:35", "1510646", "194.110.247.90:15390", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "c2,mirai", "0", "redrabytes" "2025-04-24 05:55:06", "1510587", "193.161.193.99:56152", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "75", "None", "njrat,RAT", "0", "SarlackLab" "2025-04-24 05:45:59", "1510861", "166.88.14.137:8001", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-391144938", "0", "abuse_ch" "2025-04-24 05:45:59", "1510862", "107.172.146.104:7777", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-391144938", "0", "abuse_ch" "2025-04-24 05:45:59", "1510863", "103.117.120.98:8000", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2025-04-24 05:45:39", "1510859", "31.58.169.193:8041", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "", "c2,screenconnect", "0", "juroots" "2025-04-24 05:45:39", "1510860", "31.58.169.193:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "", "c2,screenconnect", "0", "juroots" "2025-04-24 05:39:12", "1510856", "37.1.207.4:1415", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots" "2025-04-24 05:37:38", "1510853", "38.60.199.31:5000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://www.shodan.io/host/38.60.199.31#5000", "c2,shodan,supershell", "0", "juroots" "2025-04-24 05:37:20", "1510852", "13.208.161.251:2181", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "50", "https://www.shodan.io/host/13.208.161.251#2181", "c2,netsupport,shodan", "0", "juroots" "2025-04-24 05:37:04", "1510851", "196.119.210.163:54984", "ip:port", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "50", "https://www.shodan.io/host/196.119.210.163#54984", "c2,nanocore,shodan", "0", "juroots" "2025-04-24 05:36:49", "1510850", "111.229.202.115:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/111.229.202.115#31337", "c2,shodan,sliver", "0", "juroots" "2025-04-24 05:36:34", "1510848", "44.242.215.251:9999", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://www.shodan.io/host/44.242.215.251#9999", "c2,netbus,shodan", "0", "juroots" "2025-04-24 05:36:34", "1510849", "44.242.215.251:5249", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://www.shodan.io/host/44.242.215.251#5249", "c2,netbus,shodan", "0", "juroots" "2025-04-24 05:36:33", "1510847", "3.83.247.253:444", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://www.shodan.io/host/3.83.247.253#444", "c2,netbus,shodan", "0", "juroots" "2025-04-24 05:36:30", "1510846", "121.43.63.183:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/121.43.63.183#80", "c2,cobaltstrike,cs-watermark-666666666,shodan", "0", "juroots" "2025-04-24 04:02:03", "1510801", "175.41.179.174:80", "ip:port", "botnet_cc", "win.mimikatz", "None", "MimiKatz", "", "100", "https://search.censys.io/hosts/175.41.179.174", "AMAZON-02,AS16509,C2,censys,hacktool,Mimikatz,open-dir", "0", "DonPasci" "2025-04-24 04:01:36", "1510798", "3.69.54.234:5985", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://search.censys.io/hosts/3.69.54.234", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-04-24 04:01:17", "1510774", "45.76.251.42:80", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "100", "https://search.censys.io/hosts/45.76.251.42", "AS-VULTR,AS20473,C2,censys,payload,Sliver", "0", "DonPasci" "2025-04-24 04:00:53", "1510765", "107.175.32.185:2405", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/107.175.32.185", "AS-COLOCROSSING,AS36352,C2,censys,RAT,Remcos", "0", "DonPasci" "2025-04-24 04:00:52", "1510764", "107.175.32.184:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/107.175.32.184", "AS-COLOCROSSING,AS36352,C2,censys,RAT,Remcos", "0", "DonPasci" "2025-04-24 02:59:38", "1510752", "81.71.248.248:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-04-24 02:57:52", "1510750", "185.196.11.181:1433", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-04-24 02:57:52", "1510751", "185.196.11.181:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-04-24 02:56:11", "1510749", "106.55.69.180:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-04-24 00:02:21", "1510742", "23.136.44.116:3000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/23.136.44.116", "AS395881,C2,censys,Nosviak,Panel,SKYLINKHOSTINGLLC", "0", "DonPasci" "2025-04-24 00:01:48", "1510738", "18.224.153.152:9999", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://search.censys.io/hosts/18.224.153.152", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-04-24 00:01:48", "1510739", "3.25.188.83:30228", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://search.censys.io/hosts/3.25.188.83", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-04-24 00:01:35", "1510737", "154.12.16.122:19999", "ip:port", "botnet_cc", "win.venom", "None", "Venom RAT", "", "100", "https://search.censys.io/hosts/154.12.16.122", "AS142032,C2,censys,HFTCL-AS-AP,RAT,Venom", "0", "DonPasci" "2025-04-24 00:01:27", "1510736", "164.90.172.49:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/164.90.172.49", "AS14061,C2,censys,DIGITALOCEAN-ASN,Mythic", "0", "DonPasci" "2025-04-24 00:01:22", "1510734", "186.169.81.137:9999", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/186.169.81.137", "AS3816,AsyncRAT,C2,censys,COLOMBIA,RAT", "0", "DonPasci" "2025-04-24 00:01:22", "1510735", "157.66.26.148:8888", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/157.66.26.148", "AS149107,AsyncRAT,C2,censys,RAT,TRUMVPS-VN", "0", "DonPasci" "2025-04-24 00:01:20", "1510733", "154.12.40.188:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/154.12.40.188", "ANTI-DDOS,AS35251,C2,censys,Supershell", "0", "DonPasci" "2025-04-24 00:00:54", "1510731", "192.3.118.5:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/192.3.118.5", "AS-COLOCROSSING,AS36352,C2,censys,RAT,Remcos", "0", "DonPasci" "2025-04-24 00:00:54", "1510732", "186.169.81.137:8888", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/186.169.81.137", "AS3816,C2,censys,COLOMBIA,RAT,Remcos", "0", "DonPasci" "2025-04-23 22:58:18", "1510684", "219.144.88.175:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-04-23 22:58:12", "1510683", "202.144.192.24:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-04-23 22:57:41", "1510682", "157.148.125.106:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-04-23 22:56:58", "1510681", "122.246.30.27:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-04-23 22:56:48", "1510680", "120.232.158.114:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-04-23 22:56:47", "1510679", "119.8.108.74:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-04-23 22:56:34", "1510678", "116.162.153.163:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-04-23 21:08:38", "1510674", "195.2.75.24:33334", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://www.virustotal.com/gui/file/b804ab085f7cf9ee546d586b36ebbeb73f874205b8fae048760dee78375ddf40/behavior", "None", "0", "Rony" "2025-04-23 21:00:59", "1510667", "8.211.157.140:2002", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "75", "None", "drb-ra,Metasploit,Meterpreter", "0", "abuse_ch" "2025-04-23 20:54:35", "1510666", "75.2.11.125:8128", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-04-23 20:54:26", "1510665", "69.157.7.189:2078", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "", "75", "None", "drb-ra,Qakbot,Qbot,Quakbot", "0", "abuse_ch" "2025-04-23 20:51:16", "1510664", "24.62.238.14:443", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "", "75", "None", "drb-ra,Qakbot,Qbot,Quakbot", "0", "abuse_ch" "2025-04-23 20:49:21", "1510663", "194.163.188.142:9191", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "75", "None", "drb-ra,Sliver", "0", "abuse_ch" "2025-04-23 20:48:54", "1510661", "191.112.31.229:443", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "", "75", "None", "drb-ra,Qakbot,Qbot,Quakbot", "0", "abuse_ch" "2025-04-23 20:48:53", "1510660", "190.145.78.30:444", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-04-23 20:47:43", "1510657", "52.33.227.95:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://www.shodan.io/host/52.33.227.95#80", "c2,gophish,phishing,shodan", "0", "juroots" "2025-04-23 20:47:43", "1510658", "91.107.227.174:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://www.shodan.io/host/91.107.227.174#443", "c2,gophish,phishing,shodan", "0", "juroots" "2025-04-23 20:47:27", "1510656", "5.183.95.24:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://www.shodan.io/host/5.183.95.24#80", "c2,shodan,spicerat", "0", "juroots" "2025-04-23 20:46:59", "1510655", "169.55.107.211:10250", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-04-23 20:46:56", "1510653", "62.171.170.49:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/62.171.170.49#31337", "c2,shodan,sliver", "0", "juroots" "2025-04-23 20:46:56", "1510654", "47.120.46.210:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/47.120.46.210#31337", "c2,shodan,sliver", "0", "juroots" "2025-04-23 20:46:55", "1510652", "93.113.25.219:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/93.113.25.219#31337", "c2,shodan,sliver", "0", "juroots" "2025-04-23 20:46:36", "1510651", "47.238.140.204:5544", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/47.238.140.204#5544", "c2,cobaltstrike,shodan", "0", "juroots" "2025-04-23 20:46:34", "1510650", "107.189.25.246:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/107.189.25.246#443", "c2,cobaltstrike,cs-watermark-987654321,shodan", "0", "juroots" "2025-04-23 20:45:03", "1510649", "140.245.122.39:443", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-04-23 20:43:14", "1510648", "102.159.226.238:443", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "", "75", "None", "drb-ra,Qakbot,Qbot,Quakbot", "0", "abuse_ch" "2025-04-23 20:01:57", "1510630", "194.233.76.207:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/194.233.76.207", "AS141995,CAPL-AS-AP,censys,EvilGinx,panel,Phishing", "0", "DonPasci" "2025-04-23 20:01:56", "1510629", "191.96.235.70:80", "ip:port", "botnet_cc", "elf.moobot", "None", "MooBot", "", "100", "https://search.censys.io/hosts/191.96.235.70", "AS212238,C2,CDNEXT,censys,moobot", "0", "DonPasci" "2025-04-23 20:01:47", "1510628", "52.69.244.101:80", "ip:port", "botnet_cc", "win.brute_ratel_c4", "BOLDBADGER,BruteRatel", "Brute Ratel C4", "", "100", "https://search.censys.io/hosts/52.69.244.101", "AMAZON-02,AS16509,BRC4,C2,censys", "0", "DonPasci" "2025-04-23 20:01:46", "1510627", "54.250.0.227:80", "ip:port", "botnet_cc", "win.brute_ratel_c4", "BOLDBADGER,BruteRatel", "Brute Ratel C4", "", "100", "https://search.censys.io/hosts/54.250.0.227", "AMAZON-02,AS16509,BRC4,C2,censys", "0", "DonPasci" "2025-04-23 20:01:45", "1510626", "18.199.99.219:42969", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://search.censys.io/hosts/18.199.99.219", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-04-23 20:01:32", "1510623", "65.38.121.128:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/65.38.121.128", "AS399629,BLNWX,C2,censys,Mythic", "0", "DonPasci" "2025-04-23 20:01:32", "1510624", "164.92.184.73:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/164.92.184.73", "AS14061,C2,censys,DIGITALOCEAN-ASN,Mythic", "0", "DonPasci" "2025-04-23 20:01:31", "1510621", "164.90.180.58:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/164.90.180.58", "AS14061,C2,censys,DIGITALOCEAN-ASN,Mythic", "0", "DonPasci" "2025-04-23 20:01:31", "1510622", "143.110.213.30:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/143.110.213.30", "AS14061,C2,censys,DIGITALOCEAN-ASN,Mythic", "0", "DonPasci" "2025-04-23 20:01:25", "1510620", "51.175.8.79:4444", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/51.175.8.79", "ALTIBOX_AS,AS29695,AsyncRAT,C2,censys,RAT", "0", "DonPasci" "2025-04-23 20:01:24", "1510619", "154.37.213.163:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/154.37.213.163", "AS979,C2,censys,NETLAB-SDN,Supershell", "0", "DonPasci" "2025-04-23 20:00:56", "1510617", "172.245.25.184:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/172.245.25.184", "AS-COLOCROSSING,AS36352,C2,censys,RAT,Remcos", "0", "DonPasci" "2025-04-23 20:00:56", "1510618", "173.214.166.105:4352", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/173.214.166.105", "AS19318,C2,censys,IS-AS-1,RAT,Remcos", "0", "DonPasci" "2025-04-23 20:00:55", "1510614", "107.175.32.184:2405", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/107.175.32.184", "AS-COLOCROSSING,AS36352,C2,censys,RAT,Remcos", "0", "DonPasci" "2025-04-23 20:00:55", "1510615", "107.174.65.156:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/107.174.65.156", "AS-COLOCROSSING,AS36352,C2,censys,RAT,Remcos", "0", "DonPasci" "2025-04-23 20:00:55", "1510616", "192.142.0.149:443", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/192.142.0.149", "AS214036,C2,censys,RAT,Remcos,ULTAHOST-AS", "0", "DonPasci" "2025-04-23 20:00:39", "1510613", "175.27.137.222:888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/175.27.137.222", "AS45090,C2,censys,CobaltStrike,cs-watermark-666666666,TENCENT-NET-AP", "0", "DonPasci" "2025-04-23 20:00:38", "1510612", "119.8.108.74:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/119.8.108.74", "AS136907,C2,censys,CobaltStrike,cs-watermark-666666666,HWCLOUDS-AS-AP", "0", "DonPasci" "2025-04-23 20:00:36", "1510610", "124.71.139.142:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/124.71.139.142", "AS55990,C2,censys,CobaltStrike,cs-watermark-391144938,HWCSNET", "0", "DonPasci" "2025-04-23 20:00:36", "1510611", "120.46.16.37:1144", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/120.46.16.37", "AS55990,C2,censys,CobaltStrike,cs-watermark-391144938,HWCSNET", "0", "DonPasci" "2025-04-23 20:00:34", "1510608", "31.58.136.13:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/31.58.136.13", "AS396356,C2,censys,CobaltStrike,cs-watermark-987654321,LATITUDE-SH", "0", "DonPasci" "2025-04-23 20:00:34", "1510609", "121.37.217.210:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/121.37.217.210", "AS55990,C2,censys,CobaltStrike,cs-watermark-987654321,HWCSNET", "0", "DonPasci" "2025-04-23 20:00:33", "1510606", "77.110.116.47:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/77.110.116.47", "AEZA-AS,AS210644,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-04-23 20:00:33", "1510607", "77.110.116.47:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/77.110.116.47", "AEZA-AS,AS210644,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-04-23 17:42:21", "1510554", "176.65.134.100:31679", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "75", "https://tria.ge/250423-v5brtaylz8/behavioral1", "discovery", "0", "UNP4CK" "2025-04-23 17:23:03", "1510516", "147.185.221.27:52684", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "75", "None", "njrat,RAT", "0", "SarlackLab" "2025-04-23 17:23:02", "1510514", "147.185.221.27:57016", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "75", "None", "njrat,RAT", "0", "SarlackLab" "2025-04-23 17:23:00", "1510489", "23.146.184.28:443", "ip:port", "botnet_cc", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "None", "fakeupdates,SocGholish", "0", "pancak3lullz" "2025-04-23 16:59:00", "1510532", "154.44.10.82:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-04-23 16:02:07", "1510518", "35.205.244.23:80", "ip:port", "botnet_cc", "win.mimikatz", "None", "MimiKatz", "", "100", "https://search.censys.io/hosts/35.205.244.23", "AS396982,C2,censys,GOOGLE-CLOUD-PLATFORM,hacktool,Mimikatz,open-dir", "0", "DonPasci" "2025-04-23 16:01:35", "1510512", "114.132.94.52:5050", "ip:port", "botnet_cc", "win.venom", "None", "Venom RAT", "", "100", "https://search.censys.io/hosts/114.132.94.52", "AS45090,C2,censys,RAT,TENCENT-NET-AP,Venom", "0", "DonPasci" "2025-04-23 16:01:32", "1510511", "158.180.231.221:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "100", "https://search.censys.io/hosts/158.180.231.221", "AS31898,C2,censys,Havoc,ORACLE-BMC-31898", "0", "DonPasci" "2025-04-23 16:01:27", "1510510", "213.209.150.170:9841", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://search.censys.io/hosts/213.209.150.170", "AS214943,C2,censys,Quasar,RAILNET,RAT", "0", "DonPasci" "2025-04-23 16:01:25", "1510508", "102.117.171.208:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/102.117.171.208", "AS23889,C2,censys,MauritiusTelecom,Mythic", "0", "DonPasci" "2025-04-23 16:01:19", "1510506", "128.90.113.170:4000", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/128.90.113.170", "AS40861,AsyncRAT,C2,censys,PARAD-40-ASN,RAT", "0", "DonPasci" "2025-04-23 16:01:19", "1510507", "23.95.106.22:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/23.95.106.22", "AS-COLOCROSSING,AS36352,AsyncRAT,C2,censys,RAT", "0", "DonPasci" "2025-04-23 16:01:18", "1510505", "142.202.242.184:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/142.202.242.184", "1GSERVERS,AS14315,AsyncRAT,C2,censys,RAT", "0", "DonPasci" "2025-04-23 15:48:06", "1510502", "46.8.69.46:443", "ip:port", "botnet_cc", "win.ghostsocks", "None", "GhostSocks", "", "100", "None", "c2,tier-1", "0", "Rony" "2025-04-23 15:45:06", "1510501", "196.251.115.101:5892", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "", "c2,xworm", "0", "juroots" "2025-04-23 15:40:42", "1510496", "218.104.52.188:9205", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://www.shodan.io/host/218.104.52.188#9205", "c2,gophish,phishing,shodan", "0", "juroots" "2025-04-23 15:40:23", "1510495", "31.172.74.201:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/31.172.74.201#31337", "c2,shodan,sliver", "0", "juroots" "2025-04-23 15:40:09", "1510493", "95.131.202.38:9443", "ip:port", "botnet_cc", "win.brute_ratel_c4", "BOLDBADGER,BruteRatel", "Brute Ratel C4", "", "50", "https://www.shodan.io/host/95.131.202.38#9443", "bruteratel,c2,shodan", "0", "juroots" "2025-04-23 15:40:09", "1510494", "212.69.167.73:9443", "ip:port", "botnet_cc", "win.brute_ratel_c4", "BOLDBADGER,BruteRatel", "Brute Ratel C4", "", "50", "https://www.shodan.io/host/212.69.167.73#9443", "bruteratel,c2,shodan", "0", "juroots" "2025-04-23 15:40:06", "1510491", "159.203.2.140:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/159.203.2.140#443", "c2,cobaltstrike,shodan", "0", "juroots" "2025-04-23 15:40:06", "1510492", "39.100.84.28:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/39.100.84.28#443", "c2,cobaltstrike,shodan", "0", "juroots" # Number of entries: 343