################################################################ # ThreatFox IOCs: recent additions - CSV format # # Last updated: 2025-09-03 05:20:19 UTC # # # # Terms Of Use: https://threatfox.abuse.ch/faq/#tos # # For questions please contact threatfox [at] abuse.ch # ################################################################ # # "first_seen_utc","ioc_id","ioc_value","ioc_type","threat_type","fk_malware","malware_alias","malware_printable","last_seen_utc","confidence_level","reference","tags","anonymous","reporter" "2025-09-03 05:20:19", "1581050", "38.146.219.241:6010", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "XWorm", "0", "abuse_ch" "2025-09-03 05:19:04", "1581049", "tfy.hifeboi3.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-03 05:18:04", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-03 04:58:17", "1581047", "oh.qecufey7.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-03 04:21:45", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-03 04:58:14", "1580718", "rt.tygilyo.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-02 18:22:33", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-03 04:58:13", "1580722", "tp.sewumoa.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-02 18:53:47", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-03 04:58:13", "1580724", "hlc.sewumoa.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-02 19:22:00", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-03 04:58:12", "1580744", "tqx.sewedau.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-02 20:23:14", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-03 04:58:11", "1580756", "gicaway3.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-02 21:14:39", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-03 04:58:10", "1580754", "wg.gevicii.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-02 20:52:39", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-03 04:58:09", "1580745", "loi.sewumoa.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-02 20:26:32", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-03 04:58:09", "1580746", "sc.tygilyo.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-02 20:30:14", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-03 04:58:08", "1580757", "erq.vuzojiu9.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-02 22:22:11", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-03 04:58:08", "1580759", "drg.kidizue6.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-02 22:52:33", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-03 04:58:07", "1580760", "clq.hifeboi3.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-02 23:23:34", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-03 04:58:07", "1580990", "ldl.fozomya6.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-03 01:26:03", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-03 04:58:07", "1580991", "si.kidizue6.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-03 01:56:08", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-03 04:36:02", "1581048", "https://starexs.bet/tskx", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/02f7c016d7ea160bc1f997a7d5a94505be26de9853bd44457d2adb99e08539e4/", "lumma", "0", "abuse_ch" "2025-09-03 04:10:41", "1581046", "https://laevuun.top/pqoe", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/28935c2d473fd73a307b70be48b5be81f5a25a9c636841e5e60b981f26ded3cd/", "lumma", "0", "abuse_ch" "2025-09-03 04:10:22", "1581045", "185.157.162.68:9779", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "XWorm", "0", "abuse_ch" "2025-09-03 04:01:30", "1581044", "185.246.191.34:80", "ip:port", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "https://search.censys.io/hosts/185.246.191.34", "AS200651,C2,censys,FLOKINET,Stealc,Stealer", "0", "DonPasci" "2025-09-03 04:01:20", "1581043", "103.216.175.63:23766", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/103.216.175.63", "AS42960,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-09-03 04:01:19", "1581041", "47.243.70.61:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/47.243.70.61", "AS45102,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-09-03 04:01:19", "1581042", "3.216.190.48:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/3.216.190.48", "AMAZON-AES,AS14618,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-09-03 04:01:18", "1581039", "66.42.87.187:8081", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/66.42.87.187", "AS-VULTR,AS20473,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-09-03 04:01:18", "1581040", "92.113.148.249:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/92.113.148.249", "AS44803,censys,GoPhish,Phishing,WEBDOCK-AS", "0", "dyingbreeds_" "2025-09-03 04:01:17", "1581037", "52.157.241.27:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/52.157.241.27", "AS8075,censys,GoPhish,MICROSOFT-CORP-MSN-AS-BLOCK,Phishing", "0", "dyingbreeds_" "2025-09-03 04:01:17", "1581038", "124.223.187.73:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/124.223.187.73", "AS45090,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-09-03 04:01:15", "1581033", "4.210.165.156:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/4.210.165.156", "AS8075,censys,GoPhish,MICROSOFT-CORP-MSN-AS-BLOCK,Phishing", "0", "dyingbreeds_" "2025-09-03 04:01:15", "1581034", "168.119.185.87:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/168.119.185.87", "AS24940,censys,GoPhish,HETZNER-AS,Phishing", "0", "dyingbreeds_" "2025-09-03 04:01:15", "1581035", "13.51.158.143:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/13.51.158.143", "AMAZON-02,AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-09-03 04:01:15", "1581036", "95.216.127.232:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/95.216.127.232", "AS24940,censys,GoPhish,HETZNER-AS,Phishing", "0", "dyingbreeds_" "2025-09-03 04:01:14", "1581030", "203.30.9.74:15443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/203.30.9.74", "AS136994,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-09-03 04:01:14", "1581032", "172.105.149.184:8443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/172.105.149.184", "AS63949,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-09-03 04:01:13", "1581029", "195.87.234.74:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/195.87.234.74", "AS15924,BORUSANTELEKOM-AS,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-09-03 04:01:06", "1581028", "129.28.29.138:60000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/129.28.29.138", "AS45090,censys,Viper", "0", "dyingbreeds_" "2025-09-03 04:01:05", "1581027", "45.207.192.246:60000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/45.207.192.246", "AS401696,censys,COGNETCLOUD,Viper", "0", "dyingbreeds_" "2025-09-03 04:01:00", "1581026", "185.243.114.196:80", "ip:port", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "https://search.censys.io/hosts/185.243.114.196", "AS48314,C2,censys,IP-PROJECTS,RAT,SpiceRAT", "0", "DonPasci" "2025-09-03 04:00:59", "1581024", "216.173.65.45:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/216.173.65.45", "AS149440,C2,censys,EVOXTENTERPRISE-AS-AP,RAT,Remcos", "0", "DonPasci" "2025-09-03 04:00:59", "1581025", "103.67.163.29:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/103.67.163.29", "AS150895,C2,censys,EZTECH-VN,RAT,Remcos", "0", "DonPasci" "2025-09-03 04:00:53", "1581022", "8.138.131.110:52188", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/8.138.131.110", "AS37963,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-09-03 04:00:53", "1581023", "8.138.131.110:56789", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/8.138.131.110", "AS37963,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-09-03 04:00:52", "1581019", "8.138.131.110:8089", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/8.138.131.110", "AS37963,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-09-03 04:00:52", "1581020", "8.138.131.110:22625", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/8.138.131.110", "AS37963,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-09-03 04:00:52", "1581021", "8.138.131.110:49597", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/8.138.131.110", "AS37963,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-09-03 04:00:51", "1581016", "8.130.34.237:4823", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/8.130.34.237", "AS37963,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-09-03 04:00:51", "1581017", "8.130.54.67:1352", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/8.130.54.67", "AS37963,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-09-03 04:00:51", "1581018", "8.138.131.110:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/8.138.131.110", "AS37963,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-09-03 04:00:50", "1581013", "8.130.34.237:6002", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/8.130.34.237", "AS37963,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-09-03 04:00:50", "1581014", "8.130.34.237:12000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/8.130.34.237", "AS37963,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-09-03 04:00:50", "1581015", "8.130.34.237:23333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/8.130.34.237", "AS37963,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-09-03 04:00:49", "1581010", "8.130.74.114:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/8.130.74.114", "AS37963,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-09-03 04:00:49", "1581011", "8.130.74.114:6697", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/8.130.74.114", "AS37963,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-09-03 04:00:49", "1581012", "8.148.4.166:81", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/8.148.4.166", "AS37963,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-09-03 04:00:48", "1581007", "8.137.13.191:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/8.137.13.191", "AS37963,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-09-03 04:00:48", "1581008", "8.138.133.207:2004", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/8.138.133.207", "AS37963,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-09-03 04:00:48", "1581009", "8.130.74.114:13933", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/8.130.74.114", "AS37963,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-09-03 04:00:42", "1581006", "213.171.5.199:8888", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2025-09-03 04:01:23", "100", "https://search.censys.io/hosts/213.171.5.199", "AS9123,C2,censys,RAT,TIMEWEB-AS", "0", "dyingbreeds_" "2025-09-03 04:00:33", "1581005", "196.251.85.187:80", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "2025-09-03 04:01:18", "100", "https://search.censys.io/hosts/196.251.85.187", "AS401120,C2,censys,CHEAPY-HOST,Hookbot", "0", "dyingbreeds_" "2025-09-03 04:00:32", "1581004", "178.128.203.163:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-09-03 04:01:17", "100", "https://search.censys.io/hosts/178.128.203.163", "AS14061,C2,censys,DIGITALOCEAN-ASN,Mythic", "0", "dyingbreeds_" "2025-09-03 04:00:29", "1581003", "157.254.165.140:22532", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-09-03 04:01:13", "100", "https://search.censys.io/hosts/157.254.165.140", "AS399486,C2,censys,RAT,VIRTUO", "0", "dyingbreeds_" "2025-09-03 04:00:16", "1581002", "116.204.169.71:80", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "2025-09-03 04:00:56", "75", "https://search.censys.io/hosts/116.204.169.71", "AS138195,C2,censys,RAT", "0", "dyingbreeds_" "2025-09-03 04:00:14", "1581001", "120.77.206.185:8081", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-03 04:00:39", "100", "https://search.censys.io/hosts/120.77.206.185", "AS37963,C2,censys", "0", "dyingbreeds_" "2025-09-03 04:00:11", "1581000", "211.154.22.212:10003", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-03 04:00:41", "100", "https://search.censys.io/hosts/211.154.22.212", "AS146817,C2,censys", "0", "dyingbreeds_" "2025-09-03 04:00:09", "1580999", "47.92.125.106:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-03 04:00:40", "100", "https://search.censys.io/hosts/47.92.125.106", "AS37963,C2,censys", "0", "dyingbreeds_" "2025-09-03 04:00:07", "1580998", "app.xinzyun.cn", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/45.207.193.76+app.xinzyun.cn", "AS401696,C2,censys,COGNETCLOUD", "0", "dyingbreeds_" "2025-09-03 03:31:13", "1580997", "178.16.53.7:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "https://bazaar.abuse.ch/sample/7c8c576731dd13174bd9289726bc59c98fa0db27515da65d5f3434c5c2921d02/", "asyncrat", "0", "abuse_ch" "2025-09-03 03:31:12", "1580995", "178.16.53.7:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "https://bazaar.abuse.ch/sample/7c8c576731dd13174bd9289726bc59c98fa0db27515da65d5f3434c5c2921d02/", "asyncrat", "0", "abuse_ch" "2025-09-03 03:31:12", "1580996", "178.16.53.7:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "https://bazaar.abuse.ch/sample/7c8c576731dd13174bd9289726bc59c98fa0db27515da65d5f3434c5c2921d02/", "asyncrat", "0", "abuse_ch" "2025-09-03 02:51:29", "1580994", "69.67.172.235:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-03 04:51:50", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-09-03 02:49:58", "1580993", "121.89.84.19:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-03 04:50:27", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-09-03 02:49:18", "1580992", "www.fwefwefwe.xyz", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-03 04:49:41", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-09-03 00:30:46", "1580987", "e1262ef7c38685424e4b351c2c78069c4eb4e8d4", "sha1_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:46", "1580988", "07f9efd37b4c05d3075ca73644493803f856b7fa32e32766334ffd4b92e438ba", "sha256_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:46", "1580989", "c0944c21cbb428214e4c8d0263e3b8dd", "md5_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:45", "1580984", "daaf3bcb07ed875ce438c4102e5218aece12bc97", "sha1_hash", "payload", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:45", "1580985", "ff00d412bfd7b31a97892664fff8f23061d5fb27b26282803d31cafa10e393b5", "sha256_hash", "payload", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:45", "1580986", "8eaaced16a3dc1921163a1b5b85b4256", "md5_hash", "payload", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:44", "1580981", "504c6672fc4b9cfaf6d7235c8187d22924194c49", "sha1_hash", "payload", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:44", "1580982", "51d75b54018eda95c4c93e1077cd799b13231ecbae89b9f88d68f00d17a65441", "sha256_hash", "payload", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:44", "1580983", "8e6db88e44b57cf00e00a0a6398dda08", "md5_hash", "payload", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:43", "1580979", "a20e4dfb7eea3d41c5fd09918460fdfb83261bf7a22be1fe3d29a39faf9415ef", "sha256_hash", "payload", "win.rockloader", "None", "Rockloader", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:43", "1580980", "2c1c5f9cdfc9396ad231ee2b7fd16386", "md5_hash", "payload", "win.rockloader", "None", "Rockloader", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:42", "1580976", "81aaa4374132fce34696a55cac25f3ab2fcca844500f88d13e4f217cde9349ec", "sha256_hash", "payload", "win.masslogger", "None", "MASS Logger", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:42", "1580977", "e2fe41164e4633af641c8fcf8941226f", "md5_hash", "payload", "win.masslogger", "None", "MASS Logger", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:42", "1580978", "9aa4f3ab02d1ff3eb1e3cdc89c114d8290baa664", "sha1_hash", "payload", "win.rockloader", "None", "Rockloader", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:41", "1580972", "477b4503d11841fd4d916faa2a1d54dbaf0ac8c9", "sha1_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:41", "1580973", "1b114b61f4a2313dc924eb4ff2cf26fd0c66b0a4127901d5be4531f1a201928e", "sha256_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:41", "1580974", "25a62b765824226548d88291b8e1e01f", "md5_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:41", "1580975", "ce3677472dd2d6cda16f0e32d4261e908f065f98", "sha1_hash", "payload", "win.masslogger", "None", "MASS Logger", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:40", "1580969", "5bd3f35a6e6477ec60ba7f6d82fd97b4f36d9b20", "sha1_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:40", "1580970", "19b1b578a7131791d368f8ee9952aa5d24b29f4879785b2bef21293304f21623", "sha256_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:40", "1580971", "5fb4dac1085f67f4d619e1a8b065a5d1", "md5_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:39", "1580966", "51deac8ac3dda26edb011f1205297a9a184bdb8f", "sha1_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:39", "1580967", "8c459da35cc2a38d218859f9fb816013c0d33c4bdd3792a69c20beaf5609687d", "sha256_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:39", "1580968", "964d3bf175be28f49f03ebd3d8e7f65a", "md5_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:38", "1580963", "05430a93681e8465c948e9729be35b2c6d6b357f", "sha1_hash", "payload", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:38", "1580964", "7e30454bb3e83a895f105099a3d38ad4ca539804bd437052219cb4fe1de153a8", "sha256_hash", "payload", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:38", "1580965", "a1ab503d37743991c233006c4d8fa2b3", "md5_hash", "payload", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:37", "1580960", "3fbae74105ba447c35cafc9a9f94e27a7d124803", "sha1_hash", "payload", "win.lokipws", "Burkina,Loki,LokiBot,LokiPWS", "Loki Password Stealer (PWS)", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:37", "1580961", "d998bd4232ffd4b1781fff28431744bec81370200abcf9c483c87af224b5622d", "sha256_hash", "payload", "win.lokipws", "Burkina,Loki,LokiBot,LokiPWS", "Loki Password Stealer (PWS)", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:37", "1580962", "a5ff3ed3754b4cd91aa9e6adaa0960b0", "md5_hash", "payload", "win.lokipws", "Burkina,Loki,LokiBot,LokiPWS", "Loki Password Stealer (PWS)", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:36", "1580957", "adc5c5af30a094c90e859b5f1eab7a2f625d658f", "sha1_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:36", "1580958", "1f2af392cafd75426312e4862f6a1cedd40982bb0d49ca85f101fb60109b2b3f", "sha256_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:36", "1580959", "b9a7ad20034183624e9f1bd9f73c4759", "md5_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:35", "1580954", "ac71b4137285abd26b6be25b4dd468f185e06ac2", "sha1_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:35", "1580955", "cd8a36d4a80f14395a3fc5f76bdc04383afaf8dfbe0b79e743b244cd31808021", "sha256_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:35", "1580956", "abf70a72ae2170e35dc7e9b3cd8a2854", "md5_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:34", "1580950", "662a02f9f7123514dfb2607280b25cd6", "md5_hash", "payload", "win.krakenkeylogger", "None", "KrakenKeylogger", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:34", "1580951", "b0077855d5733cdfd4b441e3c375ec2f1ff5a419", "sha1_hash", "payload", "win.meterpreter", "None", "Meterpreter", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:34", "1580952", "21a9a414a0f76a93aaa20b2d9c7ffe3f48b5bca29a7c96d56cea5f105ac7afec", "sha256_hash", "payload", "win.meterpreter", "None", "Meterpreter", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:34", "1580953", "f787b6bebd23d7a93a9ff5b2af4d7b8c", "md5_hash", "payload", "win.meterpreter", "None", "Meterpreter", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:33", "1580947", "4d210a014f981caf75d9d9388126879d", "md5_hash", "payload", "win.masslogger", "None", "MASS Logger", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:33", "1580948", "dda4e280e1817700e3c8c60368be96064bd1606b", "sha1_hash", "payload", "win.krakenkeylogger", "None", "KrakenKeylogger", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:33", "1580949", "5868c11dade3d2e362682b1c5922e58c2adf30297d4c35a9fbb446401510704e", "sha256_hash", "payload", "win.krakenkeylogger", "None", "KrakenKeylogger", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:32", "1580944", "5138fc07ae7ee1bdca165f5619b7db2a", "md5_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:32", "1580945", "62313c68cdab5f3211fdefd8c7530171a9db1c41", "sha1_hash", "payload", "win.masslogger", "None", "MASS Logger", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:32", "1580946", "56c2cb8035b5ba012899b4b1e8c72736aa3fb773d2997aa2486e4833a49a225a", "sha256_hash", "payload", "win.masslogger", "None", "MASS Logger", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:31", "1580942", "beb64a09c2a467256f98285ee756598a9d04c62b", "sha1_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:31", "1580943", "64e1f83d15ab71c256ba99e2d752051295c2e5086de8816ccf113e9fafa637fc", "sha256_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:29", "1580941", "99ecf49ec2a5acd5e5a1d104ebdfa834", "md5_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:28", "1580938", "3535c60391d4d386c0704a2c7a640b6f", "md5_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:28", "1580939", "3a8d49bf108dd0a907458ed5eb50706952320181", "sha1_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:28", "1580940", "28e56de6f4c2baa3bb15a0887ed66f1e2360d7a4261362a26d91b405ab25df3a", "sha256_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:27", "1580935", "9872c21f40075cb1d6caeb033a098f17", "md5_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:27", "1580936", "f1f151bf642747aa84eb11878fafda2eb8a1f986", "sha1_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:27", "1580937", "dd24e53f878c083f08795e1482ee67c971b80b27264ea6d30adafeaaa9ae27df", "sha256_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:26", "1580932", "e3a0dfcdbfb21f01a2b9c2074d580b64", "md5_hash", "payload", "win.atlas_agent", "None", "AtlasAgent", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:26", "1580933", "415ee173ed06d34ccb47df90aa40a67df69b8356", "sha1_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:26", "1580934", "12bc2271f1028192e643c23aea3eb3d802dd24d03ece51f62db4dd0c81e7aff2", "sha256_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:25", "1580929", "ed87c351e6592048a790cd0c7e0d4f69", "md5_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:25", "1580930", "1a23cd148b9b06b7c939fec0477a02acaf7637d8", "sha1_hash", "payload", "win.atlas_agent", "None", "AtlasAgent", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:25", "1580931", "d8a9e5f8d5aadae72f01192ef172c704460a6f4c5eeff545d23d6c19327b9171", "sha256_hash", "payload", "win.atlas_agent", "None", "AtlasAgent", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:24", "1580926", "29a5f2c8e2abe8cae0d566cf9ac90d0b", "md5_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:24", "1580927", "a82ad93b44112febd6bd09ed6a69217480034478", "sha1_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:24", "1580928", "55d8ae2d11aeb76c2214d735c46917541ac04febc6b2f8ac998d1173b838b5ce", "sha256_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:23", "1580924", "940e957092f0fc754522362d72e54e4f6626b661", "sha1_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:23", "1580925", "f40b80a2809ee918dd4308317d4011a3ca87e2b92a3ab3d2fdaeef231d2e8510", "sha256_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:22", "1580921", "8edee3474c9f7d250d7e226feb5b9c4fef5d0a69", "sha1_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:22", "1580922", "b96d62f1722f493a739f3344197f48847bc0ba09b40230cf998efb615871b1d0", "sha256_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:22", "1580923", "e8356e3e187d25b0c23ee4b6710f49bc", "md5_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:21", "1580918", "0f0214cfdb2dd1a6d7281710c070bea0b97e385e", "sha1_hash", "payload", "win.atlas_agent", "None", "AtlasAgent", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:21", "1580919", "eb96ca17a4a1c2aa97dd6fb686a40cb226c49c8abec01190f1af75080a9aaa6b", "sha256_hash", "payload", "win.atlas_agent", "None", "AtlasAgent", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:21", "1580920", "44b79d19f813541cf96fde6ca705dced", "md5_hash", "payload", "win.atlas_agent", "None", "AtlasAgent", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:20", "1580915", "fd2052027f121ab73a228bd9d06d62d6e483af87", "sha1_hash", "payload", "win.atlas_agent", "None", "AtlasAgent", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:20", "1580916", "f3f0c87303fcc19aae446de0ff80560e09fdc1fc4b20b3dd442871b2544c5c7d", "sha256_hash", "payload", "win.atlas_agent", "None", "AtlasAgent", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:20", "1580917", "6b8b60c50afe632ebc65fe098bf15a45", "md5_hash", "payload", "win.atlas_agent", "None", "AtlasAgent", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:19", "1580912", "8125244b20cc2e3aebdbd29dfd3f43dddd51f59d", "sha1_hash", "payload", "win.krakenkeylogger", "None", "KrakenKeylogger", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:19", "1580913", "cbc7b8123f7ef72341952e2e1acb4b8debdb0e3df2ecfcce92eedf95e208e63d", "sha256_hash", "payload", "win.krakenkeylogger", "None", "KrakenKeylogger", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:19", "1580914", "6d06ec2cb12e034b3e2edd5034dc97f2", "md5_hash", "payload", "win.krakenkeylogger", "None", "KrakenKeylogger", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:18", "1580909", "223b4732645af4189d722cc6b19d43d30b7439e8", "sha1_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:18", "1580910", "2c7e7bf4cd14456572dd850552354b46e89d511300f5dce48561a4f347f8d4b2", "sha256_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:18", "1580911", "bd5a9b06e5be2a41526b4459d29c614b", "md5_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:17", "1580906", "ff688f1fb828ddb854cd1ffe4e169e8df7cddd59", "sha1_hash", "payload", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:17", "1580907", "a79a39c9e310d322395ed90808899ade754a8732ac2d86a747d6a01761cee186", "sha256_hash", "payload", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:17", "1580908", "cbbcf4106232cd360c79e1676ab55566", "md5_hash", "payload", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:16", "1580903", "23ab91ab0738a6db4f0ac9186a5355667cefed41", "sha1_hash", "payload", "win.webmonitor", "RevCode", "WebMonitor RAT", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:16", "1580904", "17f1957752f234a9bda043a5e2e36999a0b40aad118de4b3fe0de84c615a63df", "sha256_hash", "payload", "win.webmonitor", "RevCode", "WebMonitor RAT", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:16", "1580905", "e8ab33009ef7f35022e2df1585073680", "md5_hash", "payload", "win.webmonitor", "RevCode", "WebMonitor RAT", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:15", "1580900", "2a81745d9daa677137f7ef5972a21802020fcbc2", "sha1_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:15", "1580901", "5e088f3ae8bf2631e5aaa8de2facd537a65ef5e269924213e14ee41d94b6a446", "sha256_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:15", "1580902", "89116bf4c9a09b3f88b055187a7561df", "md5_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:14", "1580897", "72118ff603d860ef2ed7c2d68cb7946e09303d70", "sha1_hash", "payload", "win.rhadamanthys", "None", "Rhadamanthys", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:14", "1580898", "9e60dcf617abadf90bec587d1fe95bae738607beb79e27d62420a52b57fa82ef", "sha256_hash", "payload", "win.rhadamanthys", "None", "Rhadamanthys", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:14", "1580899", "1aa24ed273794d6225b1f225f01157d0", "md5_hash", "payload", "win.rhadamanthys", "None", "Rhadamanthys", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:13", "1580895", "7c59e32b06771e7a8009e4019b43791267e3e702b616fbdd3225e9c406709e40", "sha256_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:13", "1580896", "b573d230ee8ab448b50637a407878450", "md5_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:12", "1580892", "f35e8036e143bcc7acb1abdeebb971f7fd96a1ae1e8f1c3bf45a915a5262aa3f", "sha256_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:12", "1580893", "01c63dc0258eeffcaf0842cc30910249", "md5_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:12", "1580894", "9d57fb3ebd3c421a6edfefb1f8975e52ccc94721", "sha1_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:11", "1580889", "7660218fc7eda670cc4bb9f644231117b386b890dbceef4c44b449c67decf1e3", "sha256_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:11", "1580890", "3816b16ef7840893ebc9e0e12fb053ff", "md5_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:11", "1580891", "b2f0ea771a65e1cbcb4556657d09caa4dbd15432", "sha1_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:10", "1580886", "b7406ca9aa55a1047b23901fb2116d3c8879c8fff565e729628d9d151e72621e", "sha256_hash", "payload", "win.rhadamanthys", "None", "Rhadamanthys", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:10", "1580887", "ac457bb60b219160020f43da79240b9c", "md5_hash", "payload", "win.rhadamanthys", "None", "Rhadamanthys", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:10", "1580888", "6f9030de2daa0fdff2101e341d4bd86e3f55911e", "sha1_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:09", "1580884", "5604f76335a012c03db71f13736c73f1", "md5_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:09", "1580885", "05d9696a294373bd5cab13b1247e7e5609ee75af", "sha1_hash", "payload", "win.rhadamanthys", "None", "Rhadamanthys", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:08", "1580882", "43a3b3057eb8a8852db48f9570ff5426f4dbe246", "sha1_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:08", "1580883", "419682a3e653941c5055aaf76a7df0bda437a65db7ffccb18534aa8639a92787", "sha256_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:07", "1580879", "b10bebfae22065a26bb9d2000f6717a877e606af", "sha1_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:07", "1580880", "8b081afc4305a7731e4f1e4c12ebd1fe5c3ffe0d667923aaaf19731c62600ba4", "sha256_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:07", "1580881", "38890812a8d58746038c4f6b625c0493", "md5_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:06", "1580877", "eda24d00ccb349b411c67f24d53a9499d890a4467184be6d8b7014d1612feb38", "sha256_hash", "payload", "win.rhadamanthys", "None", "Rhadamanthys", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:06", "1580878", "e63c0b4a6ba69da4b18179ba1d31dd9b", "md5_hash", "payload", "win.rhadamanthys", "None", "Rhadamanthys", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:05", "1580875", "ef5088d93780cc4b4c5c7224f2160761", "md5_hash", "payload", "win.masslogger", "None", "MASS Logger", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:05", "1580876", "131604d7fa84ed2a9e3fbd10fd151022763f3300", "sha1_hash", "payload", "win.rhadamanthys", "None", "Rhadamanthys", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:04", "1580873", "b700f0d0b4d7c016d08f7b4f50c884b4612485f7", "sha1_hash", "payload", "win.masslogger", "None", "MASS Logger", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:04", "1580874", "819524e650df7f7050d41834f4a30b370e50d99add64ace080c2b57df5ba1997", "sha256_hash", "payload", "win.masslogger", "None", "MASS Logger", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:03", "1580871", "af9fecbef5a9cb1f1fdf251ae5d160190c8aece381d6dea27293e40b2d7aadbc", "sha256_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:03", "1580872", "b72b78c537ca841b7b5b1bb3e99f3120", "md5_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:02", "1580870", "2eb66fa8c5c097d9244f90121a920d3ef725e8f1", "sha1_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:01", "1580867", "5b029927581996dbc2f4f2525d5545154f65cf90", "sha1_hash", "payload", "win.amadey", "None", "Amadey", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:01", "1580868", "bac1c55734deb634a60fd375eb28545a6ec0de446ef587c122d35e3bfa187b21", "sha256_hash", "payload", "win.amadey", "None", "Amadey", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:01", "1580869", "c39225069d0bc783f074f433a29c6c65", "md5_hash", "payload", "win.amadey", "None", "Amadey", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:00", "1580864", "d70c1b8373887df80f3652654895c5dfa0c14436", "sha1_hash", "payload", "win.rhadamanthys", "None", "Rhadamanthys", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:00", "1580865", "32cfff30d6ed1f3395b8ffbc8319fad8723f71547364a6cde2faddb2b80b5b1d", "sha256_hash", "payload", "win.rhadamanthys", "None", "Rhadamanthys", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:30:00", "1580866", "668c2b45ab7e74d36a514290599088eb", "md5_hash", "payload", "win.rhadamanthys", "None", "Rhadamanthys", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:59", "1580861", "78c4152318a776ecd3278d1915287eeec891b87f", "sha1_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:59", "1580862", "113138bc20beb3622e945f91d907f7ba942f49a5debf19bd6bed394fdb053533", "sha256_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:59", "1580863", "23f326cc3cc8f93fe07f021b8055cada", "md5_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:58", "1580857", "34c1ae60f21566f3d8491d011e802b3b", "md5_hash", "payload", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:58", "1580858", "6aa7faba4907b5d756bb32425d7f22990f5c4dfb", "sha1_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:58", "1580859", "70edef5a9165f8776f6bde6c60108c0bbcc33e7d10e07d16024bfedf70ec008b", "sha256_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:58", "1580860", "1b094f384d614828a244f167887daebb", "md5_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:57", "1580854", "ecf84f909230a1913ae3807f6e1b18ba", "md5_hash", "payload", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:57", "1580855", "baa472bcb0673683571e4e86fec9ba917a8d2fda", "sha1_hash", "payload", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:57", "1580856", "ab944f7cb219427b232b32926ac1e7689dcf9eefb6253235bad5c7d541b53ef9", "sha256_hash", "payload", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:56", "1580851", "9510b61cc3bfe86e63e4c56cc280cb40", "md5_hash", "payload", "win.resolver_rat", "PureHVNC,ResolverRAT", "PureRAT", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:56", "1580852", "3862125d4db019e81549aeb6c961861c519836a3", "sha1_hash", "payload", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:56", "1580853", "a4bb5616ecb06dcf4916e9cc5bcf5763bdea28c85b8bf1853c615f5621b11798", "sha256_hash", "payload", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:55", "1580848", "b3b2abde8e4ad332632ba28bc12f6902", "md5_hash", "payload", "win.masslogger", "None", "MASS Logger", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:55", "1580849", "5937f09acdfa2600f3472426d0f614028edc948a", "sha1_hash", "payload", "win.resolver_rat", "PureHVNC,ResolverRAT", "PureRAT", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:55", "1580850", "1f9da49f62360d200940ac5abe3936e48f46ec727873c4f13e41fe1a583381a7", "sha256_hash", "payload", "win.resolver_rat", "PureHVNC,ResolverRAT", "PureRAT", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:54", "1580844", "805e59d142a1b2539d79732417912388b5ceb70cedee8f736d755705c9ae977a", "sha256_hash", "payload", "win.krakenkeylogger", "None", "KrakenKeylogger", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:54", "1580845", "9ab8e3a68c24df41fd958e7793a28fd6", "md5_hash", "payload", "win.krakenkeylogger", "None", "KrakenKeylogger", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:54", "1580846", "ae5386e137b2f918f85ccc7b2ed3b657003ca728", "sha1_hash", "payload", "win.masslogger", "None", "MASS Logger", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:54", "1580847", "bd1c7fec482e5cae6c29f196953329ee39b3481542738f0b1395392fb9c3ee52", "sha256_hash", "payload", "win.masslogger", "None", "MASS Logger", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:53", "1580841", "0ef28af627a20a5be581f8dc7bff948415a909ad482ed18fdc4554902d20091f", "sha256_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:53", "1580842", "663d30a54411f2a62913cea966350890", "md5_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:53", "1580843", "32753a6bcbbc6af18b7699fbe9b6b6eb1ab9b33a", "sha1_hash", "payload", "win.krakenkeylogger", "None", "KrakenKeylogger", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:52", "1580837", "886879dadbefe959ffac1f047f2293ab22919272", "sha1_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:52", "1580838", "5a30c4e68c8a9e2fa23d7176efd9f712624fb375d443c25b8829dd307e8b030d", "sha256_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:52", "1580839", "b98984d3f003a61ac340a633c5944558", "md5_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:52", "1580840", "931e019d94a3380ec952c2281ebf4871bc1d2de8", "sha1_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:51", "1580834", "05a3ea1b476aad6efc5f71c1a7baf9d1aae5c6e0", "sha1_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:51", "1580835", "68ef29d9bd6e88b4fda357fa69b156376a0a611d287e909285bebbc0d6afc059", "sha256_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:51", "1580836", "1206bd5b26944d2eaa4eb51d0bafecd2", "md5_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:50", "1580831", "4df300c497c7ccd947a90a66bbcdb61c26d50e59", "sha1_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:50", "1580832", "49da12598beb3901e854a2c105e7e31d820db9b1f8becf581043fe4c30b1d589", "sha256_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:50", "1580833", "5af7b89ff75c926b50733991b59ffdf0", "md5_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:49", "1580827", "c81227e7291a7636a6750961346e26d1", "md5_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:49", "1580828", "9444df58e20199876eee39d2d444a338e79fa850", "sha1_hash", "payload", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:49", "1580829", "3cc0955e9da17fac13c75e337c50a26cc19edf218c049a51de8ca8a9342457d9", "sha256_hash", "payload", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:49", "1580830", "c1ab4d1b99d162526543bc4a63558c34", "md5_hash", "payload", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:48", "1580824", "03ff2601e3834d7780ade0d386ac2180", "md5_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:48", "1580825", "6da5aefa4c60b5a2027bffa23e66c997baa3a6e9", "sha1_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:48", "1580826", "4df0ed007f7b8dbb52f37facd1bef7638fc216804045167f2af37b32c68a2d71", "sha256_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:47", "1580821", "c983e6e36a65b8b4b95798e1c15cd4e6", "md5_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:47", "1580822", "bff2275baefb29ebccc085ef8a05ccffdedf6605", "sha1_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:47", "1580823", "cad1738a30123d36693ddb0531b3b0ac14d8f9eb577609b25905ab28c4e9a3eb", "sha256_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:46", "1580817", "bee53e45ad0bfd77218b9a515d9ce3bb2fc5675dc72458382867162d8482ac0f", "sha256_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:46", "1580818", "422a57550e6f5a39192eda1dcd6f4f4a", "md5_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:46", "1580819", "ca404ca9970d63cc8dd0fb4f0fbe8efff6bd8ad7", "sha1_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:46", "1580820", "e2c2cbcbc9e46e5be703a25776c6174e45a6a3843b1eb7b80d0d480ad2024c01", "sha256_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:45", "1580814", "e0fa3625c59ff00307dfa141f26a359cb20e1bf2bb1ffe2e93660294be9bfa8c", "sha256_hash", "payload", "win.lokipws", "Burkina,Loki,LokiBot,LokiPWS", "Loki Password Stealer (PWS)", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:45", "1580815", "cd51afc26316e8827fdad3808f4074bb", "md5_hash", "payload", "win.lokipws", "Burkina,Loki,LokiBot,LokiPWS", "Loki Password Stealer (PWS)", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:45", "1580816", "29ae2f53dd6b209bc8c900d1671e4e8de7114d69", "sha1_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:44", "1580810", "3cf51daa254c8867bec8dbe5ef3f87d9845152fc", "sha1_hash", "payload", "win.peddlecheap", "None", "PeddleCheap", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:44", "1580811", "420467d33863bad8c6b5ae5f84c4677c12d67fe3d3ae0ca2cb96f489a800665f", "sha256_hash", "payload", "win.peddlecheap", "None", "PeddleCheap", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:44", "1580812", "09ccd47823e73247e9c3d27e6da43843", "md5_hash", "payload", "win.peddlecheap", "None", "PeddleCheap", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:44", "1580813", "3221ea6b805fcb4557ca47c93609ef2738fcc4c8", "sha1_hash", "payload", "win.lokipws", "Burkina,Loki,LokiBot,LokiPWS", "Loki Password Stealer (PWS)", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:43", "1580807", "ec5f9648c7c2320b398d0bbf1b4e2a102d7972fc", "sha1_hash", "payload", "win.valley_rat", "Winos", "ValleyRAT", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:43", "1580808", "7fd0dcab090cc3010a5cd6d1be51d3fb1f7c50324ef7b35f36d0f149ab320899", "sha256_hash", "payload", "win.valley_rat", "Winos", "ValleyRAT", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:43", "1580809", "630d558a0b6f63df9367509669a22324", "md5_hash", "payload", "win.valley_rat", "Winos", "ValleyRAT", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:42", "1580804", "14c85fa9d5ad623631cd651acd54f4e401b06366", "sha1_hash", "payload", "win.valley_rat", "Winos", "ValleyRAT", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:42", "1580805", "6e077a0d195558a6dbe2f78349db94ccddff1513a92288b9a1408256267560e7", "sha256_hash", "payload", "win.valley_rat", "Winos", "ValleyRAT", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:42", "1580806", "9b00a91fa8823791e46ceaf8a19ac41d", "md5_hash", "payload", "win.valley_rat", "Winos", "ValleyRAT", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:41", "1580801", "e0a253ff1998a46a447f1a592d510b980c2d5872", "sha1_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:41", "1580802", "0d7b3d3a1a2257f09d90175a220ac804bbe48c1377bfbbe55b66440bb2728b39", "sha256_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:41", "1580803", "61f2e4469175bc0313559a4735e6c300", "md5_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:40", "1580797", "20b4d6b7fcd0ca6f3aad15c01f622903", "md5_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:40", "1580798", "8aaa16ec5ac8fb682569e1e7713e8be9acc86755", "sha1_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:40", "1580799", "e0059f8d6dfbf7bdddd47912c517a90d0c848ceb474445e920754ddb3119e902", "sha256_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:40", "1580800", "602243aada825c072763e9ac5465cc09", "md5_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:39", "1580794", "bb44a39a862c20e9e0909f1c993a81ee", "md5_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:39", "1580795", "5bcb655ebe3f48d6463b3b9f08dd9684289e5181", "sha1_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:39", "1580796", "e59f8ad1238df3f4da6140834e44391806267bd15b1b6d14efdfaa131b35da09", "sha256_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:38", "1580791", "5c292eb365fcb7797394a9336424b8b0", "md5_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:38", "1580792", "81cc63b18e89590d1a0ff5b5bf2ac3a0f800a185", "sha1_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:38", "1580793", "cc4f4e1466183b11cfda923915e34cfd338cbf87a656d911120ceb784846d334", "sha256_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:37", "1580787", "22b65434503731629f03a1dd8796a0156f54f8aaabc0a31be33ca3193dfcc7c0", "sha256_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:37", "1580788", "d2c3aefaaee2d411804aa0c7db527ab4", "md5_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:37", "1580789", "14b4a90b6dfaf656b5382353da35330be884a76d", "sha1_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:37", "1580790", "be47b60d0203fbf8aac0aabee21f7aa2e90ca5d17363576c3ee9b1d6efd63f14", "sha256_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:36", "1580784", "3327c66297fef40ab4c8fc527d4100069b01ac665e45bd2683dca2528e915f03", "sha256_hash", "payload", "win.strelastealer", "None", "StrelaStealer", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:36", "1580785", "b84b137b62d19d9020f55615dfa8b320", "md5_hash", "payload", "win.strelastealer", "None", "StrelaStealer", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:36", "1580786", "15db8f6f375259964547f10eb492683478748b46", "sha1_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:35", "1580781", "8727308a32fe5bc544074066b76ff9ffd8b47d49c387bf23a471f51c068c7f58", "sha256_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:35", "1580782", "cdf4a2737fa4555658befb077d941b70", "md5_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:35", "1580783", "2f0fcd356817d449d9896ac0e5dc5a1be0be0b19", "sha1_hash", "payload", "win.strelastealer", "None", "StrelaStealer", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:34", "1580779", "8141913d4e30312bb3388c9d991064a9", "md5_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:34", "1580780", "41469cc035336c6593ae3dd6049a474ce2444007", "sha1_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:33", "1580777", "b17574f674953ca24db6183c90c7c3826ccb1701", "sha1_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:29:33", "1580778", "cf51d6c002f3888d63d0acc98231e21468f96bb68264f05c2014e3a9e588e6f0", "sha256_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-09-03 00:01:37", "1580776", "r.messager.my", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2025-09-03 04:01:07", "100", "https://search.censys.io/hosts/185.161.209.117+r.messager.my", "AS42159,censys,DELTAHOST-AS,EvilGinx,panel,Phishing", "0", "DonPasci" "2025-09-03 00:01:27", "1580775", "198.55.98.77:1911", "ip:port", "botnet_cc", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "100", "https://search.censys.io/hosts/198.55.98.77", "AS214940,C2,censys,KPRONET,redline,stealer", "0", "DonPasci" "2025-09-03 00:01:24", "1580774", "www.landownerdozenguard.com", "domain", "botnet_cc", "win.venom", "None", "Venom RAT", "", "100", "https://search.censys.io/hosts/185.208.158.155+www.landownerdozenguard.com", "AS42624,C2,censys,RAT,SWISSNETWORK02,Venom", "0", "DonPasci" "2025-09-03 00:01:22", "1580773", "44.244.111.160:80", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-09-03 04:00:38", "100", "https://search.censys.io/hosts/44.244.111.160", "AMAZON-02,AS16509,C2,censys,Havoc", "0", "DonPasci" "2025-09-03 00:01:14", "1580771", "109.199.98.37:8888", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-09-03 04:00:27", "100", "https://search.censys.io/hosts/109.199.98.37", "AS51167,AsyncRAT,C2,censys,CONTABO,RAT", "0", "DonPasci" "2025-09-03 00:01:14", "1580772", "45.141.215.69:4444", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-09-03 04:00:28", "100", "https://search.censys.io/hosts/45.141.215.69", "AS210558,AsyncRAT,C2,censys,RAT,SERVICES-1337-GMBH", "0", "DonPasci" "2025-09-03 00:01:03", "1580770", "49.234.26.82:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-09-03 04:00:22", "100", "https://search.censys.io/hosts/49.234.26.82", "AS45090,C2,censys,Sliver,TENCENT-NET-AP", "0", "DonPasci" "2025-09-03 00:00:40", "1580769", "107.148.52.35:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-03 04:00:10", "100", "https://search.censys.io/hosts/107.148.52.35", "AS398478,C2,censys,CobaltStrike,cs-watermark-666666666,PEG-HK", "0", "DonPasci" "2025-09-02 23:25:40", "1580768", "147.124.195.98:7000", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "XWorm", "0", "abuse_ch" "2025-09-02 23:25:36", "1580767", "216.9.224.169:2090", "ip:port", "botnet_cc", "win.purelogs", "None", "PureLogs Stealer", "", "100", "None", "PureLogsStealer", "0", "abuse_ch" "2025-09-02 23:25:34", "1580766", "191.96.224.156:100", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "XWorm", "0", "abuse_ch" "2025-09-02 23:25:30", "1580765", "147.185.221.31:29739", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "XWorm", "0", "abuse_ch" "2025-09-02 23:25:25", "1580764", "185.163.204.202:45000", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "XWorm", "0", "abuse_ch" "2025-09-02 23:25:23", "1580763", "107.172.172.225:6542", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "XWorm", "0", "abuse_ch" "2025-09-02 23:25:18", "1580762", "156.254.21.146:8088", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "None", "RAT,ValleyRAT", "0", "abuse_ch" "2025-09-02 22:51:22", "1580758", "43.139.65.13:5557", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-03 04:51:22", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-09-02 21:05:06", "1580755", "http://newhousepanel.info/too/five/fre.php", "url", "botnet_cc", "win.lokipws", "Burkina,Loki,LokiBot,LokiPWS", "Loki Password Stealer (PWS)", "", "100", "None", "Loki", "0", "abuse_ch" "2025-09-02 20:49:27", "1580753", "92.161.137.94:4443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-09-03 04:49:08", "75", "None", "drb-ra,Havoc", "0", "abuse_ch" "2025-09-02 20:47:27", "1580752", "39.40.153.104:995", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "2025-09-03 04:47:20", "75", "None", "drb-ra,Qakbot,Qbot,Quakbot", "0", "abuse_ch" "2025-09-02 20:46:12", "1580751", "197.0.85.219:443", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "2025-09-03 04:46:07", "75", "None", "drb-ra,Qakbot,Qbot,Quakbot", "0", "abuse_ch" "2025-09-02 20:43:37", "1580750", "116.26.10.18:36122", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-09-03 04:43:33", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-09-02 20:43:33", "1580749", "112.93.133.97:23293", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-09-03 04:43:30", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-09-02 20:43:20", "1580748", "106.55.104.79:60000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-09-03 04:43:18", "75", "None", "drb-ra,RAT", "0", "abuse_ch" "2025-09-02 20:30:14", "1580747", "loe.jujosuu4.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-03 05:18:05", "100", "None", "clearfake", "1", "ttakvam" "2025-09-02 20:05:09", "1580743", "162.243.204.23:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "AsyncRAT,RAT", "0", "abuse_ch" "2025-09-02 20:01:40", "1580742", "118.184.187.173:47486", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "2025-09-03 04:43:36", "100", "https://search.censys.io/hosts/118.184.187.173", "AS138950,censys,Chaos,CHINATELECOM-JIANGSU-WUXI-INTERNATIONAL-IDC,panel", "0", "DonPasci" "2025-09-02 20:01:27", "1580741", "46.246.82.12:1963", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2025-09-03 04:00:41", "100", "https://search.censys.io/hosts/46.246.82.12", "AS42708,C2,censys,DcRAT,GLESYS,RAT", "0", "DonPasci" "2025-09-02 20:01:25", "1580740", "107.191.60.202:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-09-03 04:43:23", "100", "https://search.censys.io/hosts/107.191.60.202", "AS-VULTR,AS20473,C2,censys,Havoc", "0", "DonPasci" "2025-09-02 20:01:24", "1580739", "107.191.60.202:80", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-09-03 04:43:23", "100", "https://search.censys.io/hosts/107.191.60.202", "AS-VULTR,AS20473,C2,censys,Havoc", "0", "DonPasci" "2025-09-02 20:01:22", "1580738", "196.251.85.187:8089", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "2025-09-03 04:00:34", "100", "https://search.censys.io/hosts/196.251.85.187", "AS401120,C2,censys,CHEAPY-HOST,Hookbot", "0", "DonPasci" "2025-09-02 20:01:21", "1580737", "185.196.10.243:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-09-03 04:45:26", "100", "https://search.censys.io/hosts/185.196.10.243", "AS42624,C2,censys,Mythic,SWISSNETWORK02", "0", "DonPasci" "2025-09-02 20:01:15", "1580736", "84.200.73.108:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-09-03 04:00:28", "100", "https://search.censys.io/hosts/84.200.73.108", "AS44066,AsyncRAT,C2,censys,DE-FIRSTCOLO,RAT", "0", "DonPasci" "2025-09-02 20:01:14", "1580733", "45.141.215.69:888", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-09-03 04:47:34", "100", "https://search.censys.io/hosts/45.141.215.69", "AS210558,AsyncRAT,C2,censys,RAT,SERVICES-1337-GMBH", "0", "DonPasci" "2025-09-02 20:01:14", "1580734", "217.160.241.22:1231", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-09-03 04:00:27", "100", "https://search.censys.io/hosts/217.160.241.22", "AS8560,AsyncRAT,C2,censys,IONOS-AS,RAT", "0", "DonPasci" "2025-09-02 20:01:14", "1580735", "186.190.211.108:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-09-03 04:00:28", "100", "https://search.censys.io/hosts/186.190.211.108", "AS-GLOBALTELEHOST,AS63023,AsyncRAT,C2,censys,RAT", "0", "DonPasci" "2025-09-02 20:01:12", "1580732", "103.241.74.160:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-09-03 04:00:26", "100", "https://search.censys.io/hosts/103.241.74.160", "AS152194,C2,censys,CTGSERVERLIMITED-AS-AP,Supershell", "0", "DonPasci" "2025-09-02 20:01:02", "1580731", "212.192.221.76:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-09-03 04:00:22", "100", "https://search.censys.io/hosts/212.192.221.76", "AS26383,ASNET,C2,censys,Sliver", "0", "DonPasci" "2025-09-02 20:00:58", "1580730", "216.9.224.34:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/216.9.224.34", "AS44382,C2,censys,RAT,Remcos,WHITELABEL", "0", "DonPasci" "2025-09-02 20:00:55", "1580729", "134.122.189.163:443", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "2025-09-03 04:00:17", "100", "https://search.censys.io/hosts/134.122.189.163", "AS152194,C2,censys,CTGSERVERLIMITED-AS-AP,Gh0st,RAT", "0", "DonPasci" "2025-09-02 20:00:54", "1580728", "103.176.197.131:14994", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "2025-09-03 04:00:16", "100", "https://search.censys.io/hosts/103.176.197.131", "AS152156,C2,censys,Gh0st,NARUTO-AS-HK,RAT", "0", "DonPasci" "2025-09-02 20:00:44", "1580727", "178.16.52.81:443", "ip:port", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2025-09-02 20:02:00", "100", "https://search.censys.io/hosts/178.16.52.81", "AS209800,C2,censys,Latrodectus,METASPINNER-ASN", "0", "DonPasci" "2025-09-02 20:00:37", "1580726", "45.86.153.106:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-03 04:00:10", "100", "https://search.censys.io/hosts/45.86.153.106", "AS200950,C2,CALIBOURNETWORK,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-09-02 19:22:00", "1580725", "ewg.jujosuu4.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-02 20:26:32", "100", "None", "clearfake", "1", "ttakvam" "2025-09-02 18:52:55", "1580723", "47.236.159.248:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-03 04:51:39", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-09-02 18:50:45", "1580721", "ns2.microoosoft.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-03 04:49:35", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-09-02 18:50:42", "1580720", "ns1.microoosoft.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-03 04:49:33", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-09-02 18:39:17", "1580719", "http://45.153.34.30/dad3a40e52e74806.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "https://tria.ge/250902-qa6lgswsfs", "c2,stealc,stealer,triage", "0", "DonPasci" "2025-09-02 18:08:29", "1580717", "crisp.cucy.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "", "clearfake", "1", "ttakvam" "2025-09-02 18:05:17", "1580716", "http://a1163876.xsph.ru/588d5684.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat,RAT", "0", "abuse_ch" "2025-09-02 18:02:26", "1580715", "47.98.240.25:1234", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "https://tria.ge/250902-shd8badm51", "AS37963,C2,rat,triage,valleyrat", "0", "DonPasci" "2025-09-02 18:01:59", "1580714", "http://45.153.34.30", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "https://tria.ge/250902-qa6lgswsfs", "AS51396,C2,stealc,stealer,triage", "0", "DonPasci" "2025-09-02 18:01:54", "1580713", "46.4.27.174:16639", "ip:port", "botnet_cc", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "100", "https://tria.ge/250902-smaexsxxf1", "AS24940,C2,RedLine,RedlineStealer,stealer,triage", "0", "DonPasci" "2025-09-02 18:01:13", "1580711", "134.19.178.162:5700", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://tria.ge/250902-sf9lfasqv8", "AS49453,C2,GLOBALLAYER,quasar,rat,triage", "0", "DonPasci" "2025-09-02 18:01:13", "1580712", "manual-terminology.gl.at.ply.gg", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://tria.ge/250902-q8yzaswycx", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2025-09-02 18:00:47", "1580709", "click-constraints.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250902-sj38tssq19", "C2,domain,triage,xworm", "0", "DonPasci" "2025-09-02 18:00:47", "1580710", "fund-eyes.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250902-pc4z1aam6w", "C2,domain,triage,xworm", "0", "DonPasci" "2025-09-02 18:00:46", "1580707", "change-america.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250902-sqr45sxygz", "C2,domain,triage,xworm", "0", "DonPasci" "2025-09-02 18:00:46", "1580708", "brand-courses.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250902-sj38tssq19", "C2,domain,triage,xworm", "0", "DonPasci" "2025-09-02 18:00:45", "1580706", "193.233.171.27:5555", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250902-twamqafl9w", "AS215590,C2,triage,xworm", "0", "DonPasci" "2025-09-02 18:00:44", "1580705", "193.233.171.27:4444", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250902-vbf5fayyhw", "AS215590,C2,triage,xworm", "0", "DonPasci" "2025-09-02 17:37:49", "1580696", "dfm.qacacoe3.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-02 16:22:58", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-02 17:37:49", "1580697", "ashigaruwallet.rs", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix", "0", "HuntYethHounds" "2025-09-02 17:37:49", "1580699", "kwk.burydyu0.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-02 16:53:16", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-02 17:37:48", "1580700", "91.212.166.160:443", "ip:port", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "pitachu" "2025-09-02 17:37:48", "1580701", "load.granivit.hu", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2025-09-03 05:10:26", "100", "", "None", "0", "pitachu" "2025-09-02 17:37:48", "1580702", "5.75.210.165:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "50", "", "None", "0", "pitachu" "2025-09-02 17:37:47", "1580704", "zip.sewumoa.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-02 17:22:35", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-02 17:10:26", "1580703", "https://load.granivit.hu", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2025-09-03 05:10:26", "75", "None", "gtt/9,Vidar", "0", "abuse_ch" "2025-09-02 16:35:20", "1580698", "http://a1165370.xsph.ru/ee3f5b4f.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat,RAT", "0", "abuse_ch" "2025-09-02 16:02:19", "1580695", "118.184.187.174:47486", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "2025-09-03 04:43:36", "100", "https://search.censys.io/hosts/118.184.187.174", "AS138950,censys,Chaos,CHINATELECOM-JIANGSU-WUXI-INTERNATIONAL-IDC,panel", "0", "DonPasci" "2025-09-02 16:02:16", "1580694", "118.184.187.163:47486", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "2025-09-03 04:43:35", "100", "https://search.censys.io/hosts/118.184.187.163", "AS138950,censys,Chaos,CHINATELECOM-JIANGSU-WUXI-INTERNATIONAL-IDC,panel", "0", "DonPasci" "2025-09-02 16:02:11", "1580693", "kws4.messager.my", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2025-09-03 04:01:06", "100", "https://search.censys.io/hosts/185.161.209.117+kws4.messager.my", "AS42159,censys,DELTAHOST-AS,EvilGinx,panel,Phishing", "0", "DonPasci" "2025-09-02 16:01:56", "1580692", "18.181.96.254:1135", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-09-03 04:45:08", "100", "https://search.censys.io/hosts/18.181.96.254", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-09-02 16:01:50", "1580691", "206.189.80.194:80", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-09-03 04:46:31", "100", "https://search.censys.io/hosts/206.189.80.194", "AS14061,C2,censys,DIGITALOCEAN-ASN,Havoc", "0", "DonPasci" "2025-09-02 16:01:46", "1580690", "63.178.148.142:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-09-03 04:48:24", "100", "https://search.censys.io/hosts/63.178.148.142", "AMAZON-02,AS16509,C2,censys,Havoc", "0", "DonPasci" "2025-09-02 16:01:42", "1580689", "ec2-63-178-148-142.eu-central-1.compute.amazonaws.com", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-09-03 04:00:37", "100", "https://search.censys.io/hosts/63.178.148.142+ec2-63-178-148-142.eu-central-1.compute.amazonaws.com", "AMAZON-02,AS16509,C2,censys,Havoc", "0", "DonPasci" "2025-09-02 16:01:36", "1580688", "91.198.77.151:80", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "2025-09-03 04:49:05", "100", "https://search.censys.io/hosts/91.198.77.151", "AS211895,C2,censys,Hookbot,SERVERIUS-USERS-AS", "0", "DonPasci" "2025-09-02 16:01:26", "1580687", "45.74.8.89:1001", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-09-03 04:47:41", "100", "https://search.censys.io/hosts/45.74.8.89", "AS3223,AsyncRAT,C2,censys,RAT,VOXILITY", "0", "DonPasci" "2025-09-02 16:01:06", "1580686", "134.122.189.174:443", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "2025-09-03 04:00:17", "100", "https://search.censys.io/hosts/134.122.189.174", "AS152194,C2,censys,CTGSERVERLIMITED-AS-AP,Gh0st,RAT", "0", "DonPasci" "2025-09-02 16:00:45", "1580685", "23.95.227.215:56874", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-03 04:51:08", "100", "https://search.censys.io/hosts/23.95.227.215", "AS-COLOCROSSING,AS36352,C2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci" "2025-09-02 15:55:30", "1580684", "up.xonulee9.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-02 15:53:15", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-02 15:48:35", "1580682", "auf.nelypuu5.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-02 15:23:27", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-02 15:48:34", "1580683", "196.251.85.246:3778", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "None", "Mirai", "0", "elfdigest" "2025-09-02 15:15:10", "1580681", "161.97.68.73:3329", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "AsyncRAT,RAT", "0", "abuse_ch" "2025-09-02 15:04:03", "1580673", "45.159.248.167:443", "ip:port", "botnet_cc", "win.acr_stealer", "None", "ACR Stealer", "", "100", "https://bazaar.abuse.ch/browse/tag/ACRStealer/", "ACRStealer", "0", "aachum" "2025-09-02 15:04:00", "1580672", "wb.kesogio6.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-02 14:22:15", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-02 15:03:59", "1580674", "95.164.69.234:443", "ip:port", "botnet_cc", "win.acr_stealer", "None", "ACR Stealer", "", "100", "https://bazaar.abuse.ch/browse/tag/ACRStealer/", "ACRStealer", "0", "aachum" "2025-09-02 15:03:59", "1580675", "77.91.123.244:443", "ip:port", "botnet_cc", "win.acr_stealer", "None", "ACR Stealer", "", "100", "https://bazaar.abuse.ch/browse/tag/ACRStealer/", "ACRStealer", "0", "aachum" "2025-09-02 15:03:58", "1580676", "45.144.29.250:443", "ip:port", "botnet_cc", "win.acr_stealer", "None", "ACR Stealer", "", "100", "https://bazaar.abuse.ch/browse/tag/ACRStealer/", "ACRStealer", "0", "aachum" "2025-09-02 15:03:57", "1580677", "95.164.69.191:443", "ip:port", "botnet_cc", "win.acr_stealer", "None", "ACR Stealer", "", "100", "https://bazaar.abuse.ch/browse/tag/ACRStealer/", "ACRStealer", "0", "aachum" "2025-09-02 15:03:57", "1580678", "185.214.74.93:443", "ip:port", "botnet_cc", "win.acr_stealer", "None", "ACR Stealer", "", "100", "https://bazaar.abuse.ch/browse/tag/ACRStealer/", "ACRStealer", "0", "aachum" "2025-09-02 15:03:57", "1580679", "87.120.219.212:443", "ip:port", "botnet_cc", "win.acr_stealer", "None", "ACR Stealer", "", "100", "https://bazaar.abuse.ch/browse/tag/ACRStealer/", "ACRStealer", "0", "aachum" "2025-09-02 15:03:56", "1580680", "szh.saqehyo1.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-02 14:53:12", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-02 14:16:56", "1580671", "185.222.58.49:465", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-09-03 04:45:31", "75", "https://bazaar.abuse.ch/sample/809ecfe0d5639158fd1626f4bf2c4c3629a64e012f95f7a08d1b6b0c8a65508e/", "remcos", "0", "abuse_ch" "2025-09-02 14:00:21", "1580670", "196.251.83.209:9003", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "AsyncRAT,RAT", "0", "abuse_ch" "2025-09-02 13:57:21", "1580579", "wv.safofoe5.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-02 11:23:04", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-02 13:57:20", "1580580", "mu.nelypuu5.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-02 11:52:10", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-02 13:57:20", "1580592", "https://vcsinfo.com/4r6y.js", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "2025-09-02 13:10:58", "100", "https://infosec.exchange/@monitorsg/115134623718155960", "KongTuke", "0", "monitorsg" "2025-09-02 13:57:19", "1580593", "vcsinfo.com", "domain", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "2025-09-02 13:11:01", "100", "https://infosec.exchange/@monitorsg/115134623718155960", "KongTuke", "0", "monitorsg" "2025-09-02 13:57:19", "1580594", "https://vcsinfo.com/js.php", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "2025-09-02 13:11:00", "100", "https://infosec.exchange/@monitorsg/115134623718155960", "KongTuke", "0", "monitorsg" "2025-09-02 13:57:19", "1580595", "https://info-2go.com/ajax/pixi.min.js", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://infosec.exchange/@monitorsg/115134631148960678", "SmartApeSG", "0", "monitorsg" "2025-09-02 13:57:19", "1580596", "info-2go.com", "domain", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://infosec.exchange/@monitorsg/115134631148960678", "SmartApeSG", "0", "monitorsg" "2025-09-02 13:57:18", "1580597", "https://wood-simple.com/res/dampthere", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://infosec.exchange/@monitorsg/115134631148960678", "SmartApeSG", "0", "monitorsg" "2025-09-02 13:57:18", "1580599", "https://wood-simple.com/drip.sym", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://infosec.exchange/@monitorsg/115134631148960678", "SmartApeSG", "0", "monitorsg" "2025-09-02 13:57:17", "1580598", "wood-simple.com", "domain", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-09-02 12:11:01", "100", "https://infosec.exchange/@monitorsg/115134631148960678", "SmartApeSG", "0", "monitorsg" "2025-09-02 13:57:16", "1580600", "https://wood-simple.com/assets/img/1957b95c3.res", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://infosec.exchange/@monitorsg/115134631148960678", "SmartApeSG", "0", "monitorsg" "2025-09-02 13:57:16", "1580602", "45.156.87.14:8213", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://www.vmray.com/analyses/_vt/b4fd170f2d56/report/overview.html", "c2,Rhadamanthys,stealer", "0", "eternal" "2025-09-02 13:57:16", "1580603", "yh.qacacoe3.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-02 12:52:36", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-02 13:57:15", "1580665", "uq.xexykuo2.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-02 13:52:14", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-02 13:57:14", "1580624", "alv.lotegeo7.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-02 13:22:28", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-02 13:57:13", "1580666", "https://samples.salondeguitaredemontreal.com/pixel.png", "url", "botnet_cc", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "", "100", "None", "fakeupdates,SocGholish", "0", "pancak3lullz" "2025-09-02 13:57:13", "1580667", "samples.salondeguitaredemontreal.com", "domain", "botnet_cc", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "2025-09-02 14:13:10", "100", "None", "fakeupdates,SocGholish", "0", "pancak3lullz" "2025-09-02 13:57:12", "1580668", "157.254.167.136:443", "ip:port", "botnet_cc", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "", "100", "None", "fakeupdates,SocGholish", "0", "pancak3lullz" "2025-09-02 13:57:12", "1580669", "updates.highendmark.com", "domain", "botnet_cc", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "", "100", "None", "fakeupdates,SocGholish", "0", "pancak3lullz" "2025-09-02 13:35:25", "1580664", "45.55.67.254:6377", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots" "2025-09-02 13:35:12", "1580663", "remixripiolo.con-ip.com", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots" "2025-09-02 13:32:46", "1580662", "34.22.85.55:6443", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "", "50", "https://www.shodan.io/host/34.22.85.55#6443", "adaptixc2,c2,shodan", "0", "juroots" "2025-09-02 13:32:27", "1580661", "51.75.85.20:443", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "", "50", "https://www.shodan.io/host/51.75.85.20#443", "c2,gh0st,shodan", "0", "juroots" "2025-09-02 13:32:12", "1580660", "94.131.130.193:1337", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "50", "https://www.shodan.io/host/94.131.130.193#1337", "c2,quasar,shodan", "0", "juroots" "2025-09-02 13:31:57", "1580659", "54.90.255.198:17000", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "50", "https://www.shodan.io/host/54.90.255.198#17000", "c2,netsupport,shodan", "0", "juroots" "2025-09-02 13:31:33", "1580658", "109.117.245.166:4444", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://www.shodan.io/host/109.117.245.166#4444", "c2,shodan,villain", "0", "juroots" "2025-09-02 13:30:57", "1580656", "34.118.203.82:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/34.118.203.82#31337", "c2,shodan,sliver", "0", "juroots" "2025-09-02 13:30:57", "1580657", "185.216.27.22:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/185.216.27.22#31337", "c2,shodan,sliver", "0", "juroots" "2025-09-02 13:30:56", "1580655", "64.227.191.31:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/64.227.191.31#31337", "c2,shodan,sliver", "0", "juroots" "2025-09-02 13:30:46", "1580654", "94.98.224.81:1433", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#1433", "c2,extreme,shodan", "0", "juroots" "2025-09-02 13:30:45", "1580651", "94.98.224.81:14895", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#14895", "c2,extreme,shodan", "0", "juroots" "2025-09-02 13:30:45", "1580652", "94.98.224.81:10047", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#10047", "c2,extreme,shodan", "0", "juroots" "2025-09-02 13:30:45", "1580653", "94.98.224.81:2064", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#2064", "c2,extreme,shodan", "0", "juroots" "2025-09-02 13:30:44", "1580648", "94.98.224.81:97", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#97", "c2,extreme,shodan", "0", "juroots" "2025-09-02 13:30:44", "1580649", "94.98.224.81:2762", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#2762", "c2,extreme,shodan", "0", "juroots" "2025-09-02 13:30:44", "1580650", "94.98.224.81:44306", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#44306", "c2,extreme,shodan", "0", "juroots" "2025-09-02 13:30:43", "1580645", "94.98.224.81:12425", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#12425", "c2,extreme,shodan", "0", "juroots" "2025-09-02 13:30:43", "1580646", "94.98.224.81:3500", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#3500", "c2,extreme,shodan", "0", "juroots" "2025-09-02 13:30:43", "1580647", "94.98.224.81:43009", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#43009", "c2,extreme,shodan", "0", "juroots" "2025-09-02 13:30:42", "1580642", "94.98.224.81:12393", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#12393", "c2,extreme,shodan", "0", "juroots" "2025-09-02 13:30:42", "1580643", "94.98.224.81:9939", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#9939", "c2,extreme,shodan", "0", "juroots" "2025-09-02 13:30:42", "1580644", "94.98.224.81:9164", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#9164", "c2,extreme,shodan", "0", "juroots" "2025-09-02 13:30:41", "1580640", "94.98.224.81:1200", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#1200", "c2,extreme,shodan", "0", "juroots" "2025-09-02 13:30:41", "1580641", "94.98.224.81:8024", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#8024", "c2,extreme,shodan", "0", "juroots" "2025-09-02 13:30:40", "1580638", "94.98.224.81:12559", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#12559", "c2,extreme,shodan", "0", "juroots" "2025-09-02 13:30:40", "1580639", "94.98.224.81:9054", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#9054", "c2,extreme,shodan", "0", "juroots" "2025-09-02 13:30:39", "1580635", "94.98.224.81:1207", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#1207", "c2,extreme,shodan", "0", "juroots" "2025-09-02 13:30:39", "1580636", "94.98.224.81:6443", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#6443", "c2,extreme,shodan", "0", "juroots" "2025-09-02 13:30:39", "1580637", "94.98.224.81:8789", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#8789", "c2,extreme,shodan", "0", "juroots" "2025-09-02 13:30:38", "1580632", "94.98.224.81:35002", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#35002", "c2,extreme,shodan", "0", "juroots" "2025-09-02 13:30:38", "1580633", "94.98.224.81:10001", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#10001", "c2,extreme,shodan", "0", "juroots" "2025-09-02 13:30:38", "1580634", "94.98.224.81:12580", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#12580", "c2,extreme,shodan", "0", "juroots" "2025-09-02 13:30:37", "1580631", "94.98.224.81:21307", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#21307", "c2,extreme,shodan", "0", "juroots" "2025-09-02 13:30:36", "1580629", "94.98.224.81:12329", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#12329", "c2,extreme,shodan", "0", "juroots" "2025-09-02 13:30:36", "1580630", "94.98.224.81:12455", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#12455", "c2,extreme,shodan", "0", "juroots" "2025-09-02 13:30:35", "1580628", "94.98.224.81:1935", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#1935", "c2,extreme,shodan", "0", "juroots" "2025-09-02 13:30:13", "1580627", "175.27.137.94:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/175.27.137.94#443", "c2,cobaltstrike,shodan", "0", "juroots" "2025-09-02 13:30:04", "1580626", "182.92.131.115:8081", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/182.92.131.115#8081", "c2,cobaltstrike,cs-watermark-100000,shodan", "0", "juroots" "2025-09-02 13:30:00", "1580625", "111.229.35.131:8000", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/111.229.35.131#8000", "c2,cobaltstrike,cs-watermark-987654321,shodan", "0", "juroots" "2025-09-02 12:52:30", "1580622", "104.233.252.5:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-03 04:49:57", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-09-02 12:52:30", "1580623", "104.233.252.7:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-03 04:49:58", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-09-02 12:52:29", "1580617", "104.233.252.25:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-03 04:49:57", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-09-02 12:52:29", "1580618", "104.233.252.27:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-03 04:49:57", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-09-02 12:52:29", "1580619", "104.233.252.28:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-03 04:49:57", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-09-02 12:52:29", "1580620", "104.233.252.29:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-03 04:49:57", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-09-02 12:52:29", "1580621", "104.233.252.3:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-03 04:49:57", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-09-02 12:52:28", "1580614", "104.233.252.21:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-03 04:49:56", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-09-02 12:52:28", "1580615", "104.233.252.23:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-03 04:49:56", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-09-02 12:52:28", "1580616", "104.233.252.24:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-03 04:49:56", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-09-02 12:52:27", "1580612", "104.233.252.18:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-03 04:49:55", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-09-02 12:52:27", "1580613", "104.233.252.20:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-03 04:49:56", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-09-02 12:52:26", "1580609", "104.233.252.14:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-03 04:49:55", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-09-02 12:52:26", "1580610", "104.233.252.15:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-03 04:49:55", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-09-02 12:52:26", "1580611", "104.233.252.16:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-03 04:49:55", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-09-02 12:52:25", "1580607", "104.233.252.10:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-03 04:49:54", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-09-02 12:52:25", "1580608", "104.233.252.11:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-03 04:49:54", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-09-02 12:52:24", "1580606", "104.233.252.1:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-03 04:49:54", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-09-02 12:52:22", "1580605", "103.172.26.89:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-03 04:49:52", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-09-02 12:52:05", "1580604", "the-xxxy.uk", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-03 04:49:38", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-09-02 12:15:16", "1580601", "38.242.236.116:1137", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "AsyncRAT,RAT", "0", "abuse_ch" "2025-09-02 12:03:18", "1580591", "45.204.197.202:1677", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "https://tria.ge/250902-h6yxhsstcx", "AS62468,C2,rat,triage,valleyrat", "0", "DonPasci" "2025-09-02 12:01:54", "1580590", "185.22.154.73:443", "ip:port", "botnet_cc", "win.bianlian", "None", "BianLian", "2025-09-03 04:45:31", "100", "https://search.censys.io/hosts/185.22.154.73", "AS51659,ASBAXET,BianLian,C2,censys", "0", "DonPasci" "2025-09-02 12:01:47", "1580589", "47.110.244.42:7001", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "", "100", "https://search.censys.io/hosts/47.110.244.42", "AdaptixC2,ALIBABA-CN-NET,AS37963,C2,censys", "0", "DonPasci" "2025-09-02 12:01:25", "1580588", "www.libertydroid-metabu.top", "domain", "botnet_cc", "apk.ermac", "None", "ERMAC", "", "100", "https://search.censys.io/hosts/135.181.171.38+www.libertydroid-metabu.top", "AS24940,C2,censys,Ermac,HETZNER-AS,panel", "0", "DonPasci" "2025-09-02 12:01:09", "1580587", "154.205.133.142:443", "ip:port", "botnet_cc", "win.shadowpad", "POISONPLUG.SHADOW,XShellGhost", "ShadowPad", "", "90", "https://search.censys.io/hosts/154.205.133.142", "AS138915,C2,censys,KAOPU-HK,RAT,ShadowPad", "0", "DonPasci" "2025-09-02 12:01:00", "1580586", "134.195.90.78:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-09-03 04:43:52", "100", "https://search.censys.io/hosts/134.195.90.78", "AS63473,C2,censys,HOSTHATCH,Sliver", "0", "DonPasci" "2025-09-02 12:00:56", "1580585", "163.5.169.217:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-09-03 04:44:33", "100", "https://search.censys.io/hosts/163.5.169.217", "AS399486,C2,censys,RAT,Remcos,VIRTUO", "0", "DonPasci" "2025-09-02 12:00:46", "1580584", "remcodit.top", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/250902-kbeaqsfm3v", "C2,domain,rat,remcos,triage", "0", "DonPasci" "2025-09-02 12:00:41", "1580583", "47.116.34.55:9000", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-03 04:00:08", "100", "https://search.censys.io/hosts/47.116.34.55", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike", "0", "DonPasci" "2025-09-02 12:00:40", "1580582", "posted-ethnic.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250902-npckvavtb1", "C2,domain,triage,xworm", "0", "DonPasci" "2025-09-02 12:00:36", "1580581", "59.110.83.22:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-03 04:00:12", "100", "https://search.censys.io/hosts/59.110.83.22", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-391144938", "0", "DonPasci" "2025-09-02 11:10:26", "1580578", "https://5.75.210.161", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2025-09-03 05:10:25", "75", "None", "gtt/9,Vidar", "0", "abuse_ch" "2025-09-02 10:42:47", "1580575", "jp.walowue2.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-02 09:52:17", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-02 10:42:46", "1580576", "http://185.102.115.69/48e.lim", "url", "payload_delivery", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "https://app.any.run/tasks/8e6338c7-ab3d-4b9d-ad25-5ec7c209e24b", "Lumma,Lumma Stealer,ps1", "0", "eternal" "2025-09-02 10:42:46", "1580577", "znz.xexykuo2.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-02 10:22:29", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-02 09:48:40", "1580571", "tu.luxemyy2.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-02 08:51:35", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-02 09:48:40", "1580574", "al.luxemyy2.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-02 09:23:43", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-02 08:51:37", "1580573", "104.233.252.2:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-03 04:49:56", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-09-02 08:51:36", "1580572", "104.233.252.17:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-03 04:49:55", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-09-02 08:50:41", "1580570", "94.49.219.115:443", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "2025-09-03 04:49:14", "75", "None", "drb-ra,Qakbot,Qbot,Quakbot", "0", "abuse_ch" "2025-09-02 08:46:59", "1580569", "201.202.66.177:443", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "2025-09-03 04:46:27", "75", "None", "drb-ra,Qakbot,Qbot,Quakbot", "0", "abuse_ch" "2025-09-02 08:36:23", "1580568", "172.94.96.90:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "75", "https://bazaar.abuse.ch/sample/8d61a111c690ba0dead25b1a2e06fcf7c374e3a610b1ae82e4b385ca52d44014/", "remcos", "0", "abuse_ch" "2025-09-02 08:30:20", "1580567", "206.123.152.99:3421", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "None", "RAT,RemcosRAT", "0", "abuse_ch" "2025-09-02 08:25:51", "1580556", "ask.xonulee9.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-02 07:53:06", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-02 08:25:51", "1580566", "pen.luxemyy2.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-02 08:21:51", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-02 08:01:38", "1580565", "93.143.174.237:8080", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "2025-09-03 04:49:10", "100", "https://search.censys.io/hosts/93.143.174.237", "AS5391,censys,Chaos,panel,T-HT", "0", "DonPasci" "2025-09-02 08:01:27", "1580564", "31.192.107.185:443", "ip:port", "botnet_cc", "win.poshc2", "None", "PoshC2", "2025-09-03 04:00:42", "100", "https://search.censys.io/hosts/31.192.107.185", "AS50867,C2,censys,ORG-LVA15-AS,Posh", "0", "DonPasci" "2025-09-02 08:01:25", "1580563", "102.96.188.215:443", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-09-03 04:43:07", "100", "https://search.censys.io/hosts/102.96.188.215", "AS36925,ASMedi,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-09-02 08:01:22", "1580562", "185.168.129.114:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-09-03 04:45:22", "100", "https://search.censys.io/hosts/185.168.129.114", "AS49720,C2,censys,GIGACLOUD-AS,Havoc", "0", "DonPasci" "2025-09-02 08:01:13", "1580561", "178.19.236.179:33333", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-09-03 04:45:00", "100", "https://search.censys.io/hosts/178.19.236.179", "AS199284,AsyncRAT,C2,censys,ENCOLINE,RAT", "0", "DonPasci" "2025-09-02 08:01:11", "1580560", "110.42.32.88:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-09-03 04:00:25", "100", "https://search.censys.io/hosts/110.42.32.88", "AS136188,C2,censys,CHINATELECOM-ZHEJIANG-NINGBO-IDC,Supershell", "0", "DonPasci" "2025-09-02 08:00:41", "1580559", "47.113.218.85:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-03 04:00:08", "100", "https://search.censys.io/hosts/47.113.218.85", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-0", "0", "DonPasci" "2025-09-02 08:00:39", "1580558", "60.205.5.254:81", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-03 04:00:12", "100", "https://search.censys.io/hosts/60.205.5.254", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci" "2025-09-02 08:00:35", "1580557", "54.255.211.150:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-03 04:00:13", "100", "https://search.censys.io/hosts/54.255.211.150", "AMAZON-02,AS16509,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-09-02 07:50:47", "1580547", "gm.velyzeu3.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-02 06:36:12", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-02 07:50:47", "1580548", "ry.zelojue1.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-02 06:40:13", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-02 07:50:46", "1580554", "qr.nelypuu5.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-02 07:23:21", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-02 07:50:45", "1580550", "guq.mosatiy4.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-02 06:52:14", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-02 07:25:15", "1580555", "58.181.59.43:9735", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "", "100", "None", "Gh0stRAT,RAT", "0", "abuse_ch" "2025-09-02 07:20:17", "1580553", "http://a1164019.xsph.ru/61a9212d.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat,RAT", "0", "abuse_ch" "2025-09-02 07:05:33", "1580551", "5.75.211.226:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-09-02 07:05:33", "1580552", "5.75.222.189:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-09-02 06:46:48", "1580549", "5.83.218.136:443", "ip:port", "botnet_cc", "win.metastealer", "None", "MetaStealer", "", "75", "", "MetaStealer", "0", "abuse_ch" "2025-09-02 06:26:06", "1580545", "gyr.velyzeu3.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-02 06:13:11", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-02 06:23:27", "1580546", "https://wesyjzn.top/zalr", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "https://www.virustotal.com/gui/file/dcb67a252b7105fd233ee8226cb611e38edbc5bf6794eb7f824662f94f1e7fc1", "c2,lumma,stealer,virustotal", "0", "DonPasci" "2025-09-02 06:03:45", "1580542", "123.253.110.42:9090", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "https://tria.ge/250902-dawp3abr7t", "AS134823,C2,rat,SDCL-AS-AP,triage,valleyrat", "0", "DonPasci" "2025-09-02 06:03:45", "1580543", "123.253.110.42:9091", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "https://tria.ge/250902-dawp3abr7t", "AS134823,C2,rat,SDCL-AS-AP,triage,valleyrat", "0", "DonPasci" "2025-09-02 06:03:45", "1580544", "123.253.110.42:9092", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "https://tria.ge/250902-dawp3abr7t", "AS134823,C2,rat,SDCL-AS-AP,triage,valleyrat", "0", "DonPasci" "2025-09-02 06:03:44", "1580541", "154.94.233.72:0443", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "https://tria.ge/250902-gepdbsdr5v", "AS137899,C2,ILAYERLIMITED-AS-AP,rat,triage,valleyrat", "0", "DonPasci" "2025-09-02 06:03:25", "1580540", "8scom.link", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "https://tria.ge/250902-bfyeqsvkw8", "C2,domain,njrat,triage", "0", "DonPasci" "2025-09-02 06:03:24", "1580539", "178.16.55.70:5552", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "2025-09-02 09:00:07", "100", "https://tria.ge/250902-d3e8savqy2", "AS40999,C2,njrat,triage", "0", "DonPasci" "2025-09-02 06:01:18", "1580538", "94.154.35.207:4782", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://tria.ge/250902-d5vq9acm8t", "AS214943,C2,quasar,rat,triage", "0", "DonPasci" "2025-09-02 06:01:17", "1580537", "178.16.55.70:4782", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://tria.ge/250902-ezmdcscr8v", "AS40999,C2,quasar,rat,triage", "0", "DonPasci" "2025-09-02 06:01:05", "1580536", "178.16.55.70:4449", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://tria.ge/250902-ezmdcscr8v", "AS40999,asyncrat,C2,rat,triage", "0", "DonPasci" "2025-09-02 06:00:50", "1580535", "BELL.mokveid.com", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/250902-gj3rhsdr6v", "C2,domain,rat,remcos,triage", "0", "DonPasci" "2025-09-02 06:00:44", "1580533", "178.16.55.70:6000", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250902-ezmdcscr8v", "AS40999,C2,triage,xworm", "0", "DonPasci" "2025-09-02 06:00:44", "1580534", "user0001.duckdns.org", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250902-akxhkatrx8", "C2,domain,triage,xworm", "0", "DonPasci" "2025-09-02 06:00:43", "1580531", "oahs8y352.com", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250902-gnyy5adr7s", "C2,domain,triage,xworm", "0", "DonPasci" "2025-09-02 06:00:43", "1580532", "if-compared.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250902-gjqf7axjy4", "C2,domain,triage,xworm", "0", "DonPasci" "2025-09-02 05:59:36", "1580530", "147.185.221.31:40501", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "", "c2,xworm", "0", "juroots" "2025-09-02 05:59:17", "1580529", "ebay-governance.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "", "c2,xworm", "0", "juroots" "2025-09-02 05:58:49", "1580527", "https://pastebin.com/raw/QPQ6iFbN", "url", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "", "c2,xworm", "0", "juroots" "2025-09-02 05:58:49", "1580528", "https://raw.githubusercontent.com/Igor65afk/text/refs/heads/main/text.txt", "url", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "", "c2,xworm", "0", "juroots" "2025-09-02 05:58:21", "1580525", "advpdxapi.com", "domain", "botnet_cc", "win.xagent", "splm,chopstick", "X-Agent", "", "50", "", "c2,xagent", "0", "juroots" "2025-09-02 05:58:21", "1580526", "securesystemwin.com", "domain", "botnet_cc", "win.xagent", "splm,chopstick", "X-Agent", "", "50", "", "c2,xagent", "0", "juroots" "2025-09-02 05:57:58", "1580524", "185.241.208.92:3344", "ip:port", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "50", "", "c2,spynote", "0", "juroots" "2025-09-02 05:57:44", "1580523", "www.salesmarking.com", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots" "2025-09-02 05:57:17", "1580522", "http://forums.lolapps.com/includes/cron/response.php", "url", "botnet_cc", "win.pony", "Siplog,Fareit", "Pony", "", "50", "", "c2,pony", "0", "juroots" "2025-09-02 05:56:55", "1580521", "212.7.208.129:4951", "ip:port", "botnet_cc", "win.netwire", "NetWeird,NetWire,Recam", "NetWire RC", "", "50", "", "c2,netwire", "0", "juroots" "2025-09-02 05:56:40", "1580512", "www.sy897.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:40", "1580513", "www.tudygym.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:40", "1580514", "www.udness.art", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:40", "1580515", "www.utihslote.cfd", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:40", "1580516", "www.vahaca.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:40", "1580517", "www.wn6do.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:40", "1580518", "www.ye6cvdg.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:40", "1580519", "www.ystems2beyond.tech", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:40", "1580520", "www.zborderfree.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:39", "1580495", "www.ngimg.vip", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:39", "1580496", "www.ockscrm.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:39", "1580497", "www.ogw159.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:39", "1580498", "www.oisturizee.shop", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:39", "1580499", "www.olikujyh990.sbs", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:39", "1580500", "www.omeradar.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:39", "1580501", "www.oofwaterproofing462.click", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:39", "1580502", "www.orytharothis.sbs", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:39", "1580503", "www.ososo.tech", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:39", "1580504", "www.osteam.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:39", "1580505", "www.oticiasdamanha.shop", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:39", "1580506", "www.ove678i.app", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:39", "1580507", "www.oviesnn.pro", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:39", "1580508", "www.povamu.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:39", "1580509", "www.rownandcleatco.shop", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:39", "1580510", "www.s667788.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:39", "1580511", "www.sy644.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:38", "1580478", "www.etchelpgovtw.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:38", "1580479", "www.etnow.sbs", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:38", "1580480", "www.etworkmodel.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:38", "1580481", "www.excol.vip", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:38", "1580482", "www.g-899b9.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:38", "1580483", "www.ghhfy.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:38", "1580484", "www.hysicians-to-women.cfd", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:38", "1580485", "www.ian485.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:38", "1580486", "www.itaslotk.cfd", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:38", "1580487", "www.iveroad.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:38", "1580488", "www.ivn.website", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:38", "1580489", "www.jc169.app", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:38", "1580490", "www.lhet.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:38", "1580491", "www.livinski.pro", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:38", "1580492", "www.lossbossclean.pro", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:38", "1580493", "www.lphageek.app", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:38", "1580494", "www.mvv34z.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:37", "1580460", "www.ablu.pro", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:37", "1580461", "www.alloffameopen1.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:37", "1580462", "www.anktl.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:37", "1580463", "www.apital-a.group", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:37", "1580464", "www.arewajan.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:37", "1580465", "www.astplay.click", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:37", "1580466", "www.atchbox.exchange", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:37", "1580467", "www.attoosbymatt.studio", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:37", "1580468", "www.c0824.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:37", "1580469", "www.c1302.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:37", "1580470", "www.c2751.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:37", "1580471", "www.c4589.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:37", "1580472", "www.dfsewq.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:37", "1580473", "www.earches.dev", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:37", "1580474", "www.eet-new-people-21453.bond", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:37", "1580475", "www.eetmoonbuggy.click", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:37", "1580476", "www.ellgreensportseducation.info", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:37", "1580477", "www.eople-search-65430.bond", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:36", "1580456", "www.0632.club", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:36", "1580457", "www.0llhs.sbs", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:36", "1580458", "www.1tnsf.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:36", "1580459", "www.77-matraca777.win", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:17", "1580449", "http://www.vahaca.top/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:17", "1580450", "http://www.wn6do.top/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:17", "1580451", "http://www.ye6cvdg.top/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:17", "1580452", "http://www.ystems2beyond.tech/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:17", "1580453", "http://www.zborderfree.net/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:17", "1580454", "http://www.0632.club/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:17", "1580455", "45.55.67.254:4580", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "75", "https://bazaar.abuse.ch/sample/dd526d6b1e6b225b484425cfce62bc318dae7ad5356e81587a511394a3e34aa0/", "xworm", "0", "abuse_ch" "2025-09-02 05:56:16", "1580441", "http://www.povamu.top/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:16", "1580442", "http://www.rownandcleatco.shop/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:16", "1580443", "http://www.s667788.xyz/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:16", "1580444", "http://www.sy644.top/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:16", "1580445", "http://www.sy897.top/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:16", "1580446", "http://www.tudygym.net/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:16", "1580447", "http://www.udness.art/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:16", "1580448", "http://www.utihslote.cfd/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:15", "1580432", "http://www.olikujyh990.sbs/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:15", "1580433", "http://www.omeradar.top/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:15", "1580434", "http://www.oofwaterproofing462.click/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:15", "1580435", "http://www.orytharothis.sbs/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:15", "1580436", "http://www.ososo.tech/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:15", "1580437", "http://www.osteam.net/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:15", "1580438", "http://www.oticiasdamanha.shop/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:15", "1580439", "http://www.ove678i.app/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:15", "1580440", "http://www.oviesnn.pro/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:14", "1580424", "http://www.livinski.pro/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:14", "1580425", "http://www.lossbossclean.pro/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:14", "1580426", "http://www.lphageek.app/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:14", "1580427", "http://www.mvv34z.top/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:14", "1580428", "http://www.ngimg.vip/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:14", "1580429", "http://www.ockscrm.xyz/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:14", "1580430", "http://www.ogw159.top/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:14", "1580431", "http://www.oisturizee.shop/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:13", "1580416", "http://www.ghhfy.xyz/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:13", "1580417", "http://www.hysicians-to-women.cfd/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:13", "1580418", "http://www.ian485.xyz/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:13", "1580419", "http://www.itaslotk.cfd/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:13", "1580420", "http://www.iveroad.xyz/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:13", "1580421", "http://www.ivn.website/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:13", "1580422", "http://www.jc169.app/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:13", "1580423", "http://www.lhet.net/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:12", "1580407", "http://www.eet-new-people-21453.bond/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:12", "1580408", "http://www.eetmoonbuggy.click/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:12", "1580409", "http://www.ellgreensportseducation.info/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:12", "1580410", "http://www.eople-search-65430.bond/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:12", "1580411", "http://www.etchelpgovtw.top/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:12", "1580412", "http://www.etnow.sbs/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:12", "1580413", "http://www.etworkmodel.net/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:12", "1580414", "http://www.excol.vip/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:12", "1580415", "http://www.g-899b9.xyz/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:11", "1580398", "http://www.astplay.click/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:11", "1580399", "http://www.atchbox.exchange/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:11", "1580400", "http://www.attoosbymatt.studio/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:11", "1580401", "http://www.c0824.top/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:11", "1580402", "http://www.c1302.top/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:11", "1580403", "http://www.c2751.top/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:11", "1580404", "http://www.c4589.top/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:11", "1580405", "http://www.dfsewq.xyz/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:11", "1580406", "http://www.earches.dev/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:10", "1580390", "http://www.0llhs.sbs/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:10", "1580391", "http://www.1tnsf.top/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:10", "1580392", "http://www.77-matraca777.win/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:10", "1580393", "http://www.ablu.pro/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:10", "1580394", "http://www.alloffameopen1.net/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:10", "1580395", "http://www.anktl.net/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:10", "1580396", "http://www.apital-a.group/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:10", "1580397", "http://www.arewajan.xyz/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:55:40", "1580389", "45.204.218.149:65503", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-09-02 05:54:37", "1580388", "https://api.telegram.org/bot7968139020:AAHz3SN_Tjts4yOHRR6feYYwCQX7wzZ3Nbw/sendMessage?chat_id=7406080547", "url", "botnet_cc", "win.prynt_stealer", "None", "Prynt Stealer", "", "50", "https://urlquery.net/report/d414a078-50cc-403b-8ffc-7f8112433150", "c2,Prynt,urlquery", "0", "juroots" "2025-09-02 05:51:33", "1580387", "https://47.116.64.160:8888/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://urlquery.net/report/8c971090-1c00-4657-a79e-b17ff3123cc7", "c2,supershell,urlquery", "0", "juroots" "2025-09-02 05:51:32", "1580385", "https://134.122.207.42:8888/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://urlquery.net/report/8959caff-2cd7-4801-a147-7fa4e22de7ff", "c2,supershell,urlquery", "0", "juroots" "2025-09-02 05:51:32", "1580386", "https://103.147.14.89:8888/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://urlquery.net/report/2355689f-bb59-4904-b369-8bd5e566d429", "c2,supershell,urlquery", "0", "juroots" "2025-09-02 05:51:08", "1580384", "https://128.199.113.162/panel/index.php", "url", "botnet_cc", "win.amadey", "None", "Amadey", "", "50", "https://urlquery.net/report/19754f3e-70f2-47b8-ba9a-4ed65148e99a", "amadey,c2,urlquery", "0", "juroots" "2025-09-02 05:50:53", "1580383", "https://uhcprovider.com.content-provider.temp-perform.top/", "url", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "https://urlquery.net/report/256171af-5366-4527-9d69-d3d5f304c5e4", "c2,urlquery,xworm", "0", "juroots" "2025-09-02 05:47:36", "1580382", "https://cyber-v10getcyber.live/webpanel/", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://bazaar.abuse.ch/sample/defa675e2d0b7fc74fc38e774133766de90462c185242a75149dcd5d14036ea2/", "CyberStealer", "0", "abuse_ch" "2025-09-02 05:47:27", "1580381", "178.63.215.79:8089", "ip:port", "botnet_cc", "apk.ermac", "None", "ERMAC", "", "50", "https://www.shodan.io/host/178.63.215.79#8089", "c2,ermac,shodan", "0", "juroots" "2025-09-02 05:47:03", "1580380", "205.185.114.104:8098", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://www.shodan.io/host/205.185.114.104#8098", "c2,netbus,shodan", "0", "juroots" "2025-09-02 05:46:52", "1580379", "156.208.77.43:81", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://www.shodan.io/host/156.208.77.43#81", "c2,shodan,unam", "0", "juroots" "2025-09-02 05:46:40", "1580378", "115.190.35.210:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://www.shodan.io/host/115.190.35.210#80", "c2,redguard,shodan", "0", "juroots" "2025-09-02 05:46:12", "1580377", "149.210.3.10:443", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "", "50", "https://www.shodan.io/host/149.210.3.10#443", "c2,gh0st,shodan", "0", "juroots" "2025-09-02 05:45:43", "1580376", "117.248.26.27:48002", "ip:port", "botnet_cc", "elf.mozi", "None", "Mozi", "", "50", "https://www.shodan.io/host/117.248.26.27#48002", "c2,mozi,shodan", "0", "juroots" "2025-09-02 05:45:42", "1580375", "59.88.230.62:57781", "ip:port", "botnet_cc", "elf.mozi", "None", "Mozi", "", "50", "https://www.shodan.io/host/59.88.230.62#57781", "c2,mozi,shodan", "0", "juroots" "2025-09-02 05:45:19", "1580372", "185.241.208.218:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/185.241.208.218#31337", "c2,shodan,sliver", "0", "juroots" "2025-09-02 05:45:19", "1580373", "176.108.241.162:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/176.108.241.162#31337", "c2,shodan,sliver", "0", "juroots" "2025-09-02 05:45:19", "1580374", "49.232.95.245:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/49.232.95.245#31337", "c2,shodan,sliver", "0", "juroots" "2025-09-02 05:45:18", "1580371", "167.99.148.49:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/167.99.148.49#31337", "c2,shodan,sliver", "0", "juroots" "2025-09-02 05:45:15", "1580368", "94.98.224.81:5224", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#5224", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:45:15", "1580369", "94.98.224.81:9019", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#9019", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:45:15", "1580370", "94.98.224.81:9048", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#9048", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:45:14", "1580365", "94.98.224.81:6686", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#6686", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:45:14", "1580366", "94.98.224.81:6352", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#6352", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:45:14", "1580367", "94.98.224.81:10022", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#10022", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:45:13", "1580363", "94.98.224.81:11002", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#11002", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:45:13", "1580364", "94.98.224.81:8556", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#8556", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:45:12", "1580361", "94.98.224.81:3189", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#3189", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:45:12", "1580362", "94.98.224.81:263", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#263", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:45:11", "1580360", "94.98.224.81:8866", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#8866", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:45:10", "1580359", "94.98.224.81:63256", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#63256", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:45:09", "1580358", "94.98.224.81:9245", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#9245", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:45:08", "1580356", "94.98.224.81:3403", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#3403", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:45:08", "1580357", "94.98.224.81:92", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#92", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:45:07", "1580354", "94.98.224.81:3342", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#3342", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:45:07", "1580355", "94.98.224.81:9106", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#9106", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:45:06", "1580352", "94.98.224.81:55475", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#55475", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:45:06", "1580353", "94.98.224.81:8622", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#8622", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:45:05", "1580351", "94.98.224.81:5558", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#5558", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:45:04", "1580350", "94.98.224.81:8117", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#8117", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:45:03", "1580349", "94.98.224.81:3510", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#3510", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:45:02", "1580348", "94.98.224.81:9710", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#9710", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:45:01", "1580346", "94.98.224.81:9135", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#9135", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:45:01", "1580347", "94.98.224.81:12479", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#12479", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:45:00", "1580342", "94.98.224.81:45786", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#45786", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:45:00", "1580343", "94.98.224.81:9376", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#9376", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:45:00", "1580344", "94.98.224.81:16104", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#16104", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:45:00", "1580345", "94.98.224.81:3305", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#3305", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:44:59", "1580337", "94.98.224.81:8853", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#8853", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:44:59", "1580338", "94.98.224.81:21236", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#21236", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:44:59", "1580339", "94.98.224.81:4085", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#4085", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:44:59", "1580340", "94.98.224.81:12242", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#12242", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:44:59", "1580341", "94.98.224.81:11401", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#11401", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:44:58", "1580334", "94.98.224.81:8026", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#8026", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:44:58", "1580335", "94.98.224.81:9797", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#9797", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:44:58", "1580336", "94.98.224.81:8005", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#8005", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:44:57", "1580331", "94.98.224.81:8025", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#8025", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:44:57", "1580332", "94.98.224.81:9532", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#9532", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:44:57", "1580333", "94.98.224.81:1723", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#1723", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:44:56", "1580327", "94.98.224.81:7687", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#7687", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:44:56", "1580328", "94.98.224.81:9307", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#9307", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:44:56", "1580329", "94.98.224.81:52311", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#52311", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:44:56", "1580330", "94.98.224.81:12295", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#12295", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:44:55", "1580323", "94.98.224.81:59012", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#59012", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:44:55", "1580324", "94.98.224.81:3176", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#3176", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:44:55", "1580325", "94.98.224.81:8023", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#8023", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:44:55", "1580326", "94.98.224.81:3173", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#3173", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:44:54", "1580317", "94.98.224.81:2086", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#2086", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:44:54", "1580318", "94.98.224.81:8017", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#8017", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:44:54", "1580319", "94.98.224.81:12397", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#12397", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:44:54", "1580320", "94.98.224.81:9447", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#9447", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:44:54", "1580321", "94.98.224.81:427", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#427", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:44:54", "1580322", "94.98.224.81:55443", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#55443", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:44:53", "1580314", "94.98.224.81:8562", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#8562", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:44:53", "1580315", "94.98.224.81:2550", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#2550", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:44:53", "1580316", "94.98.224.81:9163", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#9163", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:44:52", "1580310", "94.98.224.81:777", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#777", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:44:52", "1580311", "94.98.224.81:50160", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#50160", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:44:52", "1580312", "94.98.224.81:5400", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#5400", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:44:52", "1580313", "94.98.224.81:8859", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#8859", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:44:51", "1580306", "94.98.224.81:5998", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#5998", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:44:51", "1580307", "94.98.224.81:21263", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#21263", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:44:51", "1580308", "94.98.224.81:8144", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#8144", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:44:51", "1580309", "94.98.224.81:21242", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#21242", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:44:50", "1580302", "94.98.224.81:3590", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#3590", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:44:50", "1580303", "94.98.224.81:5903", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#5903", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:44:50", "1580304", "94.98.224.81:8161", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#8161", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:44:50", "1580305", "94.98.224.81:10009", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#10009", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:44:49", "1580297", "94.98.224.81:1292", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#1292", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:44:49", "1580298", "94.98.224.81:42901", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#42901", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:44:49", "1580299", "94.98.224.81:18068", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#18068", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:44:49", "1580300", "94.98.224.81:3183", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#3183", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:44:49", "1580301", "94.98.224.81:9090", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#9090", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:44:48", "1580291", "94.98.224.81:8156", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#8156", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:44:48", "1580292", "94.98.224.81:16052", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#16052", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:44:48", "1580293", "94.98.224.81:264", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#264", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:44:48", "1580294", "94.98.224.81:2567", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#2567", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:44:48", "1580295", "94.98.224.81:21311", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#21311", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:44:48", "1580296", "94.98.224.81:8150", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#8150", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:44:47", "1580285", "94.98.224.81:9189", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#9189", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:44:47", "1580286", "94.98.224.81:10087", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#10087", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:44:47", "1580287", "94.98.224.81:3137", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#3137", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:44:47", "1580288", "94.98.224.81:2221", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#2221", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:44:47", "1580289", "94.98.224.81:15151", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#15151", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:44:47", "1580290", "94.98.224.81:3076", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#3076", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:44:46", "1580282", "94.98.224.81:175", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#175", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:44:46", "1580283", "94.98.224.81:9022", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#9022", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:44:46", "1580284", "94.98.224.81:32303", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#32303", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:44:45", "1580278", "94.98.224.81:49152", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#49152", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:44:45", "1580279", "94.98.224.81:5917", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#5917", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:44:45", "1580280", "94.98.224.81:2224", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#2224", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:44:45", "1580281", "94.98.224.81:440", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#440", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:44:44", "1580274", "94.98.224.81:7801", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#7801", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:44:44", "1580275", "94.98.224.81:9203", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#9203", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:44:44", "1580276", "94.98.224.81:10911", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#10911", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:44:44", "1580277", "94.98.224.81:3030", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#3030", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:44:43", "1580272", "94.98.224.81:8916", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#8916", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:44:43", "1580273", "94.98.224.81:20121", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#20121", "c2,extreme,shodan", "0", "juroots" "2025-09-02 05:44:24", "1580270", "121.43.57.122:4434", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/121.43.57.122#4434", "c2,cobaltstrike,shodan", "0", "juroots" "2025-09-02 05:44:24", "1580271", "121.43.57.122:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/121.43.57.122#443", "c2,cobaltstrike,shodan", "0", "juroots" "2025-09-02 05:44:23", "1580268", "202.95.9.144:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/202.95.9.144#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2025-09-02 05:44:23", "1580269", "202.95.9.147:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-02 05:44:24", "50", "https://www.shodan.io/host/202.95.9.147#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2025-09-02 05:44:22", "1580264", "202.95.9.132:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-02 05:44:23", "50", "https://www.shodan.io/host/202.95.9.132#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2025-09-02 05:44:22", "1580265", "202.95.9.149:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-02 05:44:23", "50", "https://www.shodan.io/host/202.95.9.149#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2025-09-02 05:44:22", "1580266", "202.95.9.142:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-02 05:44:23", "50", "https://www.shodan.io/host/202.95.9.142#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2025-09-02 05:44:22", "1580267", "202.95.9.156:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-02 05:44:23", "50", "https://www.shodan.io/host/202.95.9.156#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2025-09-02 05:44:21", "1580261", "99.80.82.80:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/99.80.82.80#443", "c2,cobaltstrike,shodan", "0", "juroots" "2025-09-02 05:44:21", "1580262", "124.220.205.147:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/124.220.205.147#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2025-09-02 05:44:21", "1580263", "202.95.9.141:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-02 05:44:23", "50", "https://www.shodan.io/host/202.95.9.141#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2025-09-02 05:44:19", "1580260", "13.67.132.99:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/13.67.132.99#80", "c2,cobaltstrike,shodan", "0", "juroots" "2025-09-02 05:44:02", "1580259", "47.103.109.70:10001", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-02 05:44:20", "50", "https://www.shodan.io/host/47.103.109.70#10001", "c2,cobaltstrike,cs-watermark-391144938,shodan", "0", "juroots" "2025-09-02 05:43:42", "1580257", "47.121.137.8:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-03 04:51:38", "50", "https://www.shodan.io/host/47.121.137.8#80", "c2,cobaltstrike,cs-watermark-666666666,shodan", "0", "juroots" "2025-09-02 05:43:42", "1580258", "149.30.255.119:4443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-02 05:44:20", "50", "https://www.shodan.io/host/149.30.255.119#4443", "c2,cobaltstrike,cs-watermark-666666666,shodan", "0", "juroots" "2025-09-02 05:43:39", "1580255", "43.139.169.60:8009", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-03 04:51:21", "50", "https://www.shodan.io/host/43.139.169.60#8009", "c2,cobaltstrike,cs-watermark-987654321,shodan", "0", "juroots" "2025-09-02 05:43:39", "1580256", "45.142.152.235:8889", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-03 04:51:28", "50", "https://www.shodan.io/host/45.142.152.235#8889", "c2,cobaltstrike,cs-watermark-987654321,shodan", "0", "juroots" "2025-09-02 05:43:38", "1580253", "110.40.176.194:8099", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-02 05:44:19", "50", "https://www.shodan.io/host/110.40.176.194#8099", "c2,cobaltstrike,cs-watermark-987654321,shodan", "0", "juroots" "2025-09-02 05:43:38", "1580254", "47.120.45.216:8032", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-02 05:44:19", "50", "https://www.shodan.io/host/47.120.45.216#8032", "c2,cobaltstrike,cs-watermark-987654321,shodan", "0", "juroots" "2025-09-02 05:41:47", "1580250", "serpentinelexicon.pro", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "DeerStealer", "0", "abuse_ch" "2025-09-02 05:41:47", "1580251", "loadinnnhr.today", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "DeerStealer", "0", "abuse_ch" "2025-09-02 05:41:47", "1580252", "telluricaphelion.com", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "", "DeerStealer", "0", "abuse_ch" "2025-09-02 05:41:09", "1580249", "wmjlive.top", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "", "ConnectWise,ScreenConnect", "0", "abuse_ch" "2025-09-02 05:41:08", "1580248", "bfvfuausfo.me", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "", "ConnectWise,ScreenConnect", "0", "abuse_ch" "2025-09-02 05:25:58", "1579928", "sbv.gevicii.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-01 16:21:32", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-02 05:25:58", "1579930", "ung.sewumoa.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-01 16:52:57", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-02 05:25:57", "1579931", "http://85.209.129.105:2020/test112", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "", "Kongtuke,LandUpdate808", "0", "HuntYethHounds" "2025-09-02 05:25:57", "1579932", "teb.rilefoo8.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-01 17:49:30", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-02 05:25:56", "1579933", "http://188.245.167.86/second.html", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "", "Kongtuke,LandUpdate808", "0", "HuntYethHounds" "2025-09-02 05:25:56", "1579945", "cso.burydyu0.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-01 18:22:35", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-02 05:25:55", "1579947", "nuu.qacacoe3.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-01 18:53:21", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-02 05:25:55", "1579948", "re.qacacoe3.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-01 19:22:59", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-02 05:25:55", "1579950", "vc.rogosie4.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-01 19:53:06", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-02 05:25:54", "1579957", "67.220.85.157:6001", "ip:port", "botnet_cc", "win.spark_rat", "None", "SparkRAT", "", "100", "", "None", "0", "pitachu" "2025-09-02 05:25:54", "1579960", "lm.rogosie4.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-01 20:22:09", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-02 05:25:53", "1580154", "x-vape.ca", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix,CoreSecThree", "0", "HuntYethHounds" "2025-09-02 05:25:53", "1580155", "kl.xoreniu7.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-01 21:52:58", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-02 05:25:53", "1580161", "jsm.mosatiy4.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-01 22:52:18", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-02 05:25:53", "1580164", "brt.velyzeu3.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-01 23:54:25", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-02 05:25:51", "1580178", "bu.xoreniu7.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-02 00:04:49", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-02 05:25:51", "1580179", "hdn.qacacoe3.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-02 00:24:57", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-02 05:25:50", "1580180", "qo.subozaa7.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-02 00:31:37", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-02 05:25:50", "1580187", "http://134.122.207.42:8888/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2025-09-02 05:48:36", "100", "None", "AS152194,CTG Server Limited,supershell", "0", "antiphishorg" "2025-09-02 05:25:49", "1580238", "https://ph.safofoe5.ru", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "", "None", "0", "dappydap" "2025-09-02 05:25:49", "1580239", "https://avast.cucy.ru", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "", "None", "0", "dappydap" "2025-09-02 05:25:48", "1580240", "dv.kesogio6.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-02 04:37:07", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-02 05:25:47", "1580245", "id.madicoo3.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-02 05:13:14", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-02 05:25:47", "1580246", "rq.mufabui4.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-02 05:23:27", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-02 05:23:54", "1580247", "doc.e-statement.estate", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "", "ConnectWise,ScreenConnect", "0", "abuse_ch" "2025-09-02 05:04:41", "1580244", "45.207.192.246:4444", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-03 05:21:59", "100", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2025-09-02 05:04:40", "1580242", "163.44.196.179:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-03 05:21:58", "100", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2025-09-02 05:04:40", "1580243", "43.133.32.96:9999", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-03 05:21:58", "100", "None", "CobaltStrike,cs-watermark-391144938", "0", "abuse_ch" "2025-09-02 05:04:07", "1580241", "81.70.230.219:4444", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-03 05:21:22", "100", "None", "CobaltStrike,cs-watermark-305419896", "0", "abuse_ch" "2025-09-02 04:01:38", "1580237", "47.99.196.178:7001", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "", "100", "https://search.censys.io/hosts/47.99.196.178", "AdaptixC2,ALIBABA-CN-NET,AS37963,C2,censys", "0", "DonPasci" "2025-09-02 04:01:31", "1580236", "79.107.156.181:995", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "2025-09-03 04:48:40", "100", "https://search.censys.io/hosts/79.107.156.181", "AS25472,C2,censys,WIND-AS", "0", "dyingbreeds_" "2025-09-02 04:01:22", "1580234", "147.139.206.21:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/147.139.206.21", "AS45102,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-09-02 04:01:22", "1580235", "79.112.58.117:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/79.112.58.117", "AS57269,censys,DIGISPAINTELECOM,GoPhish,Phishing", "0", "dyingbreeds_" "2025-09-02 04:01:21", "1580233", "52.3.43.146:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/52.3.43.146", "AMAZON-AES,AS14618,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-09-02 04:01:20", "1580232", "178.128.115.139:8080", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/178.128.115.139", "AS14061,censys,DIGITALOCEAN-ASN,GoPhish,Phishing", "0", "dyingbreeds_" "2025-09-02 04:01:19", "1580230", "54.175.22.89:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/54.175.22.89", "AMAZON-AES,AS14618,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-09-02 04:01:19", "1580231", "185.132.53.41:8443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/185.132.53.41", "AS211507,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-09-02 04:01:18", "1580227", "37.27.217.136:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/37.27.217.136", "AS24940,censys,GoPhish,HETZNER-AS,Phishing", "0", "dyingbreeds_" "2025-09-02 04:01:18", "1580228", "35.220.228.241:8080", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/35.220.228.241", "AS396982,censys,GOOGLE-CLOUD-PLATFORM,GoPhish,Phishing", "0", "dyingbreeds_" "2025-09-02 04:01:18", "1580229", "3.106.221.246:8080", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/3.106.221.246", "AMAZON-02,AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-09-02 04:01:17", "1580226", "43.160.197.87:8080", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/43.160.197.87", "AS132203,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-09-02 04:01:09", "1580225", "8.140.53.30:60000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/8.140.53.30", "AS37963,censys,Viper", "0", "dyingbreeds_" "2025-09-02 04:00:56", "1580224", "8.130.34.44:43620", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/8.130.34.44", "AS37963,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-09-02 04:00:55", "1580221", "8.130.34.44:22291", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/8.130.34.44", "AS37963,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-09-02 04:00:55", "1580222", "8.130.34.44:27861", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/8.130.34.44", "AS37963,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-09-02 04:00:55", "1580223", "8.130.34.44:32772", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/8.130.34.44", "AS37963,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-09-02 04:00:54", "1580217", "8.130.34.44:8088", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/8.130.34.44", "AS37963,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-09-02 04:00:54", "1580218", "8.130.34.44:16993", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/8.130.34.44", "AS37963,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-09-02 04:00:54", "1580219", "8.130.34.44:33113", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/8.130.34.44", "AS37963,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-09-02 04:00:54", "1580220", "8.130.34.44:8880", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/8.130.34.44", "AS37963,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-09-02 04:00:53", "1580213", "8.148.23.202:58157", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/8.148.23.202", "AS37963,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-09-02 04:00:53", "1580214", "8.130.34.44:42306", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/8.130.34.44", "AS37963,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-09-02 04:00:53", "1580215", "8.130.34.44:6006", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/8.130.34.44", "AS37963,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-09-02 04:00:53", "1580216", "8.130.34.44:6699", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/8.130.34.44", "AS37963,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-09-02 04:00:52", "1580210", "8.148.23.202:49152", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/8.148.23.202", "AS37963,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-09-02 04:00:52", "1580211", "8.148.23.202:51005", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/8.148.23.202", "AS37963,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-09-02 04:00:52", "1580212", "8.148.23.202:52200", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/8.148.23.202", "AS37963,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-09-02 04:00:51", "1580205", "8.130.36.245:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/8.130.36.245", "AS37963,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-09-02 04:00:51", "1580206", "8.130.36.245:749", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/8.130.36.245", "AS37963,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-09-02 04:00:51", "1580207", "8.130.36.245:1099", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/8.130.36.245", "AS37963,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-09-02 04:00:51", "1580208", "196.251.73.138:5000", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-09-03 04:46:04", "100", "https://search.censys.io/hosts/196.251.73.138", "AS401120,C2,censys,CHEAPY-HOST,RAT,Remcos", "0", "DonPasci" "2025-09-02 04:00:51", "1580209", "8.148.23.202:2632", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/8.148.23.202", "AS37963,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-09-02 04:00:50", "1580202", "8.134.139.219:8090", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/8.134.139.219", "AS37963,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-09-02 04:00:50", "1580203", "8.134.139.219:1913", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/8.134.139.219", "AS37963,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-09-02 04:00:50", "1580204", "8.130.36.245:8088", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/8.130.36.245", "AS37963,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-09-02 04:00:49", "1580200", "8.134.138.108:179", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/8.134.138.108", "AS37963,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-09-02 04:00:49", "1580201", "8.130.39.117:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/8.130.39.117", "AS37963,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-09-02 04:00:48", "1580199", "50.108.119.33:8443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/50.108.119.33", "AS5650,Botnet,byob,C2,censys,FRONTIER-FRTR", "0", "dyingbreeds_" "2025-09-02 04:00:34", "1580198", "bold-chandrasekhar.134-199-166-195.plesk.page", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/134.199.166.195+bold-chandrasekhar.134-199-166-195.plesk.page", "AS14061,C2,censys,DIGITALOCEAN-ASN,Mythic", "0", "dyingbreeds_" "2025-09-02 04:00:27", "1580197", "134.195.90.78:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-09-03 04:43:52", "90", "https://search.censys.io/hosts/134.195.90.78", "AS63473,C2,censys,HOSTHATCH", "0", "dyingbreeds_" "2025-09-02 04:00:19", "1580196", "180.76.244.55:4444", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-03 05:21:56", "100", "https://search.censys.io/hosts/180.76.244.55", "AS38365,C2,censys", "0", "dyingbreeds_" "2025-09-02 04:00:17", "1580194", "91.210.108.135:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-03 04:52:05", "100", "https://search.censys.io/hosts/91.210.108.135", "AS62005,BV-EU-AS,C2,censys", "0", "dyingbreeds_" "2025-09-02 04:00:17", "1580195", "154.205.151.171:4443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-02 04:00:37", "100", "https://search.censys.io/hosts/154.205.151.171", "AS138915,C2,censys", "0", "dyingbreeds_" "2025-09-02 04:00:15", "1580193", "107.174.232.95:8089", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-02 04:00:33", "100", "https://search.censys.io/hosts/107.174.232.95", "AS-COLOCROSSING,AS36352,C2,censys", "0", "dyingbreeds_" "2025-09-02 04:00:14", "1580192", "140.143.131.180:18443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-03 04:50:37", "100", "https://search.censys.io/hosts/140.143.131.180", "AS45090,C2,censys", "0", "dyingbreeds_" "2025-09-02 04:00:13", "1580190", "sctms.tld56.cn", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-03 04:49:39", "100", "https://search.censys.io/hosts/129.28.180.115+sctms.tld56.cn", "AS45090,C2,censys", "0", "dyingbreeds_" "2025-09-02 04:00:13", "1580191", "wxweb.tld56.cn", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/129.28.180.115+wxweb.tld56.cn", "AS45090,C2,censys", "0", "dyingbreeds_" "2025-09-02 04:00:11", "1580189", "blog.xinzyun.cn", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/45.207.193.76+blog.xinzyun.cn", "AS401696,C2,censys,COGNETCLOUD", "0", "dyingbreeds_" "2025-09-02 04:00:10", "1580188", "transapi.tld56.cn", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/129.28.180.115+transapi.tld56.cn", "AS45090,C2,censys", "0", "dyingbreeds_" "2025-09-02 02:55:05", "1580186", "http://www.kitchenaria.com/modules/gateway2/Protx/response.php", "url", "botnet_cc", "win.pony", "Siplog,Fareit", "Pony", "", "100", "None", "Pony", "0", "abuse_ch" "2025-09-02 02:52:24", "1580185", "68.64.176.42:5566", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-03 04:51:50", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-09-02 02:50:48", "1580184", "117.72.159.96:8081", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-03 04:50:15", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-09-02 02:50:03", "1580183", "http://coffeinoffice.xyz/cup/wish.php", "url", "botnet_cc", "win.lokipws", "Burkina,Loki,LokiBot,LokiPWS", "Loki Password Stealer (PWS)", "", "100", "None", "Loki", "0", "abuse_ch" "2025-09-02 01:06:50", "1580182", "ph.safofoe5.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-02 01:08:08", "100", "None", "clearfake", "1", "ttakvam" "2025-09-02 01:05:06", "1580181", "104.21.54.114:443", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "None", "NjRAT", "0", "abuse_ch" "2025-09-02 00:01:38", "1580177", "bcm.messager.my", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2025-09-02 04:01:10", "100", "https://search.censys.io/hosts/185.161.209.117+bcm.messager.my", "AS42159,censys,DELTAHOST-AS,EvilGinx,panel,Phishing", "0", "DonPasci" "2025-09-02 00:01:37", "1580176", "194.48.140.13:909", "ip:port", "botnet_cc", "elf.moobot", "None", "MooBot", "2025-09-02 04:01:02", "100", "https://search.censys.io/hosts/194.48.140.13", "ANTON-LEVIN-AS,AS50053,C2,censys,moobot", "0", "DonPasci" "2025-09-02 00:01:21", "1580174", "18.158.94.111:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-09-03 04:45:06", "100", "https://search.censys.io/hosts/18.158.94.111", "AMAZON-02,AS16509,C2,censys,Mythic", "0", "DonPasci" "2025-09-02 00:01:21", "1580175", "185.170.58.214:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-09-03 04:45:23", "100", "https://search.censys.io/hosts/185.170.58.214", "AS-HOSTINGER,AS47583,C2,censys,Mythic", "0", "DonPasci" "2025-09-02 00:01:20", "1580173", "197.224.235.75:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-09-03 04:46:08", "100", "https://search.censys.io/hosts/197.224.235.75", "AS23889,C2,censys,MauritiusTelecom,Mythic", "0", "DonPasci" "2025-09-02 00:01:15", "1580172", "194.165.16.8:9000", "ip:port", "botnet_cc", "win.sectop_rat", "1xxbot,ArechClient", "SectopRAT", "", "100", "https://search.censys.io/hosts/194.165.16.8", "AS48721,C2,censys,FLYSERVERS-ENDCLIENTS,RAT,Sectop", "0", "DonPasci" "2025-09-02 00:01:13", "1580171", "172.94.59.38:222", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-09-03 04:44:50", "100", "https://search.censys.io/hosts/172.94.59.38", "AS3223,AsyncRAT,C2,censys,RAT,VOXILITY", "0", "DonPasci" "2025-09-02 00:01:03", "1580170", "167.172.190.13:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-09-03 04:44:40", "100", "https://search.censys.io/hosts/167.172.190.13", "AS14061,C2,censys,DIGITALOCEAN-ASN,Sliver", "0", "DonPasci" "2025-09-02 00:00:59", "1580168", "172.245.95.32:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-09-03 04:44:49", "100", "https://search.censys.io/hosts/172.245.95.32", "AS-COLOCROSSING,AS36352,C2,censys,RAT,Remcos", "0", "DonPasci" "2025-09-02 00:00:59", "1580169", "195.177.94.33:2323", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-09-03 04:45:55", "100", "https://search.censys.io/hosts/195.177.94.33", "AS214961,C2,censys,RAT,Remcos,STELLARGROUPSAS", "0", "DonPasci" "2025-09-02 00:00:56", "1580167", "134.122.189.164:443", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "2025-09-02 04:00:22", "100", "https://search.censys.io/hosts/134.122.189.164", "AS152194,C2,censys,CTGSERVERLIMITED-AS-AP,Gh0st,RAT", "0", "DonPasci" "2025-09-02 00:00:32", "1580166", "8.135.13.184:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-03 04:51:53", "100", "https://search.censys.io/hosts/8.135.13.184", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-09-02 00:00:22", "1580165", "http://discord.com/is-ready", "url", "botnet_cc", "win.houdini", "Hworm,Jenxcus,Kognito,Njw0rm,WSHRAT,dinihou,dunihi", "Houdini", "", "100", "None", "RAT,WSHRAT", "0", "abuse_ch" "2025-09-01 23:45:06", "1580162", "http://fuckyou.com:443/is-ready", "url", "botnet_cc", "win.houdini", "Hworm,Jenxcus,Kognito,Njw0rm,WSHRAT,dinihou,dunihi", "Houdini", "", "100", "None", "RAT,WSHRAT", "0", "abuse_ch" "2025-09-01 22:49:54", "1580159", "104.233.252.23:8081", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-03 04:49:56", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-09-01 22:49:54", "1580160", "104.233.252.26:8081", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-03 04:49:57", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-09-01 22:49:53", "1580158", "104.233.252.20:8081", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-03 04:49:56", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-09-01 22:49:38", "1580157", "tld56.cn", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-02 03:50:06", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-09-01 21:52:58", "1580156", "11.jujosuu4.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-02 18:53:47", "100", "None", "clearfake", "1", "ttakvam" "2025-09-01 21:14:19", "1580153", "885e1b17935705355f5d12630278cf14", "md5_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:14:18", "1580150", "5c0a8ba161e2e47d44988564976448b7", "md5_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:14:18", "1580151", "782c5c224ef91f62091c43f567e4fc626d50cbc9", "sha1_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:14:18", "1580152", "739cb53f9ab48a779c7f0a9aa7829202f2b397e91918a5689b93877b40eba61d", "sha256_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:14:17", "1580147", "144f7bb72738bfcc697c1dc4be14274e", "md5_hash", "payload", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:14:17", "1580148", "741e17340f6351c865dd30b868a51817d323310b", "sha1_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:14:17", "1580149", "460367fd0b8d29ba78b4446cf2d0efa756e696aa027d02776ea593a732bbef2e", "sha256_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:14:16", "1580144", "c7eede4b3ba5e0c4e799b068596ea80d", "md5_hash", "payload", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:14:16", "1580145", "d984efe196cc4cb9a375d976cb35f9a7abaca643", "sha1_hash", "payload", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:14:16", "1580146", "fb05a0c8189bbb4dbd25e605bd8b6dda7532b14c5d76b3ce1da727c587c03b67", "sha256_hash", "payload", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:14:15", "1580141", "fd4a3a4d0ac0cba413642fef4b4b06fb", "md5_hash", "payload", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:14:15", "1580142", "e64673d2f2aad6380dfd8029780d291065f8226d", "sha1_hash", "payload", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:14:15", "1580143", "8c3613b51afb7a2410531d5abad8979e77b2f86d07a084453a191291e8517ab0", "sha256_hash", "payload", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:14:14", "1580138", "1f948b192338698304de20a4e8570e4e", "md5_hash", "payload", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:14:14", "1580139", "181fb2f18aafe50d0782e96655d21d2c644b35b8", "sha1_hash", "payload", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:14:14", "1580140", "fc0d5d4af2961460dcda985611a26b7aac1b6cc1fe075468dc63644388a0069d", "sha256_hash", "payload", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:14:13", "1580135", "d595b02fb5ab973121aec3e7e1f31916", "md5_hash", "payload", "win.meterpreter", "None", "Meterpreter", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:14:13", "1580136", "ce006980f7df2d2ace9f79a76db583d88c8f3058", "sha1_hash", "payload", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:14:13", "1580137", "83ee74b0415071f81860b3bf9bb3c07fd8a891f84050dc011f897029ce8c1497", "sha256_hash", "payload", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:14:12", "1580132", "6962b0ab3e05a9963ca492a53bdee638", "md5_hash", "payload", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:14:12", "1580133", "445ae20892d1f69d2792bc7751d36c0c8ca8beb2", "sha1_hash", "payload", "win.meterpreter", "None", "Meterpreter", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:14:12", "1580134", "518dd198d24f9f8e06902a68fbc34e7ca9d602dae62e16cf9cdf5da4920ff77f", "sha256_hash", "payload", "win.meterpreter", "None", "Meterpreter", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:14:11", "1580128", "59b571d0172e21403951749bd1bd54c90ee45d11e90e63a6a87cc803122e26f3", "sha256_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:14:11", "1580129", "7273f4f808406e2bafca897ee2f16cc8", "md5_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:14:11", "1580130", "07e556cdee19d81f28dd5cb3aa66f116267eb3cc", "sha1_hash", "payload", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:14:11", "1580131", "5fe952d8821bf7b60dfaa5a88bc8bf6221610398cd3d0dc605310b030ff7c995", "sha256_hash", "payload", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:14:10", "1580126", "762a59e20526982b4dfd7d89148cad6a", "md5_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:14:10", "1580127", "1c62fbf77eced38cf9955d7689bc8bd50479fd99", "sha1_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:14:09", "1580123", "e272482165f9f0343cafc57f738b7dc5", "md5_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:14:09", "1580124", "6cbf44385546a1ad7a1f8bac5cb974ee1eb6f6ac", "sha1_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:14:09", "1580125", "9ac1c838a65913a20c7b266946226c724832edd82e3be8d6613ad5786b968d29", "sha256_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:14:08", "1580120", "8387de346ee1f8c3e4e10d4b05801c5a", "md5_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:14:08", "1580121", "c8d91be03471bfe32fb182399edd1e265775ddc4", "sha1_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:14:08", "1580122", "df0442cb22d02ff079e06ffaf287eebe2fbefe5744ebe428e4436589facca3fe", "sha256_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:14:07", "1580116", "a26d8da6e2da56ce48758189df3a667bd48d2199fc2688f25eb96d30f10e369d", "sha256_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:14:07", "1580117", "359730eee7e3677db5527c66b6ba5f64", "md5_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:14:07", "1580118", "e47879912caeb7433db2a7f1b04ec309032e36ee", "sha1_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:14:07", "1580119", "d1bb83fe0bb9688fc181c881a3e5a4cf6ae216941006d2ff52c2f286e27d4e4f", "sha256_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:14:06", "1580113", "bf9003f364568b00fe65adb2c202ce3689ee1a7b7934fd18346359f3ace96289", "sha256_hash", "payload", "win.vipkeylogger", "None", "VIP Keylogger", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:14:06", "1580114", "8a468ffead45b04556f5cbb4e3529618", "md5_hash", "payload", "win.vipkeylogger", "None", "VIP Keylogger", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:14:06", "1580115", "0aaea6860b7a708d5057b2e986a19f2091d8e964", "sha1_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:14:05", "1580110", "b6cd984ed31123480cbc24bcfc796c942e6b462202d1deb32fb366454f278ef5", "sha256_hash", "payload", "win.masslogger", "None", "MASS Logger", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:14:05", "1580111", "2ddb7d4a880d4db27171a8774a0402ac", "md5_hash", "payload", "win.masslogger", "None", "MASS Logger", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:14:05", "1580112", "f6067891c8bb5385a933540a7812248eea2c0812", "sha1_hash", "payload", "win.vipkeylogger", "None", "VIP Keylogger", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:14:04", "1580107", "93d56b4cba2d0d2f011d31d47f493989549431a4d3a8e916dd848144fe4beaac", "sha256_hash", "payload", "win.masslogger", "None", "MASS Logger", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:14:04", "1580108", "bdd43a831029772fbb7d0d70127c5d74", "md5_hash", "payload", "win.masslogger", "None", "MASS Logger", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:14:04", "1580109", "a405cecec791cfb044f0951383d4dfba9c5f1793", "sha1_hash", "payload", "win.masslogger", "None", "MASS Logger", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:14:03", "1580104", "7fb51ecddea989bbc4c71fb744b95e9045e64c7a534d661d972c048a40050bb7", "sha256_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:14:03", "1580105", "ceffb54d6addc704e409ed67ab6cbf2b", "md5_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:14:03", "1580106", "4f8a609b83049c9d78869307164afe43d522e5b8", "sha1_hash", "payload", "win.masslogger", "None", "MASS Logger", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:14:01", "1580100", "782168e785fca04224fa60a380a178d84dad567f", "sha1_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:14:01", "1580101", "e2189c1992a5e092e0fc5595b914e4a2980b149624261ea72fa3b881ff696721", "sha256_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:14:01", "1580102", "3734679238dba6f53452dbe8314bb872", "md5_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:14:01", "1580103", "96a7f3826cde8a2b8edd700494babe55eab21116", "sha1_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:14:00", "1580098", "8b1c2293d5ca82007d194e9960de64263105f2c2b6707e19d89534bcd1bb2d06", "sha256_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:14:00", "1580099", "52beeec8268d9b95d721ef3ce13d40a6", "md5_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:59", "1580095", "6307f6dcb83c11e69ad410e3d95d49834657fe2124f19c3c4e840d618bb53067", "sha256_hash", "payload", "win.krakenkeylogger", "None", "KrakenKeylogger", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:59", "1580096", "b0730e315e4bf789befc36c1f7dffce7", "md5_hash", "payload", "win.krakenkeylogger", "None", "KrakenKeylogger", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:59", "1580097", "ea4b9c73fbec3d2fb35256dc77f8cbcfa89c2d96", "sha1_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:58", "1580091", "68c7a3efeee66335a1dff67b6d87f9f330b9609e", "sha1_hash", "payload", "win.masslogger", "None", "MASS Logger", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:58", "1580092", "3826ecc2d0fc46bece9de18faaf48acea6615fda5320c8efe134b6439f099b73", "sha256_hash", "payload", "win.masslogger", "None", "MASS Logger", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:58", "1580093", "060b3fd93c5fa060daf45bd4fc0ee6d0", "md5_hash", "payload", "win.masslogger", "None", "MASS Logger", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:58", "1580094", "5612fe1760e8244ca4309e2730c357c3837c70d7", "sha1_hash", "payload", "win.krakenkeylogger", "None", "KrakenKeylogger", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:57", "1580088", "75705936389d52131d0bc595a961e30ba3cd6459", "sha1_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:57", "1580089", "d1f7d720167c082a602177134934c8669fa9fa3110e50a2f03a336a78357abcd", "sha256_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:57", "1580090", "39084089a3fc8d917f35879cf156ab87", "md5_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:56", "1580085", "9fb9f436e4820bfe5d7c5e13da1918d8cd75049c", "sha1_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:56", "1580086", "0bd3008f62ecf3929dda01a2b5f244f7ffc63f899239975af53da875d59f6d48", "sha256_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:56", "1580087", "803a89cb0a4d0631c47b48dcaac7045b", "md5_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:55", "1580082", "ce5619b5937471d1aad525050022cc3e45480cbc", "sha1_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:55", "1580083", "0c816a698e51e5fc6bc477763023e7f9b8df667703f5835be297efccf0996de5", "sha256_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:55", "1580084", "8e8316cc323fdb0dae680ebc881abd21", "md5_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:54", "1580079", "df7076c7723a79271fec61d63ff5c4a7fc26d888", "sha1_hash", "payload", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:54", "1580080", "25e9a59bf9a9c9d4cb8861c23570eb7b62aaa2ff23c3fe6dd4f5c44351a60b7e", "sha256_hash", "payload", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:54", "1580081", "4e0825cd3d96a1e239c8a735ab42ead9", "md5_hash", "payload", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:53", "1580076", "482d36eadde2660992db18891f39bb4eeebe63a2", "sha1_hash", "payload", "win.darkgate", "Meh,MehCrypter", "DarkGate", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:53", "1580077", "e1f3f354b62a6aee0053bcca716741af176676419060b06aed5be5d2f9544af3", "sha256_hash", "payload", "win.darkgate", "Meh,MehCrypter", "DarkGate", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:53", "1580078", "ef8f4673ca30ba63498ccbf514d7e795", "md5_hash", "payload", "win.darkgate", "Meh,MehCrypter", "DarkGate", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:52", "1580073", "1f2032013bd9ce7c74254553fd8803b56fcedf9d", "sha1_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:52", "1580074", "c5cf05219904b90310bb560281936dfa77045ce5d11093d53010a453d91f2b85", "sha256_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:52", "1580075", "35898e183754e2d8a4fdb18f50345008", "md5_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:51", "1580070", "4acdcca77b1b3eec7d0a7f5013080ab39875100d", "sha1_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:51", "1580071", "2f5c65ee08f0584a47723bd5f9552843c03c49ab0bf90c960ea4443f7f535310", "sha256_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:51", "1580072", "fac8d951e2171ab45c3c46da95d94302", "md5_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:50", "1580067", "cecc64b29888c23bcfbf7884fc96a5e926c8f168", "sha1_hash", "payload", "win.nabucur", "None", "Nabucur", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:50", "1580068", "4ce67fdd6929d296988354eacc1d6db5516b97782993047196cebe772c10d2d5", "sha256_hash", "payload", "win.nabucur", "None", "Nabucur", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:50", "1580069", "6c2ee13d637d438e2844af85679064bf", "md5_hash", "payload", "win.nabucur", "None", "Nabucur", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:49", "1580063", "fdb9e195e30c1eec7cda24d1af28e83d", "md5_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:49", "1580064", "d770ca54e382dc4ec2cb948488195c80d6ae7d04", "sha1_hash", "payload", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:49", "1580065", "418472f0b1fa019d3a411046689a19fe37fbba18ce55fb86aa4ec615920a54f5", "sha256_hash", "payload", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:49", "1580066", "eb4f745cc74fcde052c74ddf873a7875", "md5_hash", "payload", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:48", "1580061", "60189ac4e1e10328ec084e174a68c5a373bcf7f2", "sha1_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:48", "1580062", "360c66edab52b893bc1795fd375f7b5ffbbf31ba3747068da38350ffd3286fe9", "sha256_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:47", "1580057", "132b57e88f355e4eb3c63d6d51cf6049", "md5_hash", "payload", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:47", "1580058", "1578dd5dd931ae19239853256f30ba2a10b2b942", "sha1_hash", "payload", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:47", "1580059", "7c24d1d9a6258516d1ec21877747ee6c28373dff48e65c0a69e85e953dd546fe", "sha256_hash", "payload", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:47", "1580060", "2e55735f5945da1d11d308dc49c5a799", "md5_hash", "payload", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:46", "1580054", "49bc3244eebe1a39a654c12522ca0ed0", "md5_hash", "payload", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:46", "1580055", "cb23edc37c59055b4e772f5ab3934d7d162c31f8", "sha1_hash", "payload", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:46", "1580056", "2feb8c5a7c576a92dae677c3b83246883e43f946665f4d923250938b203b16fc", "sha256_hash", "payload", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:45", "1580051", "a7bc629dc11de623ab4fac451f77847e", "md5_hash", "payload", "win.rhadamanthys", "None", "Rhadamanthys", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:45", "1580052", "c503f6bd0bc20297d07526b136b752fab9cdd618", "sha1_hash", "payload", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:45", "1580053", "9eb6bd48aa9c2f06c52b1b66927cbded6423d32d1d42c3f7c3fc074d4f58f789", "sha256_hash", "payload", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:44", "1580048", "2a5ce2011e51ce846e73a231e503ebce", "md5_hash", "payload", "win.rhadamanthys", "None", "Rhadamanthys", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:44", "1580049", "e2720036f4b467c9de31710bc25871efc3f4c4a6", "sha1_hash", "payload", "win.rhadamanthys", "None", "Rhadamanthys", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:44", "1580050", "b4e0ecd2deae4e1e27cb025851f224ecbda5598bab10e02232c8d93669964e91", "sha256_hash", "payload", "win.rhadamanthys", "None", "Rhadamanthys", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:43", "1580046", "a17872ce6a22e924dea0201d9100306aace2b0aa", "sha1_hash", "payload", "win.rhadamanthys", "None", "Rhadamanthys", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:43", "1580047", "4c3df5648a4b0412b690bad3da5b6694db67b89dd44b8d87cac52631a5712865", "sha256_hash", "payload", "win.rhadamanthys", "None", "Rhadamanthys", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:42", "1580042", "b53440954b7fa9fbc85d09989742d9df", "md5_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:42", "1580043", "29b9f1427edae3f215cffc8958257052be849a49", "sha1_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:42", "1580044", "b786a73c7f19b8d9336266c409fd362c93f7c2d627d158b85f0a563ef0653ee0", "sha256_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:42", "1580045", "b6aa775a9f1afe51dffe9e4b616e0f9a", "md5_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:41", "1580039", "af6fa6ab60e1dd4f684dcb4645a0eb65", "md5_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:41", "1580040", "6a0327f36303b473c973860f8db2bee1232729bc", "sha1_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:41", "1580041", "140de266182e847a3d765c82be7aca92418c8a68b0345686e5475bde60bf7731", "sha256_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:40", "1580036", "c67236debcbadbfa143d99b5718687da", "md5_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:40", "1580037", "1ab2e8181d93b8dbf84a35670cca3f8c63775747", "sha1_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:40", "1580038", "c2737036b26f6ff90d31646ffbb323b03a578f0e52f967f9ee9f34852616847b", "sha256_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:39", "1580033", "fd781d94aab85dc23e2819bb58d5ca84", "md5_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:39", "1580034", "b0897513175152e30f10aed98f0948865041b5b1", "sha1_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:39", "1580035", "7f41b100cd7fbb5e1ce966dc4b498f868a448b026cac4d836e92523250f7bb16", "sha256_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:38", "1580030", "0bd47d3cc38f21ea6a0abc4c50b3a990", "md5_hash", "payload", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:38", "1580031", "3de29893f868d44b72ded8c4e6fab93faeffd40b", "sha1_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:38", "1580032", "6360358e52d609029f844535cdb3ecbae0cec28b5e0fa1b5cc02659b459df43f", "sha256_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:37", "1580027", "cddc994ca737e39913db6a1092bad30f", "md5_hash", "payload", "win.purpleink", "None", "purpleink", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:37", "1580028", "3568cad6c5691bbde1203327071cddf6b963fe66", "sha1_hash", "payload", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:37", "1580029", "59b7bc4246d760f4ae78a480b14803a2f2b8a45d7e18a6bf2d1e969559bf4e2d", "sha256_hash", "payload", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:36", "1580024", "60539dff6143b120ac69751633ea5318", "md5_hash", "payload", "win.acr_stealer", "None", "ACR Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:36", "1580025", "bf556d8ec388ea258e34b47ed4e58069fc98c12b", "sha1_hash", "payload", "win.purpleink", "None", "purpleink", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:36", "1580026", "c09261df37268b34060769437c2ae12d3bc4da0d744fe329e5b13ad4dbbb9283", "sha256_hash", "payload", "win.purpleink", "None", "purpleink", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:35", "1580021", "40ce1c26167fc8fae6b1e9991ac4b9c8", "md5_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:35", "1580022", "b1c1a2f9a6268c37a4f181da525af0c0da704bef", "sha1_hash", "payload", "win.acr_stealer", "None", "ACR Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:35", "1580023", "30620c423c928e5e37f9386f7cb5e6ab87eaee7638975f4a8d8f90c56cb785f1", "sha256_hash", "payload", "win.acr_stealer", "None", "ACR Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:34", "1580018", "d470c4bc84de67d263ca59a6746dbd8a", "md5_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:34", "1580019", "4c61f190a26f7bc8c1896247bcd34992c1f1a059", "sha1_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:34", "1580020", "2398f931c24b3cb7b3687076b494fb2b34051d6ddfee53447d624b28911a44dd", "sha256_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:33", "1580014", "fcd1e239225ebc53ed52d73a0337ed38f27f05a67a1bc53f6eae43048d28708b", "sha256_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:33", "1580015", "0b757765fdea68b50455f22485159cb0", "md5_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:33", "1580016", "66bf2114663ee70d880c941ccfdec23f9dbf2453", "sha1_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:33", "1580017", "7afa67898d1e6046fac0f896c9c7515a0003defe05e6ef1baafcfa3209d08a1c", "sha256_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:32", "1580012", "4be51c724f344cec19bd9eff6c18c56a", "md5_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:32", "1580013", "eef6636a575175050a1ee930bcf59da586c81ff5", "sha1_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:31", "1580009", "c31da04677acf0abf7c84c05fef7914a", "md5_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:31", "1580010", "7e25b39d014e927976e92944e2ff0a8b7bbf1b31", "sha1_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:31", "1580011", "d76b73fe5dcfbf71a21208815558b7ed0415b586f13967e77cc0e37591fd7665", "sha256_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:30", "1580006", "0bc7b71fa5efd46eb94dab216e6acdd6", "md5_hash", "payload", "win.rhadamanthys", "None", "Rhadamanthys", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:30", "1580007", "65ed1b82bc2a7c5fab5bd32f6f8c4427d3f5f359", "sha1_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:30", "1580008", "97ff06a25f7c699e129771cde557021cbf49f4e6ed15dfeb9b7d29eacafa9926", "sha256_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:29", "1580003", "a0c3444690e651d20c5ac83fa0770295", "md5_hash", "payload", "win.rhadamanthys", "None", "Rhadamanthys", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:29", "1580004", "ddbad61e78be92974c876241b297393b8e5869b5", "sha1_hash", "payload", "win.rhadamanthys", "None", "Rhadamanthys", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:29", "1580005", "3f7c7193e4ad4b3aaf4b7092f3952664d554887f22843fb5eff74ef69bcb329a", "sha256_hash", "payload", "win.rhadamanthys", "None", "Rhadamanthys", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:28", "1580000", "4522678801f03ab41398738e51bbec03", "md5_hash", "payload", "win.rhadamanthys", "None", "Rhadamanthys", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:28", "1580001", "76913f45596b669c9b7dfc83f83cb12eaa69c773", "sha1_hash", "payload", "win.rhadamanthys", "None", "Rhadamanthys", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:28", "1580002", "11515e65056d8dc6cb71897be2dceb35653f1c12b34070f87e7608769c1ce2e8", "sha256_hash", "payload", "win.rhadamanthys", "None", "Rhadamanthys", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:27", "1579997", "41056d5e211891780d2fbcff63d7a82f", "md5_hash", "payload", "win.strelastealer", "None", "StrelaStealer", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:27", "1579998", "7f00a7f594a2f880ce33fb6dd07f60aa5fab9015", "sha1_hash", "payload", "win.rhadamanthys", "None", "Rhadamanthys", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:27", "1579999", "9003c1087aa81de7fe8b3f1bf2c17e4489c33d356c863e2a75d6dbae42a114f8", "sha256_hash", "payload", "win.rhadamanthys", "None", "Rhadamanthys", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:26", "1579995", "1bbb63c8114dc03a914614f3c6c0c7c1e46be939", "sha1_hash", "payload", "win.strelastealer", "None", "StrelaStealer", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:26", "1579996", "1ae8f5d331a1c6138b60c0e9b7f3ddecda3868e6c408b97a061ed50916245b93", "sha256_hash", "payload", "win.strelastealer", "None", "StrelaStealer", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:25", "1579992", "1f8785b99349527aff7059b74ab32c79a8eaa446", "sha1_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:25", "1579993", "bc045ffac9e1161d5c20ab56f5c41cfaba19d98bc719967499acc14c0e752ef6", "sha256_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:25", "1579994", "694da212bfad8eb1a78d8a0cf83917c9", "md5_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:24", "1579989", "5a828c606337bc6d3be92a905675a801c2ea34b0", "sha1_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:24", "1579990", "5a1fe3a5ee208b87acd8a605b3d0426c39aa3418f7ae80eaaf3a484004f88483", "sha256_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:24", "1579991", "b17e2df8a9860f835b4ce3b7f671d958", "md5_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:23", "1579986", "246ae316b7fac02eeca51cb5cb587952f95bceb4", "sha1_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:23", "1579987", "9a94fc8877306b371085bf268c7b41bdedec9bdffe3da530f95c4ef2182af996", "sha256_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:23", "1579988", "cdd6f760696c69b0537f0d36ce793334", "md5_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:22", "1579983", "948f0ac89116c3b17cf2b6b69e142e6afe5b5813", "sha1_hash", "payload", "win.rhadamanthys", "None", "Rhadamanthys", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:22", "1579984", "50346bc9fec712d366fc6b0b75f160a4adbe7a832d7c116a86e480266d00ee19", "sha256_hash", "payload", "win.rhadamanthys", "None", "Rhadamanthys", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:22", "1579985", "b60de29e63cc77690480bb91c139e9d7", "md5_hash", "payload", "win.rhadamanthys", "None", "Rhadamanthys", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:21", "1579981", "ad9a9bcbe3da0377edafc371d2d5eaba74808c9e6c0583fa6fa3ba195770b7b6", "sha256_hash", "payload", "win.guidloader", "None", "GUIDLOADER", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:21", "1579982", "a24760c639cb48042af8704c29eb40a5", "md5_hash", "payload", "win.guidloader", "None", "GUIDLOADER", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:20", "1579978", "bfc9ac7d4fedbbe1c2818c3f5a66035577b69f17be2d4f7180a7658935b384fa", "sha256_hash", "payload", "win.masslogger", "None", "MASS Logger", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:20", "1579979", "68bd45b42436507d129fb5f4bdc7d8e6", "md5_hash", "payload", "win.masslogger", "None", "MASS Logger", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:20", "1579980", "9672ba11c43eed23a3aa03019c4e7ae5021c4f46", "sha1_hash", "payload", "win.guidloader", "None", "GUIDLOADER", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:19", "1579975", "a2caca44247c555fe0d4faa25320c58c6ceab37cee6a664ea76e594db4cbe979", "sha256_hash", "payload", "win.coinminer", "None", "Coinminer", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:19", "1579976", "a3b187367906a0eb92b38ed80f8c0f7d", "md5_hash", "payload", "win.coinminer", "None", "Coinminer", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:19", "1579977", "8240b675606e69b4fcc9d466c154c9e89553bb94", "sha1_hash", "payload", "win.masslogger", "None", "MASS Logger", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:18", "1579971", "2077360e2828c4ed2f64233061a57c44de444fb5", "sha1_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:18", "1579972", "3d7f6743ea132b221c213e8ccf751e57d9f7c274fbd0da2aed6a122487097a9e", "sha256_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:18", "1579973", "086cc7fe839637dfb618e34ce2849d9d", "md5_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:18", "1579974", "64b4dbaf20399e9569d887fbdb37acf10dc5e048", "sha1_hash", "payload", "win.coinminer", "None", "Coinminer", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:17", "1579969", "4bdfcda0ec7e507468e4654dbb66811750a6f9d7ebd9077888cd803c75085a39", "sha256_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:17", "1579970", "f85305b36ad65ffb0b01d3fb73b262a3", "md5_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:16", "1579966", "238f2bfc3e1c6d1c486718b215005532fcbf66a775339089253aa6208139205a", "sha256_hash", "payload", "win.amadey", "None", "Amadey", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:16", "1579967", "46791467c13cf4718f680a8a14975949", "md5_hash", "payload", "win.amadey", "None", "Amadey", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:16", "1579968", "3421a31495dd784750201b48d5bf2960386c5cd5", "sha1_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:13:15", "1579965", "df14997741b706043c9d9dab79564cf8d6a1f0f9", "sha1_hash", "payload", "win.amadey", "None", "Amadey", "", "95", "None", "None", "0", "Grim" "2025-09-01 21:10:27", "1579963", "https://pr.es.grantech.hu", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2025-09-02 15:10:28", "75", "None", "gtt/9,Vidar", "0", "abuse_ch" "2025-09-01 21:10:27", "1579964", "pr.es.grantech.hu", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2025-09-02 15:10:28", "75", "None", "gtt/9,Vidar", "0", "abuse_ch" "2025-09-01 20:48:29", "1579962", "75.2.86.65:443", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-09-03 04:48:36", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-09-01 20:47:50", "1579961", "5.163.252.69:443", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "2025-09-03 04:48:03", "75", "None", "drb-ra,Qakbot,Qbot,Quakbot", "0", "abuse_ch" "2025-09-01 20:10:38", "1579958", "https://pr.es.hombresg.net", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2025-09-02 07:05:11", "75", "None", "gtt/9,Vidar", "0", "abuse_ch" "2025-09-01 20:10:38", "1579959", "pr.es.hombresg.net", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "75", "None", "gtt/9,Vidar", "0", "abuse_ch" "2025-09-01 20:01:50", "1579956", "87.106.126.157:80", "ip:port", "botnet_cc", "win.empire_downloader", "None", "Empire Downloader", "", "100", "https://search.censys.io/hosts/87.106.126.157", "AS8560,C2,censys,IONOS-AS,PowershellEmpire", "0", "DonPasci" "2025-09-01 20:01:19", "1579955", "13.62.19.37:5671", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-09-03 04:43:51", "100", "https://search.censys.io/hosts/13.62.19.37", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-09-01 20:01:14", "1579954", "45.144.55.160:442", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-09-02 04:00:36", "100", "https://search.censys.io/hosts/45.144.55.160", "AEZA-AS,AS210644,C2,censys,Mythic", "0", "DonPasci" "2025-09-01 20:01:07", "1579953", "190.255.85.13:4000", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-09-03 04:45:39", "100", "https://search.censys.io/hosts/190.255.85.13", "AS3816,AsyncRAT,C2,censys,COLOMBIA,RAT", "0", "DonPasci" "2025-09-01 20:00:52", "1579952", "196.251.73.226:5000", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-09-03 04:46:04", "100", "https://search.censys.io/hosts/196.251.73.226", "AS401120,C2,censys,CHEAPY-HOST,RAT,Remcos", "0", "DonPasci" "2025-09-01 20:00:33", "1579951", "20.2.220.82:42666", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-03 04:51:03", "100", "https://search.censys.io/hosts/20.2.220.82", "AS8075,C2,censys,CobaltStrike,cs-watermark-666666666,MICROSOFT-CORP-MSN-AS-BLOCK", "0", "DonPasci" "2025-09-01 19:35:22", "1579949", "196.251.113.4:8989", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "XWorm", "0", "abuse_ch" "2025-09-01 18:22:37", "1579946", "ch.hekulei5.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-01 20:22:09", "100", "None", "clearfake", "1", "ttakvam" "2025-09-01 18:01:45", "1579944", "154.44.30.252:449", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "https://tria.ge/250901-rzrpasxks8", "AS979,C2,NETLAB-SDN,rat,triage,valleyrat", "0", "DonPasci" "2025-09-01 18:01:29", "1579943", "mhzlhhhh378-43006.portmap.host", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "https://tria.ge/250901-tpw75stsdy", "C2,domain,njrat,triage", "0", "DonPasci" "2025-09-01 18:00:55", "1579941", "NigNig12344-54127.portmap.host", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://tria.ge/250901-s7w5esyjv6", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2025-09-01 18:00:55", "1579942", "172.111.138.100:4001", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://tria.ge/250901-qxg7eahj7w", "AS9009,C2,M247,quasar,rat,triage", "0", "DonPasci" "2025-09-01 18:00:49", "1579940", "mora1987.work.gd", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-09-01 18:00:49", "100", "https://tria.ge/250901-n6p79svnt7", "asyncrat,C2,domain,rat,triage", "0", "DonPasci" "2025-09-01 18:00:48", "1579938", "startmenuexperiencehostw.ydns.eu", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://tria.ge/250901-ttbr1abp21", "asyncrat,C2,domain,rat,triage", "0", "DonPasci" "2025-09-01 18:00:48", "1579939", "hone32.work.gd", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-09-01 18:00:49", "100", "https://tria.ge/250901-n6p79svnt7", "asyncrat,C2,domain,rat,triage", "0", "DonPasci" "2025-09-01 18:00:37", "1579937", "ring-bd.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250901-pbv1psvpt3", "C2,domain,triage,xworm", "0", "DonPasci" "2025-09-01 18:00:36", "1579934", "dabenchy.shop", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250901-vy6nlsyr16", "C2,domain,triage,xworm", "0", "DonPasci" "2025-09-01 18:00:36", "1579935", "benefits-bumper.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250901-txem3attfs", "C2,domain,triage,xworm", "0", "DonPasci" "2025-09-01 18:00:36", "1579936", "related-suspended.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250901-p9fzfaz1av", "C2,domain,triage,xworm", "0", "DonPasci" "2025-09-01 16:25:34", "1579929", "147.185.221.31:26866", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "XWorm", "0", "abuse_ch" "2025-09-01 16:15:11", "1579926", "https://hatstart.xyz/mok.php", "url", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "100", "", "OffLoader", "0", "abuse_ch" "2025-09-01 16:15:11", "1579927", "https://harmonycrib.xyz/mok.php", "url", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "100", "", "OffLoader", "0", "abuse_ch" "2025-09-01 16:15:10", "1579925", "mellive.top", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "", "ConnectWise,ScreenConnect", "0", "abuse_ch" "2025-09-01 16:15:09", "1579920", "njqlive.top", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "", "ConnectWise,ScreenConnect", "0", "abuse_ch" "2025-09-01 16:15:09", "1579921", "web.qxfhelp.top", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "", "ConnectWise,ScreenConnect", "0", "abuse_ch" "2025-09-01 16:15:09", "1579922", "armb.cc", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "", "ConnectWise,ScreenConnect", "0", "abuse_ch" "2025-09-01 16:15:09", "1579923", "helphbc.top", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "", "ConnectWise,ScreenConnect", "0", "abuse_ch" "2025-09-01 16:15:09", "1579924", "roofvest.xyz", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "", "ConnectWise,ScreenConnect", "0", "abuse_ch" "2025-09-01 16:01:15", "1579919", "46.17.57.37:2096", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-09-03 04:47:49", "100", "https://search.censys.io/hosts/46.17.57.37", "AS39326,C2,censys,Havoc,HSO-GROUP", "0", "DonPasci" "2025-09-01 16:01:06", "1579918", "45.74.8.89:407", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-09-03 04:47:42", "100", "https://search.censys.io/hosts/45.74.8.89", "AS3223,AsyncRAT,C2,censys,RAT,VOXILITY", "0", "DonPasci" "2025-09-01 16:01:05", "1579917", "128.90.113.7:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-09-03 04:43:45", "100", "https://search.censys.io/hosts/128.90.113.7", "AS40861,AsyncRAT,C2,censys,PARAD-40-ASN,RAT", "0", "DonPasci" "2025-09-01 16:01:03", "1579916", "154.205.145.180:443", "ip:port", "botnet_cc", "win.shadowpad", "POISONPLUG.SHADOW,XShellGhost", "ShadowPad", "", "90", "https://search.censys.io/hosts/154.205.145.180", "AS138915,C2,censys,KAOPU-HK,RAT,ShadowPad", "0", "DonPasci" "2025-09-01 16:00:50", "1579915", "196.251.80.238:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-09-03 04:46:04", "100", "https://search.censys.io/hosts/196.251.80.238", "AS401120,C2,censys,CHEAPY-HOST,RAT,Remcos", "0", "DonPasci" "2025-09-01 16:00:38", "1579914", "178.16.52.80:443", "ip:port", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2025-09-01 16:02:17", "100", "https://search.censys.io/hosts/178.16.52.80", "AS209800,C2,censys,Latrodectus,METASPINNER-ASN", "0", "DonPasci" "2025-09-01 16:00:34", "1579913", "101.201.63.13:4444", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-02 04:00:18", "100", "https://search.censys.io/hosts/101.201.63.13", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci" "2025-09-01 16:00:33", "1579912", "81.68.95.163:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-03 04:51:59", "100", "https://search.censys.io/hosts/81.68.95.163", "AS45090,C2,censys,CobaltStrike,cs-watermark-666666666,TENCENT-NET-AP", "0", "DonPasci" "2025-09-01 16:00:30", "1579911", "104.238.57.191:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-02 04:00:19", "100", "https://search.censys.io/hosts/104.238.57.191", "AS199959,C2,censys,CobaltStrike,CROWNCLOUD,cs-watermark-987654321", "0", "DonPasci" "2025-09-01 15:53:51", "1579910", "ak.tygilyo.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-01 15:52:23", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-01 15:42:49", "1579909", "pzy.sewedau.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-01 15:34:41", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-01 15:28:01", "1579908", "ers.logyvai.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-01 15:21:54", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-01 15:16:53", "1579670", "ce.tygilyo.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-01 14:49:52", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-01 15:15:33", "1579907", "178.16.53.80:7000", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "XWorm", "0", "abuse_ch" "2025-09-01 15:13:58", "1579893", "turzhzt.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:58", "1579894", "unfill.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:58", "1579895", "unpaclpe.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:58", "1579896", "unworva.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:58", "1579897", "vicejlr.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:58", "1579898", "virwvtz.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:58", "1579899", "visifxs.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:58", "1579900", "viticpc.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:58", "1579901", "waryyip.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:58", "1579902", "whipwdv.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:58", "1579903", "whitlcl.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:58", "1579904", "wildxba.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:58", "1579905", "windmqg.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:58", "1579906", "yammrfn.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 20:48:24", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:57", "1579873", "squabkq.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:57", "1579874", "stimumu.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:57", "1579875", "strekyc.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:57", "1579876", "strinyj.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:57", "1579877", "strypgo.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:57", "1579878", "supporbt.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:57", "1579879", "synadvn.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:57", "1579880", "tadjirl.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:57", "1579881", "taiffmzy.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:57", "1579882", "tallubk.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:57", "1579883", "tankrg.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:57", "1579884", "tensqms.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:57", "1579885", "threeql.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:57", "1579886", "tillcuh.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 20:48:24", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:57", "1579887", "togoeww.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:57", "1579888", "treabcf.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:57", "1579889", "treavi.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:57", "1579890", "troocea.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:57", "1579891", "tumbikj.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:57", "1579892", "turtljbv.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:56", "1579858", "rutxnm.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:56", "1579859", "sabiwgb.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:56", "1579860", "sarpabb.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:56", "1579861", "savoesf.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 20:47:26", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:56", "1579862", "scordtw.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:56", "1579863", "scruxhb.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:56", "1579864", "sempqrz.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:56", "1579865", "serrsvn.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:56", "1579866", "shocvxli.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 20:47:26", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:56", "1579867", "shofxd.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:56", "1579868", "showcet.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:56", "1579869", "skiddgw.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 20:47:26", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:56", "1579870", "sluggtq.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:56", "1579871", "smoovns.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:56", "1579872", "sociiud.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:55", "1579846", "pasyrbe.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:55", "1579847", "petesie.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:55", "1579848", "pilotpfp.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:55", "1579849", "pistdvd.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 20:48:24", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:55", "1579850", "plinwxl.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:55", "1579851", "preeybt.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:55", "1579852", "preobsl.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:55", "1579853", "proleau.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:55", "1579854", "prolnwo.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:55", "1579855", "rebechh.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 20:47:26", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:55", "1579856", "reveham.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:55", "1579857", "ringlti.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:54", "1579832", "lipsofu.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:54", "1579833", "malelaw.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:54", "1579834", "marceln.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 20:48:24", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:54", "1579835", "mendjks.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:54", "1579836", "monking.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:54", "1579837", "morvoz01.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:54", "1579838", "mothysb.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:54", "1579839", "newbvrp.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:54", "1579840", "niptfyz.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:54", "1579841", "obblipc.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:54", "1579842", "obtuutc.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:54", "1579843", "onqukok.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:54", "1579844", "oscaiwz.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:54", "1579845", "parajga.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:53", "1579817", "huntlds.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:53", "1579818", "hydczdp.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:53", "1579819", "hymnqx.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:53", "1579820", "hypohuw.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 20:48:23", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:53", "1579821", "incroqj.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:53", "1579822", "inczujv.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:53", "1579823", "infids.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:53", "1579824", "inwkpu.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:53", "1579825", "jaywzkd.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 20:47:27", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:53", "1579826", "ketnwdg.my", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:53", "1579827", "komidbx.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:53", "1579828", "leftpvb.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:53", "1579829", "lenhpqy.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:53", "1579830", "lepitzg.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:53", "1579831", "lievozs.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:52", "1579799", "geisqbb.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:52", "1579800", "gelatpy.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:52", "1579801", "genecdg.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:52", "1579802", "genemgv.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:52", "1579803", "genulqz.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 20:48:24", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:52", "1579804", "genupnt.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 20:48:23", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:52", "1579805", "genupui.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:52", "1579806", "genusdfg.qpon", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:52", "1579807", "genuwwk.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:52", "1579808", "graygqk.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:52", "1579809", "grenlel.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 20:48:24", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:52", "1579810", "gripck.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:52", "1579811", "guileml.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:52", "1579812", "hdj63.icu", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:52", "1579813", "hitiedy.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:52", "1579814", "hittf.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:52", "1579815", "hocuaox.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:52", "1579816", "homemdks.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:51", "1579781", "encibmo.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 20:47:27", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:51", "1579782", "endaepd.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:51", "1579783", "eudrrfl.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:51", "1579784", "eugvshk.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:51", "1579785", "evermvn.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:51", "1579786", "exchdfh.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:51", "1579787", "excufoc.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 20:48:24", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:51", "1579788", "famivfm.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:51", "1579789", "fasthqx.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:51", "1579790", "favncyg.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:51", "1579791", "fawnvjl.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:51", "1579792", "foojblh.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 20:48:24", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:51", "1579793", "forkdp.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:51", "1579794", "formkjk.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:51", "1579795", "forxba.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:51", "1579796", "framoa.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:51", "1579797", "franrzc.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:51", "1579798", "galawgtl.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:50", "1579764", "darnued.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 20:48:24", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:50", "1579765", "darrfbp.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:50", "1579766", "declpfp.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:50", "1579767", "defiloa.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:50", "1579768", "demnjyx.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:50", "1579769", "depapom.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 20:47:26", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:50", "1579770", "dermurt.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:50", "1579771", "disgxow.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:50", "1579772", "disiiat.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 20:48:24", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:50", "1579773", "disluqd.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 20:48:24", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:50", "1579774", "divamgo.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:50", "1579775", "docuhpu.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:50", "1579776", "doudnrr.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:50", "1579777", "droacon.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:50", "1579778", "duncian.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:50", "1579779", "dysplld.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:50", "1579780", "echocej.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 20:48:24", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:49", "1579750", "capexzo.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:49", "1579751", "carlozo.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:49", "1579752", "carrkxh.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 20:48:24", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:49", "1579753", "carrokd.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:49", "1579754", "chlonch.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:49", "1579755", "chryzju.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:49", "1579756", "cinnmfl.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:49", "1579757", "claihbs.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:49", "1579758", "climjuw.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:49", "1579759", "comqpru.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 20:48:24", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:49", "1579760", "condyal.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:49", "1579761", "conmgyr.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:49", "1579762", "contnni.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:49", "1579763", "craajvg.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:48", "1579738", "apoqosp.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 20:48:24", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:48", "1579739", "ardhpeb.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 20:48:24", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:48", "1579740", "atriurx.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:48", "1579741", "auspjwr.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:48", "1579742", "bandmetw.qpon", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:48", "1579743", "bearvi.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:48", "1579744", "beatvwe.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:48", "1579745", "befswj38.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:48", "1579746", "blassu.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:48", "1579747", "blatfdg.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:48", "1579748", "blisurn.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:48", "1579749", "bordehx.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:47", "1579731", "accoapf.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:47", "1579732", "achoqqe.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:47", "1579733", "aciujpr.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 20:47:27", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:47", "1579734", "adelxks.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:47", "1579735", "airtbvi.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:47", "1579736", "aleyywv.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:13:47", "1579737", "anguklp.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "500mk500" "2025-09-01 15:09:23", "1579719", "sonst.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 15:13:56", "100", "", "None", "0", "500mk500" "2025-09-01 15:09:23", "1579720", "sortxkm.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 15:13:56", "100", "", "None", "0", "500mk500" "2025-09-01 15:09:23", "1579721", "sugaaox.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 15:13:57", "100", "", "None", "0", "500mk500" "2025-09-01 15:09:23", "1579722", "swampcs.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 15:13:57", "100", "", "None", "0", "500mk500" "2025-09-01 15:09:23", "1579723", "talkxaxs.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 15:13:57", "100", "", "None", "0", "500mk500" "2025-09-01 15:09:23", "1579724", "testimc.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 15:13:57", "100", "", "None", "0", "500mk500" "2025-09-01 15:09:23", "1579725", "toobedg.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 15:13:57", "100", "", "None", "0", "500mk500" "2025-09-01 15:09:23", "1579726", "unpvmqn.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 15:13:58", "100", "", "None", "0", "500mk500" "2025-09-01 15:09:23", "1579727", "wirelft.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 15:13:58", "100", "", "None", "0", "500mk500" "2025-09-01 15:09:23", "1579728", "wrigwtt.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 15:13:58", "100", "", "None", "0", "500mk500" "2025-09-01 15:09:23", "1579729", "xerorov.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 15:13:58", "100", "", "None", "0", "500mk500" "2025-09-01 15:09:23", "1579730", "yearsfa.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 15:13:58", "100", "", "None", "0", "500mk500" "2025-09-01 15:09:22", "1579685", "enljbe.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 15:13:51", "100", "", "None", "0", "500mk500" "2025-09-01 15:09:22", "1579686", "ensuibv.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 15:13:51", "100", "", "None", "0", "500mk500" "2025-09-01 15:09:22", "1579687", "exfopgg.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 15:13:51", "100", "", "None", "0", "500mk500" "2025-09-01 15:09:22", "1579688", "faltlsj.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 15:13:51", "100", "", "None", "0", "500mk500" "2025-09-01 15:09:22", "1579689", "famidvw.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 15:13:51", "100", "", "None", "0", "500mk500" "2025-09-01 15:09:22", "1579690", "feasero.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 15:13:51", "100", "", "None", "0", "500mk500" "2025-09-01 15:09:22", "1579691", "flfzpt.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 15:13:51", "100", "", "None", "0", "500mk500" "2025-09-01 15:09:22", "1579692", "gentlsu.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 15:13:52", "100", "", "None", "0", "500mk500" "2025-09-01 15:09:22", "1579693", "genubsl.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 15:13:52", "100", "", "None", "0", "500mk500" "2025-09-01 15:09:22", "1579694", "glutbfw.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 15:13:52", "100", "", "None", "0", "500mk500" "2025-09-01 15:09:22", "1579695", "hairyzd.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 15:13:52", "100", "", "None", "0", "500mk500" "2025-09-01 15:09:22", "1579696", "indpret.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 15:13:53", "100", "", "None", "0", "500mk500" "2025-09-01 15:09:22", "1579697", "insczel.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 15:13:53", "100", "", "None", "0", "500mk500" "2025-09-01 15:09:22", "1579698", "kingduy.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 15:13:53", "100", "", "None", "0", "500mk500" "2025-09-01 15:09:22", "1579699", "laevuun.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 15:13:53", "100", "", "None", "0", "500mk500" "2025-09-01 15:09:22", "1579700", "lanmew.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 15:13:53", "100", "", "None", "0", "500mk500" "2025-09-01 15:09:22", "1579701", "lanwkv.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 15:13:53", "100", "", "None", "0", "500mk500" "2025-09-01 15:09:22", "1579702", "medizafx.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 15:13:54", "100", "", "None", "0", "500mk500" "2025-09-01 15:09:22", "1579703", "minoxih.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 15:13:54", "100", "", "None", "0", "500mk500" "2025-09-01 15:09:22", "1579704", "moutoxj.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 15:13:54", "100", "", "None", "0", "500mk500" "2025-09-01 15:09:22", "1579705", "overwwx.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 15:13:54", "100", "", "None", "0", "500mk500" "2025-09-01 15:09:22", "1579706", "peppegn.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 15:13:55", "100", "", "None", "0", "500mk500" "2025-09-01 15:09:22", "1579707", "pezwsv.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 15:13:55", "100", "", "None", "0", "500mk500" "2025-09-01 15:09:22", "1579708", "poniaym.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 15:13:55", "100", "", "None", "0", "500mk500" "2025-09-01 15:09:22", "1579709", "presexe.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 15:13:55", "100", "", "None", "0", "500mk500" "2025-09-01 15:09:22", "1579710", "pterobm.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 15:13:55", "100", "", "None", "0", "500mk500" "2025-09-01 15:09:22", "1579711", "racecem.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 15:13:55", "100", "", "None", "0", "500mk500" "2025-09-01 15:09:22", "1579712", "recomdpk.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 15:13:55", "100", "", "None", "0", "500mk500" "2025-09-01 15:09:22", "1579713", "reeprka.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 15:13:55", "100", "", "None", "0", "500mk500" "2025-09-01 15:09:22", "1579714", "runnrxl.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 15:13:55", "100", "", "None", "0", "500mk500" "2025-09-01 15:09:22", "1579715", "scruejk.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 15:13:56", "100", "", "None", "0", "500mk500" "2025-09-01 15:09:22", "1579716", "sensiqy.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 15:13:56", "100", "", "None", "0", "500mk500" "2025-09-01 15:09:22", "1579717", "servopi.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 15:13:56", "100", "", "None", "0", "500mk500" "2025-09-01 15:09:22", "1579718", "sidivhe.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 15:13:56", "100", "", "None", "0", "500mk500" "2025-09-01 15:09:21", "1579672", "acisbpp.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 15:13:47", "100", "", "None", "0", "500mk500" "2025-09-01 15:09:21", "1579673", "anionqh.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 15:13:47", "100", "", "None", "0", "500mk500" "2025-09-01 15:09:21", "1579674", "beralvk.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 15:13:48", "100", "", "None", "0", "500mk500" "2025-09-01 15:09:21", "1579675", "brusfnk.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 15:13:48", "100", "", "None", "0", "500mk500" "2025-09-01 15:09:21", "1579676", "canzuiq.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 15:13:48", "100", "", "None", "0", "500mk500" "2025-09-01 15:09:21", "1579677", "carteop.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 15:13:49", "100", "", "None", "0", "500mk500" "2025-09-01 15:09:21", "1579678", "comramm.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 15:13:49", "100", "", "None", "0", "500mk500" "2025-09-01 15:09:21", "1579679", "condetv.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 15:13:49", "100", "", "None", "0", "500mk500" "2025-09-01 15:09:21", "1579680", "cupclek.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 15:13:49", "100", "", "None", "0", "500mk500" "2025-09-01 15:09:21", "1579681", "cusisbz.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 15:13:49", "100", "", "None", "0", "500mk500" "2025-09-01 15:09:21", "1579682", "cutdodl.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-02 16:57:14", "100", "", "None", "0", "500mk500" "2025-09-01 15:09:21", "1579683", "eclmezm.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 15:13:50", "100", "", "None", "0", "500mk500" "2025-09-01 15:09:21", "1579684", "effiug.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 15:13:50", "100", "", "None", "0", "500mk500" "2025-09-01 15:07:07", "1579671", "https://parabcn.top/wqkd", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/d76b73fe5dcfbf71a21208815558b7ed0415b586f13967e77cc0e37591fd7665/", "lumma", "0", "abuse_ch" "2025-09-01 14:49:34", "1579639", "xqi.rilefoo8.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-01 14:06:29", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-01 14:49:34", "1579640", "http://85.209.129.105:2020/19", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "https://infosec.exchange/@monitorsg/115129442152451561", "KongTuke", "0", "monitorsg" "2025-09-01 14:49:34", "1579641", "ny.tygilyo.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-01 14:20:45", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-01 14:45:14", "1579669", "http://a1164274.xsph.ru/6377807f.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat,RAT", "0", "abuse_ch" "2025-09-01 14:31:10", "1579668", "8.222.255.168:3333", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2025-09-01 14:30:36", "1579667", "124.223.50.203:14443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2025-09-01 13:53:03", "1579638", "kt.rilefoo8.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-01 13:53:18", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-01 13:51:42", "1579634", "ug.rilefoo8.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-01 13:21:47", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-01 13:40:16", "1579637", "http://a1164361.xsph.ru/09599eb9.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat,RAT", "0", "abuse_ch" "2025-09-01 13:30:20", "1579636", "http://109.172.6.232/todb/line4/PythonDle57/PipeDbTemp/Pipesecure/LinuxCpuEternalprocess/Http/Generator/2/Track7Asynccentral/universal7mariadbphp/ExternalPipeBigloadflowertestDleCentraluploads.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat,RAT", "0", "abuse_ch" "2025-09-01 13:30:07", "1579635", "109.71.252.214:9897", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "None", "QuasarRAT,RAT", "0", "abuse_ch" "2025-09-01 13:10:26", "1579632", "https://dpd.voltexpressdelivery.com", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2025-09-02 07:05:12", "75", "None", "gtt/9,Vidar", "0", "abuse_ch" "2025-09-01 13:10:26", "1579633", "dpd.voltexpressdelivery.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2025-09-01 19:10:25", "75", "None", "gtt/9,Vidar", "0", "abuse_ch" "2025-09-01 13:10:25", "1579631", "https://5.75.211.226", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2025-09-02 10:10:26", "75", "None", "gtt/9,Vidar", "0", "abuse_ch" "2025-09-01 12:53:07", "1579630", "52.176.154.82:443", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "2025-09-03 04:51:47", "75", "None", "drb-ra,Metasploit,Meterpreter", "0", "abuse_ch" "2025-09-01 12:53:05", "1579629", "49.12.221.197:8443", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "2025-09-03 04:51:46", "75", "None", "drb-ra,Metasploit,Meterpreter", "0", "abuse_ch" "2025-09-01 12:51:53", "1579628", "149.0.16.127:445", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "2025-09-03 04:50:38", "75", "None", "drb-ra,Metasploit,Meterpreter", "0", "abuse_ch" "2025-09-01 12:51:11", "1579624", "104.233.252.2:8081", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-03 04:49:56", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-09-01 12:51:11", "1579625", "104.233.252.3:8081", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-03 04:49:57", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-09-01 12:51:11", "1579626", "104.233.252.5:8081", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-03 04:49:58", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-09-01 12:51:11", "1579627", "104.233.252.6:8081", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-03 04:49:58", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-09-01 12:51:10", "1579622", "104.233.252.17:8081", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-03 04:49:55", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-09-01 12:51:10", "1579623", "104.233.252.18:8081", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-03 04:49:55", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-09-01 12:47:54", "1579621", "http://178.57.232.188:53050/.i", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "75", "https://greedybear.honeynet.org", "honeypot", "0", "greedybear" "2025-09-01 12:47:52", "1579575", "ven.rilefoo8.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-01 12:22:01", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-01 12:28:53", "1579620", "teaspdj.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "50", "", "c2,lumma", "0", "juroots" "2025-09-01 12:28:38", "1579619", "devel.asurans.com", "domain", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "2025-09-02 13:56:11", "50", "", "c2,gholoader", "0", "juroots" "2025-09-01 12:28:17", "1579618", "147.185.221.30:29676", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "", "c2,xworm", "0", "juroots" "2025-09-01 12:27:55", "1579617", "almiighty-47767.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "", "c2,xworm", "0", "juroots" "2025-09-01 12:27:54", "1579616", "visual-cp.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "", "c2,xworm", "0", "juroots" "2025-09-01 12:27:29", "1579615", "https://pastebin.com/raw/qFY21Ftp", "url", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "", "c2,xworm", "0", "juroots" "2025-09-01 12:27:05", "1579613", "172.245.4.224:7475", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots" "2025-09-01 12:27:05", "1579614", "173.212.199.134:2266", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots" "2025-09-01 12:27:04", "1579612", "172.245.4.224:6868", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots" "2025-09-01 12:26:47", "1579606", "dfdfhdhdrgethftrj.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots" "2025-09-01 12:26:47", "1579607", "hbws.cc", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots" "2025-09-01 12:26:47", "1579608", "honeyportsecurityresearchteam.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots" "2025-09-01 12:26:47", "1579609", "kbs-frb.cc", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots" "2025-09-01 12:26:47", "1579610", "rmdns.servesarcasm.com", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots" "2025-09-01 12:26:47", "1579611", "www.saleskunshan.com", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots" "2025-09-01 12:26:30", "1579605", "sswad-48767.portmap.host", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "50", "", "c2,quasar", "0", "juroots" "2025-09-01 12:26:29", "1579603", "bebe228855.hopto.org", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "50", "", "c2,quasar", "0", "juroots" "2025-09-01 12:26:29", "1579604", "dv2.bbanddd.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "50", "", "c2,quasar", "0", "juroots" "2025-09-01 12:26:04", "1579602", "http://pony.gsghost.pro/panel/shit.exe", "url", "payload_delivery", "win.pony", "Siplog,Fareit", "Pony", "", "50", "", "pony", "0", "juroots" "2025-09-01 12:25:48", "1579601", "http://pony.gsghost.pro/panel/gate.php", "url", "botnet_cc", "win.pony", "Siplog,Fareit", "Pony", "", "50", "", "c2,pony", "0", "juroots" "2025-09-01 12:25:31", "1579600", "drooby.ddns.net", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "50", "", "c2,mirai", "0", "juroots" "2025-09-01 12:25:30", "1579599", "cnc.48101.online", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "50", "", "c2,mirai", "0", "juroots" "2025-09-01 12:25:14", "1579598", "https://cdn.discordapp.com/attachments/859444299618582560/859758307463135242/VirtulAlloc.bin", "url", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "50", "", "guloader", "0", "juroots" "2025-09-01 12:24:44", "1579596", "feepro1.ddns.net", "domain", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "50", "", "c2,darkcomet", "0", "juroots" "2025-09-01 12:24:44", "1579597", "k24cwchgd.localto.net", "domain", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "50", "", "c2,darkcomet", "0", "juroots" "2025-09-01 12:24:28", "1579595", "fan-rui.xyz", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "", "c2,cobaltstrike", "0", "juroots" "2025-09-01 12:24:10", "1579593", "i.stasismyfuture.com", "domain", "botnet_cc", "win.bunitu", "None", "Bunitu", "", "50", "", "bunitu,c2", "0", "juroots" "2025-09-01 12:24:10", "1579594", "x.stasismyfuture.com", "domain", "botnet_cc", "win.bunitu", "None", "Bunitu", "", "50", "", "bunitu,c2", "0", "juroots" "2025-09-01 12:23:42", "1579590", "daddadasd-29521.portmap.host", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "", "asyncrat,c2", "0", "juroots" "2025-09-01 12:23:42", "1579591", "dns.njalla.pl", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "", "asyncrat,c2", "0", "juroots" "2025-09-01 12:23:42", "1579592", "dns.njalla.si", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "", "asyncrat,c2", "0", "juroots" "2025-09-01 12:23:24", "1579589", "https://api.telegram.org/bot6999938748:AAG8HM9iKj0Uks7A3Zj_uk_1u1EuLqsP_og/", "url", "botnet_cc", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "50", "", "agenttesla,c2", "0", "juroots" "2025-09-01 12:22:49", "1579588", "https://server14.cdneurops.health/", "url", "botnet_cc", "win.glupteba", "None", "Glupteba", "", "50", "https://urlquery.net/report/546aae43-b274-42fc-a9cf-fdaa643e06f4", "c2,glupteba,urlquery", "0", "juroots" "2025-09-01 12:22:48", "1579587", "https://server15.mastiakele.ae.org/", "url", "botnet_cc", "win.glupteba", "None", "Glupteba", "", "50", "https://urlquery.net/report/10d26b34-67ef-474e-92e2-a52d0e8d834d", "c2,glupteba,urlquery", "0", "juroots" "2025-09-01 12:22:47", "1579586", "https://c402020a-9f15-41b4-b913-e2f3f61e56c5.server1.nisdably.com/", "url", "botnet_cc", "win.glupteba", "None", "Glupteba", "", "50", "https://urlquery.net/report/c00e24a6-f440-4b9f-a214-39c6c99cf82a", "c2,glupteba,urlquery", "0", "juroots" "2025-09-01 12:22:46", "1579585", "https://server2.nisdably.com/", "url", "botnet_cc", "win.glupteba", "None", "Glupteba", "", "50", "https://urlquery.net/report/7d691f59-e76a-448c-974f-993c9970ec5f", "c2,glupteba,urlquery", "0", "juroots" "2025-09-01 12:22:45", "1579583", "https://server6.filesdumpplace.org/", "url", "botnet_cc", "win.glupteba", "None", "Glupteba", "", "50", "https://urlquery.net/report/2df2f1a9-b6d1-49e5-85c7-2a4d2b2dc3ab", "c2,glupteba,urlquery", "0", "juroots" "2025-09-01 12:22:45", "1579584", "https://dfe03de9-5d5d-4ecc-9423-14b8f289583d.server2.nisdably.com/", "url", "botnet_cc", "win.glupteba", "None", "Glupteba", "", "50", "https://urlquery.net/report/7c3c537a-1beb-4505-a4c9-b97a21320bea", "c2,glupteba,urlquery", "0", "juroots" "2025-09-01 12:22:12", "1579582", "https://45.135.194.43:8888/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://urlquery.net/report/c28fe907-30d4-430c-ac95-16b195c7ced4", "c2,supershell,urlquery", "0", "juroots" "2025-09-01 12:22:10", "1579580", "https://113.45.238.149:8888/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://urlquery.net/report/3dcb1c20-ce94-47e8-a1e4-028d826eb4af", "c2,supershell,urlquery", "0", "juroots" "2025-09-01 12:22:10", "1579581", "https://43.134.9.57:8888/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://urlquery.net/report/958fb5d9-cc30-4958-aaae-f3d1e4ce7e82", "c2,supershell,urlquery", "0", "juroots" "2025-09-01 12:22:09", "1579579", "https://8.210.214.111:8888/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://urlquery.net/report/44dd7acf-e66b-4962-8cf8-3b088993a266", "c2,supershell,urlquery", "0", "juroots" "2025-09-01 12:22:08", "1579578", "https://160.250.128.197:8888/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://urlquery.net/report/0f4a3179-7176-404e-aee1-685fe22bf2ce", "c2,supershell,urlquery", "0", "juroots" "2025-09-01 12:22:07", "1579577", "https://110.41.44.100:8888/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://urlquery.net/report/d53ef265-e38f-4927-b4b7-ace40a34934f", "c2,supershell,urlquery", "0", "juroots" "2025-09-01 12:22:06", "1579576", "https://1.15.62.170:8888/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://urlquery.net/report/5f8de64a-17d9-472d-b22d-41cf043dae27", "c2,supershell,urlquery", "0", "juroots" "2025-09-01 12:21:37", "1579574", "https://62.60.246.234/pages/login.php", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://urlquery.net/report/025031a4-1eb5-4c24-898c-ba6f15a7730e", "c2,unam,urlquery", "0", "juroots" "2025-09-01 12:21:28", "1579573", "https://77.90.153.62/cvdfnaFJBmC0/index.php", "url", "botnet_cc", "win.amadey", "None", "Amadey", "", "50", "https://urlquery.net/report/5b4e6d13-cbd0-4161-91e1-429aec248b39", "amadey,c2,urlquery", "0", "juroots" "2025-09-01 12:21:27", "1579572", "https://178.16.53.7/cvdfnaFJBmC1/index.php", "url", "botnet_cc", "win.amadey", "None", "Amadey", "", "50", "https://urlquery.net/report/52b90ceb-a582-4dad-80d0-e61ed4a32381", "amadey,c2,urlquery", "0", "juroots" "2025-09-01 12:21:24", "1579571", "https://196.251.85.220/E3jv8fS9b/Login.php", "url", "botnet_cc", "win.amadey", "None", "Amadey", "", "50", "https://urlquery.net/report/1c62eb54-a758-48ae-bf69-5144c08210f8", "amadey,c2,urlquery", "0", "juroots" "2025-09-01 12:21:19", "1579569", "https://178.16.53.7/cvdfnafjbmc1/login.php", "url", "botnet_cc", "win.amadey", "None", "Amadey", "2025-09-01 12:21:21", "50", "https://urlquery.net/report/fae3e48e-ee82-4cf9-b44a-63cfde76aa46", "amadey,c2,urlquery", "0", "juroots" "2025-09-01 12:21:19", "1579570", "https://77.90.153.62/cvdfnaFJBmC0/Login.php", "url", "botnet_cc", "win.amadey", "None", "Amadey", "", "50", "https://urlquery.net/report/aab27005-76b2-4aa6-81ac-ce1b22321d0d", "amadey,c2,urlquery", "0", "juroots" "2025-09-01 12:20:37", "1579568", "https://68.183.108.129/6259fdc16222e061.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "50", "https://urlscan.io/result/01990538-dc2c-7699-87b1-b416745ec895", "c2,stealc,urlscan", "0", "juroots" "2025-09-01 12:19:48", "1579567", "https://interbk.top/login", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 12:20:16", "50", "https://urlscan.io/result/01990538-1daa-775b-901e-f71e86d7c8ea", "c2,lumma,urlscan", "0", "juroots" "2025-09-01 12:19:47", "1579566", "https://caltpps.top/login", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 12:20:14", "50", "https://urlscan.io/result/01990538-16bd-751d-b998-222cd337eaa2", "c2,lumma,urlscan", "0", "juroots" "2025-09-01 12:19:45", "1579565", "https://comqpru.top/login", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 12:20:11", "50", "https://urlscan.io/result/01990538-0862-70fc-b109-025129270a7b", "c2,lumma,urlscan", "0", "juroots" "2025-09-01 12:19:41", "1579564", "https://ardhpeb.top/login", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 12:20:07", "50", "https://urlscan.io/result/01990537-f2eb-73d2-a899-f783eabda111", "c2,lumma,urlscan", "0", "juroots" "2025-09-01 12:19:35", "1579563", "https://excufoc.top/login", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 12:20:05", "50", "https://urlscan.io/result/01990537-ecc3-705a-9626-7be81c085b4a", "c2,lumma,urlscan", "0", "juroots" "2025-09-01 12:19:34", "1579562", "https://larpfxs.top/login", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 12:20:03", "50", "https://urlscan.io/result/01990537-e74b-740d-9da7-9b4d6c8ad690", "c2,lumma,urlscan", "0", "juroots" "2025-09-01 12:19:08", "1579561", "http://f1096594.xsph.ru/94e3c0ba.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2025-09-01 12:19:13", "50", "https://urlscan.io/result/01990537-7225-70df-9934-3c759e23917e", "c2,dcrat,urlscan", "0", "juroots" "2025-09-01 12:18:27", "1579560", "https://193.233.20.25/buh5n004d/index.php", "url", "botnet_cc", "win.amadey", "None", "Amadey", "", "50", "https://urlscan.io/result/01990536-e1b4-731a-b0e5-99991cd63a3d", "amadey,c2,urlscan", "0", "juroots" "2025-09-01 12:17:43", "1579559", "http://104.234.37.139:4000/login", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://urlscan.io/result/01990536-30d6-7554-9411-6f5e43cee8d3", "c2,evilginx,urlscan", "0", "juroots" "2025-09-01 12:17:07", "1579558", "https://www.krista-tur.ru/login/", "url", "botnet_cc", "win.salatstealer", "None", "SalatStealer", "", "50", "https://urlscan.io/result/01990535-a85f-706d-a4b4-9378370ff1cf", "c2,salat,urlscan", "0", "juroots" "2025-09-01 12:16:28", "1579557", "http://176.46.152.46/T.exe", "url", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "50", "https://urlscan.io/result/01990535-0b5b-7281-8277-b429a1a53a94", "c2,urlscan,xtinyloader", "0", "juroots" "2025-09-01 12:16:25", "1579556", "http://176.46.152.46/4.exe", "url", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "50", "https://urlscan.io/result/01990534-fe9e-722d-a007-2090785bd23e", "c2,urlscan,xtinyloader", "0", "juroots" "2025-09-01 12:14:36", "1579555", "165.227.143.219:443", "ip:port", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/df0442cb22d02ff079e06ffaf287eebe2fbefe5744ebe428e4436589facca3fe/", "LummaStealer", "0", "abuse_ch" "2025-09-01 12:13:43", "1579554", "http://93.140.78.180:8080/", "url", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "", "50", "https://urlscan.io/result/01990532-8be5-76ff-8ad2-e71fedb304ae", "c2,chaos,urlscan", "0", "juroots" "2025-09-01 12:11:35", "1579553", "151.59.109.21:8080", "ip:port", "botnet_cc", "win.sectop_rat", "1xxbot,ArechClient", "SectopRAT", "", "50", "https://www.shodan.io/host/151.59.109.21#8080", "c2,sectop,shodan", "0", "juroots" "2025-09-01 12:11:20", "1579552", "23.27.52.175:9898", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "https://www.shodan.io/host/23.27.52.175#9898", "c2,dcrat,shodan", "0", "juroots" "2025-09-01 12:11:05", "1579551", "156.223.49.162:1177", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "50", "https://www.shodan.io/host/156.223.49.162#1177", "c2,njrat,shodan", "0", "juroots" "2025-09-01 12:10:49", "1579550", "185.196.10.204:5006", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "https://www.shodan.io/host/185.196.10.204#5006", "asyncrat,c2,shodan", "0", "juroots" "2025-09-01 12:10:34", "1579549", "84.46.239.89:8081", "ip:port", "botnet_cc", "win.brute_ratel_c4", "BOLDBADGER,BruteRatel", "Brute Ratel C4", "", "50", "https://www.shodan.io/host/84.46.239.89#8081", "bruteratel,c2,shodan", "0", "juroots" "2025-09-01 12:10:16", "1579547", "15.157.59.35:11112", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://www.shodan.io/host/15.157.59.35#11112", "c2,netbus,shodan", "0", "juroots" "2025-09-01 12:10:16", "1579548", "51.96.19.196:1604", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://www.shodan.io/host/51.96.19.196#1604", "c2,netbus,shodan", "0", "juroots" "2025-09-01 12:10:04", "1579546", "185.219.84.239:82", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://www.shodan.io/host/185.219.84.239#82", "c2,shodan,unam", "0", "juroots" "2025-09-01 12:10:03", "1579545", "62.60.246.234:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-09-02 04:01:04", "50", "https://www.shodan.io/host/62.60.246.234#80", "c2,shodan,unam", "0", "juroots" "2025-09-01 12:09:32", "1579544", "159.198.32.244:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://www.shodan.io/host/159.198.32.244#3333", "c2,gophish,phishing,shodan", "0", "juroots" "2025-09-01 12:09:31", "1579543", "185.232.205.237:9001", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://www.shodan.io/host/185.232.205.237#9001", "c2,gophish,phishing,shodan", "0", "juroots" "2025-09-01 12:09:10", "1579542", "78.188.33.251:4040", "ip:port", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "50", "https://www.shodan.io/host/78.188.33.251#4040", "c2,darkcomet,shodan", "0", "juroots" "2025-09-01 12:09:09", "1579539", "187.126.137.202:20547", "ip:port", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "50", "https://www.shodan.io/host/187.126.137.202#20547", "c2,darkcomet,shodan", "0", "juroots" "2025-09-01 12:09:09", "1579540", "187.126.137.202:102", "ip:port", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "50", "https://www.shodan.io/host/187.126.137.202#102", "c2,darkcomet,shodan", "0", "juroots" "2025-09-01 12:09:09", "1579541", "187.126.137.202:15151", "ip:port", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "50", "https://www.shodan.io/host/187.126.137.202#15151", "c2,darkcomet,shodan", "0", "juroots" "2025-09-01 12:08:55", "1579538", "159.255.36.142:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/159.255.36.142#31337", "c2,shodan,sliver", "0", "juroots" "2025-09-01 12:08:54", "1579535", "38.22.90.215:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/38.22.90.215#31337", "c2,shodan,sliver", "0", "juroots" "2025-09-01 12:08:54", "1579536", "138.197.64.36:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/138.197.64.36#31337", "c2,shodan,sliver", "0", "juroots" "2025-09-01 12:08:54", "1579537", "91.199.147.16:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-09-03 04:01:03", "50", "https://www.shodan.io/host/91.199.147.16#31337", "c2,shodan,sliver", "0", "juroots" "2025-09-01 12:08:51", "1579532", "18.153.69.220:5007", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "50", "https://www.shodan.io/host/18.153.69.220#5007", "c2,netsupport,shodan", "0", "juroots" "2025-09-01 12:08:51", "1579533", "18.175.137.195:3951", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "50", "https://www.shodan.io/host/18.175.137.195#3951", "c2,netsupport,shodan", "0", "juroots" "2025-09-01 12:08:51", "1579534", "202.61.227.208:2002", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "50", "https://www.shodan.io/host/202.61.227.208#2002", "c2,netsupport,shodan", "0", "juroots" "2025-09-01 12:08:50", "1579529", "15.161.131.103:33060", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "50", "https://www.shodan.io/host/15.161.131.103#33060", "c2,netsupport,shodan", "0", "juroots" "2025-09-01 12:08:50", "1579530", "176.82.232.134:6000", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "50", "https://www.shodan.io/host/176.82.232.134#6000", "c2,netsupport,shodan", "0", "juroots" "2025-09-01 12:08:50", "1579531", "92.205.129.7:1153", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "50", "https://www.shodan.io/host/92.205.129.7#1153", "c2,netsupport,shodan", "0", "juroots" "2025-09-01 12:08:46", "1579526", "94.98.224.81:9595", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#9595", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:46", "1579527", "94.98.224.81:10909", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#10909", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:46", "1579528", "94.98.224.81:21249", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#21249", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:45", "1579522", "94.98.224.81:9084", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#9084", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:45", "1579523", "94.98.224.81:30027", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#30027", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:45", "1579524", "94.98.224.81:887", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#887", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:45", "1579525", "94.98.224.81:9098", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#9098", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:44", "1579518", "94.98.224.81:8021", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#8021", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:44", "1579519", "94.98.224.81:12589", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#12589", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:44", "1579520", "94.98.224.81:5227", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#5227", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:44", "1579521", "94.98.224.81:9295", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#9295", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:43", "1579513", "94.98.224.81:7011", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#7011", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:43", "1579514", "94.98.224.81:6653", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#6653", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:43", "1579515", "94.98.224.81:2060", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#2060", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:43", "1579516", "94.98.224.81:32101", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#32101", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:43", "1579517", "94.98.224.81:8436", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#8436", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:42", "1579508", "94.98.224.81:30123", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#30123", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:42", "1579509", "94.98.224.81:10017", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#10017", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:42", "1579510", "94.98.224.81:9013", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#9013", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:42", "1579511", "94.98.224.81:12325", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#12325", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:42", "1579512", "94.98.224.81:8493", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#8493", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:41", "1579504", "94.98.224.81:9208", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#9208", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:41", "1579505", "94.98.224.81:16067", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#16067", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:41", "1579506", "94.98.224.81:1451", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#1451", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:41", "1579507", "94.98.224.81:10443", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#10443", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:40", "1579499", "94.98.224.81:12292", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#12292", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:40", "1579500", "94.98.224.81:3114", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#3114", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:40", "1579501", "94.98.224.81:12511", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#12511", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:40", "1579502", "94.98.224.81:6081", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#6081", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:40", "1579503", "94.98.224.81:5858", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#5858", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:39", "1579493", "94.98.224.81:3541", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#3541", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:39", "1579494", "94.98.224.81:3622", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#3622", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:39", "1579495", "94.98.224.81:8578", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#8578", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:39", "1579496", "94.98.224.81:12305", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#12305", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:39", "1579497", "94.98.224.81:8506", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#8506", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:39", "1579498", "94.98.224.81:12391", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#12391", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:38", "1579488", "94.98.224.81:20050", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#20050", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:38", "1579489", "94.98.224.81:3020", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#3020", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:38", "1579490", "94.98.224.81:8405", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#8405", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:38", "1579491", "94.98.224.81:503", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#503", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:38", "1579492", "94.98.224.81:771", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#771", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:37", "1579483", "94.98.224.81:3078", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#3078", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:37", "1579484", "94.98.224.81:12571", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#12571", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:37", "1579485", "94.98.224.81:1024", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#1024", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:37", "1579486", "94.98.224.81:7100", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#7100", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:37", "1579487", "94.98.224.81:5255", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#5255", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:36", "1579479", "94.98.224.81:2111", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#2111", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:36", "1579480", "94.98.224.81:8143", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#8143", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:36", "1579481", "94.98.224.81:2006", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#2006", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:36", "1579482", "94.98.224.81:5608", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#5608", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:35", "1579474", "94.98.224.81:21234", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#21234", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:35", "1579475", "94.98.224.81:9117", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#9117", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:35", "1579476", "94.98.224.81:2209", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#2209", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:35", "1579477", "94.98.224.81:16032", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#16032", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:35", "1579478", "94.98.224.81:40894", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#40894", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:34", "1579468", "94.98.224.81:12487", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#12487", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:34", "1579469", "94.98.224.81:4506", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#4506", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:34", "1579470", "94.98.224.81:12508", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#12508", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:34", "1579471", "94.98.224.81:222", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#222", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:34", "1579472", "94.98.224.81:12187", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#12187", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:34", "1579473", "94.98.224.81:9923", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#9923", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:33", "1579463", "94.98.224.81:3160", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#3160", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:33", "1579464", "94.98.224.81:88", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#88", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:33", "1579465", "94.98.224.81:8822", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#8822", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:33", "1579466", "94.98.224.81:2003", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#2003", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:33", "1579467", "94.98.224.81:9146", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#9146", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:32", "1579459", "94.98.224.81:6602", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#6602", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:32", "1579460", "94.98.224.81:9122", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#9122", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:32", "1579461", "94.98.224.81:3211", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#3211", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:32", "1579462", "94.98.224.81:18060", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#18060", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:31", "1579455", "94.98.224.81:12319", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#12319", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:31", "1579456", "94.98.224.81:7087", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#7087", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:31", "1579457", "94.98.224.81:8085", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#8085", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:31", "1579458", "94.98.224.81:2181", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#2181", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:30", "1579450", "94.98.224.81:12543", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#12543", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:30", "1579451", "94.98.224.81:7510", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#7510", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:30", "1579452", "94.98.224.81:5223", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#5223", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:30", "1579453", "94.98.224.81:9180", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#9180", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:30", "1579454", "94.98.224.81:8151", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#8151", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:29", "1579444", "94.98.224.81:12482", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#12482", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:29", "1579445", "94.98.224.81:2225", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#2225", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:29", "1579446", "94.98.224.81:7015", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#7015", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:29", "1579447", "94.98.224.81:5435", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#5435", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:29", "1579448", "94.98.224.81:49692", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#49692", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:29", "1579449", "94.98.224.81:9902", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#9902", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:28", "1579439", "94.98.224.81:3190", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#3190", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:28", "1579440", "94.98.224.81:9057", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#9057", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:28", "1579441", "94.98.224.81:8189", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#8189", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:28", "1579442", "94.98.224.81:11601", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#11601", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:28", "1579443", "94.98.224.81:3006", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#3006", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:27", "1579434", "94.98.224.81:8500", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#8500", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:27", "1579435", "94.98.224.81:5277", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#5277", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:27", "1579436", "94.98.224.81:3521", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#3521", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:27", "1579437", "94.98.224.81:9050", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#9050", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:27", "1579438", "94.98.224.81:20", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#20", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:26", "1579430", "94.98.224.81:21025", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#21025", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:26", "1579431", "94.98.224.81:60001", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#60001", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:26", "1579432", "94.98.224.81:119", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#119", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:26", "1579433", "94.98.224.81:4063", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#4063", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:25", "1579425", "94.98.224.81:12322", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#12322", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:25", "1579426", "94.98.224.81:9095", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#9095", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:25", "1579427", "94.98.224.81:12144", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#12144", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:25", "1579428", "94.98.224.81:12251", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#12251", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:25", "1579429", "94.98.224.81:35241", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#35241", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:24", "1579420", "94.98.224.81:30025", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#30025", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:24", "1579421", "94.98.224.81:55442", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#55442", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:24", "1579422", "94.98.224.81:5991", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#5991", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:24", "1579423", "94.98.224.81:9029", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#9029", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:24", "1579424", "94.98.224.81:9086", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#9086", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:23", "1579414", "94.98.224.81:9011", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#9011", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:23", "1579415", "94.98.224.81:2549", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#2549", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:23", "1579416", "94.98.224.81:17000", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#17000", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:23", "1579417", "94.98.224.81:21262", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#21262", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:23", "1579418", "94.98.224.81:111", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#111", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:23", "1579419", "94.98.224.81:502", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#502", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:22", "1579410", "94.98.224.81:14147", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#14147", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:22", "1579411", "94.98.224.81:4430", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#4430", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:22", "1579412", "94.98.224.81:9898", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#9898", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:22", "1579413", "94.98.224.81:8816", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#8816", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:21", "1579406", "94.98.224.81:4572", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#4572", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:21", "1579407", "94.98.224.81:9309", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#9309", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:21", "1579408", "94.98.224.81:18093", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#18093", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:21", "1579409", "94.98.224.81:37215", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#37215", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:20", "1579401", "94.98.224.81:9916", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#9916", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:20", "1579402", "94.98.224.81:12541", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#12541", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:20", "1579403", "94.98.224.81:5915", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#5915", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:20", "1579404", "94.98.224.81:21253", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#21253", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:20", "1579405", "94.98.224.81:8428", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#8428", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:19", "1579396", "94.98.224.81:50050", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#50050", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:19", "1579397", "94.98.224.81:12400", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#12400", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:19", "1579398", "94.98.224.81:44350", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#44350", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:19", "1579399", "94.98.224.81:2107", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#2107", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:19", "1579400", "94.98.224.81:2352", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#2352", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:18", "1579390", "94.98.224.81:5804", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#5804", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:18", "1579391", "94.98.224.81:12111", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#12111", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:18", "1579392", "94.98.224.81:21251", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#21251", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:18", "1579393", "94.98.224.81:12398", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#12398", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:18", "1579394", "94.98.224.81:7782", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#7782", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:18", "1579395", "94.98.224.81:5249", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#5249", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:17", "1579386", "94.98.224.81:5609", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#5609", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:17", "1579387", "94.98.224.81:12469", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#12469", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:17", "1579388", "94.98.224.81:8028", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#8028", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:17", "1579389", "94.98.224.81:12165", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#12165", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:16", "1579384", "94.98.224.81:5432", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#5432", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:16", "1579385", "94.98.224.81:2806", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#2806", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:15", "1579382", "94.98.224.81:9308", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#9308", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:15", "1579383", "94.98.224.81:6664", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#6664", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:14", "1579380", "94.98.224.81:9446", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#9446", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:14", "1579381", "94.98.224.81:8167", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#8167", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:13", "1579376", "94.98.224.81:25007", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#25007", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:13", "1579377", "94.98.224.81:20202", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#20202", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:13", "1579378", "94.98.224.81:4080", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#4080", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:13", "1579379", "94.98.224.81:3162", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#3162", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:12", "1579372", "94.98.224.81:20082", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#20082", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:12", "1579373", "94.98.224.81:16101", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#16101", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:12", "1579374", "94.98.224.81:10048", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#10048", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:12", "1579375", "94.98.224.81:12341", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#12341", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:11", "1579370", "94.98.224.81:2259", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#2259", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:11", "1579371", "94.98.224.81:12183", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#12183", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:10", "1579365", "94.98.224.81:8251", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#8251", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:10", "1579366", "94.98.224.81:9003", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#9003", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:10", "1579367", "94.98.224.81:8132", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#8132", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:10", "1579368", "94.98.224.81:3124", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#3124", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:10", "1579369", "94.98.224.81:8605", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#8605", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:09", "1579360", "94.98.224.81:18044", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#18044", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:09", "1579361", "94.98.224.81:15502", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#15502", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:09", "1579362", "94.98.224.81:2220", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#2220", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:09", "1579363", "94.98.224.81:5237", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#5237", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:09", "1579364", "94.98.224.81:12169", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#12169", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:08", "1579357", "94.98.224.81:30007", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#30007", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:08", "1579358", "94.98.224.81:8146", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#8146", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:08", "1579359", "94.98.224.81:3098", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#3098", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:07", "1579355", "94.98.224.81:806", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#806", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:07", "1579356", "94.98.224.81:9176", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#9176", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:06", "1579350", "94.98.224.81:541", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#541", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:06", "1579351", "94.98.224.81:16064", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#16064", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:06", "1579352", "94.98.224.81:21250", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#21250", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:06", "1579353", "94.98.224.81:12392", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#12392", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:06", "1579354", "94.98.224.81:12435", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#12435", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:05", "1579345", "94.98.224.81:3000", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#3000", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:05", "1579346", "94.98.224.81:18066", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#18066", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:05", "1579347", "94.98.224.81:2130", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#2130", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:05", "1579348", "94.98.224.81:23184", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#23184", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:05", "1579349", "94.98.224.81:34500", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#34500", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:04", "1579340", "94.98.224.81:12481", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#12481", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:04", "1579341", "94.98.224.81:18101", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#18101", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:04", "1579342", "94.98.224.81:12280", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#12280", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:04", "1579343", "94.98.224.81:45667", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#45667", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:04", "1579344", "94.98.224.81:8889", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#8889", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:03", "1579334", "94.98.224.81:12281", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#12281", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:03", "1579335", "94.98.224.81:51201", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#51201", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:03", "1579336", "94.98.224.81:2568", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#2568", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:03", "1579337", "94.98.224.81:3333", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#3333", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:03", "1579338", "94.98.224.81:29842", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#29842", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:03", "1579339", "94.98.224.81:10049", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#10049", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:02", "1579332", "94.98.224.81:3111", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#3111", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:02", "1579333", "94.98.224.81:47990", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#47990", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:01", "1579329", "94.98.224.81:10040", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#10040", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:01", "1579330", "94.98.224.81:5229", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#5229", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:01", "1579331", "94.98.224.81:14407", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#14407", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:00", "1579325", "94.98.224.81:16038", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#16038", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:00", "1579326", "94.98.224.81:32800", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#32800", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:00", "1579327", "94.98.224.81:12525", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#12525", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:08:00", "1579328", "94.98.224.81:30000", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#30000", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:59", "1579319", "94.98.224.81:14104", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#14104", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:59", "1579320", "94.98.224.81:441", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#441", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:59", "1579321", "94.98.224.81:12146", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#12146", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:59", "1579322", "94.98.224.81:8157", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#8157", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:59", "1579323", "94.98.224.81:45333", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#45333", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:59", "1579324", "94.98.224.81:21290", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#21290", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:58", "1579314", "94.98.224.81:49682", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#49682", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:58", "1579315", "94.98.224.81:9042", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#9042", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:58", "1579316", "94.98.224.81:9148", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#9148", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:58", "1579317", "94.98.224.81:12558", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#12558", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:58", "1579318", "94.98.224.81:26", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#26", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:57", "1579308", "94.98.224.81:12019", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#12019", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:57", "1579309", "94.98.224.81:447", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#447", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:57", "1579310", "94.98.224.81:12276", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#12276", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:57", "1579311", "94.98.224.81:21273", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#21273", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:57", "1579312", "94.98.224.81:8334", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#8334", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:57", "1579313", "94.98.224.81:9034", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#9034", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:56", "1579303", "94.98.224.81:52951", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#52951", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:56", "1579304", "94.98.224.81:4646", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#4646", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:56", "1579305", "94.98.224.81:5603", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#5603", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:56", "1579306", "94.98.224.81:8112", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#8112", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:56", "1579307", "94.98.224.81:8105", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#8105", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:55", "1579299", "94.98.224.81:15503", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#15503", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:55", "1579300", "94.98.224.81:9198", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#9198", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:55", "1579301", "94.98.224.81:9124", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#9124", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:55", "1579302", "94.98.224.81:12499", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#12499", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:54", "1579294", "94.98.224.81:8852", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#8852", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:54", "1579295", "94.98.224.81:3522", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#3522", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:54", "1579296", "94.98.224.81:44818", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#44818", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:54", "1579297", "94.98.224.81:12156", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#12156", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:54", "1579298", "94.98.224.81:8731", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#8731", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:53", "1579289", "94.98.224.81:3299", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#3299", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:53", "1579290", "94.98.224.81:8343", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#8343", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:53", "1579291", "94.98.224.81:7349", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#7349", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:53", "1579292", "94.98.224.81:12230", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#12230", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:53", "1579293", "94.98.224.81:10083", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#10083", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:52", "1579284", "94.98.224.81:285", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#285", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:52", "1579285", "94.98.224.81:5567", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#5567", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:52", "1579286", "94.98.224.81:25084", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#25084", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:52", "1579287", "94.98.224.81:12108", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#12108", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:52", "1579288", "94.98.224.81:8000", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#8000", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:51", "1579279", "94.98.224.81:5150", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#5150", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:51", "1579280", "94.98.224.81:3790", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#3790", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:51", "1579281", "94.98.224.81:2444", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#2444", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:51", "1579282", "94.98.224.81:8453", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#8453", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:51", "1579283", "94.98.224.81:9073", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#9073", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:50", "1579273", "94.98.224.81:6512", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#6512", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:50", "1579274", "94.98.224.81:17772", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#17772", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:50", "1579275", "94.98.224.81:8580", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#8580", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:50", "1579276", "94.98.224.81:12127", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#12127", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:50", "1579277", "94.98.224.81:12224", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#12224", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:50", "1579278", "94.98.224.81:9091", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#9091", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:49", "1579267", "94.98.224.81:3269", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#3269", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:49", "1579268", "94.98.224.81:8129", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#8129", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:49", "1579269", "94.98.224.81:5264", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#5264", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:49", "1579270", "94.98.224.81:8902", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#8902", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:49", "1579271", "94.98.224.81:53400", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#53400", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:49", "1579272", "94.98.224.81:16063", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#16063", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:48", "1579262", "94.98.224.81:9444", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#9444", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:48", "1579263", "94.98.224.81:5172", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#5172", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:48", "1579264", "94.98.224.81:27571", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#27571", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:48", "1579265", "94.98.224.81:33060", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#33060", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:48", "1579266", "94.98.224.81:5242", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#5242", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:47", "1579256", "94.98.224.81:32764", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#32764", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:47", "1579257", "94.98.224.81:891", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#891", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:47", "1579258", "94.98.224.81:8640", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#8640", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:47", "1579259", "94.98.224.81:902", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#902", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:47", "1579260", "94.98.224.81:2067", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#2067", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:47", "1579261", "94.98.224.81:18003", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#18003", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:46", "1579251", "94.98.224.81:7998", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#7998", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:46", "1579252", "94.98.224.81:7081", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#7081", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:46", "1579253", "94.98.224.81:3523", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#3523", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:46", "1579254", "94.98.224.81:9096", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#9096", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:46", "1579255", "94.98.224.81:3084", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#3084", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:45", "1579246", "94.98.224.81:3524", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#3524", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:45", "1579247", "94.98.224.81:5801", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#5801", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:45", "1579248", "94.98.224.81:21295", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#21295", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:45", "1579249", "94.98.224.81:3794", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#3794", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:45", "1579250", "94.98.224.81:9734", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#9734", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:44", "1579240", "94.98.224.81:3689", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#3689", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:44", "1579241", "94.98.224.81:17776", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#17776", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:44", "1579242", "94.98.224.81:5083", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#5083", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:44", "1579243", "94.98.224.81:7788", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#7788", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:44", "1579244", "94.98.224.81:2226", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#2226", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:44", "1579245", "94.98.224.81:9209", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#9209", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:43", "1579235", "94.98.224.81:21323", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#21323", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:43", "1579236", "94.98.224.81:12236", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#12236", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:43", "1579237", "94.98.224.81:21317", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#21317", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:43", "1579238", "94.98.224.81:21200", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#21200", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:43", "1579239", "94.98.224.81:16098", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#16098", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:42", "1579229", "94.98.224.81:3562", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#3562", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:42", "1579230", "94.98.224.81:2154", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#2154", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:42", "1579231", "94.98.224.81:8104", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#8104", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:42", "1579232", "94.98.224.81:12462", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#12462", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:42", "1579233", "94.98.224.81:80", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#80", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:42", "1579234", "94.98.224.81:9025", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#9025", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:41", "1579224", "94.98.224.81:1022", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#1022", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:41", "1579225", "94.98.224.81:16667", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#16667", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:41", "1579226", "94.98.224.81:5914", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#5914", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:41", "1579227", "94.98.224.81:8576", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#8576", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:41", "1579228", "94.98.224.81:3793", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#3793", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:40", "1579220", "94.98.224.81:189", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#189", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:40", "1579221", "94.98.224.81:9606", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#9606", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:40", "1579222", "94.98.224.81:44300", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#44300", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:40", "1579223", "94.98.224.81:12428", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#12428", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:39", "1579214", "94.98.224.81:18113", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#18113", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:39", "1579215", "94.98.224.81:8912", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#8912", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:39", "1579216", "94.98.224.81:9398", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#9398", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:39", "1579217", "94.98.224.81:55554", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#55554", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:39", "1579218", "94.98.224.81:11", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#11", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:39", "1579219", "94.98.224.81:12379", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#12379", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:38", "1579209", "94.98.224.81:21261", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#21261", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:38", "1579210", "94.98.224.81:18062", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#18062", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:38", "1579211", "94.98.224.81:2210", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#2210", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:38", "1579212", "94.98.224.81:8130", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#8130", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:38", "1579213", "94.98.224.81:833", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#833", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:37", "1579203", "94.98.224.81:8802", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#8802", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:37", "1579204", "94.98.224.81:190", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#190", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:37", "1579205", "94.98.224.81:2455", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#2455", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:37", "1579206", "94.98.224.81:50101", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#50101", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:37", "1579207", "94.98.224.81:990", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#990", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:37", "1579208", "94.98.224.81:180", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#180", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:36", "1579198", "94.98.224.81:9869", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#9869", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:36", "1579199", "94.98.224.81:55081", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#55081", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:36", "1579200", "94.98.224.81:3155", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#3155", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:36", "1579201", "94.98.224.81:3060", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#3060", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:36", "1579202", "94.98.224.81:8514", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#8514", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:35", "1579192", "94.98.224.81:8121", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#8121", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:35", "1579193", "94.98.224.81:9001", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#9001", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:35", "1579194", "94.98.224.81:1181", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#1181", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:35", "1579195", "94.98.224.81:9151", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#9151", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:35", "1579196", "94.98.224.81:10393", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#10393", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:35", "1579197", "94.98.224.81:30112", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#30112", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:34", "1579187", "94.98.224.81:20018", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#20018", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:34", "1579188", "94.98.224.81:12370", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#12370", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:34", "1579189", "94.98.224.81:16027", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#16027", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:34", "1579190", "94.98.224.81:50008", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#50008", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:34", "1579191", "94.98.224.81:632", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#632", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:33", "1579181", "94.98.224.81:10250", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#10250", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:33", "1579182", "94.98.224.81:8176", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#8176", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:33", "1579183", "94.98.224.81:8087", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#8087", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:33", "1579184", "94.98.224.81:8061", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#8061", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:33", "1579185", "94.98.224.81:63676", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#63676", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:33", "1579186", "94.98.224.81:14894", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#14894", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:32", "1579177", "94.98.224.81:593", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#593", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:32", "1579178", "94.98.224.81:12272", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#12272", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:32", "1579179", "94.98.224.81:947", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#947", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:32", "1579180", "94.98.224.81:1110", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#1110", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:31", "1579172", "94.98.224.81:6561", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#6561", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:31", "1579173", "94.98.224.81:16404", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#16404", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:31", "1579174", "94.98.224.81:12427", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#12427", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:31", "1579175", "94.98.224.81:13", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#13", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:31", "1579176", "94.98.224.81:16066", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#16066", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:30", "1579168", "94.98.224.81:3570", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#3570", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:30", "1579169", "94.98.224.81:1962", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#1962", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:30", "1579170", "94.98.224.81:18098", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#18098", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:30", "1579171", "94.98.224.81:8029", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#8029", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:29", "1579163", "94.98.224.81:2376", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#2376", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:29", "1579164", "94.98.224.81:3301", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#3301", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:29", "1579165", "94.98.224.81:1965", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#1965", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:29", "1579166", "94.98.224.81:9443", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#9443", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:29", "1579167", "94.98.224.81:591", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#591", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:28", "1579157", "94.98.224.81:7980", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#7980", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:28", "1579158", "94.98.224.81:20547", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#20547", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:28", "1579159", "94.98.224.81:873", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#873", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:28", "1579160", "94.98.224.81:2248", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#2248", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:28", "1579161", "94.98.224.81:5433", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#5433", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:28", "1579162", "94.98.224.81:4300", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#4300", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:27", "1579152", "94.98.224.81:9530", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#9530", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:27", "1579153", "94.98.224.81:12294", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#12294", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:27", "1579154", "94.98.224.81:18035", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#18035", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:27", "1579155", "94.98.224.81:12288", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#12288", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:27", "1579156", "94.98.224.81:5245", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#5245", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:26", "1579149", "94.98.224.81:9023", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#9023", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:26", "1579150", "94.98.224.81:5269", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#5269", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:26", "1579151", "94.98.224.81:5080", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#5080", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:25", "1579144", "94.98.224.81:17010", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#17010", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:25", "1579145", "94.98.224.81:789", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#789", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:25", "1579146", "94.98.224.81:7548", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#7548", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:25", "1579147", "94.98.224.81:8171", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#8171", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:25", "1579148", "94.98.224.81:1801", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#1801", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:24", "1579138", "94.98.224.81:22000", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#22000", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:24", "1579139", "94.98.224.81:5439", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#5439", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:24", "1579140", "94.98.224.81:2087", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#2087", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:24", "1579141", "94.98.224.81:16100", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#16100", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:24", "1579142", "94.98.224.81:5256", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#5256", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:24", "1579143", "94.98.224.81:8830", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#8830", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:23", "1579133", "94.98.224.81:2195", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#2195", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:23", "1579134", "94.98.224.81:9205", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#9205", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:23", "1579135", "94.98.224.81:8549", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#8549", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:23", "1579136", "94.98.224.81:1925", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#1925", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:23", "1579137", "94.98.224.81:18063", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#18063", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:22", "1579128", "94.98.224.81:6666", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#6666", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:22", "1579129", "94.98.224.81:44303", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#44303", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:22", "1579130", "94.98.224.81:7989", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#7989", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:22", "1579131", "94.98.224.81:11434", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#11434", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:22", "1579132", "94.98.224.81:9082", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#9082", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:21", "1579122", "94.98.224.81:9166", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#9166", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:21", "1579123", "94.98.224.81:9168", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#9168", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:21", "1579124", "94.98.224.81:10380", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#10380", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:21", "1579125", "94.98.224.81:18034", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#18034", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:21", "1579126", "94.98.224.81:5252", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#5252", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:21", "1579127", "94.98.224.81:55490", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#55490", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:20", "1579117", "94.98.224.81:18010", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#18010", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:20", "1579118", "94.98.224.81:513", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#513", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:20", "1579119", "94.98.224.81:5093", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#5093", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:20", "1579120", "94.98.224.81:9226", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#9226", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:20", "1579121", "94.98.224.81:9501", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#9501", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:19", "1579112", "94.98.224.81:18065", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#18065", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:19", "1579113", "94.98.224.81:5240", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#5240", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:19", "1579114", "94.98.224.81:9244", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#9244", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:19", "1579115", "94.98.224.81:16048", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#16048", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:19", "1579116", "94.98.224.81:12570", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#12570", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:18", "1579107", "94.98.224.81:8080", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#8080", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:18", "1579108", "94.98.224.81:480", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#480", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:18", "1579109", "94.98.224.81:23082", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#23082", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:18", "1579110", "94.98.224.81:12308", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#12308", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:18", "1579111", "94.98.224.81:5556", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#5556", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:17", "1579101", "94.98.224.81:95", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#95", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:17", "1579102", "94.98.224.81:9043", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#9043", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:17", "1579103", "94.98.224.81:50102", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#50102", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:17", "1579104", "94.98.224.81:11180", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#11180", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:17", "1579105", "94.98.224.81:18025", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#18025", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:17", "1579106", "94.98.224.81:12145", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#12145", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:16", "1579097", "94.98.224.81:21314", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#21314", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:16", "1579098", "94.98.224.81:31210", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#31210", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:16", "1579099", "94.98.224.81:12552", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#12552", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:16", "1579100", "94.98.224.81:9312", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#9312", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:15", "1579092", "94.98.224.81:2271", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#2271", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:15", "1579093", "94.98.224.81:3341", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#3341", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:15", "1579094", "94.98.224.81:8488", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#8488", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:15", "1579095", "94.98.224.81:8910", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#8910", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:15", "1579096", "94.98.224.81:3018", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#3018", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:14", "1579087", "94.98.224.81:16400", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#16400", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:14", "1579088", "94.98.224.81:8888", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#8888", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:14", "1579089", "94.98.224.81:8907", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#8907", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:14", "1579090", "94.98.224.81:12461", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#12461", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:14", "1579091", "94.98.224.81:12371", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#12371", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:13", "1579084", "114.67.248.66:10001", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/114.67.248.66#10001", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:13", "1579085", "94.98.224.81:7657", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#7657", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:07:13", "1579086", "94.98.224.81:8475", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/94.98.224.81#8475", "c2,extreme,shodan", "0", "juroots" "2025-09-01 12:06:37", "1579083", "202.95.9.145:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/202.95.9.145#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2025-09-01 12:06:36", "1579082", "202.95.9.158:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/202.95.9.158#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2025-09-01 12:06:35", "1579078", "202.95.9.131:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/202.95.9.131#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2025-09-01 12:06:35", "1579079", "202.95.9.133:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/202.95.9.133#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2025-09-01 12:06:35", "1579080", "202.95.9.150:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-01 12:06:37", "50", "https://www.shodan.io/host/202.95.9.150#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2025-09-01 12:06:35", "1579081", "202.95.9.139:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/202.95.9.139#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2025-09-01 12:06:34", "1579073", "202.95.9.143:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/202.95.9.143#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2025-09-01 12:06:34", "1579074", "202.95.9.160:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-01 12:06:37", "50", "https://www.shodan.io/host/202.95.9.160#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2025-09-01 12:06:34", "1579075", "8.153.205.30:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/8.153.205.30#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2025-09-01 12:06:34", "1579076", "121.43.179.233:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-01 12:06:37", "50", "https://www.shodan.io/host/121.43.179.233#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2025-09-01 12:06:34", "1579077", "202.95.9.152:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-01 12:06:37", "50", "https://www.shodan.io/host/202.95.9.152#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2025-09-01 12:06:33", "1579068", "202.95.9.162:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/202.95.9.162#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2025-09-01 12:06:33", "1579069", "202.95.9.140:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-01 12:06:36", "50", "https://www.shodan.io/host/202.95.9.140#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2025-09-01 12:06:33", "1579070", "202.95.9.137:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-01 12:06:36", "50", "https://www.shodan.io/host/202.95.9.137#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2025-09-01 12:06:33", "1579071", "202.95.9.130:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-01 12:06:36", "50", "https://www.shodan.io/host/202.95.9.130#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2025-09-01 12:06:33", "1579072", "202.95.9.154:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-01 12:06:36", "50", "https://www.shodan.io/host/202.95.9.154#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2025-09-01 12:06:12", "1579067", "119.29.254.242:5557", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-03 04:50:22", "50", "https://www.shodan.io/host/119.29.254.242#5557", "c2,cobaltstrike,cs-watermark-600000,shodan", "0", "juroots" "2025-09-01 12:05:59", "1579066", "121.43.37.134:4434", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-01 14:31:09", "50", "https://www.shodan.io/host/121.43.37.134#4434", "c2,cobaltstrike,cs-watermark-666666666,shodan", "0", "juroots" "2025-09-01 12:05:58", "1579064", "47.92.156.201:9443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-01 12:06:31", "50", "https://www.shodan.io/host/47.92.156.201#9443", "c2,cobaltstrike,cs-watermark-666666666,shodan", "0", "juroots" "2025-09-01 12:05:58", "1579065", "43.100.27.142:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-01 12:06:31", "50", "https://www.shodan.io/host/43.100.27.142#8443", "c2,cobaltstrike,cs-watermark-666666666,shodan", "0", "juroots" "2025-09-01 12:05:55", "1579063", "38.14.16.149:9200", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-01 12:06:32", "50", "https://www.shodan.io/host/38.14.16.149#9200", "c2,cobaltstrike,cs-watermark-987654321,shodan", "0", "juroots" "2025-09-01 12:05:54", "1579059", "107.175.31.178:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-01 12:06:31", "50", "https://www.shodan.io/host/107.175.31.178#443", "c2,cobaltstrike,cs-watermark-987654321,shodan", "0", "juroots" "2025-09-01 12:05:54", "1579060", "47.122.62.217:3333", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-01 12:06:32", "50", "https://www.shodan.io/host/47.122.62.217#3333", "c2,cobaltstrike,cs-watermark-987654321,shodan", "0", "juroots" "2025-09-01 12:05:54", "1579061", "47.117.1.226:8882", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-01 12:06:32", "50", "https://www.shodan.io/host/47.117.1.226#8882", "c2,cobaltstrike,cs-watermark-987654321,shodan", "0", "juroots" "2025-09-01 12:05:54", "1579062", "120.77.206.185:8089", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-03 04:00:14", "50", "https://www.shodan.io/host/120.77.206.185#8089", "c2,cobaltstrike,cs-watermark-987654321,shodan", "0", "juroots" "2025-09-01 12:05:53", "1579058", "104.233.252.15:8081", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-01 12:06:30", "50", "https://www.shodan.io/host/104.233.252.15#8081", "c2,cobaltstrike,cs-watermark-987654321,shodan", "0", "juroots" "2025-09-01 12:01:48", "1579057", "185.28.119.6:4444", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "", "100", "https://search.censys.io/hosts/185.28.119.6", "AdaptixC2,AS62005,BV-EU-AS,C2,censys", "0", "DonPasci" "2025-09-01 12:01:37", "1579056", "118.184.187.167:47486", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "2025-09-03 04:43:35", "100", "https://search.censys.io/hosts/118.184.187.167", "AS138950,censys,Chaos,CHINATELECOM-JIANGSU-WUXI-INTERNATIONAL-IDC,panel", "0", "DonPasci" "2025-09-01 12:01:36", "1579055", "93.140.24.225:8080", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "2025-09-03 04:49:10", "100", "https://search.censys.io/hosts/93.140.24.225", "AS5391,censys,Chaos,panel,T-HT", "0", "DonPasci" "2025-09-01 12:01:35", "1579054", "account.messager.my", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2025-09-02 04:01:11", "100", "https://search.censys.io/hosts/185.161.209.117+account.messager.my", "AS42159,censys,DELTAHOST-AS,EvilGinx,panel,Phishing", "0", "DonPasci" "2025-09-01 12:01:25", "1579053", "800flower.cyou", "domain", "botnet_cc", "apk.ermac", "None", "ERMAC", "", "100", "https://search.censys.io/hosts/104.21.16.1+800flower.cyou", "AS13335,C2,censys,CLOUDFLARENET,Ermac,panel", "0", "DonPasci" "2025-09-01 12:01:23", "1579052", "35.159.113.84:41371", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-09-03 04:47:09", "100", "https://search.censys.io/hosts/35.159.113.84", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-09-01 12:01:22", "1579051", "178.16.53.2:4444", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2025-09-03 04:44:58", "100", "https://search.censys.io/hosts/178.16.53.2", "AS209800,C2,censys,DcRAT,METASPINNER-ASN,RAT", "0", "DonPasci" "2025-09-01 12:01:11", "1579050", "172.94.59.38:888", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-09-03 04:44:50", "100", "https://search.censys.io/hosts/172.94.59.38", "AS3223,AsyncRAT,C2,censys,RAT,VOXILITY", "0", "DonPasci" "2025-09-01 12:00:57", "1579049", "89.150.40.230:80", "ip:port", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "https://search.censys.io/hosts/89.150.40.230", "AS59711,C2,censys,HZ-EU-AS,RAT,SpiceRAT", "0", "DonPasci" "2025-09-01 12:00:56", "1579048", "206.123.152.37:33672", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-09-03 04:46:30", "100", "https://search.censys.io/hosts/206.123.152.37", "AS9009,C2,censys,M247,RAT,Remcos", "0", "DonPasci" "2025-09-01 12:00:53", "1579047", "134.122.200.57:14994", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "2025-09-02 04:00:22", "100", "https://search.censys.io/hosts/134.122.200.57", "AS152194,C2,censys,CTGSERVERLIMITED-AS-AP,Gh0st,RAT", "0", "DonPasci" "2025-09-01 12:00:44", "1579045", "amarrepago25.dynuddns.net", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/250901-l4rxzael21", "C2,domain,rat,remcos,triage", "0", "DonPasci" "2025-09-01 12:00:44", "1579046", "fteamez7iurs01.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/250901-h434fssnw3", "C2,domain,rat,remcos,triage", "0", "DonPasci" "2025-09-01 12:00:36", "1579044", "hirox81444-21878.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250901-j664kasr16", "C2,domain,triage,xworm", "0", "DonPasci" "2025-09-01 12:00:35", "1579041", "82.26.104.52:7000", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250901-nmst2svk15", "AS63989,C2,triage,xworm", "0", "DonPasci" "2025-09-01 12:00:35", "1579042", "39.108.218.92:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-02 04:00:18", "100", "https://search.censys.io/hosts/39.108.218.92", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-1234567890", "0", "DonPasci" "2025-09-01 12:00:35", "1579043", "saftycar.com.br", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250901-l15dwsek5t", "C2,domain,triage,xworm", "0", "DonPasci" "2025-09-01 12:00:34", "1579039", "193.187.132.175:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-03 05:21:59", "100", "https://search.censys.io/hosts/193.187.132.175", "AS212238,C2,CDNEXT,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci" "2025-09-01 12:00:34", "1579040", "101.43.94.35:8081", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-03 05:21:30", "100", "https://search.censys.io/hosts/101.43.94.35", "AS45090,C2,censys,CobaltStrike,cs-watermark-666666666,TENCENT-NET-AP", "0", "DonPasci" "2025-09-01 12:00:33", "1579038", "180.76.244.55:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-03 05:21:30", "100", "https://search.censys.io/hosts/180.76.244.55", "AS38365,BAIDU,C2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci" "2025-09-01 12:00:31", "1579037", "129.28.180.115:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-03 05:21:58", "100", "https://search.censys.io/hosts/129.28.180.115", "AS45090,C2,censys,CobaltStrike,cs-watermark-100000,TENCENT-NET-AP", "0", "DonPasci" "2025-09-01 12:00:29", "1579036", "203.9.150.250:8081", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-03 05:21:58", "100", "https://search.censys.io/hosts/203.9.150.250", "AS133752,C2,censys,CobaltStrike,cs-watermark-987654321,LEASEWEB-APAC-HKG-10", "0", "DonPasci" "2025-09-01 12:00:14", "1579035", "45.74.8.89:3601", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "AsyncRAT,RAT", "0", "abuse_ch" "2025-09-01 11:51:07", "1579024", "https://futurenaturallistic.com/res/groceryarm", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://infosec.exchange/@monitorsg/115128496943673248", "SmartApeSG", "0", "monitorsg" "2025-09-01 11:51:06", "1579021", "up.qenogia7.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-01 10:09:39", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-01 11:51:05", "1579022", "https://poertywindow.com/ajax/pixi.min.js", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://infosec.exchange/@monitorsg/115128496943673248", "SmartApeSG", "0", "monitorsg" "2025-09-01 11:51:04", "1579023", "poertywindow.com", "domain", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://infosec.exchange/@monitorsg/115128496943673248", "SmartApeSG", "0", "monitorsg" "2025-09-01 11:51:04", "1579025", "futurenaturallistic.com", "domain", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-09-01 10:11:05", "100", "https://infosec.exchange/@monitorsg/115128496943673248", "SmartApeSG", "0", "monitorsg" "2025-09-01 11:51:04", "1579026", "https://futurenaturallistic.com/bracket.sym", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://infosec.exchange/@monitorsg/115128496943673248", "SmartApeSG", "0", "monitorsg" "2025-09-01 11:51:03", "1579027", "https://futurenaturallistic.com/assets/img/6957b95c3.res", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://infosec.exchange/@monitorsg/115128496943673248", "SmartApeSG", "0", "monitorsg" "2025-09-01 11:51:03", "1579029", "tr.qenogia7.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-01 11:24:51", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-01 11:51:02", "1579030", "nx.qenogia7.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-01 11:10:32", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-01 11:51:02", "1579031", "103.20.103.50:3778", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "None", "Mirai", "0", "elfdigest" "2025-09-01 11:45:54", "1579034", "http://89.197.167.116:7700/xt89", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "https://bazaar.abuse.ch/sample/8c3613b51afb7a2410531d5abad8979e77b2f86d07a084453a191291e8517ab0/", "cobaltstrike", "0", "abuse_ch" "2025-09-01 11:45:53", "1579033", "http://192.168.180.11:7700/G7iv", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "https://bazaar.abuse.ch/sample/83ee74b0415071f81860b3bf9bb3c07fd8a891f84050dc011f897029ce8c1497/", "cobaltstrike", "0", "abuse_ch" "2025-09-01 11:45:51", "1579032", "http://10.0.0.5:443/KEeh", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "https://bazaar.abuse.ch/sample/fc0d5d4af2961460dcda985611a26b7aac1b6cc1fe075468dc63644388a0069d/", "cobaltstrike", "0", "abuse_ch" "2025-09-01 10:13:09", "1579028", "savoref.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 20:47:27", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2025-09-01 10:00:47", "1579020", "196.251.71.239:6000", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "XWorm", "0", "abuse_ch" "2025-09-01 09:57:04", "1579003", "rur.qenogia7.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-01 09:40:46", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-01 09:55:29", "1579019", "196.251.73.126:65200", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "XWorm", "0", "abuse_ch" "2025-09-01 09:41:58", "1579013", "dirtdsbv.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 15:13:50", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2025-09-01 09:41:58", "1579014", "pivzyhjq.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 15:13:55", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2025-09-01 09:41:58", "1579015", "ordczzp.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 20:47:27", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2025-09-01 09:41:58", "1579016", "ancirbf.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 20:47:27", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2025-09-01 09:41:58", "1579017", "eleormb.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 20:47:27", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2025-09-01 09:41:58", "1579018", "actcuavh.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 15:13:47", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2025-09-01 09:40:09", "1579004", "caltpps.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 20:48:24", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2025-09-01 09:40:09", "1579005", "bastxtu.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 20:48:24", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2025-09-01 09:40:09", "1579006", "appedfx.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 15:13:48", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2025-09-01 09:40:09", "1579007", "libahqg.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 15:13:53", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2025-09-01 09:40:09", "1579008", "chrynks.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 15:13:49", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2025-09-01 09:40:09", "1579009", "pubceva.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 15:13:55", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2025-09-01 09:40:09", "1579010", "somefed.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 15:13:56", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2025-09-01 09:40:09", "1579011", "hotpsyb.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 15:13:52", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2025-09-01 09:40:09", "1579012", "despofe.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 20:01:22", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2025-09-01 09:20:52", "1579002", "https://caltpps.top/xaor", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/78097369bab15bc0eb3494020489e5c254d56437415db680a389a184a7366cd7/", "lumma", "0", "abuse_ch" "2025-09-01 09:16:22", "1579001", "https://savoref.top/eotr", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 10:15:33", "75", "https://bazaar.abuse.ch/sample/59dabfc469e8f83335bb8a484864a008829994738f070a64081945e9dc0fd007/", "lumma", "0", "abuse_ch" "2025-09-01 09:09:39", "1578999", "http://62.60.246.234/pages/login.php", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "None", "AS211522,Hypercore Ltd,unam", "0", "antiphishorg" "2025-09-01 09:09:39", "1579000", "nvk.toqyboe3.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-01 09:09:16", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-01 08:57:28", "1578984", "zf.toqyboe3.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-01 07:40:46", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-01 08:57:27", "1578993", "zfp.toqyboe3.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-01 08:08:49", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-01 08:57:27", "1578994", "hu.toqyboe3.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-01 08:40:42", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-01 08:57:26", "1578995", "tmello.com", "domain", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "", "KongTuke,LandUpdate808", "0", "HuntYethHounds" "2025-09-01 08:57:26", "1578996", "https://tmello.com/9y4s.js", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "", "KongTuke,LandUpdate808", "0", "HuntYethHounds" "2025-09-01 08:57:25", "1578997", "https://tmello.com/js.php", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "", "Kongtuke,LandUpdate808", "0", "HuntYethHounds" "2025-09-01 08:50:49", "1578998", "84.242.44.234:443", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-09-03 04:48:53", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-09-01 08:01:42", "1578992", "172.232.234.56:1337", "ip:port", "botnet_cc", "win.empire_downloader", "None", "Empire Downloader", "", "100", "https://search.censys.io/hosts/172.232.234.56", "AKAMAI-LINODE-AP,AS63949,C2,censys,Starkillerc2", "0", "DonPasci" "2025-09-01 08:01:28", "1578991", "65.108.80.194:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-09-03 04:48:27", "100", "https://search.censys.io/hosts/65.108.80.194", "AS24940,censys,EvilGoPhish,HETZNER-AS,panel,Phishing", "0", "DonPasci" "2025-09-01 08:01:12", "1578990", "172.94.111.217:8898", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2025-09-03 04:44:49", "100", "https://search.censys.io/hosts/172.94.111.217", "AS9009,C2,censys,DcRAT,M247,RAT", "0", "DonPasci" "2025-09-01 08:01:06", "1578989", "112.124.61.206:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-09-03 04:43:29", "100", "https://search.censys.io/hosts/112.124.61.206", "ALIBABA-CN-NET,AS37963,C2,censys,Mythic", "0", "DonPasci" "2025-09-01 08:00:43", "1578988", "103.86.44.18:80", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "2025-09-02 04:00:23", "100", "https://search.censys.io/hosts/103.86.44.18", "AS138195,C2,censys,Gh0st,MOACKCOLTD-AS-AP,RAT", "0", "DonPasci" "2025-09-01 08:00:31", "1578987", "49.232.21.222:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-02 04:00:16", "100", "https://search.censys.io/hosts/49.232.21.222", "AS45090,C2,censys,CobaltStrike,cs-watermark-666666666,TENCENT-NET-AP", "0", "DonPasci" "2025-09-01 08:00:30", "1578986", "129.28.180.115:8081", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-03 05:21:21", "100", "https://search.censys.io/hosts/129.28.180.115", "AS45090,C2,censys,CobaltStrike,cs-watermark-100000,TENCENT-NET-AP", "0", "DonPasci" "2025-09-01 07:50:08", "1578985", "18.197.239.109:14147", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "None", "NjRAT", "0", "abuse_ch" "2025-09-01 07:35:50", "1578983", "192.121.82.37:9779", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "XWorm", "0", "abuse_ch" "2025-09-01 07:19:48", "1578981", "zk.toqyboe3.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-01 07:02:42", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-01 07:05:22", "1578982", "104.245.106.135:80", "ip:port", "botnet_cc", "win.nworm", "nw0rm,NWorm", "N-W0rm", "", "100", "None", "N-W0rm", "0", "abuse_ch" "2025-09-01 06:54:16", "1578979", "49.12.240.21:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-09-01 06:54:16", "1578980", "88.99.122.151:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-09-01 06:47:34", "1578978", "yco.nufypiy1.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-01 06:41:06", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-01 06:10:05", "1578977", "mgc.nufypiy1.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-01 06:09:54", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-01 06:03:59", "1578970", "87.120.191.44:45", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "None", "Mirai", "0", "elfdigest" "2025-09-01 06:03:09", "1578976", "zbj22.zbj888uul.com", "domain", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "https://tria.ge/250901-fq9yqsar8y", "C2,domain,rat,triage,valleyrat", "0", "DonPasci" "2025-09-01 06:01:05", "1578975", "https://despofe.top/zlai", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "https://tria.ge/250901-dm47zazn19", "C2,lumma,stealer,triage", "0", "DonPasci" "2025-09-01 06:00:59", "1578974", "root123454321-24953.portmap.host", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://tria.ge/250901-c9xkzahm7y", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2025-09-01 06:00:58", "1578972", "https://my-paste-app-nine.vercel.app/rawidcaa943ee", "url", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://tria.ge/250901-gcvsbswygx", "C2,quasar,rat,triage", "0", "DonPasci" "2025-09-01 06:00:58", "1578973", "45.88.91.9:6969", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://tria.ge/250901-gmcz9sbm8z", "AS399486,C2,quasar,rat,triage", "0", "DonPasci" "2025-09-01 06:00:48", "1578971", "lookup2-42134.portmap.host", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-09-01 06:00:49", "100", "https://tria.ge/250901-e7fwjsan2v", "asyncrat,C2,domain,rat,triage", "0", "DonPasci" "2025-09-01 05:56:04", "1578598", "vl.goxuxuy4.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-08-31 15:10:14", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-01 05:56:03", "1578599", "ebn.goxuxuy4.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-08-31 15:39:02", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-01 05:56:03", "1578609", "chromus.icu", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "fakeupdate", "0", "HuntYethHounds" "2025-09-01 05:56:03", "1578610", "panelswp.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "fakeupdate", "0", "HuntYethHounds" "2025-09-01 05:56:02", "1578611", "allworldnewses.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "fakeupdate", "0", "HuntYethHounds" "2025-09-01 05:56:02", "1578816", "iua.goxuxuy4.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-08-31 16:52:37", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-01 05:56:02", "1578818", "http://160.250.128.197:8888/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2025-09-02 05:48:36", "100", "None", "AS150895,EZ TECHNOLOGY COMPANY LIMITED,supershell", "0", "antiphishorg" "2025-09-01 05:56:01", "1578819", "gl.goxuxuy4.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-08-31 17:03:32", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-01 05:56:01", "1578821", "mudanzasfacilghh.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix,CoreSecThree", "0", "HuntYethHounds" "2025-09-01 05:56:00", "1578822", "ga.gyjyvyy6.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-08-31 17:19:29", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-01 05:55:59", "1578823", "tgj.gyjyvyy6.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-08-31 17:49:36", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-01 05:55:59", "1578824", "http://103.153.69.151/wget.sh", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2025-08-31 18:30:13", "75", "https://greedybear.honeynet.org", "honeypot", "0", "BobDobalina" "2025-09-01 05:55:59", "1578838", "yze.gyjyvyy6.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-08-31 18:30:29", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-01 05:55:58", "1578839", "http://103.153.69.151/arm7", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2025-08-31 19:20:20", "75", "https://greedybear.honeynet.org", "honeypot", "0", "BobDobalina" "2025-09-01 05:55:58", "1578840", "http://103.153.69.151/mips", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2025-08-31 19:20:18", "75", "https://greedybear.honeynet.org", "honeypot", "0", "BobDobalina" "2025-09-01 05:55:58", "1578841", "http://103.153.69.151/arm5", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2025-08-31 19:20:17", "75", "https://greedybear.honeynet.org", "honeypot", "0", "BobDobalina" "2025-09-01 05:55:57", "1578843", "http://103.153.69.151/arm6", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2025-08-31 19:20:20", "75", "https://greedybear.honeynet.org", "honeypot", "0", "BobDobalina" "2025-09-01 05:55:56", "1578842", "http://103.153.69.151/mpsl", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2025-08-31 19:20:19", "75", "https://greedybear.honeynet.org", "honeypot", "0", "BobDobalina" "2025-09-01 05:55:56", "1578844", "http://103.153.69.151/x86", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2025-08-31 19:20:18", "75", "https://greedybear.honeynet.org", "honeypot", "0", "BobDobalina" "2025-09-01 05:55:55", "1578847", "chromusimus.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "fakeupdate", "0", "HuntYethHounds" "2025-09-01 05:55:55", "1578856", "third-placing.gl.at.ply.gg", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "https://app.any.run/tasks/a7aa7f70-09b9-40a8-a3a9-9c79889e6d7a", "SheetRAT", "0", "burger" "2025-09-01 05:55:55", "1578857", "ztu.gyjyvyy6.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-08-31 20:08:44", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-01 05:55:54", "1578895", "pmu.gyjyvyy6.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-08-31 20:31:32", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-01 05:55:54", "1578903", "5.182.206.88:6000", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "2025-09-01 05:55:34", "50", "", "None", "0", "pitachu" "2025-09-01 05:55:52", "1578902", "te.migyvya2.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-08-31 21:09:42", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-01 05:55:50", "1578908", "ogg.migyvya2.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-08-31 22:09:30", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-01 05:55:48", "1578909", "hsd.migyvya2.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-08-31 22:39:46", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-01 05:55:47", "1578910", "nr.migyvya2.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-08-31 22:43:49", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-01 05:55:47", "1578911", "fvz.lulugiy2.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-08-31 23:10:15", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-01 05:55:47", "1578926", "sekegyu6.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-01 00:39:24", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-01 05:55:46", "1578930", "cq.lulugiy2.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-01 02:10:14", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-01 05:55:46", "1578936", "141.11.167.247:6387", "ip:port", "botnet_cc", "win.venom", "None", "Venom RAT", "", "75", "https://app.any.run/tasks/35071a06-24b9-4ef4-b6c8-0d3955eb0575", "None", "0", "tanner" "2025-09-01 05:55:45", "1578937", "ve.lulugiy2.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-01 03:11:16", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-01 05:55:45", "1578938", "www.apprank.one", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "2025-09-01 23:31:23", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz" "2025-09-01 05:55:44", "1578939", "tfc.nufypiy1.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-01 03:39:31", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-01 05:55:40", "1578969", "dc.nufypiy1.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-01 05:10:33", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-01 05:55:28", "1578499", "computers-favorite.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250831-p8jnyasvfs", "None", "0", "burger" "2025-09-01 05:55:27", "1578500", "pkq.toludye0.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-08-31 13:08:54", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-01 05:55:27", "1578503", "miq.toludye0.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-08-31 13:41:15", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-01 05:55:27", "1578505", "iz.toludye0.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-08-31 14:09:02", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-01 05:55:26", "1578511", "45.143.203.229:443", "ip:port", "payload_delivery", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "", "100", "None", "SocGholish", "0", "threatcat_ch" "2025-09-01 05:55:26", "1578512", "cfb.goxuxuy4.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-08-31 14:40:06", "100", "None", "ClearFake", "0", "threatcat_ch" # Number of entries: 2095