################################################################ # ThreatFox IOCs: recent additions - CSV format # # Last updated: 2025-08-05 06:04:08 UTC # # # # Terms Of Use: https://threatfox.abuse.ch/faq/#tos # # For questions please contact threatfox [at] abuse.ch # ################################################################ # # "first_seen_utc","ioc_id","ioc_value","ioc_type","threat_type","fk_malware","malware_alias","malware_printable","last_seen_utc","confidence_level","reference","tags","anonymous","reporter" "2025-08-05 06:04:08", "1564427", "prince123.no-ip.biz", "domain", "botnet_cc", "win.cybergate", "Rebhip", "CyberGate", "", "100", "https://tria.ge/250805-dtkf5sdq9s", "C2,cybergate,domain,rat,triage", "0", "DonPasci" "2025-08-05 06:03:11", "1564425", "154.198.49.211:6666", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "https://tria.ge/250805-exm7waen4v", "AS138995,C2,rat,triage,valleyrat", "0", "DonPasci" "2025-08-05 06:03:11", "1564426", "154.198.49.211:8888", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "https://tria.ge/250805-exm7waen4v", "AS138995,C2,rat,triage,valleyrat", "0", "DonPasci" "2025-08-05 06:03:10", "1564424", "job3.yjctllgcq.cn", "domain", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "https://tria.ge/250805-f6fpts1py5", "C2,domain,rat,triage,valleyrat", "0", "DonPasci" "2025-08-05 06:01:20", "1564423", "shellexperiencehost.ydns.eu", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://tria.ge/250805-bweybszkv3", "asyncrat,C2,domain,rat,triage", "0", "DonPasci" "2025-08-05 06:01:08", "1564421", "196.251.85.125:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/250805-eptdxs1j13", "AS401120,C2,rat,remcos,triage", "0", "DonPasci" "2025-08-05 06:01:08", "1564422", "dooijeweerd.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/250805-d2216aej4w", "C2,domain,rat,remcos,triage", "0", "DonPasci" "2025-08-05 06:00:58", "1564420", "activities-essays.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250805-alxvqaypv6", "C2,domain,triage,xworm", "0", "DonPasci" "2025-08-05 06:00:57", "1564419", "212.11.64.130:3004", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250805-fpwpqafl91", "AS42624,C2,triage,xworm", "0", "DonPasci" "2025-08-05 06:00:56", "1564418", "he-purchased.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250805-f2tqws1pt8", "C2,domain,triage,xworm", "0", "DonPasci" "2025-08-05 04:01:55", "1564417", "65.109.34.170:8000", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/65.109.34.170", "AS24940,C2,censys,CobaltStrike,HETZNER-AS,open-dir", "0", "DonPasci" "2025-08-05 04:01:30", "1564415", "3.148.197.135:9601", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://search.censys.io/hosts/3.148.197.135", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-08-05 04:01:30", "1564416", "43.200.254.110:9600", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://search.censys.io/hosts/43.200.254.110", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-08-05 04:01:26", "1564414", "178.236.252.221:80", "ip:port", "botnet_cc", "win.venom", "None", "Venom RAT", "", "100", "https://search.censys.io/hosts/178.236.252.221", "AS215826,C2,censys,PARTNER-HOSTING-LTD,RAT,Venom", "0", "DonPasci" "2025-08-05 04:01:04", "1564398", "216.128.136.39:443", "ip:port", "botnet_cc", "win.pupy", "Patpoopy", "pupy", "", "100", "https://search.censys.io/hosts/216.128.136.39", "AS-VULTR,AS20473,C2,censys,Pupy,RAT", "0", "DonPasci" "2025-08-05 04:01:02", "1564397", "172.94.9.240:5671", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/172.94.9.240", "AS9009,C2,censys,M247,RAT,Remcos", "0", "DonPasci" "2025-08-05 03:45:07", "1564372", "46.246.82.14:7045", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "AsyncRAT,RAT", "0", "abuse_ch" "2025-08-05 03:40:13", "1564371", "http://pavlovski3.temp.swtest.ru/b067f351.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat,RAT", "0", "abuse_ch" "2025-08-05 02:50:46", "1564370", "172.105.24.242:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-05 05:52:16", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-08-05 02:49:59", "1564369", "113.250.188.15:8887", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-05 05:51:29", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-08-05 00:01:49", "1564368", "royalmail.com.rx.ns2.name", "domain", "botnet_cc", "win.mimikatz", "None", "MimiKatz", "", "100", "https://search.censys.io/hosts/185.62.56.181+royalmail.com.rx.ns2.name", "AS62370,C2,censys,hacktool,Mimikatz,open-dir,SNEL", "0", "DonPasci" "2025-08-05 00:01:35", "1564367", "167.160.161.185:80", "ip:port", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "https://search.censys.io/hosts/167.160.161.185", "AS214943,C2,censys,RAILNET,Stealc,Stealer", "0", "DonPasci" "2025-08-05 00:01:28", "1564366", "16.26.92.78:40338", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://search.censys.io/hosts/16.26.92.78", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-08-05 00:01:25", "1564365", "172.201.216.161:80", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-08-05 04:00:47", "100", "https://search.censys.io/hosts/172.201.216.161", "AS8075,C2,censys,Havoc,MICROSOFT-CORP-MSN-AS-BLOCK", "0", "DonPasci" "2025-08-05 00:01:23", "1564362", "187.212.217.91:1099", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-08-05 04:00:44", "100", "https://search.censys.io/hosts/187.212.217.91", "AS8151,C2,censys,Quasar,RAT,UNINET", "0", "DonPasci" "2025-08-05 00:01:23", "1564363", "187.212.217.91:2000", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-08-05 04:00:45", "100", "https://search.censys.io/hosts/187.212.217.91", "AS8151,C2,censys,Quasar,RAT,UNINET", "0", "DonPasci" "2025-08-05 00:01:23", "1564364", "187.212.217.91:3389", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-08-05 04:00:45", "100", "https://search.censys.io/hosts/187.212.217.91", "AS8151,C2,censys,Quasar,RAT,UNINET", "0", "DonPasci" "2025-08-05 00:01:21", "1564361", "51.75.38.2:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-08-05 04:00:41", "100", "https://search.censys.io/hosts/51.75.38.2", "AS16276,C2,censys,Mythic,OVH", "0", "DonPasci" "2025-08-05 00:01:17", "1564360", "78.128.113.222:9000", "ip:port", "botnet_cc", "win.sectop_rat", "1xxbot,ArechClient", "SectopRAT", "", "100", "https://search.censys.io/hosts/78.128.113.222", "AS209160,C2,censys,MITI2000,RAT,Sectop", "0", "DonPasci" "2025-08-05 00:01:05", "1564359", "212.193.57.188:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-08-05 04:00:35", "100", "https://search.censys.io/hosts/212.193.57.188", "AS201848,C2,censys,Sliver,TRADERSOFT", "0", "DonPasci" "2025-08-05 00:01:04", "1564358", "202.61.137.217:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-08-05 04:00:35", "100", "https://search.censys.io/hosts/202.61.137.217", "AS152194,C2,censys,CTGSERVERLIMITED-AS-AP,Sliver", "0", "DonPasci" "2025-08-05 00:01:00", "1564357", "142.202.188.223:8888", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/142.202.188.223", "AS398019,C2,censys,DYNU,RAT,Remcos", "0", "DonPasci" "2025-08-05 00:00:58", "1564356", "103.176.197.34:14994", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "2025-08-05 04:00:28", "100", "https://search.censys.io/hosts/103.176.197.34", "AS152156,C2,censys,Gh0st,NARUTO-AS-HK,RAT", "0", "DonPasci" "2025-08-05 00:00:39", "1564355", "101.201.75.136:888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-05 04:00:20", "100", "https://search.censys.io/hosts/101.201.75.136", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-08-04 21:55:27", "1564354", "5.8.19.3:31166", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "XWorm", "0", "abuse_ch" "2025-08-04 20:49:05", "1564350", "85.98.101.193:443", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "2025-08-05 05:49:51", "75", "None", "drb-ra,Qakbot,Qbot,Quakbot", "0", "abuse_ch" "2025-08-04 20:47:11", "1564349", "35.161.154.247:443", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-08-05 06:48:28", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-08-04 20:47:00", "1564348", "3.33.183.94:443", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-08-05 06:48:16", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-08-04 20:46:21", "1564347", "198.244.224.69:80", "ip:port", "botnet_cc", "win.broomstick", "CLEANBOOST,CleanUp,CleanUpLoader,Oyster", "Broomstick", "2025-08-05 06:47:26", "75", "None", "Broomstick,drb-ra,Oyster", "0", "abuse_ch" "2025-08-04 20:45:44", "1564345", "185.233.166.124:443", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2025-08-05 06:46:35", "75", "None", "drb-ra,RansomHub", "0", "abuse_ch" "2025-08-04 20:45:44", "1564346", "185.233.166.124:9702", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2025-08-05 06:46:35", "75", "None", "drb-ra,RansomHub", "0", "abuse_ch" "2025-08-04 20:43:25", "1564344", "107.23.227.249:443", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-08-05 06:43:30", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-08-04 20:04:37", "1564343", "santoos-63758.portmap.host", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots" "2025-08-04 20:04:08", "1564342", "https://62.60.227.98/g8jejfC38/index.php", "url", "botnet_cc", "win.amadey", "None", "Amadey", "", "50", "https://urlquery.net/report/36252f63-e363-41fd-9144-72e55e7d1c70", "amadey,c2,urlquery", "0", "juroots" "2025-08-04 20:04:07", "1564341", "https://196.251.85.220/E3jv8fS9b/index.php", "url", "botnet_cc", "win.amadey", "None", "Amadey", "", "50", "https://urlquery.net/report/ba4044c9-64e2-4737-b65c-11d2e40ccbd5", "amadey,c2,urlquery", "0", "juroots" "2025-08-04 20:03:36", "1564340", "http://91.241.93.244:4000/login", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://urlscan.io/result/019876ae-ad58-75c4-91e9-d16f3858a33b", "c2,evilginx,urlscan", "0", "juroots" "2025-08-04 20:02:07", "1564339", "31.128.220.13:7777", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://www.shodan.io/host/31.128.220.13#7777", "7777,c2,quad7,shodan", "0", "juroots" "2025-08-04 20:01:52", "1564338", "213.241.33.156:13579", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://www.shodan.io/host/213.241.33.156#13579", "c2,netbus,shodan", "0", "juroots" "2025-08-04 20:01:49", "1564337", "185.62.56.181:80", "ip:port", "botnet_cc", "win.mimikatz", "None", "MimiKatz", "", "100", "https://search.censys.io/hosts/185.62.56.181", "AS62370,C2,censys,hacktool,Mimikatz,open-dir,SNEL", "0", "DonPasci" "2025-08-04 20:01:39", "1564335", "41.105.219.254:1604", "ip:port", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "50", "https://www.shodan.io/host/41.105.219.254#1604", "c2,darkcomet,shodan", "0", "juroots" "2025-08-04 20:01:39", "1564336", "111.90.151.72:2850", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-08-05 06:43:37", "100", "https://search.censys.io/hosts/111.90.151.72", "AS45839,censys,EvilGinx,panel,Phishing,SHINJIRU-MY-AS-AP", "0", "DonPasci" "2025-08-04 20:01:38", "1564334", "net-37-119-171-146.cust.vodafonedsl.it", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2025-08-05 04:01:02", "100", "https://search.censys.io/hosts/37.119.171.146+net-37-119-171-146.cust.vodafonedsl.it", "AS30722,C2,censys,panel,Unam,VODAFONE-IT-ASN", "0", "DonPasci" "2025-08-04 20:01:27", "1564331", "54.219.39.97:3001", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-08-05 06:49:54", "100", "https://search.censys.io/hosts/54.219.39.97", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-08-04 20:01:27", "1564332", "54.219.39.97:9601", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://search.censys.io/hosts/54.219.39.97", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-08-04 20:01:27", "1564333", "54.219.39.97:10001", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-08-05 06:49:54", "100", "https://search.censys.io/hosts/54.219.39.97", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-08-04 20:01:26", "1564329", "3.34.252.229:59514", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://search.censys.io/hosts/3.34.252.229", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-08-04 20:01:26", "1564330", "18.163.196.135:3086", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-08-05 06:46:06", "100", "https://search.censys.io/hosts/18.163.196.135", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-08-04 20:01:25", "1564327", "13.244.64.198:2454", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-08-05 06:44:06", "100", "https://search.censys.io/hosts/13.244.64.198", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-08-04 20:01:25", "1564328", "13.211.80.141:49152", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://search.censys.io/hosts/13.211.80.141", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-08-04 20:01:24", "1564326", "89.242.2.98:843", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "50", "https://www.shodan.io/host/89.242.2.98#843", "c2,netsupport,shodan", "0", "juroots" "2025-08-04 20:01:21", "1564325", "187.212.217.91:990", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-08-05 04:00:44", "100", "https://search.censys.io/hosts/187.212.217.91", "AS8151,C2,censys,Quasar,RAT,UNINET", "0", "DonPasci" "2025-08-04 20:01:20", "1564324", "187.212.217.91:888", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-08-05 04:00:44", "100", "https://search.censys.io/hosts/187.212.217.91", "AS8151,C2,censys,Quasar,RAT,UNINET", "0", "DonPasci" "2025-08-04 20:01:09", "1564323", "172.96.193.172:2083", "ip:port", "botnet_cc", "win.brute_ratel_c4", "BOLDBADGER,BruteRatel", "Brute Ratel C4", "", "50", "https://www.shodan.io/host/172.96.193.172#2083", "bruteratel,c2,shodan", "0", "juroots" "2025-08-04 20:01:03", "1564322", "34.219.64.94:80", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "100", "https://search.censys.io/hosts/34.219.64.94", "AMAZON-02,AS16509,C2,censys,open-dir,payload,Sliver", "0", "DonPasci" "2025-08-04 20:01:02", "1564321", "86.106.85.173:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-08-05 04:00:34", "100", "https://search.censys.io/hosts/86.106.85.173", "AS9009,C2,censys,M247,Sliver", "0", "DonPasci" "2025-08-04 20:00:59", "1564320", "192.159.99.164:2004", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-08-05 06:46:50", "100", "https://search.censys.io/hosts/192.159.99.164", "AS210558,C2,censys,RAT,Remcos,SERVICES-1337-GMBH", "0", "DonPasci" "2025-08-04 20:00:58", "1564319", "45.132.238.147:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-08-05 06:48:53", "100", "https://search.censys.io/hosts/45.132.238.147", "AS932,C2,censys,RAT,Remcos,XNNET", "0", "DonPasci" "2025-08-04 20:00:55", "1564318", "154.36.161.9:80", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "2025-08-05 04:00:26", "100", "https://search.censys.io/hosts/154.36.161.9", "AS979,C2,censys,Gh0st,NETLAB-SDN,RAT", "0", "DonPasci" "2025-08-04 20:00:52", "1564317", "18.188.140.220:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://www.shodan.io/host/18.188.140.220#443", "c2,mythic,shodan", "0", "juroots" "2025-08-04 20:00:42", "1564315", "140.143.170.12:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-05 04:00:12", "100", "https://search.censys.io/hosts/140.143.170.12", "AS45090,C2,censys,CobaltStrike,cs-watermark-0,TENCENT-NET-AP", "0", "DonPasci" "2025-08-04 20:00:39", "1564312", "49.0.254.101:10001", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-05 04:00:24", "100", "https://search.censys.io/hosts/49.0.254.101", "AS136907,C2,censys,CobaltStrike,cs-watermark-987654321,HWCLOUDS-AS-AP", "0", "DonPasci" "2025-08-04 20:00:39", "1564313", "185.112.146.100:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/185.112.146.100#31337", "c2,shodan,sliver", "0", "juroots" "2025-08-04 20:00:39", "1564314", "185.181.8.111:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/185.181.8.111#31337", "c2,shodan,sliver", "0", "juroots" "2025-08-04 20:00:38", "1564311", "109.205.213.121:12525", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-05 04:00:18", "100", "https://search.censys.io/hosts/109.205.213.121", "AS19318,C2,censys,CobaltStrike,cs-watermark-987654321,IS-AS-1", "0", "DonPasci" "2025-08-04 20:00:21", "1564310", "118.70.133.216:8333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://www.shodan.io/host/118.70.133.216#8333", "c2,gophish,phishing,shodan", "0", "juroots" "2025-08-04 20:00:01", "1564308", "37.107.165.38:13579", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#13579", "c2,extreme,shodan", "0", "juroots" "2025-08-04 20:00:01", "1564309", "37.107.165.38:51200", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#51200", "c2,extreme,shodan", "0", "juroots" "2025-08-04 20:00:00", "1564305", "37.107.165.38:2443", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#2443", "c2,extreme,shodan", "0", "juroots" "2025-08-04 20:00:00", "1564306", "37.107.165.38:9090", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#9090", "c2,extreme,shodan", "0", "juroots" "2025-08-04 20:00:00", "1564307", "37.107.165.38:15082", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#15082", "c2,extreme,shodan", "0", "juroots" "2025-08-04 19:59:59", "1564301", "37.107.165.38:9191", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#9191", "c2,extreme,shodan", "0", "juroots" "2025-08-04 19:59:59", "1564302", "37.107.165.38:1250", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#1250", "c2,extreme,shodan", "0", "juroots" "2025-08-04 19:59:59", "1564303", "37.107.165.38:2021", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#2021", "c2,extreme,shodan", "0", "juroots" "2025-08-04 19:59:59", "1564304", "37.107.165.38:8808", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#8808", "c2,extreme,shodan", "0", "juroots" "2025-08-04 19:59:58", "1564296", "37.107.165.38:8731", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#8731", "c2,extreme,shodan", "0", "juroots" "2025-08-04 19:59:58", "1564297", "37.107.165.38:8087", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#8087", "c2,extreme,shodan", "0", "juroots" "2025-08-04 19:59:58", "1564298", "37.107.165.38:8000", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#8000", "c2,extreme,shodan", "0", "juroots" "2025-08-04 19:59:58", "1564299", "37.107.165.38:5105", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#5105", "c2,extreme,shodan", "0", "juroots" "2025-08-04 19:59:58", "1564300", "37.107.165.38:10443", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#10443", "c2,extreme,shodan", "0", "juroots" "2025-08-04 19:59:57", "1564295", "37.107.165.38:30027", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#30027", "c2,extreme,shodan", "0", "juroots" "2025-08-04 19:59:39", "1564292", "43.134.9.57:4444", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-05 04:00:17", "50", "https://www.shodan.io/host/43.134.9.57#4444", "c2,cobaltstrike,shodan", "0", "juroots" "2025-08-04 19:59:39", "1564293", "20.206.138.78:9001", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/20.206.138.78#9001", "c2,cobaltstrike,shodan", "0", "juroots" "2025-08-04 19:59:39", "1564294", "172.190.147.123:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/172.190.147.123#80", "c2,cobaltstrike,shodan", "0", "juroots" "2025-08-04 19:59:21", "1564291", "124.70.100.149:7979", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-04 19:59:39", "50", "https://www.shodan.io/host/124.70.100.149#7979", "c2,cobaltstrike,cs-watermark-666666666,shodan", "0", "juroots" "2025-08-04 19:59:17", "1564289", "82.118.16.37:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-04 19:59:39", "50", "https://www.shodan.io/host/82.118.16.37#8443", "c2,cobaltstrike,cs-watermark-987654321,shodan", "0", "juroots" "2025-08-04 19:59:17", "1564290", "14.225.255.58:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-04 19:59:40", "50", "https://www.shodan.io/host/14.225.255.58#80", "c2,cobaltstrike,cs-watermark-987654321,shodan", "0", "juroots" "2025-08-04 19:50:51", "1564287", "https://meadotdk.qpon/iutr/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/2e13d573b457b30b459d7597c46dd2e69e0288fdb08b0e392e6ad3bbe38f9112/", "lumma", "0", "abuse_ch" "2025-08-04 19:20:16", "1564285", "206.123.131.164:6144", "ip:port", "botnet_cc", "win.vjw0rm", "None", "Vjw0rm", "", "100", "None", "Vjw0rm", "0", "abuse_ch" "2025-08-04 19:20:10", "1564284", "http://boxyong.ydns.eu:6144/is-ready", "url", "botnet_cc", "win.houdini", "Hworm,Jenxcus,Kognito,Njw0rm,WSHRAT,dinihou,dunihi", "Houdini", "", "100", "None", "RAT,WSHRAT", "0", "abuse_ch" "2025-08-04 19:20:05", "1564283", "206.123.131.164:50161", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "AsyncRAT,RAT", "0", "abuse_ch" "2025-08-04 19:16:22", "1564282", "196.251.114.179:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "75", "https://bazaar.abuse.ch/sample/55bbddfba2023f779eb617effe480f0af17d399f12fed4eb0022bbf895d0de47/", "remcos", "0", "abuse_ch" "2025-08-04 19:04:38", "1564281", "http://23.146.184.21/x86.sh", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "75", "https://greedybear.honeynet.org", "honeypot", "0", "greedybear" "2025-08-04 18:15:06", "1564280", "46.246.12.3:2703", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "AsyncRAT,RAT", "0", "abuse_ch" "2025-08-04 18:11:08", "1564279", "https://in.softlinko.com", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2025-08-05 06:10:41", "75", "None", "5%563,Vidar", "0", "abuse_ch" "2025-08-04 18:03:06", "1564278", "uzamaki.duckdns.org", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "100", "https://tria.ge/250804-rvpddaer6t", "C2,domain,nanocore,rat,triage", "0", "DonPasci" "2025-08-04 18:01:56", "1564277", "45.204.211.230:443", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "https://tria.ge/250804-qavh8asry3", "AS62468,C2,rat,triage,valleyrat", "0", "DonPasci" "2025-08-04 18:01:46", "1564276", "quite-cs.at.ply.gg", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "https://tria.ge/250804-n39gqsztey", "C2,domain,njrat,triage", "0", "DonPasci" "2025-08-04 18:01:24", "1564275", "https://ilamaxmi.beer/toaw/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "https://tria.ge/250804-qhzg5stjy4", "C2,lumma,stealer,triage", "0", "DonPasci" "2025-08-04 18:01:17", "1564274", "teen-undo.gl.at.ply.gg", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://tria.ge/250804-vvq4ras1ft", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2025-08-04 18:01:10", "1564273", "vaulted-47334.portmap.host", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-08-04 18:01:10", "100", "https://tria.ge/250804-qet39atjw2", "asyncrat,C2,domain,rat,triage", "0", "DonPasci" "2025-08-04 18:01:09", "1564272", "sell-underlying.gl.at.ply.gg", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://tria.ge/250804-ts598agl3s", "asyncrat,C2,domain,rat,triage", "0", "DonPasci" "2025-08-04 18:01:02", "1564270", "windeckoloko.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/250804-s7s3rsfq91", "C2,domain,rat,remcos,triage", "0", "DonPasci" "2025-08-04 18:01:02", "1564271", "gigle.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/250804-qg1c2s1sgt", "C2,domain,rat,remcos,triage", "0", "DonPasci" "2025-08-04 18:00:55", "1564268", "ync9i5fv1.localto.net", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250804-pajw2scl6t", "C2,domain,triage,xworm", "0", "DonPasci" "2025-08-04 18:00:55", "1564269", "45.200.148.216:7001", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250804-n39gqsztey", "AS17561,C2,triage,xworm", "0", "DonPasci" "2025-08-04 18:00:54", "1564265", "gnggyurfucked-32857.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250804-q53s3stmx8", "C2,domain,triage,xworm", "0", "DonPasci" "2025-08-04 18:00:54", "1564266", "categories-figure.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250804-qtzx2stls9", "C2,domain,triage,xworm", "0", "DonPasci" "2025-08-04 18:00:54", "1564267", "releases-nitrogen.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250804-pcm2gszway", "C2,domain,triage,xworm", "0", "DonPasci" "2025-08-04 18:00:53", "1564261", "thought-geology.gl.joinmc.link", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250804-vld3tss1ax", "C2,domain,triage,xworm", "0", "DonPasci" "2025-08-04 18:00:53", "1564262", "cross-editor.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250804-s224gsfq4v", "C2,domain,triage,xworm", "0", "DonPasci" "2025-08-04 18:00:53", "1564263", "assistance-commissions.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250804-s1mbmsswcz", "C2,domain,triage,xworm", "0", "DonPasci" "2025-08-04 18:00:53", "1564264", "format-joining.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250804-rwbhxaer7x", "C2,domain,triage,xworm", "0", "DonPasci" "2025-08-04 18:00:52", "1564260", "hardware-planned.gl.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250804-vld3tss1ax", "C2,domain,triage,xworm", "0", "DonPasci" "2025-08-04 18:00:51", "1564259", "dead-weblogs.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "2025-08-04 18:00:52", "100", "https://tria.ge/250804-v2vqhsvry4", "C2,domain,triage,xworm", "0", "DonPasci" "2025-08-04 18:00:47", "1564258", "193.161.193.99:29884", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "XWorm", "0", "abuse_ch" "2025-08-04 17:10:14", "1564257", "http://149.154.69.131/Uploads/SqlUploads7/ServercdnAuthPython/TrafficPoll/Provider/ToPipeTrack9/Processor/7imageDbprocess/linuxSecureimage/jsLowProcessBigloadserverMultiTest.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat,RAT", "0", "abuse_ch" "2025-08-04 17:05:18", "1564256", "https://fillettx.xin/otiq/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/70ba2e676c814e7e85442f312aa3a7a0e28bce15607e90849fa627b8c3399af2/", "lumma", "0", "abuse_ch" "2025-08-04 16:02:31", "1564255", "94.26.90.116:443", "ip:port", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "90", "None", "latrodectus", "0", "Rony" "2025-08-04 16:01:56", "1564254", "192.99.5.82:10001", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "100", "https://search.censys.io/hosts/192.99.5.82", "AS16276,C2,censys,OVH,RAT", "0", "DonPasci" "2025-08-04 16:01:55", "1564253", "150.139.133.192:10001", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "100", "https://search.censys.io/hosts/150.139.133.192", "AS136195,C2,censys,CHINATELECOM-QINGDAO-CLOUDBASE,RAT", "0", "DonPasci" "2025-08-04 16:01:26", "1564252", "144.91.103.204:443", "ip:port", "botnet_cc", "win.brute_ratel_c4", "BOLDBADGER,BruteRatel", "Brute Ratel C4", "2025-08-05 06:44:28", "100", "https://search.censys.io/hosts/144.91.103.204", "AS51167,BRC4,C2,censys,CONTABO", "0", "DonPasci" "2025-08-04 16:01:25", "1564251", "13.201.10.7:2795", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-08-05 06:44:04", "100", "https://search.censys.io/hosts/13.201.10.7", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-08-04 16:01:22", "1564250", "171.232.54.255:8000", "ip:port", "botnet_cc", "win.venom", "None", "Venom RAT", "2025-08-05 04:00:49", "100", "https://search.censys.io/hosts/171.232.54.255", "AS7552,C2,censys,RAT,Venom,VIETEL-AS-AP", "0", "DonPasci" "2025-08-04 16:00:56", "1564249", "154.36.161.221:80", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "2025-08-05 04:00:26", "100", "https://search.censys.io/hosts/154.36.161.221", "AS979,C2,censys,Gh0st,NETLAB-SDN,RAT", "0", "DonPasci" "2025-08-04 16:00:41", "1564248", "38.47.120.26:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-05 04:00:23", "100", "https://search.censys.io/hosts/38.47.120.26", "AS198100,C2,censys,CobaltStrike,cs-watermark-666666666,WAP-AC", "0", "DonPasci" "2025-08-04 16:00:37", "1564247", "116.62.242.13:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-05 05:51:36", "100", "https://search.censys.io/hosts/116.62.242.13", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-08-04 15:55:28", "1564246", "147.185.221.30:51343", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "XWorm", "0", "abuse_ch" "2025-08-04 15:35:10", "1564245", "51.89.204.89:8041", "ip:port", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "75", "https://bazaar.abuse.ch/sample/7b609924bfb9edfbc69cd7394ce44d944c75ed62ad72465b2710bd4dc59aabc1/", "ConnectWise,ScreenConnect", "0", "abuse_ch" "2025-08-04 15:35:05", "1564244", "wakilamakila.com", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "https://bazaar.abuse.ch/sample/7b609924bfb9edfbc69cd7394ce44d944c75ed62ad72465b2710bd4dc59aabc1/", "ConnectWise,ScreenConnect", "0", "abuse_ch" "2025-08-04 14:20:53", "1564240", "https://t.me/privetroot", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/31ba8080813690f32ff5cb3ad9c09a20129f81f0f4f11ed99d6cac35cb1d7c4d/", "lumma", "0", "abuse_ch" "2025-08-04 14:19:54", "1564233", "https://docs.nynovation.com/doLogout", "url", "botnet_cc", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "", "100", "None", "fakeupdates,SocGholish", "0", "pancak3lullz" "2025-08-04 14:19:53", "1564234", "docs.nynovation.com", "domain", "botnet_cc", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "2025-08-04 17:10:06", "100", "None", "fakeupdates,SocGholish", "0", "pancak3lullz" "2025-08-04 14:19:53", "1564235", "66.42.117.234:443", "ip:port", "botnet_cc", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "", "100", "None", "fakeupdates,SocGholish", "0", "pancak3lullz" "2025-08-04 14:19:52", "1564236", "sdkfsf.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake,ClickFix", "0", "threatcat_ch" "2025-08-04 14:19:52", "1564237", "jdaklsjdklajsldkjd.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake,ClickFix", "0", "threatcat_ch" "2025-08-04 14:19:51", "1564238", "daskldalkdalskdktktk.cloud", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake,ClickFix", "0", "threatcat_ch" "2025-08-04 14:19:51", "1564239", "zincheckyou.cloud", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake,ClickFix", "0", "threatcat_ch" "2025-08-04 13:40:18", "1564225", "https://bouncystardust.run/", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "", "ClearFake", "0", "threatcat_ch" "2025-08-04 13:10:28", "1564231", "https://rx.softlinko.com", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2025-08-04 17:10:29", "75", "None", "5%563,Vidar", "0", "abuse_ch" "2025-08-04 13:10:28", "1564232", "rx.softlinko.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2025-08-04 17:10:29", "75", "None", "5%563,Vidar", "0", "abuse_ch" "2025-08-04 12:55:17", "1564230", "45.204.211.230:668", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "None", "RAT,ValleyRAT", "0", "abuse_ch" "2025-08-04 12:52:10", "1564229", "38.47.120.26:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-05 05:52:35", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-08-04 12:50:46", "1564228", "101.43.139.175:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-05 05:51:10", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-08-04 12:50:05", "1564227", "dsswew.website", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-05 05:50:33", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-08-04 12:49:56", "1564226", "api.teemaaby.dpdns.org", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-05 05:50:25", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-08-04 12:06:41", "1564224", "66.63.187.176:6464", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "XWorm", "0", "abuse_ch" "2025-08-04 12:02:35", "1564223", "going-documents.gl.at.ply.gg", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "https://tria.ge/250804-mdqsnaywbt", "C2,domain,neptunerat,rat,triage", "0", "DonPasci" "2025-08-04 12:02:05", "1564220", "23.249.20.22:50", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "https://tria.ge/250804-jwypfaw1hy", "AS152156,C2,rat,triage,valleyrat", "0", "DonPasci" "2025-08-04 12:02:05", "1564221", "23.249.20.22:90", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "https://tria.ge/250804-jwypfaw1hy", "AS152156,C2,rat,triage,valleyrat", "0", "DonPasci" "2025-08-04 12:02:05", "1564222", "23.249.20.22:80", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "https://tria.ge/250804-jwypfaw1hy", "AS152156,C2,rat,triage,valleyrat", "0", "DonPasci" "2025-08-04 12:02:04", "1564217", "173.214.107.45:7777", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "https://tria.ge/250804-kl3q3shn2y", "AS35908,C2,rat,triage,valleyrat", "0", "DonPasci" "2025-08-04 12:02:04", "1564218", "103.176.197.20:90", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "https://tria.ge/250804-kczm3azkx4", "AS152156,C2,rat,triage,valleyrat", "0", "DonPasci" "2025-08-04 12:02:04", "1564219", "103.176.197.20:443", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "https://tria.ge/250804-kczm3azkx4", "AS152156,C2,rat,triage,valleyrat", "0", "DonPasci" "2025-08-04 12:01:50", "1564216", "216.238.83.34:443", "ip:port", "botnet_cc", "win.bianlian", "None", "BianLian", "2025-08-05 06:47:53", "100", "https://search.censys.io/hosts/216.238.83.34", "AS-VULTR,AS20473,BianLian,C2,censys", "0", "DonPasci" "2025-08-04 12:01:49", "1564215", "137.59.231.46:16877", "ip:port", "botnet_cc", "win.empire_downloader", "None", "Empire Downloader", "", "100", "https://search.censys.io/hosts/137.59.231.46", "AS9541,C2,censys,CYBERNET-AP,PowershellEmpire", "0", "DonPasci" "2025-08-04 12:01:37", "1564214", "dazzling-elbakyan.192-227-134-76.plesk.page", "domain", "botnet_cc", "elf.bashlite", "gayfgt,Gafgyt,qbot,torlus,lizkebab", "Bashlite", "", "100", "https://search.censys.io/hosts/192.227.134.76+dazzling-elbakyan.192-227-134-76.plesk.page", "AS-COLOCROSSING,AS36352,C2,censys,Gafgyt,open-dir", "0", "DonPasci" "2025-08-04 12:01:23", "1564213", "144.91.103.204:8080", "ip:port", "botnet_cc", "win.brute_ratel_c4", "BOLDBADGER,BruteRatel", "Brute Ratel C4", "2025-08-05 06:44:28", "100", "https://search.censys.io/hosts/144.91.103.204", "AS51167,BRC4,C2,censys,CONTABO", "0", "DonPasci" "2025-08-04 12:01:19", "1564212", "35.75.228.75:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-08-05 06:48:34", "100", "https://search.censys.io/hosts/35.75.228.75", "AMAZON-02,AS16509,C2,censys,Havoc", "0", "DonPasci" "2025-08-04 12:01:17", "1564211", "186.169.48.221:4040", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-08-05 04:00:43", "100", "https://search.censys.io/hosts/186.169.48.221", "AS3816,C2,censys,COLOMBIA,Quasar,RAT", "0", "DonPasci" "2025-08-04 12:01:09", "1564210", "obyonlinez.ydns.eu", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-08-04 12:01:09", "100", "https://tria.ge/250804-h2ecbaymy5", "asyncrat,C2,domain,rat,triage", "0", "DonPasci" "2025-08-04 12:01:08", "1564208", "88.183.123.104:4449", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://tria.ge/250804-negf2s1qs7", "AS12322,asyncrat,C2,rat,triage", "0", "DonPasci" "2025-08-04 12:01:08", "1564209", "88.183.123.104:80", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://tria.ge/250804-negf2s1qs7", "AS12322,asyncrat,C2,rat,triage", "0", "DonPasci" "2025-08-04 12:00:58", "1564207", "196.251.85.144:5000", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-08-05 06:47:20", "100", "https://search.censys.io/hosts/196.251.85.144", "AS401120,C2,censys,CHEAPY-HOST,RAT,Remcos", "0", "DonPasci" "2025-08-04 12:00:56", "1564206", "103.86.44.11:80", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "2025-08-05 04:00:29", "100", "https://search.censys.io/hosts/103.86.44.11", "AS138195,C2,censys,Gh0st,MOACKCOLTD-AS-AP,RAT", "0", "DonPasci" "2025-08-04 12:00:55", "1564205", "154.36.161.74:80", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "2025-08-05 04:00:28", "100", "https://search.censys.io/hosts/154.36.161.74", "AS979,C2,censys,Gh0st,NETLAB-SDN,RAT", "0", "DonPasci" "2025-08-04 12:00:54", "1564204", "yoriabd.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/250804-hg7hcsyks9", "C2,domain,rat,remcos,triage", "0", "DonPasci" "2025-08-04 12:00:53", "1564203", "196.251.117.188:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-08-05 06:47:15", "100", "https://tria.ge/250804-jhlgysgk9y", "AS401116,C2,rat,remcos,triage", "0", "DonPasci" "2025-08-04 12:00:45", "1564201", "31.6.50.184:7000", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250804-m3agzayyay", "AS213200,C2,triage,xworm", "0", "DonPasci" "2025-08-04 12:00:45", "1564202", "xwormv7.duckdns.org", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250804-klaejaxwfs", "C2,domain,triage,xworm", "0", "DonPasci" "2025-08-04 12:00:41", "1564200", "154.90.37.141:4443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-05 04:00:20", "100", "https://search.censys.io/hosts/154.90.37.141", "AS138915,C2,censys,CobaltStrike,cs-watermark-1234567890,KAOPU-HK", "0", "DonPasci" "2025-08-04 12:00:37", "1564199", "47.99.62.187:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-05 04:00:15", "100", "https://search.censys.io/hosts/47.99.62.187", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-391144938", "0", "DonPasci" "2025-08-04 12:00:36", "1564198", "47.102.87.217:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-05 04:00:19", "100", "https://search.censys.io/hosts/47.102.87.217", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-08-04 11:35:30", "1564197", "31.56.48.161:5555", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "XWorm", "0", "abuse_ch" "2025-08-04 11:35:09", "1564196", "194.156.79.227:55615", "ip:port", "botnet_cc", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "100", "None", "RedLineStealer", "0", "abuse_ch" "2025-08-04 11:25:31", "1564195", "185.163.204.65:49257", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "XWorm", "0", "abuse_ch" "2025-08-04 11:25:28", "1564194", "196.251.86.185:62520", "ip:port", "botnet_cc", "win.purelogs", "None", "PureLogs Stealer", "", "100", "None", "PureLogsStealer", "0", "abuse_ch" "2025-08-04 11:25:12", "1564193", "http://027894cm.nyash.es/imageTojavascriptlocalpublic.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat,RAT", "0", "abuse_ch" "2025-08-04 11:18:03", "1564185", "http://124.221.221.58:8888/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2025-08-04 20:03:26", "100", "None", "AS45090,Shenzhen Tencent Computer Systems Company Limited,supershell", "0", "antiphishorg" "2025-08-04 11:18:02", "1564186", "http://120.78.121.146:8035/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2025-08-04 20:03:25", "100", "None", "AS37963,Hangzhou Alibaba Advertising Co. Ltd.,supershell", "0", "antiphishorg" "2025-08-04 11:18:02", "1564187", "http://49.113.77.155:8888/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2025-08-04 20:03:24", "100", "None", "AS4134,CHINANET-BACKBONE,supershell", "0", "antiphishorg" "2025-08-04 11:18:02", "1564188", "http://139.159.238.207:8888/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2025-08-04 20:03:23", "100", "None", "AS55990,Huawei Cloud Service data center,supershell", "0", "antiphishorg" "2025-08-04 11:18:01", "1564189", "http://47.110.51.222:18088/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2025-08-04 20:03:22", "100", "None", "AS37963,Hangzhou Alibaba Advertising Co. Ltd.,supershell", "0", "antiphishorg" "2025-08-04 11:18:01", "1564190", "http://118.195.157.204:8888/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2025-08-04 20:03:22", "100", "None", "AS45090,Shenzhen Tencent Computer Systems Company Limited,supershell", "0", "antiphishorg" "2025-08-04 11:10:32", "1564192", "mx.softlinko.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2025-08-04 12:11:05", "75", "None", "5%563,Vidar", "0", "abuse_ch" "2025-08-04 11:10:31", "1564191", "https://mx.softlinko.com", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2025-08-04 12:11:04", "75", "None", "5%563,Vidar", "0", "abuse_ch" "2025-08-04 10:53:55", "1564184", "45.221.64.72:21", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "2025-08-05 05:53:11", "75", "None", "drb-ra,Metasploit,Meterpreter", "0", "abuse_ch" "2025-08-04 10:50:31", "1564183", "192.241.251.248:7000", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "XWorm", "0", "abuse_ch" "2025-08-04 10:45:10", "1564182", "http://cw56267.tw1.ru/289ad6e1.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat,RAT", "0", "abuse_ch" "2025-08-04 10:20:18", "1564181", "206.123.145.172:6633", "ip:port", "botnet_cc", "win.vjw0rm", "None", "Vjw0rm", "", "100", "None", "Vjw0rm", "0", "abuse_ch" "2025-08-04 10:20:11", "1564180", "http://dollarman101.hopto.org:6633/is-ready", "url", "botnet_cc", "win.houdini", "Hworm,Jenxcus,Kognito,Njw0rm,WSHRAT,dinihou,dunihi", "Houdini", "", "100", "None", "RAT,WSHRAT", "0", "abuse_ch" "2025-08-04 10:10:48", "1564179", "213.152.161.56:26608", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "75", "https://bazaar.abuse.ch/sample/e92402f733e0049062f94e2b3388c86d8398f741986460c7ff3df588aeccf31b/", "RAT,RemcosRAT", "0", "abuse_ch" "2025-08-04 08:49:49", "1564172", "99.83.156.97:443", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-08-05 05:50:19", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-08-04 08:48:55", "1564171", "64.227.142.218:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-08-05 05:49:15", "75", "None", "drb-ra,Sliver", "0", "abuse_ch" "2025-08-04 08:45:51", "1564170", "182.30.87.146:443", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-08-05 06:46:19", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-08-04 08:45:50", "1564169", "182.30.43.62:443", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-08-05 06:46:17", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-08-04 08:44:45", "1564168", "16.64.30.99:443", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-08-05 06:44:58", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-08-04 08:43:48", "1564167", "123.56.160.155:60001", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-08-05 06:43:53", "75", "None", "drb-ra,Sliver", "0", "abuse_ch" "2025-08-04 08:43:12", "1564166", "103.190.232.199:46109", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-08-05 06:43:14", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-08-04 08:35:23", "1564165", "146.70.100.227:9779", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "XWorm", "0", "abuse_ch" "2025-08-04 08:20:13", "1564164", "93.127.160.198:2021", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots" "2025-08-04 08:19:58", "1564163", "hypnos-api.kapakhost.my.id", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "50", "", "c2,mirai", "0", "juroots" "2025-08-04 08:19:47", "1564162", "www.yperswapai.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:46", "1564146", "www.oyukj.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:46", "1564147", "www.pace-capsule-house.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:46", "1564148", "www.qpi.shop", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:46", "1564149", "www.r-ing.tech", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:46", "1564150", "www.raftdistillery.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:46", "1564151", "www.remium5.tokyo", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:46", "1564152", "www.sotonic.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:46", "1564153", "www.sy739.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:46", "1564154", "www.sy907.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:46", "1564155", "www.tokia.cloud", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:46", "1564156", "www.umss.qpon", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:46", "1564157", "www.uputamadre.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:46", "1564158", "www.us82.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:46", "1564159", "www.utfinpost.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:46", "1564160", "www.wdiks.vip", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:46", "1564161", "www.yhyqoeziut.pro", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:45", "1564125", "www.eshai.vip", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:45", "1564126", "www.etlemonlightsite.cfd", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:45", "1564127", "www.etr3water.click", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:45", "1564128", "www.g51-lzal1646.vip", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:45", "1564129", "www.gdyej.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:45", "1564130", "www.gmqs5.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:45", "1564131", "www.h123.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:45", "1564132", "www.heryl866.forum", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:45", "1564133", "www.i1.live", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:45", "1564134", "www.ic-staking.vip", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:45", "1564135", "www.ightspotin.shop", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:45", "1564136", "www.ijnbedrijfskleding.shop", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:45", "1564137", "www.irstcarepartners.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:45", "1564138", "www.lujjq.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:45", "1564139", "www.lvfun.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:45", "1564140", "www.m155.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:45", "1564141", "www.nayasa.tech", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:45", "1564142", "www.odesigngurulabs.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:45", "1564143", "www.ompira.live", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:45", "1564144", "www.orven.live", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:45", "1564145", "www.ow50p.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:44", "1564106", "www.ataract-surgery-15490.bond", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:44", "1564107", "www.atinca.pro", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:44", "1564108", "www.avannah.ventures", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:44", "1564109", "www.aximocastillo.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:44", "1564110", "www.azeti.shop", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:44", "1564111", "www.btreiu.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:44", "1564112", "www.c1365.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:44", "1564113", "www.c4829.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:44", "1564114", "www.c5217.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:44", "1564115", "www.dazi.info", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:44", "1564116", "www.dton.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:44", "1564117", "www.dvansebuisness.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:44", "1564118", "www.eabook.mobi", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:44", "1564119", "www.ecruittalentteam.shop", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:44", "1564120", "www.eebot.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:44", "1564121", "www.eet-new-people-69853.bond", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:44", "1564122", "www.ellowapp.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:44", "1564123", "www.encilzanybetazoom.sbs", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:44", "1564124", "www.ental-implants-22908.bond", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:43", "1564098", "www.0sao.top", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:43", "1564099", "www.3779.page", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:43", "1564100", "www.6064.net", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:43", "1564101", "www.9xtver7.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:43", "1564102", "www.aapcommerce.xyz", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:43", "1564103", "www.aluechaser.shop", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:43", "1564104", "www.aluxuryrealestate.homes", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:43", "1564105", "www.anzocommunityhub.services", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:31", "1564097", "http://www.yperswapai.xyz/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:30", "1564086", "http://www.remium5.tokyo/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:30", "1564087", "http://www.sotonic.xyz/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:30", "1564088", "http://www.sy739.top/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:30", "1564089", "http://www.sy907.top/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:30", "1564090", "http://www.tokia.cloud/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:30", "1564091", "http://www.umss.qpon/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:30", "1564092", "http://www.uputamadre.xyz/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:30", "1564093", "http://www.us82.top/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:30", "1564094", "http://www.utfinpost.xyz/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:30", "1564095", "http://www.wdiks.vip/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:30", "1564096", "http://www.yhyqoeziut.pro/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:29", "1564076", "http://www.nayasa.tech/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:29", "1564077", "http://www.odesigngurulabs.top/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:29", "1564078", "http://www.ompira.live/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:29", "1564079", "http://www.orven.live/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:29", "1564080", "http://www.ow50p.top/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:29", "1564081", "http://www.oyukj.top/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:29", "1564082", "http://www.pace-capsule-house.net/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:29", "1564083", "http://www.qpi.shop/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:29", "1564084", "http://www.r-ing.tech/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:29", "1564085", "http://www.raftdistillery.xyz/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:28", "1564066", "http://www.h123.xyz/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:28", "1564067", "http://www.heryl866.forum/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:28", "1564068", "http://www.i1.live/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:28", "1564069", "http://www.ic-staking.vip/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:28", "1564070", "http://www.ightspotin.shop/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:28", "1564071", "http://www.ijnbedrijfskleding.shop/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:28", "1564072", "http://www.irstcarepartners.net/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:28", "1564073", "http://www.lujjq.top/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:28", "1564074", "http://www.lvfun.top/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:28", "1564075", "http://www.m155.top/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:27", "1564055", "http://www.eebot.xyz/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:27", "1564056", "http://www.eet-new-people-69853.bond/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:27", "1564057", "http://www.ellowapp.xyz/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:27", "1564058", "http://www.encilzanybetazoom.sbs/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:27", "1564059", "http://www.ental-implants-22908.bond/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:27", "1564060", "http://www.eshai.vip/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:27", "1564061", "http://www.etlemonlightsite.cfd/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:27", "1564062", "http://www.etr3water.click/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:27", "1564063", "http://www.g51-lzal1646.vip/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:27", "1564064", "http://www.gdyej.top/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:27", "1564065", "http://www.gmqs5.top/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:26", "1564046", "http://www.btreiu.xyz/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:26", "1564047", "http://www.c1365.top/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:26", "1564048", "http://www.c4829.top/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:26", "1564049", "http://www.c5217.top/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:26", "1564050", "http://www.dazi.info/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:26", "1564051", "http://www.dton.net/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:26", "1564052", "http://www.dvansebuisness.net/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:26", "1564053", "http://www.eabook.mobi/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:26", "1564054", "http://www.ecruittalentteam.shop/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:25", "1564035", "http://www.6064.net/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:25", "1564036", "http://www.9xtver7.xyz/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:25", "1564037", "http://www.aapcommerce.xyz/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:25", "1564038", "http://www.aluechaser.shop/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:25", "1564039", "http://www.aluxuryrealestate.homes/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:25", "1564040", "http://www.anzocommunityhub.services/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:25", "1564041", "http://www.ataract-surgery-15490.bond/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:25", "1564042", "http://www.atinca.pro/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:25", "1564043", "http://www.avannah.ventures/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:25", "1564044", "http://www.aximocastillo.xyz/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:25", "1564045", "http://www.azeti.shop/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:24", "1564033", "http://www.0sao.top/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:24", "1564034", "http://www.3779.page/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:18:53", "1564029", "115.43.18.20:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "", "asyncrat,c2", "0", "juroots" "2025-08-04 08:18:53", "1564030", "115.43.18.20:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "", "asyncrat,c2", "0", "juroots" "2025-08-04 08:18:53", "1564031", "115.43.18.20:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "", "asyncrat,c2", "0", "juroots" "2025-08-04 08:18:53", "1564032", "115.43.18.20:9999", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "", "asyncrat,c2", "0", "juroots" "2025-08-04 08:16:39", "1564028", "https://amnesia333.store", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "50", "https://urlquery.net/report/14a5ec3d-d6b1-498d-bdaa-c19d8c22346d", "Amnesia,c2,urlquery", "0", "juroots" "2025-08-04 08:15:29", "1564027", "https://server16.filesdumpplace.org/", "url", "botnet_cc", "win.glupteba", "None", "Glupteba", "", "50", "https://urlquery.net/report/378ac64a-adb5-4629-9f55-5efbcbf1e187", "c2,glupteba,urlquery", "0", "juroots" "2025-08-04 08:15:27", "1564026", "https://server5.localstats.org/", "url", "botnet_cc", "win.glupteba", "None", "Glupteba", "", "50", "https://urlquery.net/report/495a429e-13e3-4d98-916b-1c9fdcceb0ac", "c2,glupteba,urlquery", "0", "juroots" "2025-08-04 08:15:26", "1564025", "https://server9.nisdably.com/", "url", "botnet_cc", "win.glupteba", "None", "Glupteba", "", "50", "https://urlquery.net/report/c2f217cb-3e2a-411c-84c5-224353007195", "c2,glupteba,urlquery", "0", "juroots" "2025-08-04 08:13:34", "1564024", "41.249.151.35:4444", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "", "50", "https://www.shodan.io/host/41.249.151.35#4444", "adaptixc2,c2,shodan", "0", "juroots" "2025-08-04 08:12:58", "1564022", "56.155.140.82:37", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "50", "https://www.shodan.io/host/56.155.140.82#37", "c2,netsupport,shodan", "0", "juroots" "2025-08-04 08:12:58", "1564023", "54.154.27.41:79", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "50", "https://www.shodan.io/host/54.154.27.41#79", "c2,netsupport,shodan", "0", "juroots" "2025-08-04 08:12:57", "1564020", "92.205.129.119:35101", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "50", "https://www.shodan.io/host/92.205.129.119#35101", "c2,netsupport,shodan", "0", "juroots" "2025-08-04 08:12:57", "1564021", "125.25.99.119:7443", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "50", "https://www.shodan.io/host/125.25.99.119#7443", "c2,netsupport,shodan", "0", "juroots" "2025-08-04 08:12:56", "1564019", "81.47.110.206:6000", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "50", "https://www.shodan.io/host/81.47.110.206#6000", "c2,netsupport,shodan", "0", "juroots" "2025-08-04 08:12:36", "1564018", "77.105.161.230:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/77.105.161.230#31337", "c2,shodan,sliver", "0", "juroots" "2025-08-04 08:12:35", "1564016", "209.38.83.123:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/209.38.83.123#31337", "c2,shodan,sliver", "0", "juroots" "2025-08-04 08:12:35", "1564017", "202.61.137.217:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/202.61.137.217#31337", "c2,shodan,sliver", "0", "juroots" "2025-08-04 08:12:34", "1564015", "91.166.252.112:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/91.166.252.112#31337", "c2,shodan,sliver", "0", "juroots" "2025-08-04 08:12:33", "1564014", "77.110.106.206:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/77.110.106.206#31337", "c2,shodan,sliver", "0", "juroots" "2025-08-04 08:12:30", "1564013", "37.107.165.38:7603", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#7603", "c2,extreme,shodan", "0", "juroots" "2025-08-04 08:12:29", "1564012", "37.107.165.38:8531", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#8531", "c2,extreme,shodan", "0", "juroots" "2025-08-04 08:12:28", "1564011", "37.107.165.38:9981", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#9981", "c2,extreme,shodan", "0", "juroots" "2025-08-04 08:12:27", "1564010", "37.107.165.38:16030", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#16030", "c2,extreme,shodan", "0", "juroots" "2025-08-04 08:12:26", "1564009", "37.107.165.38:65432", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#65432", "c2,extreme,shodan", "0", "juroots" "2025-08-04 08:12:25", "1564008", "37.107.165.38:2404", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#2404", "c2,extreme,shodan", "0", "juroots" "2025-08-04 08:12:24", "1564006", "37.107.165.38:9179", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#9179", "c2,extreme,shodan", "0", "juroots" "2025-08-04 08:12:24", "1564007", "37.107.165.38:12341", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#12341", "c2,extreme,shodan", "0", "juroots" "2025-08-04 08:12:23", "1564004", "37.107.165.38:5357", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#5357", "c2,extreme,shodan", "0", "juroots" "2025-08-04 08:12:23", "1564005", "37.107.165.38:2362", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#2362", "c2,extreme,shodan", "0", "juroots" "2025-08-04 08:12:22", "1564001", "37.107.165.38:60099", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#60099", "c2,extreme,shodan", "0", "juroots" "2025-08-04 08:12:22", "1564002", "37.107.165.38:8869", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#8869", "c2,extreme,shodan", "0", "juroots" "2025-08-04 08:12:22", "1564003", "37.107.165.38:5250", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#5250", "c2,extreme,shodan", "0", "juroots" "2025-08-04 08:12:21", "1563998", "37.107.165.38:60443", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#60443", "c2,extreme,shodan", "0", "juroots" "2025-08-04 08:12:21", "1563999", "37.107.165.38:5900", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#5900", "c2,extreme,shodan", "0", "juroots" "2025-08-04 08:12:21", "1564000", "37.107.165.38:5190", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#5190", "c2,extreme,shodan", "0", "juroots" "2025-08-04 08:12:20", "1563997", "37.107.165.38:9710", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#9710", "c2,extreme,shodan", "0", "juroots" "2025-08-04 08:12:19", "1563995", "37.107.165.38:9178", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#9178", "c2,extreme,shodan", "0", "juroots" "2025-08-04 08:12:19", "1563996", "37.107.165.38:6007", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#6007", "c2,extreme,shodan", "0", "juroots" "2025-08-04 08:12:18", "1563994", "37.107.165.38:9991", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#9991", "c2,extreme,shodan", "0", "juroots" "2025-08-04 08:12:17", "1563993", "37.107.165.38:8383", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#8383", "c2,extreme,shodan", "0", "juroots" "2025-08-04 08:12:16", "1563992", "37.107.165.38:8826", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#8826", "c2,extreme,shodan", "0", "juroots" "2025-08-04 08:12:15", "1563990", "37.107.165.38:12480", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#12480", "c2,extreme,shodan", "0", "juroots" "2025-08-04 08:12:15", "1563991", "37.107.165.38:52311", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#52311", "c2,extreme,shodan", "0", "juroots" "2025-08-04 08:12:14", "1563989", "37.107.165.38:1883", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#1883", "c2,extreme,shodan", "0", "juroots" "2025-08-04 08:12:13", "1563988", "37.107.165.38:9280", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#9280", "c2,extreme,shodan", "0", "juroots" "2025-08-04 08:12:12", "1563987", "37.107.165.38:45667", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#45667", "c2,extreme,shodan", "0", "juroots" "2025-08-04 08:12:11", "1563986", "37.107.165.38:3130", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#3130", "c2,extreme,shodan", "0", "juroots" "2025-08-04 08:12:10", "1563985", "37.107.165.38:48020", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#48020", "c2,extreme,shodan", "0", "juroots" "2025-08-04 08:12:09", "1563984", "37.107.165.38:14825", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#14825", "c2,extreme,shodan", "0", "juroots" "2025-08-04 08:12:08", "1563982", "37.107.165.38:9000", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#9000", "c2,extreme,shodan", "0", "juroots" "2025-08-04 08:12:08", "1563983", "37.107.165.38:30029", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#30029", "c2,extreme,shodan", "0", "juroots" "2025-08-04 08:12:07", "1563980", "37.107.165.38:45444", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#45444", "c2,extreme,shodan", "0", "juroots" "2025-08-04 08:12:07", "1563981", "37.107.165.38:11000", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#11000", "c2,extreme,shodan", "0", "juroots" "2025-08-04 08:12:06", "1563978", "37.107.165.38:64295", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#64295", "c2,extreme,shodan", "0", "juroots" "2025-08-04 08:12:06", "1563979", "37.107.165.38:12482", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#12482", "c2,extreme,shodan", "0", "juroots" "2025-08-04 08:12:05", "1563977", "37.107.165.38:12130", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#12130", "c2,extreme,shodan", "0", "juroots" "2025-08-04 08:12:04", "1563976", "37.107.165.38:5243", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#5243", "c2,extreme,shodan", "0", "juroots" "2025-08-04 08:12:03", "1563975", "37.107.165.38:7079", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#7079", "c2,extreme,shodan", "0", "juroots" "2025-08-04 08:12:02", "1563974", "37.107.165.38:3177", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#3177", "c2,extreme,shodan", "0", "juroots" "2025-08-04 08:12:01", "1563973", "37.107.165.38:60030", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#60030", "c2,extreme,shodan", "0", "juroots" "2025-08-04 08:12:00", "1563971", "37.107.165.38:10050", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#10050", "c2,extreme,shodan", "0", "juroots" "2025-08-04 08:12:00", "1563972", "37.107.165.38:36982", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#36982", "c2,extreme,shodan", "0", "juroots" "2025-08-04 08:11:59", "1563969", "37.107.165.38:122", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#122", "c2,extreme,shodan", "0", "juroots" "2025-08-04 08:11:59", "1563970", "37.107.165.38:5660", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#5660", "c2,extreme,shodan", "0", "juroots" "2025-08-04 08:11:58", "1563967", "37.107.165.38:12357", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#12357", "c2,extreme,shodan", "0", "juroots" "2025-08-04 08:11:58", "1563968", "37.107.165.38:15555", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#15555", "c2,extreme,shodan", "0", "juroots" "2025-08-04 08:11:57", "1563965", "37.107.165.38:5253", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#5253", "c2,extreme,shodan", "0", "juroots" "2025-08-04 08:11:57", "1563966", "37.107.165.38:9246", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#9246", "c2,extreme,shodan", "0", "juroots" "2025-08-04 08:11:56", "1563963", "37.107.165.38:8500", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#8500", "c2,extreme,shodan", "0", "juroots" "2025-08-04 08:11:56", "1563964", "37.107.165.38:8576", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#8576", "c2,extreme,shodan", "0", "juroots" "2025-08-04 08:11:55", "1563961", "37.107.165.38:7373", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#7373", "c2,extreme,shodan", "0", "juroots" "2025-08-04 08:11:55", "1563962", "37.107.165.38:8008", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#8008", "c2,extreme,shodan", "0", "juroots" "2025-08-04 08:11:54", "1563960", "37.107.165.38:20121", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#20121", "c2,extreme,shodan", "0", "juroots" "2025-08-04 08:11:53", "1563958", "37.107.165.38:50050", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#50050", "c2,extreme,shodan", "0", "juroots" "2025-08-04 08:11:53", "1563959", "37.107.165.38:9333", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#9333", "c2,extreme,shodan", "0", "juroots" "2025-08-04 08:11:52", "1563957", "37.107.165.38:8578", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#8578", "c2,extreme,shodan", "0", "juroots" "2025-08-04 08:11:51", "1563956", "37.107.165.38:5267", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#5267", "c2,extreme,shodan", "0", "juroots" "2025-08-04 08:11:50", "1563954", "37.107.165.38:8382", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#8382", "c2,extreme,shodan", "0", "juroots" "2025-08-04 08:11:50", "1563955", "37.107.165.38:9060", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#9060", "c2,extreme,shodan", "0", "juroots" "2025-08-04 08:11:49", "1563952", "37.107.165.38:5901", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#5901", "c2,extreme,shodan", "0", "juroots" "2025-08-04 08:11:49", "1563953", "37.107.165.38:8504", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#8504", "c2,extreme,shodan", "0", "juroots" "2025-08-04 08:11:48", "1563950", "37.107.165.38:8600", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#8600", "c2,extreme,shodan", "0", "juroots" "2025-08-04 08:11:48", "1563951", "37.107.165.38:9181", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#9181", "c2,extreme,shodan", "0", "juroots" "2025-08-04 08:11:47", "1563949", "37.107.165.38:14084", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#14084", "c2,extreme,shodan", "0", "juroots" "2025-08-04 08:11:46", "1563947", "37.107.165.38:119", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#119", "c2,extreme,shodan", "0", "juroots" "2025-08-04 08:11:46", "1563948", "37.107.165.38:9092", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#9092", "c2,extreme,shodan", "0", "juroots" "2025-08-04 08:11:45", "1563945", "37.107.165.38:22082", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#22082", "c2,extreme,shodan", "0", "juroots" "2025-08-04 08:11:45", "1563946", "37.107.165.38:12478", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#12478", "c2,extreme,shodan", "0", "juroots" "2025-08-04 08:11:44", "1563944", "37.107.165.38:4506", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#4506", "c2,extreme,shodan", "0", "juroots" "2025-08-04 08:11:43", "1563942", "37.107.165.38:9072", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#9072", "c2,extreme,shodan", "0", "juroots" "2025-08-04 08:11:43", "1563943", "37.107.165.38:15", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#15", "c2,extreme,shodan", "0", "juroots" "2025-08-04 08:11:42", "1563941", "37.107.165.38:44307", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#44307", "c2,extreme,shodan", "0", "juroots" "2025-08-04 08:11:41", "1563940", "37.107.165.38:8593", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#8593", "c2,extreme,shodan", "0", "juroots" "2025-08-04 08:11:39", "1563939", "37.107.165.38:30003", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#30003", "c2,extreme,shodan", "0", "juroots" "2025-08-04 08:11:37", "1563938", "37.107.165.38:5439", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#5439", "c2,extreme,shodan", "0", "juroots" "2025-08-04 08:11:36", "1563937", "37.107.165.38:17000", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#17000", "c2,extreme,shodan", "0", "juroots" "2025-08-04 08:11:35", "1563936", "37.107.165.38:5022", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#5022", "c2,extreme,shodan", "0", "juroots" "2025-08-04 08:11:34", "1563935", "37.107.165.38:55553", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#55553", "c2,extreme,shodan", "0", "juroots" "2025-08-04 08:11:33", "1563934", "37.107.165.38:1801", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#1801", "c2,extreme,shodan", "0", "juroots" "2025-08-04 08:11:32", "1563933", "37.107.165.38:12112", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#12112", "c2,extreme,shodan", "0", "juroots" "2025-08-04 08:11:31", "1563932", "37.107.165.38:30120", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#30120", "c2,extreme,shodan", "0", "juroots" "2025-08-04 08:11:30", "1563931", "37.107.165.38:12551", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#12551", "c2,extreme,shodan", "0", "juroots" "2025-08-04 08:11:28", "1563930", "37.107.165.38:12273", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#12273", "c2,extreme,shodan", "0", "juroots" "2025-08-04 08:11:03", "1563929", "8.134.185.44:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/8.134.185.44#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2025-08-04 08:11:01", "1563928", "42.51.34.56:8010", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-05 04:00:19", "50", "https://www.shodan.io/host/42.51.34.56#8010", "c2,cobaltstrike,shodan", "0", "juroots" "2025-08-04 08:11:00", "1563926", "38.60.198.146:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/38.60.198.146#8443", "c2,cobaltstrike,shodan", "0", "juroots" "2025-08-04 08:11:00", "1563927", "96.62.214.108:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/96.62.214.108#8443", "c2,cobaltstrike,shodan", "0", "juroots" "2025-08-04 08:01:54", "1563925", "66.206.1.250:10001", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "100", "https://search.censys.io/hosts/66.206.1.250", "AS29802,C2,censys,HVC-AS,RAT", "0", "DonPasci" "2025-08-04 08:01:28", "1563924", "edge-chat.allianz-courtage.co", "domain", "botnet_cc", "apk.ermac", "None", "ERMAC", "", "100", "https://search.censys.io/hosts/196.251.116.39+edge-chat.allianz-courtage.co", "AS401116,C2,censys,Ermac,NYBULA,panel", "0", "DonPasci" "2025-08-04 08:01:22", "1563923", "45.59.125.26:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-08-05 06:49:04", "100", "https://search.censys.io/hosts/45.59.125.26", "AS53667,C2,censys,Havoc,PONYNET", "0", "DonPasci" "2025-08-04 08:01:12", "1563922", "154.219.117.192:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/154.219.117.192", "AS401696,C2,censys,COGNETCLOUD,Supershell", "0", "DonPasci" "2025-08-04 08:00:57", "1563920", "45.80.158.63:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-08-05 06:49:13", "100", "https://search.censys.io/hosts/45.80.158.63", "AS210558,C2,censys,RAT,Remcos,SERVICES-1337-GMBH", "0", "DonPasci" "2025-08-04 08:00:57", "1563921", "206.123.152.49:33862", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-08-05 06:47:37", "100", "https://search.censys.io/hosts/206.123.152.49", "AS9009,C2,censys,M247,RAT,Remcos", "0", "DonPasci" "2025-08-04 08:00:54", "1563919", "154.36.161.51:80", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "2025-08-05 04:00:30", "100", "https://search.censys.io/hosts/154.36.161.51", "AS979,C2,censys,Gh0st,NETLAB-SDN,RAT", "0", "DonPasci" "2025-08-04 08:00:53", "1563918", "154.36.161.149:80", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "2025-08-05 04:00:27", "100", "https://search.censys.io/hosts/154.36.161.149", "AS979,C2,censys,Gh0st,NETLAB-SDN,RAT", "0", "DonPasci" "2025-08-04 08:00:39", "1563917", "206.119.172.150:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-05 05:52:29", "100", "https://search.censys.io/hosts/206.119.172.150", "AS133199,C2,censys,CobaltStrike,cs-watermark-666666666,SONDERCLOUDLIMITED-AS-AP", "0", "DonPasci" "2025-08-04 08:00:37", "1563916", "47.97.118.238:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-05 05:53:31", "100", "https://search.censys.io/hosts/47.97.118.238", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-08-04 08:00:36", "1563914", "121.43.179.233:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-05 04:00:22", "100", "https://search.censys.io/hosts/121.43.179.233", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-08-04 08:00:36", "1563915", "39.106.144.162:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-05 05:52:46", "100", "https://search.censys.io/hosts/39.106.144.162", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-08-04 08:00:35", "1563912", "43.134.9.57:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-05 05:52:56", "100", "https://search.censys.io/hosts/43.134.9.57", "AS132203,C2,censys,CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP-CN", "0", "DonPasci" "2025-08-04 08:00:35", "1563913", "47.238.86.135:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-05 04:00:13", "100", "https://search.censys.io/hosts/47.238.86.135", "ALIBABA-CN-NET,AS45102,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-08-04 07:35:58", "1563911", "95.217.242.51:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-08-04 07:35:32", "1563910", "hawkeye.v6.navy", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "75", "https://bazaar.abuse.ch/sample/39c325f57379efa8f382ccb552ae22d759ab6115d4ce5e359c631a286cf395da/", "quasar", "0", "abuse_ch" "2025-08-04 07:10:05", "1563909", "46.246.4.3:4068", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "AsyncRAT,RAT", "0", "abuse_ch" "2025-08-04 07:06:04", "1563907", "5.226.191.22:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "https://bazaar.abuse.ch/sample/b87278604e86a5ea55f04809e5e253c68cc6a17335dda5ef3f418c04536d22bc/", "asyncrat", "0", "abuse_ch" "2025-08-04 07:06:04", "1563908", "5.226.191.22:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "https://bazaar.abuse.ch/sample/b87278604e86a5ea55f04809e5e253c68cc6a17335dda5ef3f418c04536d22bc/", "asyncrat", "0", "abuse_ch" "2025-08-04 07:06:03", "1563906", "5.226.191.18:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "https://bazaar.abuse.ch/sample/b87278604e86a5ea55f04809e5e253c68cc6a17335dda5ef3f418c04536d22bc/", "asyncrat", "0", "abuse_ch" "2025-08-04 07:00:06", "1563905", "5.226.191.18:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "AsyncRAT,RAT", "0", "abuse_ch" "2025-08-04 06:55:35", "1563904", "https://goethjmr.asia/lkiq/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/66714b3368a2365b0ac7cb6a09bf95dc6fb98989a74bcd2e274971b4237e6df7/", "lumma", "0", "abuse_ch" "2025-08-04 06:03:26", "1563899", "45.204.200.26:9090", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "https://tria.ge/250804-gjckbsel5s", "AS62468,C2,rat,triage,valleyrat", "0", "DonPasci" "2025-08-04 06:03:26", "1563900", "45.204.200.26:9091", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "https://tria.ge/250804-gjckbsel5s", "AS62468,C2,rat,triage,valleyrat", "0", "DonPasci" "2025-08-04 06:03:26", "1563901", "45.204.200.26:9092", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "https://tria.ge/250804-gjckbsel5s", "AS62468,C2,rat,triage,valleyrat", "0", "DonPasci" "2025-08-04 06:03:26", "1563902", "45.204.194.60:53", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "https://tria.ge/250804-c7ay7abj7s", "AS62468,C2,rat,triage,valleyrat", "0", "DonPasci" "2025-08-04 06:03:26", "1563903", "45.204.194.60:668", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "https://tria.ge/250804-c7ay7abj7s", "AS62468,C2,rat,triage,valleyrat", "0", "DonPasci" "2025-08-04 06:03:05", "1563898", "95.165.131.19:5552", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "https://tria.ge/250804-ggddvaek9y", "AS25513,C2,njrat,triage", "0", "DonPasci" "2025-08-04 06:01:03", "1563897", "185.233.164.156:4449", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://tria.ge/250804-ga7n4sej71", "AS48678,asyncrat,C2,rat,triage", "0", "DonPasci" "2025-08-04 06:00:43", "1563895", "flipbaker-35783.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250804-ejk6cscl7s", "C2,domain,triage,xworm", "0", "DonPasci" "2025-08-04 06:00:43", "1563896", "similar-meta.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250804-bqds3s11fw", "C2,domain,triage,xworm", "0", "DonPasci" "2025-08-04 06:00:42", "1563893", "wealthyblessed.minhaempresa.tv", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250804-gcg68sej9y", "C2,domain,triage,xworm", "0", "DonPasci" "2025-08-04 06:00:42", "1563894", "union-victor.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250804-esxwhscn4s", "C2,domain,triage,xworm", "0", "DonPasci" "2025-08-04 05:50:31", "1563865", "45.86.153.106:21451", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-05 05:53:13", "100", "https://search.censys.io/hosts/45.86.153.106", "AS200950,C2,censys", "0", "dyingbreeds_" "2025-08-04 05:50:30", "1563864", "ec2-47-129-44-166.ap-southeast-1.compute.amazonaws.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/47.129.44.166+ec2-47-129-44-166.ap-southeast-1.compute.amazonaws.com", "AMAZON-02,AS16509,C2,censys", "0", "dyingbreeds_" "2025-08-04 05:50:29", "1563866", "43.143.22.10:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-04 04:00:37", "100", "https://search.censys.io/hosts/43.143.22.10", "AS45090,C2,censys", "0", "dyingbreeds_" "2025-08-04 05:50:28", "1563867", "122.51.235.217:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-04 04:00:34", "100", "https://search.censys.io/hosts/122.51.235.217", "AS45090,C2,censys", "0", "dyingbreeds_" "2025-08-04 05:50:28", "1563868", "103.215.83.250:8080", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "2025-08-04 04:00:49", "75", "https://search.censys.io/hosts/103.215.83.250", "AS55933,C2,censys,RAT", "0", "dyingbreeds_" "2025-08-04 05:50:27", "1563869", "123.163.220.113:40000", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-08-05 06:43:51", "90", "https://search.censys.io/hosts/123.163.220.113", "AS4134,C2,censys", "0", "dyingbreeds_" "2025-08-04 05:50:27", "1563870", "ec2-54-244-199-31.us-west-2.compute.amazonaws.com", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/54.244.199.31+ec2-54-244-199-31.us-west-2.compute.amazonaws.com", "AMAZON-02,AS16509,C2,censys,Mythic", "0", "dyingbreeds_" "2025-08-04 05:50:26", "1563871", "18.212.12.10:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-08-05 06:46:08", "100", "https://search.censys.io/hosts/18.212.12.10", "AMAZON-AES,AS14618,C2,censys,Mythic", "0", "dyingbreeds_" "2025-08-04 05:50:26", "1563872", "15.235.22.225:4782", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-08-04 04:01:10", "100", "https://search.censys.io/hosts/15.235.22.225", "AS16276,C2,censys,OVH,RAT", "0", "dyingbreeds_" "2025-08-04 05:50:26", "1563874", "203.32.26.210:143", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/203.32.26.210", "AS26383,ASNET,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-08-04 05:50:25", "1563873", "2.9.246.3:5000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/2.9.246.3", "AS3215,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-08-04 05:50:25", "1563878", "35.95.30.177:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/35.95.30.177", "AMAZON-02,AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-08-04 05:50:24", "1563877", "139.59.106.55:80", "ip:port", "botnet_cc", "elf.moobot", "None", "MooBot", "2025-08-04 04:01:25", "100", "https://search.censys.io/hosts/139.59.106.55", "AS14061,C2,censys,DIGITALOCEAN-ASN", "0", "dyingbreeds_" "2025-08-04 05:50:23", "1563879", "213.209.150.183:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/213.209.150.183", "AS214943,censys,GoPhish,Phishing,RAILNET", "0", "dyingbreeds_" "2025-08-04 05:50:22", "1563880", "58.87.33.43:8080", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/58.87.33.43", "AS9524,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-08-04 05:50:22", "1563881", "158.220.97.82:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/158.220.97.82", "AS51167,censys,CONTABO,GoPhish,Phishing", "0", "dyingbreeds_" "2025-08-04 05:50:21", "1563882", "31.97.248.145:8081", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/31.97.248.145", "AS-HOSTINGER,AS47583,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-08-04 05:50:20", "1563883", "145.223.21.223:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/145.223.21.223", "AS-HOSTINGER,AS47583,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-08-04 05:50:20", "1563887", "77.49.53.53:995", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "2025-08-05 05:49:28", "100", "https://search.censys.io/hosts/77.49.53.53", "AS1241,C2,censys", "0", "dyingbreeds_" "2025-08-04 05:50:18", "1563856", "http://47.99.159.237:18088/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2025-08-04 20:03:27", "100", "None", "AS37963,Hangzhou Alibaba Advertising Co. Ltd.,supershell", "0", "antiphishorg" "2025-08-04 05:50:18", "1563862", "https://helloworldcyber.live/webpanel/panel/login.php", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "None", "AS13335,Cloudflare Inc.,cyberstealer,PDR Ltd. d/b/a PublicDomainRegistry.com", "0", "antiphishorg" "2025-08-04 05:50:17", "1563855", "http://116.205.245.113:8029/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2025-08-04 20:03:29", "100", "None", "AS55990,Huawei Cloud Service data center,supershell", "0", "antiphishorg" "2025-08-04 05:50:17", "1563863", "http://176.123.2.48/1.sh", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2025-08-05 03:00:31", "75", "https://greedybear.honeynet.org", "honeypot", "0", "greedybear" "2025-08-04 05:50:16", "1563834", "http://206.82.6.254:8888/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2025-08-04 20:03:30", "100", "None", "AS963,N963 PTE. LTD.,supershell", "0", "antiphishorg" "2025-08-04 05:50:14", "1563820", "security.flhurgyard.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix,CoreSecThree", "0", "HuntYethHounds" "2025-08-04 05:50:13", "1563821", "nenziop.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix,CoreSecThree", "0", "HuntYethHounds" "2025-08-04 05:50:12", "1563884", "44.245.88.195:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/44.245.88.195", "AMAZON-02,AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-08-04 05:50:11", "1563885", "223.254.129.213:13333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/223.254.129.213", "AS55933,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-08-04 05:45:56", "1563892", "96.45.244.194:5127", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "75", "https://bazaar.abuse.ch/sample/c32f2184fadc3d690d8b38e83d66a43dc1035399d652f3cf95a97a4cb4912026/", "quasar", "0", "abuse_ch" "2025-08-04 05:40:49", "1563891", "172.245.154.155:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2025-08-04 05:40:48", "1563890", "47.92.25.133:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2025-08-04 05:39:59", "1563889", "185.112.144.142:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2025-08-04 05:10:46", "1563888", "196.251.114.54:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-08-05 04:01:03", "75", "https://bazaar.abuse.ch/sample/de488f3464411c717689ab624b245e81ec2bbcaee4cef6d564a87697830ee2b8/", "remcos", "0", "abuse_ch" "2025-08-04 04:01:15", "1563886", "54.233.24.103:19623", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://search.censys.io/hosts/54.233.24.103", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-08-04 04:00:52", "1563876", "24.255.243.54:2405", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-08-05 06:48:09", "100", "https://search.censys.io/hosts/24.255.243.54", "AS22773,ASN-CXA-ALL-CCI-22773-RDC,C2,censys,RAT,Remcos", "0", "DonPasci" "2025-08-04 04:00:51", "1563875", "206.123.152.45:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-08-05 06:47:37", "100", "https://search.censys.io/hosts/206.123.152.45", "AS9009,C2,censys,M247,RAT,Remcos", "0", "DonPasci" "2025-08-04 02:51:16", "1563861", "81.71.249.93:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-05 05:53:48", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-08-04 02:45:11", "1563860", "46.246.4.3:3049", "ip:port", "botnet_cc", "win.vjw0rm", "None", "Vjw0rm", "", "100", "None", "Vjw0rm", "0", "abuse_ch" "2025-08-04 02:45:03", "1563859", "http://oby2349.giize.com:3049/is-ready", "url", "botnet_cc", "win.houdini", "Hworm,Jenxcus,Kognito,Njw0rm,WSHRAT,dinihou,dunihi", "Houdini", "", "100", "None", "RAT,WSHRAT", "0", "abuse_ch" "2025-08-04 02:40:12", "1563858", "45.204.194.60:90", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "None", "RAT,ValleyRAT", "0", "abuse_ch" "2025-08-04 01:05:17", "1563857", "147.185.221.30:51135", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "XWorm", "0", "abuse_ch" "2025-08-04 00:10:58", "1563853", "https://ty.softlinko.com", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2025-08-04 10:10:57", "75", "None", "5%563,Vidar", "0", "abuse_ch" "2025-08-04 00:10:58", "1563854", "ty.softlinko.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2025-08-05 06:10:41", "75", "None", "5%563,Vidar", "0", "abuse_ch" "2025-08-04 00:01:48", "1563852", "62.84.179.62:443", "ip:port", "botnet_cc", "win.empire_downloader", "None", "Empire Downloader", "", "100", "https://search.censys.io/hosts/62.84.179.62", "AS51167,C2,censys,CONTABO,PowershellEmpire", "0", "DonPasci" "2025-08-04 00:01:36", "1563851", "192.227.134.76:80", "ip:port", "botnet_cc", "elf.bashlite", "gayfgt,Gafgyt,qbot,torlus,lizkebab", "Bashlite", "", "100", "https://search.censys.io/hosts/192.227.134.76", "AS-COLOCROSSING,AS36352,C2,censys,Gafgyt,open-dir", "0", "DonPasci" "2025-08-04 00:01:17", "1563850", "5.101.84.173:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-08-05 06:49:35", "100", "https://search.censys.io/hosts/5.101.84.173", "AS-GLOBALTELEHOST,AS63023,C2,censys,Havoc", "0", "DonPasci" "2025-08-04 00:01:16", "1563849", "98.184.14.107:7887", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-08-04 04:00:38", "100", "https://search.censys.io/hosts/98.184.14.107", "AS22773,ASN-CXA-ALL-CCI-22773-RDC,C2,censys,Quasar,RAT", "0", "DonPasci" "2025-08-04 00:01:09", "1563847", "202.55.135.163:443", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-08-05 06:47:34", "100", "https://search.censys.io/hosts/202.55.135.163", "AS63737,AsyncRAT,C2,censys,RAT,VIETSERVER-AS-VN", "0", "DonPasci" "2025-08-04 00:01:09", "1563848", "202.55.135.163:8080", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-08-05 06:47:34", "100", "https://search.censys.io/hosts/202.55.135.163", "AS63737,AsyncRAT,C2,censys,RAT,VIETSERVER-AS-VN", "0", "DonPasci" "2025-08-04 00:01:08", "1563846", "181.235.10.10:8020", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-08-05 06:46:16", "100", "https://search.censys.io/hosts/181.235.10.10", "AS3816,AsyncRAT,C2,censys,COLOMBIA,RAT", "0", "DonPasci" "2025-08-04 00:00:58", "1563845", "89.46.65.114:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-08-05 05:49:58", "100", "https://search.censys.io/hosts/89.46.65.114", "ARUBA-ASN,AS31034,C2,censys,Sliver", "0", "DonPasci" "2025-08-04 00:00:55", "1563844", "27.102.127.136:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-08-05 06:48:09", "100", "https://search.censys.io/hosts/27.102.127.136", "AS45996,C2,censys,DAOU-AS-KR,RAT,Remcos", "0", "DonPasci" "2025-08-04 00:00:54", "1563843", "107.175.148.101:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-08-05 06:43:29", "100", "https://search.censys.io/hosts/107.175.148.101", "AS-COLOCROSSING,AS36352,C2,censys,RAT,Remcos", "0", "DonPasci" "2025-08-04 00:00:51", "1563842", "154.36.161.225:80", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "2025-08-04 04:00:21", "100", "https://search.censys.io/hosts/154.36.161.225", "AS979,C2,censys,Gh0st,NETLAB-SDN,RAT", "0", "DonPasci" "2025-08-04 00:00:37", "1563840", "38.47.120.26:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-05 05:52:35", "100", "https://search.censys.io/hosts/38.47.120.26", "AS198100,C2,censys,CobaltStrike,cs-watermark-666666666,WAP-AC", "0", "DonPasci" "2025-08-04 00:00:37", "1563841", "154.201.76.184:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-05 05:52:08", "100", "https://search.censys.io/hosts/154.201.76.184", "AS8796,C2,censys,CobaltStrike,cs-watermark-1234567890,FD-298-8796", "0", "DonPasci" "2025-08-04 00:00:34", "1563839", "172.105.24.242:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-04 04:00:14", "100", "https://search.censys.io/hosts/172.105.24.242", "AKAMAI-LINODE-AP,AS63949,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-08-04 00:00:33", "1563838", "217.60.38.209:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-04 04:00:13", "100", "https://search.censys.io/hosts/217.60.38.209", "AS56971,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-08-03 23:30:20", "1563837", "198.135.50.224:9000", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "XWorm", "0", "abuse_ch" "2025-08-03 21:15:43", "1563836", "http://59.110.81.93:12121/DcQe", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "https://bazaar.abuse.ch/sample/3868091a675ee465ba7a7758d73c1aa21610739732f6fb7d4b9e8ffb4b9d8308/", "cobaltstrike", "0", "abuse_ch" "2025-08-03 21:10:09", "1563835", "59.110.81.93:12121", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike", "0", "abuse_ch" "2025-08-03 20:47:52", "1563833", "52.27.181.0:443", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-08-05 06:49:48", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-08-03 20:47:09", "1563832", "44.237.77.82:443", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-08-05 06:48:52", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-08-03 20:46:45", "1563831", "34.82.165.200:443", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-08-05 06:48:26", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-08-03 20:46:43", "1563830", "34.40.62.12:8888", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-08-05 06:48:25", "75", "None", "drb-ra,Sliver", "0", "abuse_ch" "2025-08-03 20:46:29", "1563829", "23.95.75.252:3566", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-08-05 06:48:07", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-08-03 20:46:26", "1563828", "23.23.249.235:443", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-08-05 06:48:04", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-08-03 20:45:55", "1563827", "https://t.me/dhtyjd56uerjty", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/5cc69bda6dc376c62fafeee10fff3e5ed60eadc7f9a4172b91d005b2aa85983c/", "lumma", "0", "abuse_ch" "2025-08-03 20:45:44", "1563826", "https://laplmav.xin/iire/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/5cc69bda6dc376c62fafeee10fff3e5ed60eadc7f9a4172b91d005b2aa85983c/", "lumma", "0", "abuse_ch" "2025-08-03 20:35:57", "1563825", "109.248.151.75:5888", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "75", "https://bazaar.abuse.ch/sample/98f71f75497b74d197d5b00ac49ddde00a238b096e25209dd11dc26fef77fcc6/", "remcos", "0", "abuse_ch" "2025-08-03 20:10:36", "1563819", "https://faitnfk.asia/tiwu/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/2155f4050a5ed8cabd76f1f0d2a079fc35357d466292b27741181313673fb79f/", "lumma", "0", "abuse_ch" "2025-08-03 20:01:33", "1563818", "vpn294647220.softether.net", "domain", "botnet_cc", "elf.bashlite", "gayfgt,Gafgyt,qbot,torlus,lizkebab", "Bashlite", "", "100", "https://search.censys.io/hosts/192.227.134.76+vpn294647220.softether.net", "AS-COLOCROSSING,AS36352,C2,censys,Gafgyt,open-dir", "0", "DonPasci" "2025-08-03 20:01:31", "1563817", "47.96.86.180:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/47.96.86.180", "ALIBABA-CN-NET,AS37963,c2,c2-redirector,censys,RedGuard", "0", "DonPasci" "2025-08-03 20:01:19", "1563816", "194.116.214.53:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-08-05 06:47:02", "100", "https://search.censys.io/hosts/194.116.214.53", "AS56971,C2,censys,Covenant", "0", "DonPasci" "2025-08-03 20:01:16", "1563814", "35.152.141.253:8636", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-08-05 06:48:27", "100", "https://search.censys.io/hosts/35.152.141.253", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-08-03 20:01:16", "1563815", "84.154.183.163:81", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-08-05 05:49:45", "100", "https://search.censys.io/hosts/84.154.183.163", "AS3320,C2,censys,DTAG,Netsupport,RAT", "0", "DonPasci" "2025-08-03 20:01:10", "1563813", "102.117.173.73:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-08-05 06:43:10", "100", "https://search.censys.io/hosts/102.117.173.73", "AS23889,C2,censys,MauritiusTelecom,Mythic", "0", "DonPasci" "2025-08-03 20:01:05", "1563812", "207.231.111.84:81", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-08-05 06:47:41", "100", "https://search.censys.io/hosts/207.231.111.84", "AS62633,AsyncRAT,C2,censys,RAT,SERVERDIME-SERVERCHEAP-HOSTRUSH", "0", "DonPasci" "2025-08-03 20:00:54", "1563811", "94.237.86.76:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-08-05 05:50:13", "100", "https://search.censys.io/hosts/94.237.86.76", "AS202053,C2,censys,Sliver,UPCLOUD", "0", "DonPasci" "2025-08-03 20:00:51", "1563810", "46.183.222.115:4477", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-08-05 06:49:21", "100", "https://search.censys.io/hosts/46.183.222.115", "AS52048,C2,censys,RAT,Remcos,RIXHOST", "0", "DonPasci" "2025-08-03 20:00:48", "1563808", "154.36.161.135:80", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "2025-08-04 04:00:19", "100", "https://search.censys.io/hosts/154.36.161.135", "AS979,C2,censys,Gh0st,NETLAB-SDN,RAT", "0", "DonPasci" "2025-08-03 20:00:48", "1563809", "154.36.161.73:80", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "2025-08-04 04:00:19", "100", "https://search.censys.io/hosts/154.36.161.73", "AS979,C2,censys,Gh0st,NETLAB-SDN,RAT", "0", "DonPasci" "2025-08-03 20:00:35", "1563807", "154.44.25.248:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-04 04:00:18", "100", "https://search.censys.io/hosts/154.44.25.248", "AS979,C2,censys,CobaltStrike,cs-watermark-666666666,NETLAB-SDN", "0", "DonPasci" "2025-08-03 18:25:19", "1563800", "137.220.229.14:8000", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "XWorm", "0", "abuse_ch" "2025-08-03 18:15:21", "1563799", "154.44.31.147:7890", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "None", "RAT,ValleyRAT", "0", "abuse_ch" "2025-08-03 18:05:45", "1563798", "http://penpoolux.co.in/eng/fre.php", "url", "botnet_cc", "win.lokipws", "Burkina,Loki,LokiBot,LokiPWS", "Loki Password Stealer (PWS)", "", "100", "https://tria.ge/250803-qclzvseq7w", "C2,loki,lokibot,triage", "0", "DonPasci" "2025-08-03 18:05:36", "1563797", "169.150.231.246:57744", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "XWorm", "0", "abuse_ch" "2025-08-03 18:04:27", "1563796", "http://zaebaloblya.tk/zae/index.php", "url", "botnet_cc", "win.azorult", "PuffStealer,Rultazo", "Azorult", "", "100", "https://tria.ge/250803-qwlhfafm6s", "azorult,C2,rat,triage", "0", "DonPasci" "2025-08-03 18:03:55", "1563794", "ayoub111.no-ip.biz", "domain", "botnet_cc", "win.cybergate", "Rebhip", "CyberGate", "", "100", "https://tria.ge/250803-tm529saq8v", "C2,cybergate,domain,rat,triage", "0", "DonPasci" "2025-08-03 18:03:55", "1563795", "hackcoder.no-ip.org", "domain", "botnet_cc", "win.cybergate", "Rebhip", "CyberGate", "", "100", "https://tria.ge/250803-rrwchstsey", "C2,cybergate,domain,rat,triage", "0", "DonPasci" "2025-08-03 18:01:04", "1563793", "https://materdvc.beer/xeoi/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "https://tria.ge/250803-rvtcbswnz3", "C2,lumma,stealer,triage", "0", "DonPasci" "2025-08-03 18:00:53", "1563792", "165.227.31.192:22069", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://tria.ge/250803-tltmvavyay", "AS14061,C2,quasar,rat,triage", "0", "DonPasci" "2025-08-03 18:00:45", "1563791", "thing-ob.gl.at.ply.gg", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-08-03 18:00:46", "100", "https://tria.ge/250803-tbsykaan6w", "asyncrat,C2,domain,rat,triage", "0", "DonPasci" "2025-08-03 18:00:40", "1563790", "versionestablefinal.kozow.com", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/250803-sbtz7axjs6", "C2,domain,rat,remcos,triage", "0", "DonPasci" "2025-08-03 18:00:36", "1563789", "follow-absent.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250803-v85t3ack4s", "C2,domain,triage,xworm", "0", "DonPasci" "2025-08-03 17:40:23", "1563788", "172.245.21.131:3594", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "XWorm", "0", "abuse_ch" "2025-08-03 17:40:19", "1563787", "147.185.221.30:49308", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "XWorm", "0", "abuse_ch" "2025-08-03 17:05:03", "1563786", "31.57.188.142:55123", "ip:port", "botnet_cc", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "100", "None", "RedLineStealer", "0", "abuse_ch" "2025-08-03 16:56:29", "1563782", "34.174.99.226:5552", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "75", "https://tria.ge/250803-trhsjaylt7", "None", "0", "burger" "2025-08-03 16:56:28", "1563783", "fillettx.xin", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "https://app.any.run/tasks/8041ad17-7ad9-4741-bfd9-87059d0af671", "None", "0", "pitachu" "2025-08-03 16:51:57", "1563785", "47.95.209.123:9999", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-05 05:53:29", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-08-03 16:45:06", "1563784", "http://a0931898.xsph.ru/L1nc0In.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat,RAT", "0", "abuse_ch" "2025-08-03 16:10:40", "1563781", "147.185.221.30:50178", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "75", "https://bazaar.abuse.ch/sample/ee34db4e68157f938be940b6a85259209d363409e84681b4b4eb3894b75fdc92/", "xworm", "0", "abuse_ch" "2025-08-03 16:10:22", "1563766", "http://weathersouth.shop/45cc90de006049c9.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "https://app.any.run/tasks/07984521-8b82-4efc-b5c5-210c03044588", "None", "0", "pitachu" "2025-08-03 16:10:22", "1563768", "http://64.227.174.215/1.sh", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2025-08-03 20:40:40", "75", "https://greedybear.honeynet.org", "honeypot", "0", "greedybear" "2025-08-03 16:01:49", "1563780", "59.120.36.165:10001", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "100", "https://search.censys.io/hosts/59.120.36.165", "AS3462,C2,censys,HINET,RAT", "0", "DonPasci" "2025-08-03 16:01:42", "1563779", "146.19.254.30:4444", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "", "100", "https://search.censys.io/hosts/146.19.254.30", "AdaptixC2,AS62005,BV-EU-AS,C2,censys", "0", "DonPasci" "2025-08-03 16:01:31", "1563778", "93.143.14.108:8080", "ip:port", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "2025-08-05 05:50:09", "100", "https://search.censys.io/hosts/93.143.14.108", "AS5391,censys,Chaos,panel,T-HT", "0", "DonPasci" "2025-08-03 16:01:18", "1563777", "18.228.192.59:2096", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-08-05 06:46:08", "100", "https://search.censys.io/hosts/18.228.192.59", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-08-03 16:01:16", "1563776", "185.165.169.47:443", "ip:port", "botnet_cc", "win.venom", "None", "Venom RAT", "", "100", "https://search.censys.io/hosts/185.165.169.47", "AS200651,C2,censys,FLOKINET,RAT,Venom", "0", "DonPasci" "2025-08-03 16:01:11", "1563775", "139.177.201.16:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-08-05 06:44:17", "100", "https://search.censys.io/hosts/139.177.201.16", "AKAMAI-LINODE-AP,AS63949,C2,censys,Mythic", "0", "DonPasci" "2025-08-03 16:01:05", "1563774", "105.157.227.159:81", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-08-05 06:43:22", "100", "https://search.censys.io/hosts/105.157.227.159", "AS36903,AsyncRAT,C2,censys,MT-MPLS,RAT", "0", "DonPasci" "2025-08-03 16:01:04", "1563773", "34.96.165.237:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-08-04 04:00:28", "100", "https://search.censys.io/hosts/34.96.165.237", "AS396982,C2,censys,GOOGLE-CLOUD-PLATFORM,Supershell", "0", "DonPasci" "2025-08-03 16:00:54", "1563772", "47.236.228.89:8443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-08-05 06:49:30", "100", "https://search.censys.io/hosts/47.236.228.89", "ALIBABA-CN-NET,AS45102,C2,censys,Sliver", "0", "DonPasci" "2025-08-03 16:00:50", "1563771", "196.251.72.103:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-08-05 06:47:17", "100", "https://search.censys.io/hosts/196.251.72.103", "AS401120,C2,censys,CHEAPY-HOST,RAT,Remcos", "0", "DonPasci" "2025-08-03 16:00:47", "1563769", "45.192.97.247:8080", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "2025-08-04 04:00:20", "100", "https://search.censys.io/hosts/45.192.97.247", "AS401696,C2,censys,COGNETCLOUD,Gh0st,RAT", "0", "DonPasci" "2025-08-03 16:00:47", "1563770", "103.86.46.62:80", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "2025-08-04 04:00:22", "100", "https://search.censys.io/hosts/103.86.46.62", "AS138195,C2,censys,Gh0st,MOACKCOLTD-AS-AP,RAT", "0", "DonPasci" "2025-08-03 16:00:33", "1563767", "38.14.248.189:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-04 04:00:10", "100", "https://search.censys.io/hosts/38.14.248.189", "AROSS-AS,AS400619,C2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci" "2025-08-03 14:07:49", "1563765", "tftp://46.236.170.199/.i", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "75", "https://greedybear.honeynet.org", "honeypot", "0", "greedybear" "2025-08-03 12:51:50", "1563764", "47.237.120.206:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-05 05:53:24", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-08-03 12:10:40", "1563763", "184.174.20.240:4782", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "XWorm", "0", "abuse_ch" "2025-08-03 12:04:57", "1563762", "version-affected.gl.at.ply.gg", "domain", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "100", "https://tria.ge/250803-hbzwbshn5t", "android,C2,domain,spynote,triage", "0", "DonPasci" "2025-08-03 12:02:58", "1563761", "technology-rome.gl.at.ply.gg", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "https://tria.ge/250803-k6yb4asjy6", "C2,domain,njrat,triage", "0", "DonPasci" "2025-08-03 12:01:42", "1563760", "45.79.71.245:10001", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "100", "https://search.censys.io/hosts/45.79.71.245", "AKAMAI-LINODE-AP,AS63949,C2,censys,RAT", "0", "DonPasci" "2025-08-03 12:01:16", "1563759", "m.allianz-courtage.co", "domain", "botnet_cc", "apk.ermac", "None", "ERMAC", "", "100", "https://search.censys.io/hosts/196.251.116.39+m.allianz-courtage.co", "AS401116,C2,censys,Ermac,NYBULA,panel", "0", "DonPasci" "2025-08-03 12:01:14", "1563758", "18.230.11.233:636", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-08-05 06:46:09", "100", "https://search.censys.io/hosts/18.230.11.233", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-08-03 12:01:10", "1563757", "office304.duckdns.org", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-08-04 04:00:39", "100", "https://search.censys.io/hosts/5.161.144.140+office304.duckdns.org", "AS213230,C2,censys,Havoc,HETZNER-CLOUD2-AS", "0", "DonPasci" "2025-08-03 12:01:08", "1563756", "166.88.197.47:8089", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "2025-08-04 04:00:36", "100", "https://search.censys.io/hosts/166.88.197.47", "AS26383,ASNET,C2,censys,Hookbot", "0", "DonPasci" "2025-08-03 12:01:07", "1563755", "65.20.99.39:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-08-05 05:49:17", "100", "https://search.censys.io/hosts/65.20.99.39", "AS-VULTR,AS20473,C2,censys,Mythic", "0", "DonPasci" "2025-08-03 12:01:04", "1563754", "85.208.84.191:15647", "ip:port", "botnet_cc", "win.sectop_rat", "1xxbot,ArechClient", "SectopRAT", "", "100", "https://search.censys.io/hosts/85.208.84.191", "AS211659,C2,censys,RAT,Sectop,STIMUL-AS", "0", "DonPasci" "2025-08-03 12:01:02", "1563753", "45.74.8.89:81", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-08-05 06:49:08", "100", "https://search.censys.io/hosts/45.74.8.89", "AS3223,AsyncRAT,C2,censys,RAT,VOXILITY", "0", "DonPasci" "2025-08-03 12:00:57", "1563752", "https://ukrposhttem.top/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "https://tria.ge/250803-jldarayvfz", "C2,lumma,stealer,triage", "0", "DonPasci" "2025-08-03 12:00:51", "1563751", "192.30.241.205:4782", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://tria.ge/250803-j3bhgsbj91", "AS396073,C2,quasar,rat,triage", "0", "DonPasci" "2025-08-03 12:00:49", "1563750", "206.123.149.194:3608", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-08-05 06:47:37", "100", "https://search.censys.io/hosts/206.123.149.194", "AS9009,C2,censys,M247,RAT,Remcos", "0", "DonPasci" "2025-08-03 12:00:46", "1563748", "116.204.169.9:80", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "2025-08-04 04:00:21", "100", "https://search.censys.io/hosts/116.204.169.9", "AS138195,C2,censys,Gh0st,MOACKCOLTD-AS-AP,RAT", "0", "DonPasci" "2025-08-03 12:00:46", "1563749", "45.204.211.230:8080", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "2025-08-04 04:00:20", "100", "https://search.censys.io/hosts/45.204.211.230", "AS62468,C2,censys,Gh0st,HKCLOUDX,RAT", "0", "DonPasci" "2025-08-03 12:00:43", "1563746", "bbvlljwwd.localto.net", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://tria.ge/250803-j6l4dsyybw", "asyncrat,C2,domain,rat,triage", "0", "DonPasci" "2025-08-03 12:00:43", "1563747", "193.27.90.71:443", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://tria.ge/250803-ja2h7sal9z", "AS200019,asyncrat,C2,rat,triage", "0", "DonPasci" "2025-08-03 12:00:33", "1563745", "monstr.ddns.net", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250803-lpmppsck6w", "C2,domain,triage,xworm", "0", "DonPasci" "2025-08-03 12:00:32", "1563744", "47.105.65.102:4567", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-05 05:53:14", "100", "https://search.censys.io/hosts/47.105.65.102", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci" "2025-08-03 11:10:29", "1563742", "https://ww.softlinko.com", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2025-08-04 07:35:24", "75", "None", "5%563,Vidar", "0", "abuse_ch" "2025-08-03 11:10:29", "1563743", "ww.softlinko.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2025-08-04 07:35:41", "75", "None", "5%563,Vidar", "0", "abuse_ch" "2025-08-03 10:25:08", "1563733", "http://cm41241.tw1.ru/7b4a24ad.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat,RAT", "0", "abuse_ch" "2025-08-03 10:10:14", "1563732", "159.75.118.90:8888", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "None", "RAT,ValleyRAT", "0", "abuse_ch" "2025-08-03 09:10:05", "1563731", "147.185.221.30:45022", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "None", "NjRAT", "0", "abuse_ch" "2025-08-03 08:48:23", "1563730", "52.204.245.211:443", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-08-05 06:49:47", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-08-03 08:47:22", "1563729", "35.180.193.218:8443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-08-04 07:47:20", "75", "None", "drb-ra,Sliver", "0", "abuse_ch" "2025-08-03 08:45:19", "1563728", "173.184.240.29:631", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-08-05 06:45:48", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-08-03 08:44:01", "1563727", "135.125.241.45:80", "ip:port", "botnet_cc", "win.broomstick", "CLEANBOOST,CleanUp,CleanUpLoader,Oyster", "Broomstick", "2025-08-05 06:44:12", "75", "None", "Broomstick,drb-ra,Oyster", "0", "abuse_ch" "2025-08-03 08:43:17", "1563726", "104.224.153.87:55560", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-08-05 06:43:20", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-08-03 08:01:39", "1563725", "45.221.64.63:8888", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://search.censys.io/hosts/45.221.64.63", "AS207184,C2,censys,cert,rhadamanthys,stealer,TELCHAK-AS", "0", "DonPasci" "2025-08-03 08:01:09", "1563723", "51.94.31.130:8883", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-08-05 06:49:45", "100", "https://search.censys.io/hosts/51.94.31.130", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-08-03 08:01:09", "1563724", "16.52.85.16:9999", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-08-05 06:44:57", "100", "https://search.censys.io/hosts/16.52.85.16", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-08-03 08:01:08", "1563721", "54.78.64.124:2181", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-08-05 06:49:58", "100", "https://search.censys.io/hosts/54.78.64.124", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-08-03 08:01:08", "1563722", "51.94.31.130:1433", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-08-05 06:49:45", "100", "https://search.censys.io/hosts/51.94.31.130", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-08-03 08:01:06", "1563720", "37.114.50.25:8080", "ip:port", "botnet_cc", "win.orcus_rat", "Schnorchel", "Orcus RAT", "2025-08-04 04:00:41", "100", "https://search.censys.io/hosts/37.114.50.25", "AS58087,C2,censys,FLORIANKOLB,Orcus,RAT", "0", "DonPasci" "2025-08-03 08:00:58", "1563719", "172.111.151.97:61", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-08-05 06:45:35", "100", "https://search.censys.io/hosts/172.111.151.97", "AS9009,AsyncRAT,C2,censys,M247,RAT", "0", "DonPasci" "2025-08-03 08:00:57", "1563718", "fc.verifiedaccesssecure.icu", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-08-04 04:00:30", "100", "https://search.censys.io/hosts/196.251.115.244+fc.verifiedaccesssecure.icu", "AS401116,AsyncRAT,C2,censys,NYBULA,RAT", "0", "DonPasci" "2025-08-03 08:00:44", "1563717", "196.251.118.181:5000", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-08-05 06:47:15", "100", "https://search.censys.io/hosts/196.251.118.181", "AS401116,C2,censys,NYBULA,RAT,Remcos", "0", "DonPasci" "2025-08-03 07:29:16", "1563715", "193.161.193.99:64048", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "", "c2,xworm", "0", "juroots" "2025-08-03 07:29:16", "1563716", "46.183.187.211:7108", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "", "c2,xworm", "0", "juroots" "2025-08-03 07:28:21", "1563713", "Ezlolsrealisgood-64048.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "", "c2,xworm", "0", "juroots" "2025-08-03 07:28:21", "1563714", "xfini900.duckdns.org", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "", "c2,xworm", "0", "juroots" "2025-08-03 07:27:43", "1563710", "https://pastebin.com/raw/JTpCx3rC", "url", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "", "c2,xworm", "0", "juroots" "2025-08-03 07:27:43", "1563711", "https://pastebin.com/raw/gm8AWBZG", "url", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "", "c2,xworm", "0", "juroots" "2025-08-03 07:27:43", "1563712", "https://pastebin.com/raw/wD2c8Tx0", "url", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "", "c2,xworm", "0", "juroots" "2025-08-03 07:26:47", "1563707", "185.167.61.249:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "", "asyncrat,c2", "0", "juroots" "2025-08-03 07:26:47", "1563708", "185.167.61.249:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "", "asyncrat,c2", "0", "juroots" "2025-08-03 07:26:47", "1563709", "47.229.177.58:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "", "asyncrat,c2", "0", "juroots" "2025-08-03 07:24:16", "1563706", "3.96.189.151:6633", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "50", "https://www.shodan.io/host/3.96.189.151#6633", "c2,netsupport,shodan", "0", "juroots" "2025-08-03 07:23:05", "1563705", "157.185.146.97:13333", "ip:port", "botnet_cc", "win.poshc2", "None", "PoshC2", "", "50", "https://www.shodan.io/host/157.185.146.97#13333", "c2,posh,shodan", "0", "juroots" "2025-08-03 07:22:36", "1563704", "98.71.211.192:9443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-08-05 04:01:22", "50", "https://www.shodan.io/host/98.71.211.192#9443", "c2,mythic,shodan", "0", "juroots" "2025-08-03 07:22:19", "1563702", "172.233.139.201:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-08-05 04:01:07", "50", "https://www.shodan.io/host/172.233.139.201#31337", "c2,shodan,sliver", "0", "juroots" "2025-08-03 07:22:19", "1563703", "196.251.88.45:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/196.251.88.45#31337", "c2,shodan,sliver", "0", "juroots" "2025-08-03 07:22:08", "1563697", "37.107.165.38:12376", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#12376", "c2,extreme,shodan", "0", "juroots" "2025-08-03 07:22:08", "1563698", "37.107.165.38:12126", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#12126", "c2,extreme,shodan", "0", "juroots" "2025-08-03 07:22:08", "1563699", "37.107.165.38:3194", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#3194", "c2,extreme,shodan", "0", "juroots" "2025-08-03 07:22:08", "1563700", "37.107.165.38:3116", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#3116", "c2,extreme,shodan", "0", "juroots" "2025-08-03 07:22:08", "1563701", "37.107.165.38:5560", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#5560", "c2,extreme,shodan", "0", "juroots" "2025-08-03 07:22:07", "1563691", "37.107.165.38:18053", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#18053", "c2,extreme,shodan", "0", "juroots" "2025-08-03 07:22:07", "1563692", "37.107.165.38:12333", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#12333", "c2,extreme,shodan", "0", "juroots" "2025-08-03 07:22:07", "1563693", "37.107.165.38:9295", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#9295", "c2,extreme,shodan", "0", "juroots" "2025-08-03 07:22:07", "1563694", "37.107.165.38:8425", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#8425", "c2,extreme,shodan", "0", "juroots" "2025-08-03 07:22:07", "1563695", "37.107.165.38:5006", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#5006", "c2,extreme,shodan", "0", "juroots" "2025-08-03 07:22:07", "1563696", "37.107.165.38:5555", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#5555", "c2,extreme,shodan", "0", "juroots" "2025-08-03 07:22:06", "1563684", "37.107.165.38:18030", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#18030", "c2,extreme,shodan", "0", "juroots" "2025-08-03 07:22:06", "1563685", "37.107.165.38:9312", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#9312", "c2,extreme,shodan", "0", "juroots" "2025-08-03 07:22:06", "1563686", "37.107.165.38:8177", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#8177", "c2,extreme,shodan", "0", "juroots" "2025-08-03 07:22:06", "1563687", "37.107.165.38:1604", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#1604", "c2,extreme,shodan", "0", "juroots" "2025-08-03 07:22:06", "1563688", "37.107.165.38:25003", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#25003", "c2,extreme,shodan", "0", "juroots" "2025-08-03 07:22:06", "1563689", "37.107.165.38:8112", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#8112", "c2,extreme,shodan", "0", "juroots" "2025-08-03 07:22:06", "1563690", "37.107.165.38:12423", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#12423", "c2,extreme,shodan", "0", "juroots" "2025-08-03 07:22:05", "1563678", "37.107.165.38:1983", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#1983", "c2,extreme,shodan", "0", "juroots" "2025-08-03 07:22:05", "1563679", "37.107.165.38:64477", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#64477", "c2,extreme,shodan", "0", "juroots" "2025-08-03 07:22:05", "1563680", "37.107.165.38:143", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#143", "c2,extreme,shodan", "0", "juroots" "2025-08-03 07:22:05", "1563681", "37.107.165.38:7493", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#7493", "c2,extreme,shodan", "0", "juroots" "2025-08-03 07:22:05", "1563682", "37.107.165.38:18081", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#18081", "c2,extreme,shodan", "0", "juroots" "2025-08-03 07:22:05", "1563683", "37.107.165.38:9011", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#9011", "c2,extreme,shodan", "0", "juroots" "2025-08-03 07:22:04", "1563672", "37.107.165.38:37", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#37", "c2,extreme,shodan", "0", "juroots" "2025-08-03 07:22:04", "1563673", "37.107.165.38:9311", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#9311", "c2,extreme,shodan", "0", "juroots" "2025-08-03 07:22:04", "1563674", "37.107.165.38:82", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#82", "c2,extreme,shodan", "0", "juroots" "2025-08-03 07:22:04", "1563675", "37.107.165.38:8420", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#8420", "c2,extreme,shodan", "0", "juroots" "2025-08-03 07:22:04", "1563676", "37.107.165.38:10006", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#10006", "c2,extreme,shodan", "0", "juroots" "2025-08-03 07:22:04", "1563677", "37.107.165.38:8562", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#8562", "c2,extreme,shodan", "0", "juroots" "2025-08-03 07:22:03", "1563666", "37.107.165.38:7654", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#7654", "c2,extreme,shodan", "0", "juroots" "2025-08-03 07:22:03", "1563667", "37.107.165.38:2323", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#2323", "c2,extreme,shodan", "0", "juroots" "2025-08-03 07:22:03", "1563668", "37.107.165.38:102", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#102", "c2,extreme,shodan", "0", "juroots" "2025-08-03 07:22:03", "1563669", "37.107.165.38:8069", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#8069", "c2,extreme,shodan", "0", "juroots" "2025-08-03 07:22:03", "1563670", "37.107.165.38:7989", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#7989", "c2,extreme,shodan", "0", "juroots" "2025-08-03 07:22:03", "1563671", "37.107.165.38:8086", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#8086", "c2,extreme,shodan", "0", "juroots" "2025-08-03 07:22:02", "1563665", "37.107.165.38:10397", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#10397", "c2,extreme,shodan", "0", "juroots" "2025-08-03 07:22:01", "1563661", "37.107.165.38:3260", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#3260", "c2,extreme,shodan", "0", "juroots" "2025-08-03 07:22:01", "1563662", "37.107.165.38:12143", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#12143", "c2,extreme,shodan", "0", "juroots" "2025-08-03 07:22:01", "1563663", "37.107.165.38:9595", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#9595", "c2,extreme,shodan", "0", "juroots" "2025-08-03 07:22:01", "1563664", "37.107.165.38:2086", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.107.165.38#2086", "c2,extreme,shodan", "0", "juroots" "2025-08-03 07:21:33", "1563660", "47.113.193.170:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/47.113.193.170#443", "c2,cobaltstrike,cs-watermark-666666666,shodan", "0", "juroots" "2025-08-03 07:21:31", "1563659", "47.242.129.79:10443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/47.242.129.79#10443", "c2,cobaltstrike,cs-watermark-100000,shodan", "0", "juroots" "2025-08-03 06:51:24", "1563624", "203.32.26.210:16992", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/203.32.26.210", "AS26383,ASNET,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-08-03 06:51:23", "1563625", "203.32.26.210:22225", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/203.32.26.210", "AS26383,ASNET,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-08-03 06:51:23", "1563626", "203.32.26.210:8089", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/203.32.26.210", "AS26383,ASNET,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-08-03 06:51:23", "1563627", "203.32.26.210:8181", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/203.32.26.210", "AS26383,ASNET,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-08-03 06:51:22", "1563629", "203.32.26.210:9200", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/203.32.26.210", "AS26383,ASNET,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-08-03 06:51:22", "1563630", "203.32.26.210:9707", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/203.32.26.210", "AS26383,ASNET,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-08-03 06:51:21", "1563632", "98.70.105.15:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/98.70.105.15", "AS8075,censys,GoPhish,MICROSOFT-CORP-MSN-AS-BLOCK,Phishing", "0", "dyingbreeds_" "2025-08-03 06:51:21", "1563636", "178.128.126.89:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/178.128.126.89", "AS14061,censys,DIGITALOCEAN-ASN,GoPhish,Phishing", "0", "dyingbreeds_" "2025-08-03 06:51:20", "1563633", "217.198.6.232:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/217.198.6.232", "AS9123,censys,GoPhish,Phishing,TIMEWEB-AS", "0", "dyingbreeds_" "2025-08-03 06:51:19", "1563634", "13.49.75.127:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/13.49.75.127", "AMAZON-02,AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-08-03 06:51:18", "1563635", "134.209.229.104:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/134.209.229.104", "AS14061,censys,DIGITALOCEAN-ASN,GoPhish,Phishing", "0", "dyingbreeds_" "2025-08-03 06:51:18", "1563637", "44.245.88.195:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/44.245.88.195", "AMAZON-02,AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-08-03 06:51:14", "1563622", "203.32.26.210:6174", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/203.32.26.210", "AS26383,ASNET,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-08-03 06:51:14", "1563623", "203.32.26.210:9583", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/203.32.26.210", "AS26383,ASNET,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-08-03 06:51:13", "1563621", "203.32.26.210:5432", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/203.32.26.210", "AS26383,ASNET,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-08-03 06:51:12", "1563619", "203.32.26.210:26094", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/203.32.26.210", "AS26383,ASNET,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-08-03 06:51:12", "1563620", "203.32.26.210:2784", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/203.32.26.210", "AS26383,ASNET,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-08-03 06:51:11", "1563617", "203.32.26.210:16993", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/203.32.26.210", "AS26383,ASNET,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-08-03 06:51:10", "1563614", "103.127.125.137:80", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "2025-08-03 04:00:43", "75", "https://search.censys.io/hosts/103.127.125.137", "AS138195,C2,censys,RAT", "0", "dyingbreeds_" "2025-08-03 06:51:10", "1563616", "54.163.75.207:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-08-05 06:49:51", "100", "https://search.censys.io/hosts/54.163.75.207", "AMAZON-AES,AS14618,C2,censys", "0", "dyingbreeds_" "2025-08-03 06:51:09", "1563613", "45.59.125.43:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-08-05 05:53:12", "100", "https://search.censys.io/hosts/45.59.125.43", "AS53667,C2,censys,PONYNET", "0", "dyingbreeds_" "2025-08-03 06:51:09", "1563615", "45.156.27.209:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-08-05 06:49:00", "100", "https://search.censys.io/hosts/45.156.27.209", "AS56971,C2,censys,Mythic", "0", "dyingbreeds_" "2025-08-03 06:51:08", "1563611", "ecs-120-46-72-74.compute.hwclouds-dns.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/120.46.72.74+ecs-120-46-72-74.compute.hwclouds-dns.com", "AS55990,C2,censys", "0", "dyingbreeds_" "2025-08-03 06:51:08", "1563612", "camp.updays.top", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/101.43.139.175+camp.updays.top", "AS45090,C2,censys", "0", "dyingbreeds_" "2025-08-03 06:51:07", "1563610", "camptesting.updays.top", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/101.43.139.175+camptesting.updays.top", "AS45090,C2,censys", "0", "dyingbreeds_" "2025-08-03 06:51:05", "1563638", "84.247.179.227:3390", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/84.247.179.227", "AS51167,censys,CONTABO,GoPhish,Phishing", "0", "dyingbreeds_" "2025-08-03 06:51:04", "1563639", "43.140.215.17:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/43.140.215.17", "AS45090,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-08-03 06:51:04", "1563647", "http://196.251.115.36/1.sh", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2025-08-03 09:10:29", "75", "https://greedybear.honeynet.org", "honeypot", "0", "greedybear" "2025-08-03 06:51:02", "1563537", "https://clients.lamusicana.com/doLogout", "url", "botnet_cc", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "", "100", "None", "fakeupdates,SocGholish", "0", "pancak3lullz" "2025-08-03 06:51:01", "1563570", "security.flerfgurda.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix,CoreSecThree", "0", "HuntYethHounds" "2025-08-03 06:51:01", "1563571", "venciols.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix,CoreSecThree", "0", "HuntYethHounds" "2025-08-03 06:51:00", "1563552", "http://207.244.199.222/wget.sh", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "75", "https://greedybear.honeynet.org", "honeypot", "0", "greedybear" # Number of entries: 730