################################################################ # ThreatFox IOCs: recent additions - CSV format # # Last updated: 2025-06-21 11:36:52 UTC # # # # Terms Of Use: https://threatfox.abuse.ch/faq/#tos # # For questions please contact threatfox [at] abuse.ch # ################################################################ # # "first_seen_utc","ioc_id","ioc_value","ioc_type","threat_type","fk_malware","malware_alias","malware_printable","last_seen_utc","confidence_level","reference","tags","anonymous","reporter" "2025-06-21 11:36:52", "1548232", "192.227.144.34:4693", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/250621-jckngaen8z", "AS-COLOCROSSING,AS36352,c2,rat,remcos", "0", "DonPasci" "2025-06-21 11:34:28", "1548231", "185.55.240.111:4782", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://tria.ge/250621-j6k64ack7w", "AS199912,c2,LAYER7-PAR1,Quasar,rat", "0", "DonPasci" "2025-06-21 11:26:04", "1548230", "1.12.233.147:1499", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://tria.ge/250621-l5ezssymy8", "AS45090,c2,CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP", "0", "DonPasci" "2025-06-21 11:19:56", "1548228", "160.202.133.143:6343", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://tria.ge/250621-m5lm1ser3z", "AS60781,c2,LEASEWEB-NL-AMS-01,Quasar,RAT", "0", "DonPasci" "2025-06-21 11:18:35", "1548227", "anyukov-43802.portmap.io", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://tria.ge/250621-m59pvayqw2", "c2,domain,Quasar,RAT", "0", "DonPasci" "2025-06-21 10:56:04", "1548226", "121.16.47.117:2096", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "75", "None", "drb-ra,Metasploit,Meterpreter", "0", "abuse_ch" "2025-06-21 08:55:38", "1548221", "webapi.360se.dpdns.org", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-21 10:54:53", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-06-21 08:54:28", "1548220", "91.108.189.131:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-06-21 10:53:58", "75", "None", "drb-ra,Sliver", "0", "abuse_ch" "2025-06-21 08:50:10", "1548219", "27.115.121.2:5672", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-06-21 10:50:05", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-06-21 08:50:06", "1548218", "24.177.65.54:443", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "2025-06-21 10:49:58", "75", "None", "drb-ra,Qakbot,Qbot,Quakbot", "0", "abuse_ch" "2025-06-21 08:46:36", "1548217", "163.181.94.101:4506", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-06-21 10:46:19", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-06-21 08:01:22", "1548207", "159.65.233.1:443", "ip:port", "botnet_cc", "win.bianlian", "None", "BianLian", "2025-06-21 10:46:03", "100", "https://search.censys.io/hosts/159.65.233.1", "AS14061,BianLian,C2,censys,DIGITALOCEAN-ASN", "0", "DonPasci" "2025-06-21 08:01:05", "1548206", "87.121.84.155:80", "ip:port", "botnet_cc", "elf.moobot", "None", "MooBot", "", "100", "https://search.censys.io/hosts/87.121.84.155", "AS215925,C2,censys,moobot,VPSVAULTHOST", "0", "DonPasci" "2025-06-21 08:01:04", "1548205", "41.216.188.159:80", "ip:port", "botnet_cc", "elf.moobot", "None", "MooBot", "", "100", "https://search.censys.io/hosts/41.216.188.159", "AS211138,C2,censys,moobot,PRIVATEHOSTING-NET", "0", "DonPasci" "2025-06-21 08:00:55", "1548204", "130.164.161.236:443", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-06-21 10:44:37", "100", "https://search.censys.io/hosts/130.164.161.236", "AS25019,C2,censys,Netsupport,RAT,SAUDINETSTC-AS", "0", "DonPasci" "2025-06-21 08:00:54", "1548203", "54.253.241.166:7547", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://search.censys.io/hosts/54.253.241.166", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-06-21 08:00:50", "1548202", "147.182.217.64:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-06-21 10:45:17", "100", "https://search.censys.io/hosts/147.182.217.64", "AS14061,C2,censys,DIGITALOCEAN-ASN,Havoc", "0", "DonPasci" "2025-06-21 08:00:43", "1548201", "185.82.73.108:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-06-21 10:48:01", "100", "https://search.censys.io/hosts/185.82.73.108", "AS214036,AsyncRAT,C2,censys,RAT,ULTAHOST-AS", "0", "DonPasci" "2025-06-21 08:00:41", "1548200", "182.92.159.149:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/182.92.159.149", "ALIBABA-CN-NET,AS37963,C2,censys,Supershell", "0", "DonPasci" "2025-06-21 08:00:40", "1548199", "154.89.203.181:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/154.89.203.181", "AS40065,C2,censys,CNSERVERS,Supershell", "0", "DonPasci" "2025-06-21 08:00:09", "1548198", "45.159.50.117:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/45.159.50.117", "AS3258,C2,censys,CobaltStrike,cs-watermark-391144938,XTOM-JAPAN", "0", "DonPasci" "2025-06-21 08:00:08", "1548197", "185.224.128.52:4443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/185.224.128.52", "AS49870,AS49870-BV,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-06-21 08:00:07", "1548196", "101.35.95.220:8081", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/101.35.95.220", "AS45090,C2,censys,CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP", "0", "DonPasci" "2025-06-21 08:00:06", "1548195", "121.36.62.154:8082", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/121.36.62.154", "AS55990,C2,censys,CobaltStrike,cs-watermark-987654321,HWCSNET", "0", "DonPasci" "2025-06-21 04:01:20", "1548192", "154.205.145.243:8443", "ip:port", "botnet_cc", "win.bianlian", "None", "BianLian", "2025-06-21 10:45:36", "100", "https://search.censys.io/hosts/154.205.145.243", "AS138915,BianLian,C2,censys,KAOPU-HK", "0", "DonPasci" "2025-06-21 04:01:19", "1548189", "ec2-54-250-175-201.ap-northeast-1.compute.amazonaws.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/54.250.175.201+ec2-54-250-175-201.ap-northeast-1.compute.amazonaws.com", "AMAZON-02,AS16509,C2,censys,CobaltStrike,open-dir", "0", "DonPasci" "2025-06-21 04:01:09", "1548172", "198.144.189.78:80", "ip:port", "botnet_cc", "elf.bashlite", "gayfgt,Gafgyt,qbot,torlus,lizkebab", "Bashlite", "", "100", "https://search.censys.io/hosts/198.144.189.78", "AS-COLOCROSSING,AS36352,C2,censys,Gafgyt,open-dir", "0", "DonPasci" "2025-06-21 04:00:53", "1548168", "13.208.193.77:465", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-06-21 10:44:32", "100", "https://search.censys.io/hosts/13.208.193.77", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-06-21 04:00:07", "1548159", "113.45.29.125:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-21 04:00:12", "100", "https://search.censys.io/hosts/113.45.29.125", "AS55990,C2,censys,CobaltStrike,cs-watermark-987654321,HWCSNET", "0", "DonPasci" "2025-06-21 04:00:06", "1548158", "38.55.129.94:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-21 10:57:49", "100", "https://search.censys.io/hosts/38.55.129.94", "AS54600,C2,censys,CobaltStrike,cs-watermark-987654321,PEG-SV", "0", "DonPasci" "2025-06-21 03:50:06", "1548157", "193.112.101.108:6908", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "None", "RAT,ValleyRAT", "0", "abuse_ch" "2025-06-21 02:56:52", "1548155", "39.173.159.64:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-21 10:57:57", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-06-21 02:55:04", "1548154", "118.107.221.146:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-21 10:55:50", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-06-21 02:53:55", "1548153", "dd.tstcs888.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-21 10:54:31", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-06-21 00:03:00", "1548151", "18.230.76.228:10000", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-06-21 10:47:30", "100", "https://search.censys.io/hosts/18.230.76.228", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-06-21 00:03:00", "1548152", "18.230.76.228:12000", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-06-21 10:47:30", "100", "https://search.censys.io/hosts/18.230.76.228", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-06-21 00:02:54", "1548150", "46.173.214.80:9443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-06-21 04:00:38", "100", "https://search.censys.io/hosts/46.173.214.80", "AS47196,C2,censys,GARANT-PARK-INTERNET,Mythic", "0", "DonPasci" "2025-06-21 00:02:48", "1548148", "196.251.83.225:4444", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-06-21 10:48:56", "100", "https://search.censys.io/hosts/196.251.83.225", "AS401120,AsyncRAT,C2,censys,CHEAPY-HOST,RAT", "0", "DonPasci" "2025-06-21 00:02:48", "1548149", "128.90.113.223:5000", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-06-21 10:44:28", "100", "https://search.censys.io/hosts/128.90.113.223", "AS40861,AsyncRAT,C2,censys,PARAD-40-ASN,RAT", "0", "DonPasci" "2025-06-21 00:02:47", "1548146", "82.205.83.111:1099", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-06-21 10:53:34", "100", "https://search.censys.io/hosts/82.205.83.111", "AS12975,AsyncRAT,C2,censys,PALTEL-AS,RAT", "0", "DonPasci" "2025-06-21 00:02:47", "1548147", "196.251.83.225:222", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-06-21 10:48:56", "100", "https://search.censys.io/hosts/196.251.83.225", "AS401120,AsyncRAT,C2,censys,CHEAPY-HOST,RAT", "0", "DonPasci" "2025-06-21 00:02:32", "1548145", "177.255.89.100:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-06-21 10:47:17", "100", "https://search.censys.io/hosts/177.255.89.100", "AS27831,C2,censys,Colombia,RAT,Remcos", "0", "DonPasci" "2025-06-21 00:02:14", "1548143", "47.101.187.219:81", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-21 04:00:10", "100", "https://search.censys.io/hosts/47.101.187.219", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci" "2025-06-21 00:02:14", "1548144", "142.54.190.74:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-21 10:56:37", "100", "https://search.censys.io/hosts/142.54.190.74", "AS33387,C2,censys,CobaltStrike,cs-watermark-666666666,NOCIX", "0", "DonPasci" "2025-06-21 00:02:12", "1548142", "8.137.98.198:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-21 10:59:07", "100", "https://search.censys.io/hosts/8.137.98.198", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-100000", "0", "DonPasci" "2025-06-20 22:58:42", "1548140", "8.209.116.25:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-21 10:59:14", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-06-20 22:58:10", "1548139", "47.239.127.205:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-21 10:58:42", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-06-20 22:57:31", "1548138", "43.100.59.154:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-21 10:57:59", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-06-20 22:57:18", "1548137", "34.250.243.136:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-21 10:57:43", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-06-20 22:55:51", "1548136", "120.27.235.78:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-21 10:56:01", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-06-20 22:55:25", "1548135", "113.45.238.149:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-21 10:55:40", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-06-20 22:54:37", "1548133", "ns4.jk001.cc", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-21 10:54:47", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-06-20 22:54:37", "1548134", "office.soft-storelive.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-21 10:54:47", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-06-20 22:54:36", "1548132", "ns3.jk001.cc", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-21 10:54:46", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-06-20 22:54:30", "1548130", "ns1.asdxxcg.top", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-21 10:54:40", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-06-20 22:54:30", "1548131", "ns1.asianinvasion.net", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-21 10:54:40", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-06-20 22:54:26", "1548128", "jk002.cc", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-21 10:54:35", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-06-20 22:54:26", "1548129", "log.nongfushan.org", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-21 10:54:36", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-06-20 22:54:16", "1548127", "apps.soft-storelive.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-21 10:54:26", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-06-20 20:54:42", "1548118", "76.66.169.248:2222", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "2025-06-21 10:53:09", "75", "None", "drb-ra,Qakbot,Qbot,Quakbot", "0", "abuse_ch" "2025-06-20 20:54:37", "1548117", "70.31.125.34:2222", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "2025-06-21 10:53:05", "75", "None", "drb-ra,Qakbot,Qbot,Quakbot", "0", "abuse_ch" "2025-06-20 20:53:52", "1548116", "52.223.43.230:6443", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-06-21 10:52:32", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-06-20 20:52:12", "1548115", "www.ddddddddguashjdka.top", "domain", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "https://tria.ge/250620-zfqlwsgr6t", "c2,domain,RAT,ValleyRAT", "0", "DonPasci" "2025-06-20 20:51:17", "1548114", "217.39.53.239:8080", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-06-21 10:49:44", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-06-20 20:51:06", "1548111", "8.213.236.2:4441", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "https://www.virustotal.com/gui/file/5960226fa6a8873ea5835abb96269cc89a4b61000a890d9d2f2d7f6991a8aa64", "ALIBABA-CN-NET,AS45102,c2,RAT,ValleyRAT,virustotal", "0", "DonPasci" "2025-06-20 20:51:06", "1548112", "8.213.236.2:4448", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "https://www.virustotal.com/gui/file/5960226fa6a8873ea5835abb96269cc89a4b61000a890d9d2f2d7f6991a8aa64", "ALIBABA-CN-NET,AS45102,c2,RAT,ValleyRAT,virustotal", "0", "DonPasci" "2025-06-20 20:51:06", "1548113", "8.213.236.2:4449", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "https://www.virustotal.com/gui/file/5960226fa6a8873ea5835abb96269cc89a4b61000a890d9d2f2d7f6991a8aa64", "ALIBABA-CN-NET,AS45102,c2,RAT,ValleyRAT,virustotal", "0", "DonPasci" "2025-06-20 20:47:53", "1548110", "173.242.123.219:443", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-06-21 10:46:55", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-06-20 20:47:48", "1548108", "103.215.78.152:6666", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "https://tria.ge/250620-zfqlwsgr6t", "AROSS-AS,AS400619,c2,rat,ValleyRAT", "0", "DonPasci" "2025-06-20 20:47:48", "1548109", "103.215.78.152:8888", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "https://tria.ge/250620-zfqlwsgr6t", "AROSS-AS,AS400619,c2,rat,ValleyRAT", "0", "DonPasci" "2025-06-20 20:02:57", "1548106", "18.230.76.228:250", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-06-21 10:47:31", "100", "https://search.censys.io/hosts/18.230.76.228", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-06-20 20:02:54", "1548105", "159.69.152.161:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-06-21 10:46:04", "100", "https://search.censys.io/hosts/159.69.152.161", "AS24940,C2,censys,Havoc,HETZNER-AS", "0", "DonPasci" "2025-06-20 20:02:50", "1548104", "158.158.0.196:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-06-21 04:00:38", "100", "https://search.censys.io/hosts/158.158.0.196", "AS8075,C2,censys,MICROSOFT-CORP-MSN-AS-BLOCK,Mythic", "0", "DonPasci" "2025-06-20 20:02:45", "1548103", "196.251.83.225:7777", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-06-21 10:48:57", "100", "https://search.censys.io/hosts/196.251.83.225", "AS401120,AsyncRAT,C2,censys,CHEAPY-HOST,RAT", "0", "DonPasci" "2025-06-20 20:02:35", "1548102", "3.238.37.57:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-06-21 10:50:19", "100", "https://search.censys.io/hosts/3.238.37.57", "AMAZON-AES,AS14618,C2,censys,Sliver", "0", "DonPasci" "2025-06-20 20:02:31", "1548101", "67.21.33.183:2700", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-06-21 10:52:59", "100", "https://search.censys.io/hosts/67.21.33.183", "AS397373,C2,censys,H4Y-TECHNOLOGIES,RAT,Remcos", "0", "DonPasci" "2025-06-20 20:02:14", "1548099", "43.139.104.79:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-21 10:58:04", "100", "https://search.censys.io/hosts/43.139.104.79", "AS45090,C2,censys,CobaltStrike,cs-watermark-666666666,TENCENT-NET-AP", "0", "DonPasci" "2025-06-20 20:02:14", "1548100", "142.54.190.74:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-21 10:56:37", "100", "https://search.censys.io/hosts/142.54.190.74", "AS33387,C2,censys,CobaltStrike,cs-watermark-666666666,NOCIX", "0", "DonPasci" "2025-06-20 20:02:13", "1548098", "101.37.68.76:9090", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-21 10:55:14", "100", "https://search.censys.io/hosts/101.37.68.76", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci" "2025-06-20 20:01:52", "1548097", "213.209.150.163:443", "ip:port", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "90", "None", "latrodectus", "0", "Rony" "2025-06-20 19:56:38", "1548094", "68.183.98.89:4449", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://tria.ge/250620-ykppqasnx4", "AS14061,AsyncRAT,c2,DIGITALOCEAN-ASN,RAT", "0", "DonPasci" "2025-06-20 19:56:38", "1548095", "68.183.98.89:7769", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://tria.ge/250620-ykppqasnx4", "AS14061,AsyncRAT,c2,DIGITALOCEAN-ASN,RAT", "0", "DonPasci" "2025-06-20 19:56:38", "1548096", "68.183.98.89:3316", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://tria.ge/250620-ykppqasnx4", "AS14061,AsyncRAT,c2,DIGITALOCEAN-ASN,RAT", "0", "DonPasci" "2025-06-20 19:22:57", "1548081", "2tuff-33336.portmap.io", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250620-xczdhstvex", "c2,domain,xworm", "0", "DonPasci" "2025-06-20 16:14:13", "1548064", "junie15.duckdns.org", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://www.virustotal.com/gui/ip-address/172.111.168.228", "c2,domain,virustotal,xworm", "0", "DonPasci" "2025-06-20 16:12:20", "1548063", "lespencer.duckdns.org", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250620-svfxnsdk4z", "c2,domain,xworm", "0", "DonPasci" "2025-06-20 16:11:09", "1548062", "45.141.233.114:2005", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://tria.ge/250620-szp15sdk8x", "AS214943,asyncrat,c2,RAILNET,RAT", "0", "DonPasci" "2025-06-20 16:08:38", "1548061", "district-graphical.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250620-te6c3aek4s", "c2,domain,xworm", "0", "DonPasci" "2025-06-20 16:03:21", "1548060", "185.62.58.125:80", "ip:port", "botnet_cc", "win.mimikatz", "None", "MimiKatz", "", "100", "https://search.censys.io/hosts/185.62.58.125", "AS62370,C2,censys,hacktool,Mimikatz,open-dir,SNEL", "0", "DonPasci" "2025-06-20 16:03:03", "1548059", "115.187.41.77:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-06-21 10:43:53", "100", "https://search.censys.io/hosts/115.187.41.77", "ALLIANCE-GATEWAY-AS-AP,AS23860,C2,censys,Covenant", "0", "DonPasci" "2025-06-20 16:02:59", "1548058", "34.227.114.2:427", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-06-21 10:50:32", "100", "https://search.censys.io/hosts/34.227.114.2", "AMAZON-AES,AS14618,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-06-20 16:02:54", "1548057", "201.92.135.205:8081", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-06-21 10:49:14", "100", "https://search.censys.io/hosts/201.92.135.205", "AS27699,C2,censys,Havoc,TELEFONICA", "0", "DonPasci" "2025-06-20 16:02:52", "1548056", "102.182.124.151:8078", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-06-21 04:00:41", "100", "https://search.censys.io/hosts/102.182.124.151", "Afrihost,AS37611,C2,censys,Quasar,RAT", "0", "DonPasci" "2025-06-20 16:02:50", "1548055", "102.117.161.232:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-06-21 10:43:08", "100", "https://search.censys.io/hosts/102.117.161.232", "AS23889,C2,censys,MauritiusTelecom,Mythic", "0", "DonPasci" "2025-06-20 16:02:45", "1548054", "196.251.70.71:7000", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-06-21 10:48:51", "100", "https://search.censys.io/hosts/196.251.70.71", "AS401120,AsyncRAT,C2,censys,CHEAPY-HOST,RAT", "0", "DonPasci" "2025-06-20 16:02:44", "1548053", "103.237.92.182:443", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-06-21 10:43:18", "100", "https://search.censys.io/hosts/103.237.92.182", "AS55933,AsyncRAT,C2,censys,CLOUDIE-AS-AP,RAT", "0", "DonPasci" "2025-06-20 16:02:42", "1548052", "64.176.68.149:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-06-21 04:00:27", "100", "https://search.censys.io/hosts/64.176.68.149", "AS-VULTR,AS20473,C2,censys,Supershell", "0", "DonPasci" "2025-06-20 16:02:27", "1548051", "154.194.35.243:8636", "ip:port", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "2025-06-21 04:00:16", "100", "https://search.censys.io/hosts/154.194.35.243", "AS215123,C2,censys,DarkComet,QZ,RAT", "0", "DonPasci" "2025-06-20 16:01:44", "1548049", "213.209.150.162:443", "ip:port", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "90", "None", "latrodectus", "0", "Rony" "2025-06-20 14:13:12", "1548045", "49.13.32.53:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-06-20 14:13:12", "1548046", "91.99.157.75:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-06-20 14:12:47", "1548044", "0.0.mastermaths.com.sg", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-06-20 14:12:31", "1548042", "https://0.0.mastermaths.com.sg/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2025-06-20 17:15:42", "100", "", "Vidar", "0", "crep1x" "2025-06-20 14:12:31", "1548043", "https://49.13.32.53/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2025-06-20 17:15:41", "100", "", "Vidar", "0", "crep1x" "2025-06-20 13:23:20", "1548035", "app.symphoniabags.com", "domain", "botnet_cc", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "2025-06-20 13:15:58", "100", "https://infosec.exchange/@monitorsg/114715857650303913", "SocGholish", "0", "monitorsg" "2025-06-20 13:23:19", "1548036", "https://app.symphoniabags.com/ajaxAction", "url", "botnet_cc", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "None", "fakeupdates,SocGholish", "0", "pancak3lullz" "2025-06-20 13:23:19", "1548037", "194.213.18.10:443", "ip:port", "botnet_cc", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "None", "fakeupdates,SocGholish", "0", "pancak3lullz" "2025-06-20 13:09:51", "1548034", "43.163.107.212:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "https://x.com/500mk500/status/1936048194292687212", "CobaltStrike,cs-watermark-100000000", "0", "abuse_ch" "2025-06-20 13:09:10", "1548029", "gitlab.sbs", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://x.com/500mk500/status/1936048194292687212", "CobaltStrike,cs-watermark-100000000", "0", "abuse_ch" "2025-06-20 13:09:10", "1548030", "r-cdn.icu", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://x.com/500mk500/status/1936048194292687212", "CobaltStrike,cs-watermark-100000000", "0", "abuse_ch" "2025-06-20 13:09:10", "1548031", "api.googleapi.top", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://x.com/500mk500/status/1936048194292687212", "CobaltStrike,cs-watermark-100000000", "0", "abuse_ch" "2025-06-20 13:09:10", "1548032", "api.r-cdn.icu", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://x.com/500mk500/status/1936048194292687212", "CobaltStrike,cs-watermark-100000000", "0", "abuse_ch" "2025-06-20 13:09:10", "1548033", "down.gitlab.sbs", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://x.com/500mk500/status/1936048194292687212", "CobaltStrike,cs-watermark-100000000", "0", "abuse_ch" "2025-06-20 12:56:29", "1548028", "d.tstcs888.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-21 10:54:31", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-06-20 12:25:35", "1548027", "43.163.107.212:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "https://bazaar.abuse.ch/sample/91e851f8cd9a32f9077f9fbbf1a64278e6be460ed5908778e4b45e62e495167e/", "CobaltStrike,cs-watermark-100000000", "0", "abuse_ch" "2025-06-20 12:25:34", "1548025", "https://api.micosoftr.icu/djiowejdf", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://bazaar.abuse.ch/sample/91e851f8cd9a32f9077f9fbbf1a64278e6be460ed5908778e4b45e62e495167e/", "CobaltStrike,cs-watermark-100000000", "0", "abuse_ch" "2025-06-20 12:25:34", "1548026", "https://www.googleapi.top/jquery-3.3.1.min.js", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://bazaar.abuse.ch/sample/91e851f8cd9a32f9077f9fbbf1a64278e6be460ed5908778e4b45e62e495167e/", "CobaltStrike,cs-watermark-100000000", "0", "abuse_ch" "2025-06-20 12:25:32", "1548023", "www.googleapi.top", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-20 13:09:10", "100", "https://bazaar.abuse.ch/sample/91e851f8cd9a32f9077f9fbbf1a64278e6be460ed5908778e4b45e62e495167e/", "CobaltStrike,cs-watermark-100000000", "0", "abuse_ch" "2025-06-20 12:25:32", "1548024", "api.micosoftr.icu", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-20 13:09:10", "100", "https://bazaar.abuse.ch/sample/91e851f8cd9a32f9077f9fbbf1a64278e6be460ed5908778e4b45e62e495167e/", "CobaltStrike,cs-watermark-100000000", "0", "abuse_ch" "2025-06-20 12:21:50", "1548015", "45.88.9.205:444", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "75", "https://x.com/K_N1kolenko/status/1935999229303873963", "XWorm", "0", "abuse_ch" "2025-06-20 12:21:50", "1548016", "79.141.160.131:8787", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "75", "https://x.com/K_N1kolenko/status/1935999229303873963", "XWorm", "0", "abuse_ch" "2025-06-20 12:21:50", "1548017", "85.203.4.126:7000", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "75", "https://x.com/K_N1kolenko/status/1935999229303873963", "XWorm", "0", "abuse_ch" "2025-06-20 12:21:50", "1548018", "103.195.190.49:7771", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "75", "https://x.com/K_N1kolenko/status/1935999229303873963", "XWorm", "0", "abuse_ch" "2025-06-20 12:21:50", "1548019", "107.150.0.86:3698", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "75", "https://x.com/K_N1kolenko/status/1935999229303873963", "XWorm", "0", "abuse_ch" "2025-06-20 12:21:50", "1548020", "181.214.48.110:300", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "75", "https://x.com/K_N1kolenko/status/1935999229303873963", "XWorm", "0", "abuse_ch" "2025-06-20 12:21:50", "1548021", "185.117.3.224:2235", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "75", "https://x.com/K_N1kolenko/status/1935999229303873963", "XWorm", "0", "abuse_ch" "2025-06-20 12:21:50", "1548022", "192.159.99.144:7000", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "75", "https://x.com/K_N1kolenko/status/1935999229303873963", "XWorm", "0", "abuse_ch" "2025-06-20 12:21:49", "1548014", "37.114.41.75:8080", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "75", "https://x.com/K_N1kolenko/status/1935999229303873963", "XWorm", "0", "abuse_ch" "2025-06-20 12:03:06", "1548013", "196.251.72.3:4000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-06-21 10:48:54", "100", "https://search.censys.io/hosts/196.251.72.3", "AS401120,censys,CHEAPY-HOST,EvilGinx,panel,Phishing", "0", "DonPasci" "2025-06-20 12:02:51", "1548012", "51.96.104.251:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-06-21 10:52:29", "100", "https://search.censys.io/hosts/51.96.104.251", "AMAZON-02,AS16509,C2,censys,Havoc", "0", "DonPasci" "2025-06-20 12:02:49", "1548011", "89.34.219.179:80", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "2025-06-21 10:53:56", "100", "https://search.censys.io/hosts/89.34.219.179", "AS215439,C2,censys,Hookbot,PLAY2GO-NET", "0", "DonPasci" "2025-06-20 12:02:34", "1548010", "150.158.9.124:80", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "100", "https://search.censys.io/hosts/150.158.9.124", "AS45090,C2,censys,open-dir,payload,Sliver,TENCENT-NET-AP", "0", "DonPasci" "2025-06-20 12:02:29", "1548009", "185.153.182.193:443", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-06-21 10:47:42", "100", "https://search.censys.io/hosts/185.153.182.193", "AS44477,C2,censys,PQHOSTING,RAT,Remcos", "0", "DonPasci" "2025-06-20 12:02:12", "1548007", "113.44.139.80:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-21 04:00:14", "100", "https://search.censys.io/hosts/113.44.139.80", "AS55990,C2,censys,CobaltStrike,cs-watermark-666666666,HWCSNET", "0", "DonPasci" "2025-06-20 12:02:12", "1548008", "45.141.233.66:2096", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-21 10:58:16", "100", "https://search.censys.io/hosts/45.141.233.66", "AS214943,C2,censys,CobaltStrike,cs-watermark-666666666,RAILNET", "0", "DonPasci" "2025-06-20 12:02:09", "1548006", "43.163.84.111:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-21 10:58:12", "100", "https://search.censys.io/hosts/43.163.84.111", "AS132203,C2,censys,CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP-CN", "0", "DonPasci" "2025-06-20 12:02:08", "1548005", "1.94.62.205:8090", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-21 04:00:07", "100", "https://search.censys.io/hosts/1.94.62.205", "AS55990,C2,censys,CobaltStrike,cs-watermark-987654321,HWCSNET", "0", "DonPasci" "2025-06-20 10:57:32", "1547991", "69.21.119.169:443", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "2025-06-21 10:58:58", "75", "None", "drb-ra,Metasploit,Meterpreter", "0", "abuse_ch" "2025-06-20 10:05:13", "1547989", "194.59.31.30:1618", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "None", "RAT,RemcosRAT", "0", "abuse_ch" "2025-06-20 09:59:50", "1547988", "45.146.130.129:80", "ip:port", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "75", "https://x.com/500mk500/status/1935957346594738278", "Odyssey", "0", "abuse_ch" "2025-06-20 08:55:30", "1547987", "cf.testcs888.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-21 10:54:29", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-06-20 08:55:29", "1547986", "cf.1v5sd1c2ds.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-21 10:54:29", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-06-20 08:55:18", "1547985", "8vz75cfcfmey5.cfc-execute.bj.baidubce.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-21 10:54:24", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-06-20 08:54:47", "1547984", "91.186.208.93:2083", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-06-21 10:53:59", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-06-20 08:54:34", "1547983", "86.106.85.43:8888", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-06-21 10:53:47", "75", "None", "drb-ra,Sliver", "0", "abuse_ch" "2025-06-20 08:49:16", "1547982", "2.50.53.131:443", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "2025-06-21 10:49:08", "75", "None", "drb-ra,Qakbot,Qbot,Quakbot", "0", "abuse_ch" "2025-06-20 08:03:14", "1547979", "94.141.123.182:29300", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://search.censys.io/hosts/94.141.123.182", "AS213887,C2,censys,rhadamanthys,stealer,WAICORE-LTD", "0", "DonPasci" "2025-06-20 08:03:08", "1547978", "62.113.59.107:4444", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "", "100", "https://search.censys.io/hosts/62.113.59.107", "AdaptixC2,AS214461,C2,censys,CLOUDPARD-AS", "0", "DonPasci" "2025-06-20 08:02:47", "1547977", "3.137.218.60:3299", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-06-21 10:50:12", "100", "https://search.censys.io/hosts/3.137.218.60", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-06-20 08:02:43", "1547976", "194.26.192.145:4782", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-06-21 04:00:42", "100", "https://search.censys.io/hosts/194.26.192.145", "AS210558,C2,censys,Quasar,RAT,SERVICES-1337-GMBH", "0", "DonPasci" "2025-06-20 08:02:36", "1547975", "18.183.72.243:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-06-21 10:47:28", "100", "https://search.censys.io/hosts/18.183.72.243", "AMAZON-02,AS16509,AsyncRAT,C2,censys,RAT", "0", "DonPasci" "2025-06-20 08:02:26", "1547974", "38.147.173.35:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-06-21 10:51:02", "100", "https://search.censys.io/hosts/38.147.173.35", "AS139659,C2,censys,LUCID-AS-AP,Sliver", "0", "DonPasci" "2025-06-20 08:02:25", "1547972", "123.163.223.184:40000", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-06-21 10:44:12", "100", "https://search.censys.io/hosts/123.163.223.184", "AS4134,C2,censys,CHINANET-BACKBONE,Sliver", "0", "DonPasci" "2025-06-20 08:02:25", "1547973", "35.209.240.186:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-06-21 10:50:49", "100", "https://search.censys.io/hosts/35.209.240.186", "AS19527,C2,censys,GOOGLE-2,Sliver", "0", "DonPasci" "2025-06-20 07:45:25", "1547969", "http://404830cm.nyashvibe.ru/External_SecureProcessProcessorDle.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat,RAT", "0", "abuse_ch" "2025-06-20 07:20:57", "1547950", "reason-tribal.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "", "c2,xworm", "0", "juroots" "2025-06-20 07:20:57", "1547951", "we-referring.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "", "c2,xworm", "0", "juroots" "2025-06-20 07:20:32", "1547949", "154.127.60.213:50501", "ip:port", "botnet_cc", "win.orcus_rat", "Schnorchel", "Orcus RAT", "", "50", "", "c2,orcus", "0", "juroots" "2025-06-20 07:20:10", "1547948", "yn.eoow.cn", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "50", "", "c2,mirai", "0", "juroots" "2025-06-20 07:19:35", "1547947", "https://onedrive.live.com/download?cid=0B476D68A3403083&resid=B476D68A3403083%21227&authkey=ABk0A0LwLOKYhOY", "url", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "50", "", "guloader", "0", "juroots" "2025-06-20 07:19:16", "1547946", "us.worldisendmail.ml", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "", "c2,cobaltstrike", "0", "juroots" "2025-06-20 07:18:55", "1547944", "147.185.221.25:34654", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "", "asyncrat,c2", "0", "juroots" "2025-06-20 07:18:55", "1547945", "138.68.79.95:36781", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "", "asyncrat,c2", "0", "juroots" "2025-06-20 07:18:18", "1547943", "tax-warrior.gl.at.ply.gg", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "", "asyncrat,c2", "0", "juroots" "2025-06-20 07:18:04", "1547942", "https://pastebin.com/raw/FXNwDeqa", "url", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "", "asyncrat,c2", "0", "juroots" "2025-06-20 07:18:03", "1547941", "https://pastebin.com/raw/0vnvsaUr", "url", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "", "asyncrat,c2", "0", "juroots" "2025-06-20 07:16:45", "1547940", "http://45.141.233.187/38a5d6b24dac26be.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "50", "https://urlscan.io/result/01978c32-6eaf-7208-a7b5-c4a655292d87", "c2,stealc,urlscan", "0", "juroots" "2025-06-20 07:15:27", "1547939", "45.88.109.34:123", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "", "50", "https://www.shodan.io/host/45.88.109.34#123", "adaptixc2,c2,shodan", "0", "juroots" "2025-06-20 07:14:38", "1547938", "91.214.78.134:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-06-21 10:54:01", "50", "https://www.shodan.io/host/91.214.78.134#443", "c2,havoc,shodan", "0", "juroots" "2025-06-20 07:14:24", "1547937", "13.245.196.7:3310", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "50", "https://www.shodan.io/host/13.245.196.7#3310", "c2,netsupport,shodan", "0", "juroots" "2025-06-20 07:14:07", "1547936", "196.251.83.117:54984", "ip:port", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "50", "https://www.shodan.io/host/196.251.83.117#54984", "c2,nanocore,shodan", "0", "juroots" "2025-06-20 07:13:52", "1547935", "196.251.88.110:1337", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "https://www.shodan.io/host/196.251.88.110#1337", "asyncrat,c2,shodan", "0", "juroots" "2025-06-20 07:13:35", "1547934", "80.78.24.124:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-06-21 10:53:31", "50", "https://www.shodan.io/host/80.78.24.124#7443", "c2,mythic,shodan", "0", "juroots" "2025-06-20 07:12:18", "1547932", "144.172.107.131:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/144.172.107.131#31337", "c2,shodan,sliver", "0", "juroots" "2025-06-20 07:12:18", "1547933", "172.86.124.75:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/172.86.124.75#31337", "c2,shodan,sliver", "0", "juroots" "2025-06-20 07:12:01", "1547931", "175.27.244.187:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/175.27.244.187#443", "c2,cobaltstrike,shodan", "0", "juroots" "2025-06-20 07:11:58", "1547930", "192.140.188.178:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/192.140.188.178#80", "c2,cobaltstrike,cs-watermark-391144938,shodan", "0", "juroots" "2025-06-20 06:12:47", "1547831", "analytticasnoden.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix,CoreSecThree", "0", "HuntYethHounds" "2025-06-20 06:12:47", "1547833", "security.fweragyrads.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix,CoreSecThree", "0", "HuntYethHounds" "2025-06-20 06:12:47", "1547834", "foepsa.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix,CoreSecThree", "0", "HuntYethHounds" "2025-06-20 06:12:46", "1547835", "https://foepsa.com/shield.msi", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix,CoreSecThree", "0", "HuntYethHounds" "2025-06-20 06:10:22", "1547927", "162.246.185.77:4688", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "None", "RAT,RemcosRAT", "0", "abuse_ch" "2025-06-20 06:02:48", "1547926", "8.155.27.175:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000", "0", "abuse_ch" "2025-06-20 06:01:32", "1547925", "82.156.156.160:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2025-06-20 06:01:31", "1547924", "114.132.185.236:9090", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-1873433027", "0", "abuse_ch" "2025-06-20 06:01:25", "1547923", "59.110.92.49:5555", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2025-06-20 04:05:41", "1547922", "45.141.233.218:443", "ip:port", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "90", "None", "latrodectus", "0", "Rony" "2025-06-20 04:03:13", "1547921", "101.42.100.236:4443", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "", "100", "https://search.censys.io/hosts/101.42.100.236", "AdaptixC2,AS45090,C2,censys,TENCENT-NET-AP", "0", "DonPasci" "2025-06-20 04:01:35", "1547920", "209.74.83.166:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/209.74.83.166", "AS22612,censys,GoPhish,NAMECHEAP-NET,Phishing", "0", "dyingbreeds_" "2025-06-20 04:01:34", "1547919", "45.79.187.21:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/45.79.187.21", "AS63949,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-06-20 04:01:33", "1547917", "13.126.56.49:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/13.126.56.49", "AMAZON-02,AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-06-20 04:01:33", "1547918", "56.228.20.17:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/56.228.20.17", "AMAZON-02,AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-06-20 04:01:32", "1547914", "18.158.172.218:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/18.158.172.218", "AMAZON-02,AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-06-20 04:01:32", "1547915", "18.158.172.218:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/18.158.172.218", "AMAZON-02,AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-06-20 04:01:32", "1547916", "13.126.56.49:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/13.126.56.49", "AMAZON-02,AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-06-20 04:01:31", "1547912", "3.108.166.233:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/3.108.166.233", "AMAZON-02,AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-06-20 04:01:31", "1547913", "103.97.200.154:8080", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/103.97.200.154", "AS147003,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-06-20 04:01:30", "1547910", "34.9.31.28:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/34.9.31.28", "AS396982,censys,GOOGLE-CLOUD-PLATFORM,GoPhish,Phishing", "0", "dyingbreeds_" "2025-06-20 04:01:30", "1547911", "44.219.215.74:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/44.219.215.74", "AMAZON-AES,AS14618,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-06-20 04:01:29", "1547908", "13.134.56.244:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/13.134.56.244", "AMAZON-02,AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-06-20 04:01:29", "1547909", "34.58.230.180:10443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/34.58.230.180", "AS396982,censys,GOOGLE-CLOUD-PLATFORM,GoPhish,Phishing", "0", "dyingbreeds_" "2025-06-20 04:01:28", "1547906", "43.160.199.15:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/43.160.199.15", "AS132203,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-06-20 04:01:28", "1547907", "68.64.177.44:9999", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/68.64.177.44", "AS139659,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-06-20 04:01:27", "1547905", "170.64.178.235:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/170.64.178.235", "AS14061,censys,DIGITALOCEAN-ASN,GoPhish,Phishing", "0", "dyingbreeds_" "2025-06-20 04:01:26", "1547903", "13.48.133.87:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/13.48.133.87", "AMAZON-02,AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-06-20 04:01:26", "1547904", "18.102.201.140:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/18.102.201.140", "AMAZON-02,AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-06-20 04:01:25", "1547902", "103.24.179.173:13333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/103.24.179.173", "AS4816,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-06-20 04:01:19", "1547901", "154.219.119.203:60000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/154.219.119.203", "AS137899,censys,Viper", "0", "dyingbreeds_" "2025-06-20 04:01:18", "1547900", "113.45.192.130:60000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/113.45.192.130", "AS55990,censys,Viper", "0", "dyingbreeds_" "2025-06-20 04:00:57", "1547899", "37.72.168.146:11443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-06-21 10:50:58", "100", "https://search.censys.io/hosts/37.72.168.146", "AS29802,C2,censys,HVC-AS", "0", "dyingbreeds_" "2025-06-20 04:00:55", "1547898", "159.65.129.249:8080", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-06-21 10:46:03", "100", "https://search.censys.io/hosts/159.65.129.249", "AS14061,C2,censys,DIGITALOCEAN-ASN", "0", "dyingbreeds_" "2025-06-20 04:00:40", "1547896", "update.applefilesync.com", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/135.222.128.238+update.applefilesync.com", "AS8075,C2,censys,MICROSOFT-CORP-MSN-AS-BLOCK,Mythic", "0", "dyingbreeds_" "2025-06-20 04:00:40", "1547897", "mathiasputzola.com", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/212.83.148.39+mathiasputzola.com", "AS12876,C2,censys,Mythic", "0", "dyingbreeds_" "2025-06-20 04:00:37", "1547895", "83.244.71.247:2003", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-06-21 10:53:38", "100", "https://search.censys.io/hosts/83.244.71.247", "AS12975,C2,censys,RAT", "0", "dyingbreeds_" "2025-06-20 04:00:35", "1547894", "128.90.113.223:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-06-21 10:44:28", "100", "https://search.censys.io/hosts/128.90.113.223", "AS40861,C2,censys,PARAD-40-ASN,RAT", "0", "dyingbreeds_" "2025-06-20 04:00:34", "1547892", "134.199.200.232:23500", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-06-21 10:44:39", "100", "https://search.censys.io/hosts/134.199.200.232", "AS14061,C2,censys,DIGITALOCEAN-ASN,RAT", "0", "dyingbreeds_" "2025-06-20 04:00:34", "1547893", "128.90.113.223:4000", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-06-21 10:44:28", "100", "https://search.censys.io/hosts/128.90.113.223", "AS40861,C2,censys,PARAD-40-ASN,RAT", "0", "dyingbreeds_" "2025-06-20 04:00:32", "1547891", "93.115.35.146:4000", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-06-21 10:54:06", "100", "https://search.censys.io/hosts/93.115.35.146", "AS9009,C2,censys,M247,RAT", "0", "dyingbreeds_" "2025-06-20 04:00:30", "1547890", "8.138.6.165:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-06-20 04:02:36", "100", "https://search.censys.io/hosts/8.138.6.165", "AS37963,C2,censys,Supershell", "0", "dyingbreeds_" "2025-06-20 04:00:20", "1547889", "45.141.233.66:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-21 10:58:16", "100", "https://search.censys.io/hosts/45.141.233.66", "AS214943,C2,censys,RAILNET", "0", "dyingbreeds_" "2025-06-20 04:00:14", "1547888", "3.27.66.78:8001", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-21 10:57:41", "100", "https://search.censys.io/hosts/3.27.66.78", "AMAZON-02,AS16509,C2,censys", "0", "dyingbreeds_" "2025-06-20 04:00:07", "1547887", "47.103.139.72:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-21 10:58:25", "100", "https://search.censys.io/hosts/47.103.139.72", "AS37963,C2,censys", "0", "dyingbreeds_" "2025-06-20 02:57:10", "1547886", "81.68.225.205:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-21 10:59:19", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-06-20 02:57:06", "1547885", "8.155.0.238:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-21 10:59:13", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-06-20 02:53:00", "1547883", "c.testcs888.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-21 10:54:27", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-06-20 02:53:00", "1547884", "c2.moustartline.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-21 10:54:28", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-06-20 00:05:08", "1547877", "45.141.233.67:443", "ip:port", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "90", "None", "latrodectus", "0", "Rony" "2025-06-20 00:03:19", "1547875", "86.106.85.206:43211", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "", "100", "https://search.censys.io/hosts/86.106.85.206", "AdaptixC2,AS9009,C2,censys,M247", "0", "DonPasci" "2025-06-20 00:03:19", "1547876", "v361422.hosted-by-vdsina.com", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://search.censys.io/hosts/91.84.109.91+v361422.hosted-by-vdsina.com", "Amatera,AS216071,C2,censys,Panel,Stealer,VDSINA", "0", "DonPasci" "2025-06-20 00:03:18", "1547874", "217.28.130.34:10443", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "", "100", "https://search.censys.io/hosts/217.28.130.34", "AdaptixC2,AS56322,C2,censys,SERVERASTRA-AS", "0", "DonPasci" "2025-06-20 00:03:09", "1547873", "95.217.15.168:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-06-21 10:54:18", "100", "https://search.censys.io/hosts/95.217.15.168", "AS24940,censys,EvilGoPhish,HETZNER-AS,panel,Phishing", "0", "DonPasci" "2025-06-20 00:02:56", "1547872", "52.195.215.6:623", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-06-21 10:52:31", "100", "https://search.censys.io/hosts/52.195.215.6", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-06-20 00:02:53", "1547871", "159.65.129.249:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-06-21 10:46:02", "100", "https://search.censys.io/hosts/159.65.129.249", "AS14061,C2,censys,DIGITALOCEAN-ASN,Havoc", "0", "DonPasci" "2025-06-20 00:02:50", "1547870", "80.64.19.55:45051", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "2025-06-21 10:53:30", "100", "https://search.censys.io/hosts/80.64.19.55", "AS216341,C2,censys,Hookbot,OPTIMA-AS", "0", "DonPasci" "2025-06-20 00:02:49", "1547869", "212.83.148.39:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-06-20 04:00:44", "100", "https://search.censys.io/hosts/212.83.148.39", "AS12876,C2,censys,Mythic,Online", "0", "DonPasci" "2025-06-20 00:02:48", "1547867", "45.137.99.106:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-06-21 10:51:31", "100", "https://search.censys.io/hosts/45.137.99.106", "AS214209,C2,censys,INTERNET-MAGNATE,Mythic", "0", "DonPasci" "2025-06-20 00:02:48", "1547868", "102.117.170.175:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-06-21 10:43:09", "100", "https://search.censys.io/hosts/102.117.170.175", "AS23889,C2,censys,MauritiusTelecom,Mythic", "0", "DonPasci" "2025-06-20 00:02:43", "1547866", "18.183.72.243:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-06-21 10:47:29", "100", "https://search.censys.io/hosts/18.183.72.243", "AMAZON-02,AS16509,AsyncRAT,C2,censys,RAT", "0", "DonPasci" "2025-06-20 00:02:42", "1547865", "196.251.71.166:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-06-21 10:48:52", "100", "https://search.censys.io/hosts/196.251.71.166", "AS401120,AsyncRAT,C2,censys,CHEAPY-HOST,RAT", "0", "DonPasci" "2025-06-20 00:02:41", "1547864", "118.195.137.135:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-06-20 04:00:30", "100", "https://search.censys.io/hosts/118.195.137.135", "AS45090,C2,censys,Supershell,TENCENT-NET-AP", "0", "DonPasci" "2025-06-20 00:02:28", "1547863", "62.60.226.198:40102", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-06-21 10:52:49", "100", "https://search.censys.io/hosts/62.60.226.198", "AS214351,C2,censys,FEMOIT,RAT,Remcos", "0", "DonPasci" "2025-06-20 00:02:27", "1547862", "147.135.215.25:2407", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-06-21 10:45:17", "100", "https://search.censys.io/hosts/147.135.215.25", "AS16276,C2,censys,OVH,RAT,Remcos", "0", "DonPasci" "2025-06-20 00:02:25", "1547861", "78.187.29.22:81", "ip:port", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "2025-06-20 04:00:23", "100", "https://search.censys.io/hosts/78.187.29.22", "AS9121,C2,censys,DarkComet,RAT,TTNET", "0", "DonPasci" "2025-06-20 00:02:11", "1547860", "74.119.193.204:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-20 04:00:13", "100", "https://search.censys.io/hosts/74.119.193.204", "AS44477,C2,censys,CobaltStrike,cs-watermark-1234567890,PQHOSTING", "0", "DonPasci" "2025-06-20 00:02:10", "1547858", "45.141.233.66:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-21 10:58:16", "100", "https://search.censys.io/hosts/45.141.233.66", "AS214943,C2,censys,CobaltStrike,cs-watermark-666666666,RAILNET", "0", "DonPasci" "2025-06-20 00:02:10", "1547859", "45.141.233.66:2087", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-21 10:58:15", "100", "https://search.censys.io/hosts/45.141.233.66", "AS214943,C2,censys,CobaltStrike,cs-watermark-666666666,RAILNET", "0", "DonPasci" "2025-06-20 00:02:07", "1547857", "8.137.98.198:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-20 06:02:48", "100", "https://search.censys.io/hosts/8.137.98.198", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-100000", "0", "DonPasci" "2025-06-19 22:55:21", "1547852", "http://cd41415.tw1.ru/L1nc0In.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat,RAT", "0", "abuse_ch" "2025-06-19 22:54:27", "1547850", "www.uyghur.eu.org", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-21 10:54:54", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-06-19 22:53:57", "1547849", "8xney90cqcr5m.cfc-execute.su.baidubce.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-21 10:54:24", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-06-19 22:15:34", "1547845", "110.40.185.134:9999", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "None", "Meterpreter", "0", "abuse_ch" "2025-06-19 21:35:13", "1547840", "116.203.56.216:4444", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://tria.ge/250619-xnzhnagq9z", "AS24940,AsyncRAT,c2,HETZNER-AS,RAT", "0", "DonPasci" "2025-06-19 21:35:12", "1547839", "116.203.56.216:6186", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://tria.ge/250619-xnzhnagq9z", "AS24940,AsyncRAT,c2,HETZNER-AS,RAT", "0", "DonPasci" "2025-06-19 21:29:27", "1547838", "121.37.133.241:8887", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://tria.ge/250619-yka7bsxxby", "AS55990,c2,cobaltstrike,cs-watermark-305419896,HWCSNET", "0", "DonPasci" "2025-06-19 21:26:56", "1547837", "sleach.zapto.org", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://tria.ge/250619-ylwjnabl61", "c2,domain,Quasar,RAT", "0", "DonPasci" "2025-06-19 21:24:41", "1547836", "nyzzrat-64271.portmap.io", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://tria.ge/250619-yn8l1abm3w", "c2,domain,Quasar,RAT", "0", "DonPasci" "2025-06-19 21:20:25", "1547832", "45.144.50.37:221", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "None", "NjRAT", "0", "abuse_ch" "2025-06-19 21:13:17", "1547830", "catherinekey1965-40831.portmap.io", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://tria.ge/250619-y8ngkazmy3", "c2,domain,Quasar,RAT", "0", "DonPasci" "2025-06-19 21:11:23", "1547829", "finix.newsnewth365.com", "domain", "botnet_cc", "win.poshc2", "None", "PoshC2", "", "100", "https://tria.ge/250619-zawkysbr3v/behavioral1", "c2,domain,Posh", "0", "DonPasci" "2025-06-19 21:08:38", "1547828", "mygokerman.casacam.net", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "https://tria.ge/250619-zlkylafk2t", "c2,domain,NjRAT", "0", "DonPasci" "2025-06-19 21:07:12", "1547821", "wedbest02.ddns.net", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/250619-zpynvsx1b1", "c2,domain,RAT,remcos", "0", "DonPasci" "2025-06-19 21:07:12", "1547822", "wedbest001.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/250619-zpynvsx1b1", "c2,domain,RAT,remcos", "0", "DonPasci" "2025-06-19 21:07:12", "1547823", "wedbest002.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/250619-zpynvsx1b1", "c2,domain,RAT,remcos", "0", "DonPasci" "2025-06-19 21:07:12", "1547824", "wedbest004.kozow.com", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/250619-zpynvsx1b1", "c2,domain,RAT,remcos", "0", "DonPasci" "2025-06-19 21:07:12", "1547825", "wedbest004.camdvr.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/250619-zpynvsx1b1", "c2,domain,RAT,remcos", "0", "DonPasci" "2025-06-19 21:07:12", "1547826", "wedbest012.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/250619-zpynvsx1b1", "c2,domain,RAT,remcos", "0", "DonPasci" "2025-06-19 21:07:12", "1547827", "wedbest021.zapto.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/250619-zpynvsx1b1", "c2,domain,RAT,remcos", "0", "DonPasci" "2025-06-19 21:01:04", "1547820", "91.84.109.91:443", "ip:port", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://search.censys.io/hosts/91.84.109.91", "Amatera,AS216071,C2,censys,Panel,Stealer,VDSINA", "0", "DonPasci" "2025-06-19 21:01:03", "1547819", "amaprox.icu", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://search.censys.io/hosts/194.48.248.57+amaprox.icu", "ALEXHOST,Amatera,AS200019,C2,censys,Panel,Stealer", "0", "DonPasci" "2025-06-19 21:00:42", "1547818", "106.54.206.169:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-06-21 10:43:29", "100", "https://search.censys.io/hosts/106.54.206.169", "AS45090,C2,censys,Havoc,TENCENT-NET-AP", "0", "DonPasci" "2025-06-19 21:00:35", "1547817", "134.199.192.237:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-06-21 10:44:39", "100", "https://search.censys.io/hosts/134.199.192.237", "AS14061,AsyncRAT,C2,censys,DIGITALOCEAN-ASN,RAT", "0", "DonPasci" "2025-06-19 21:00:22", "1547816", "147.135.215.25:443", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-06-21 10:45:17", "100", "https://search.censys.io/hosts/147.135.215.25", "AS16276,C2,censys,OVH,RAT,Remcos", "0", "DonPasci" "2025-06-19 21:00:21", "1547814", "194.156.79.202:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-06-21 10:48:33", "100", "https://search.censys.io/hosts/194.156.79.202", "AS-SERVERION,AS399471,C2,censys,RAT,Remcos", "0", "DonPasci" "2025-06-19 21:00:21", "1547815", "196.251.83.186:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-06-21 10:48:56", "100", "https://search.censys.io/hosts/196.251.83.186", "AS401120,C2,censys,CHEAPY-HOST,RAT,Remcos", "0", "DonPasci" "2025-06-19 21:00:08", "1547813", "39.106.20.109:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-20 06:01:38", "100", "https://search.censys.io/hosts/39.106.20.109", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-1234567890", "0", "DonPasci" "2025-06-19 20:53:23", "1547812", "70.31.125.208:2078", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "2025-06-21 10:53:04", "75", "None", "drb-ra,Qakbot,Qbot,Quakbot", "0", "abuse_ch" "2025-06-19 20:51:31", "1547811", "41.62.166.38:443", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "2025-06-21 10:51:19", "75", "None", "drb-ra,Qakbot,Qbot,Quakbot", "0", "abuse_ch" "2025-06-19 20:48:28", "1547810", "189.146.167.13:995", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "2025-06-21 10:48:10", "75", "None", "drb-ra,Qakbot,Qbot,Quakbot", "0", "abuse_ch" "2025-06-19 20:10:22", "1547809", "http://730294cm.nyashvibe.ru/eternalgeogamesqlPubliccdnDownloads.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat,RAT", "0", "abuse_ch" "2025-06-19 20:03:24", "1547808", "104.37.175.249:8888", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://search.censys.io/hosts/104.37.175.249", "AS396073,C2,censys,cert,MAJESTIC-HOSTING-01,rhadamanthys,stealer", "0", "DonPasci" "2025-06-19 20:03:22", "1547807", "154.93.37.96:8443", "ip:port", "botnet_cc", "win.bianlian", "None", "BianLian", "2025-06-21 10:45:45", "100", "https://search.censys.io/hosts/154.93.37.96", "AS138915,BianLian,C2,censys,KAOPU-HK", "0", "DonPasci" "2025-06-19 20:03:21", "1547806", "54.250.175.201:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/54.250.175.201", "AMAZON-02,AS16509,C2,censys,CobaltStrike,open-dir", "0", "DonPasci" "2025-06-19 20:03:15", "1547805", "49.13.163.25:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2025-06-21 10:52:13", "100", "https://search.censys.io/hosts/49.13.163.25", "AdaptixC2,AS24940,C2,censys,HETZNER-AS", "0", "DonPasci" "2025-06-19 20:02:59", "1547804", "45.142.115.211:808", "ip:port", "botnet_cc", "elf.kaiji", "None", "Kaiji", "2025-06-20 04:01:11", "100", "https://search.censys.io/hosts/45.142.115.211", "AS44486,C2,censys,SYNLINQ", "0", "DonPasci" "2025-06-19 20:02:52", "1547802", "18.101.186.216:21304", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-06-21 10:47:24", "100", "https://search.censys.io/hosts/18.101.186.216", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-06-19 20:02:52", "1547803", "43.198.90.225:8159", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-06-21 10:51:26", "100", "https://search.censys.io/hosts/43.198.90.225", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-06-19 20:02:47", "1547801", "146.120.163.132:1194", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-06-20 04:00:48", "100", "https://search.censys.io/hosts/146.120.163.132", "AS60754,C2,censys,DIANET-NET,Quasar,RAT", "0", "DonPasci" "2025-06-19 20:02:46", "1547800", "185.196.10.242:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-06-21 10:47:46", "100", "https://search.censys.io/hosts/185.196.10.242", "AS42624,C2,censys,Mythic,SWISSNETWORK02", "0", "DonPasci" "2025-06-19 20:02:40", "1547798", "103.190.107.26:2222", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-06-21 10:43:15", "100", "https://search.censys.io/hosts/103.190.107.26", "AS140815,AsyncRAT,C2,censys,HTTVSERVER-VN,RAT", "0", "DonPasci" "2025-06-19 20:02:40", "1547799", "104.219.234.42:8088", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-06-21 10:43:22", "100", "https://search.censys.io/hosts/104.219.234.42", "AS27176,AsyncRAT,C2,censys,DATAWAGON,RAT", "0", "DonPasci" "2025-06-19 20:02:29", "1547797", "172.206.63.243:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-06-21 10:46:42", "100", "https://search.censys.io/hosts/172.206.63.243", "AS8075,C2,censys,MICROSOFT-CORP-MSN-AS-BLOCK,Sliver", "0", "DonPasci" "2025-06-19 20:02:26", "1547796", "93.152.217.141:60000", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-06-21 10:54:07", "100", "https://search.censys.io/hosts/93.152.217.141", "AS215540,C2,censys,GCS-AS,RAT,Remcos", "0", "DonPasci" "2025-06-19 20:02:25", "1547795", "196.251.84.157:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-06-21 10:48:57", "100", "https://search.censys.io/hosts/196.251.84.157", "AS401120,C2,censys,CHEAPY-HOST,RAT,Remcos", "0", "DonPasci" "2025-06-19 20:02:09", "1547794", "112.124.39.205:18443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-21 10:55:36", "100", "https://search.censys.io/hosts/112.124.39.205", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci" "2025-06-19 20:02:08", "1547793", "43.159.52.193:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-21 10:58:10", "100", "https://search.censys.io/hosts/43.159.52.193", "AS132203,C2,censys,CobaltStrike,cs-watermark-666666666,TENCENT-NET-AP-CN", "0", "DonPasci" "2025-06-19 20:02:06", "1547792", "38.54.27.93:88", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-21 10:57:48", "100", "https://search.censys.io/hosts/38.54.27.93", "AS138915,C2,censys,CobaltStrike,cs-watermark-100000,KAOPU-HK", "0", "DonPasci" "2025-06-19 20:02:05", "1547791", "47.108.162.213:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-21 10:58:27", "100", "https://search.censys.io/hosts/47.108.162.213", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-06-19 19:40:13", "1547790", "nmsl.onen.site", "domain", "botnet_cc", "elf.moobot", "None", "MooBot", "2025-06-19 19:40:13", "100", "https://bazaar.abuse.ch/sample/b0b3f18e27da4b15829af6b95e3273b1f109b2543114c20fec97e631cab8c580/", "MooBot", "0", "abuse_ch" "2025-06-19 19:38:38", "1547789", "31.56.39.249:666", "ip:port", "botnet_cc", "elf.bashlite", "gayfgt,Gafgyt,qbot,torlus,lizkebab", "Bashlite", "", "75", "https://bazaar.abuse.ch/sample/de97fde9a260e65b54d74980caad05089ed7fbef1c90db518c6f25eb4d755682/", "Gafgyt", "0", "abuse_ch" "2025-06-19 19:34:31", "1547777", "aave-crypto.com", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "None", "c2,LummaStealer", "0", "PUNISHERD" "2025-06-19 19:34:30", "1547770", "baseswap-new.typedream.app", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "None", "c2,LummaStealer", "0", "PUNISHERD" "2025-06-19 19:34:29", "1547738", "swedrent.com", "domain", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "", "Kongtuke", "0", "rmceoin" "2025-06-19 19:34:28", "1547761", "https://verifintcon.com/1.txt", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "", "None", "0", "Or1onS3c" "2025-06-19 19:34:28", "1547762", "https://verifintcon.com/zk5hTlHc.txt", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "", "None", "0", "Or1onS3c" "2025-06-19 19:34:17", "1547786", "b1.gawkheading.lat", "domain", "botnet_cc", "win.acr_stealer", "None", "ACR Stealer", "", "100", "https://bazaar.abuse.ch/sample/b26a5ee987461beab66a64d82ef48d37ad75e9108938d71f553003199cc12c28/", "ACRStealer", "0", "aachum" "2025-06-19 18:21:30", "1547788", "talktuahthehand-42154.portmap.io", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://tria.ge/250619-wjh5fawyaz", "c2,domain,Quasar,RAT", "0", "DonPasci" "2025-06-19 18:14:22", "1547787", "behind-welcome.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250619-ctvrfazly9", "c2,domain,xworm", "0", "DonPasci" "2025-06-19 17:51:39", "1547785", "source-determination.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250618-zjk6ksxlz7", "c2,domain,xworm", "0", "DonPasci" "2025-06-19 17:50:51", "1547784", "calendar-background.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250619-g2sn9szvbw", "c2,domain,xworm", "0", "DonPasci" "2025-06-19 17:49:02", "1547783", "fat-changes.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250619-nzl72afp9s", "c2,domain,xworm", "0", "DonPasci" "2025-06-19 17:48:25", "1547782", "other-mins.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250619-p2a38aszht", "c2,domain,xworm", "0", "DonPasci" "2025-06-19 17:46:52", "1547768", "185.175.58.109:7000", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250619-sf1crsel9s", "AS63473,c2,HOSTHATCH,xworm", "0", "DonPasci" "2025-06-19 17:45:49", "1547767", "kalitest.ddns.net", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250619-sf1crsel9s", "c2,domain,xworm", "0", "DonPasci" "2025-06-19 17:00:38", "1547760", "147.185.221.27:28466", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "None", "NjRAT", "0", "abuse_ch" "2025-06-19 16:56:10", "1547759", "doc.sougou365.online", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-21 10:54:32", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-06-19 16:03:48", "1547758", "192.153.57.17:6441", "ip:port", "botnet_cc", "win.bianlian", "None", "BianLian", "2025-06-21 10:48:16", "100", "https://search.censys.io/hosts/192.153.57.17", "AS399629,BianLian,BLNWX,C2,censys", "0", "DonPasci" "2025-06-19 16:03:42", "1547757", "141.164.44.177:36580", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "", "100", "https://search.censys.io/hosts/141.164.44.177", "AdaptixC2,AS-VULTR,AS20473,C2,censys", "0", "DonPasci" "2025-06-19 16:03:30", "1547756", "www.domainup6l9.xyz", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2025-06-20 04:01:13", "100", "https://search.censys.io/hosts/203.161.45.11+www.domainup6l9.xyz", "AS22612,C2,censys,NAMECHEAP-NET,panel,Unam", "0", "DonPasci" "2025-06-19 16:03:20", "1547755", "172.86.109.207:61243", "ip:port", "botnet_cc", "win.crimson", "SEEDOOR,Scarimson", "Crimson RAT", "", "100", "https://search.censys.io/hosts/172.86.109.207", "AS14956,C2,censys,Crimson,RAT,ROUTERHOSTING", "0", "DonPasci" "2025-06-19 16:03:18", "1547754", "15.223.185.231:1807", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-06-21 10:45:25", "100", "https://search.censys.io/hosts/15.223.185.231", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-06-19 16:03:16", "1547753", "107.150.0.29:6696", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2025-06-20 04:01:01", "100", "https://search.censys.io/hosts/107.150.0.29", "AS214943,C2,censys,DcRAT,RAILNET,RAT", "0", "DonPasci" "2025-06-19 16:03:13", "1547752", "175.178.85.21:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-06-21 10:46:59", "100", "https://search.censys.io/hosts/175.178.85.21", "AS45090,C2,censys,Havoc,TENCENT-NET-AP", "0", "DonPasci" "2025-06-19 16:02:49", "1547750", "34.72.186.101:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-06-21 10:50:39", "100", "https://search.censys.io/hosts/34.72.186.101", "AS396982,C2,censys,GOOGLE-CLOUD-PLATFORM,Mythic", "0", "DonPasci" "2025-06-19 16:02:49", "1547751", "165.22.72.249:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-06-21 10:46:25", "100", "https://search.censys.io/hosts/165.22.72.249", "AS14061,C2,censys,DIGITALOCEAN-ASN,Mythic", "0", "DonPasci" "2025-06-19 16:02:48", "1547749", "46.30.188.236:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-06-21 10:52:01", "100", "https://search.censys.io/hosts/46.30.188.236", "AS199959,C2,censys,CROWNCLOUD,Mythic", "0", "DonPasci" "2025-06-19 16:02:45", "1547747", "172.232.15.18:9000", "ip:port", "botnet_cc", "win.sectop_rat", "1xxbot,ArechClient", "SectopRAT", "", "100", "https://search.censys.io/hosts/172.232.15.18", "AKAMAI-LINODE-AP,AS63949,C2,censys,RAT,Sectop", "0", "DonPasci" "2025-06-19 16:02:45", "1547748", "172.105.135.22:9000", "ip:port", "botnet_cc", "win.sectop_rat", "1xxbot,ArechClient", "SectopRAT", "", "100", "https://search.censys.io/hosts/172.105.135.22", "AKAMAI-LINODE-AP,AS63949,C2,censys,RAT,Sectop", "0", "DonPasci" "2025-06-19 16:02:42", "1547745", "128.90.106.71:5000", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-06-21 10:44:25", "100", "https://search.censys.io/hosts/128.90.106.71", "AS40861,AsyncRAT,C2,censys,PARAD-40-ASN,RAT", "0", "DonPasci" "2025-06-19 16:02:42", "1547746", "81.10.39.58:8881", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-06-21 10:53:31", "100", "https://search.censys.io/hosts/81.10.39.58", "AS8452,AsyncRAT,C2,censys,RAT,TE-AS", "0", "DonPasci" "2025-06-19 16:02:23", "1547744", "217.112.13.211:2222", "ip:port", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "2025-06-20 04:00:23", "100", "https://search.censys.io/hosts/217.112.13.211", "AS12714,C2,censys,DarkComet,MEGAFON-AS,RAT", "0", "DonPasci" "2025-06-19 16:02:10", "1547743", "81.69.42.184:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-21 10:59:19", "100", "https://search.censys.io/hosts/81.69.42.184", "AS45090,C2,censys,CobaltStrike,cs-watermark-305419896,TENCENT-NET-AP", "0", "DonPasci" "2025-06-19 16:02:08", "1547742", "45.141.233.66:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-21 10:58:16", "100", "https://search.censys.io/hosts/45.141.233.66", "AS214943,C2,censys,CobaltStrike,cs-watermark-666666666,RAILNET", "0", "DonPasci" "2025-06-19 16:02:06", "1547741", "38.54.27.93:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-21 10:57:47", "100", "https://search.censys.io/hosts/38.54.27.93", "AS138915,C2,censys,CobaltStrike,cs-watermark-100000,KAOPU-HK", "0", "DonPasci" "2025-06-19 16:02:04", "1547740", "1.94.243.114:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-21 10:55:00", "100", "https://search.censys.io/hosts/1.94.243.114", "AS55990,C2,censys,CobaltStrike,cs-watermark-987654321,HWCSNET", "0", "DonPasci" "2025-06-19 16:01:56", "1547739", "45.141.233.208:443", "ip:port", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "90", "None", "latrodectus", "0", "Rony" "2025-06-19 14:15:42", "1547737", "http://188.208.103.26/bigload8Providertemporary/0update/VoiddbDefaulthttpProcessor/1Secure/apiLongpollexternalImage/ProviderImagephpJsApiDbFlowerPublic.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat,RAT", "0", "abuse_ch" "2025-06-19 14:10:41", "1547736", "192.142.10.143:4444", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "None", "RAT,RemcosRAT", "0", "abuse_ch" "2025-06-19 13:53:08", "1547734", "147.124.215.110:54833", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots" "2025-06-19 13:53:08", "1547735", "216.9.225.163:24000", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots" "2025-06-19 13:52:49", "1547733", "sleach.dns.army", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "50", "", "c2,njrat", "0", "juroots" "2025-06-19 13:50:14", "1547732", "92.205.129.119:3011", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "50", "https://www.shodan.io/host/92.205.129.119#3011", "c2,netsupport,shodan", "0", "juroots" "2025-06-19 13:49:57", "1547731", "124.223.50.226:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/124.223.50.226#31337", "c2,shodan,sliver", "0", "juroots" "2025-06-19 13:49:42", "1547730", "13.211.134.20:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/13.211.134.20#443", "c2,cobaltstrike,shodan", "0", "juroots" "2025-06-19 13:49:39", "1547729", "74.48.140.101:88", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/74.48.140.101#88", "c2,cobaltstrike,cs-watermark-987654321,shodan", "0", "juroots" "2025-06-19 13:20:33", "1547728", "103.42.30.29:8090", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "None", "RAT,ValleyRAT", "0", "abuse_ch" "2025-06-19 13:19:12", "1547718", "www.stirngo.com", "domain", "botnet_cc", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "2025-06-19 13:15:38", "100", "https://infosec.exchange/@monitorsg/114710198570959381", "SocGholish", "0", "monitorsg" "2025-06-19 13:19:11", "1547719", "https://www.stirngo.com/ajaxAction", "url", "botnet_cc", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "None", "fakeupdates,SocGholish", "0", "pancak3lullz" "2025-06-19 13:19:11", "1547720", "166.88.159.146:443", "ip:port", "botnet_cc", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "2025-06-20 21:17:59", "100", "None", "fakeupdates,SocGholish", "0", "pancak3lullz" "2025-06-19 13:16:30", "1547727", "89.248.173.136:8848", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "https://bazaar.abuse.ch/sample/9f8de3fc9db08620ba81ba0aab78c304aa2df19942400503e74d2d9e7b2083aa/", "asyncrat", "0", "abuse_ch" "2025-06-19 13:16:21", "1547726", "https://spjeo.xyz/axka/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/d12c6a2dbf618063039432815686e27fa1b8fe2e09f31f72732612397fa838fd/", "lumma", "0", "abuse_ch" "2025-06-19 13:16:20", "1547725", "https://skjgx.xyz/riuw/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/d12c6a2dbf618063039432815686e27fa1b8fe2e09f31f72732612397fa838fd/", "lumma", "0", "abuse_ch" "2025-06-19 13:16:19", "1547724", "https://shaeb.xyz/ikxz/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/d12c6a2dbf618063039432815686e27fa1b8fe2e09f31f72732612397fa838fd/", "lumma", "0", "abuse_ch" "2025-06-19 13:16:16", "1547723", "https://ropyi.xyz/zadf/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/d12c6a2dbf618063039432815686e27fa1b8fe2e09f31f72732612397fa838fd/", "lumma", "0", "abuse_ch" "2025-06-19 13:16:04", "1547722", "https://gewgb.xyz/axgh/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/d12c6a2dbf618063039432815686e27fa1b8fe2e09f31f72732612397fa838fd/", "lumma", "0", "abuse_ch" "2025-06-19 13:16:03", "1547721", "https://firddy.xyz/yhbc/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/d12c6a2dbf618063039432815686e27fa1b8fe2e09f31f72732612397fa838fd/", "lumma", "0", "abuse_ch" "2025-06-19 13:03:18", "1547717", "lumma-market.ru", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "50", "", "c2,lumma", "0", "juroots" "2025-06-19 13:03:17", "1547716", "reexmv.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-06-19 13:03:18", "50", "", "c2,lumma", "0", "juroots" "2025-06-19 12:46:59", "1547715", "http://194.38.21.76/diamo/post.php", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://x.com/ShanHolo/status/1935593986535940322", "DiamotrixStealer", "0", "abuse_ch" "2025-06-19 12:45:39", "1547713", "75.15.140.9:443", "ip:port", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "50", "", "c2,lumma", "0", "juroots" "2025-06-19 12:45:39", "1547714", "75.15.140.9:80", "ip:port", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "50", "", "c2,lumma", "0", "juroots" "2025-06-19 12:45:32", "1547712", "119.28.6.84:5555", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "None", "RAT,ValleyRAT", "0", "abuse_ch" "2025-06-19 12:43:08", "1547711", "196.251.115.252:43366", "ip:port", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "75", "https://x.com/SarlackLab/status/1935568564276126103", "NanoCore,RAT", "0", "abuse_ch" "2025-06-19 12:19:04", "1547663", "macxapp.org", "domain", "payload_delivery", "osx.amos", "Atomic macOS Stealer", "AMOS", "", "75", "", "amos", "0", "solostalking" "2025-06-19 12:19:03", "1547664", "cryptonews-info.com", "domain", "payload_delivery", "osx.amos", "Atomic macOS Stealer", "AMOS", "", "75", "", "amos", "0", "solostalking" "2025-06-19 12:19:03", "1547665", "gewgb.xyz", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-06-19 13:03:14", "100", "None", "c2,Lumma,Lumma Stealer,LummaStealer", "0", "pancak3lullz" "2025-06-19 12:19:02", "1547666", "skjgx.xyz", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-06-19 13:03:18", "100", "None", "c2,Lumma,Lumma Stealer,LummaStealer", "0", "pancak3lullz" "2025-06-19 12:19:01", "1547667", "ropyi.xyz", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-06-19 13:03:14", "100", "None", "c2,Lumma,Lumma Stealer,LummaStealer", "0", "pancak3lullz" "2025-06-19 12:19:00", "1547668", "spjeo.xyz", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-06-19 13:03:14", "100", "None", "c2,Lumma,Lumma Stealer,LummaStealer", "0", "pancak3lullz" "2025-06-19 12:19:00", "1547682", "66.63.187.153:443", "ip:port", "botnet_cc", "win.socks5_systemz", "None", "Socks5 Systemz", "", "75", "https://tria.ge/250619-ncp1eatpx7/behavioral1", "Socks5Systemz", "0", "aachum" "2025-06-19 12:18:59", "1547683", "172.245.123.11:53278", "ip:port", "botnet_cc", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "75", "https://app.any.run/tasks/ec7625df-b383-4cd5-bba9-dc098c6a82ee", "None", "0", "pitachu" "2025-06-19 12:18:58", "1547684", "172.245.123.11:21", "ip:port", "botnet_cc", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "75", "https://app.any.run/tasks/ec7625df-b383-4cd5-bba9-dc098c6a82ee", "None", "0", "pitachu" "2025-06-19 12:18:58", "1547685", "https://172.245.123.11/new/F.exe", "url", "payload_delivery", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "100", "", "None", "0", "pitachu" "2025-06-19 12:18:58", "1547686", "https://172.245.123.11/new/FJF65.zip", "url", "payload_delivery", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "50", "", "None", "0", "pitachu" "2025-06-19 12:18:57", "1547687", "45.80.158.130:4782", "ip:port", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "75", "https://app.any.run/tasks/1be396d1-e22f-4c77-953a-c1ab47708872", "None", "0", "pitachu" "2025-06-19 12:18:57", "1547688", "https://172.245.123.11/new/NEWPT.exe", "url", "payload_delivery", "win.stealerium", "None", "Stealerium", "", "100", "", "None", "0", "pitachu" "2025-06-19 12:03:10", "1547710", "94.26.90.79:8080", "ip:port", "botnet_cc", "elf.moobot", "None", "MooBot", "2025-06-20 04:01:12", "100", "https://search.censys.io/hosts/94.26.90.79", "AS214943,C2,censys,moobot,RAILNET", "0", "DonPasci" "2025-06-19 12:02:59", "1547709", "3.9.19.33:2079", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-06-21 10:50:26", "100", "https://search.censys.io/hosts/3.9.19.33", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-06-19 12:02:58", "1547707", "15.237.196.169:20548", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-06-21 10:45:27", "100", "https://search.censys.io/hosts/15.237.196.169", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-06-19 12:02:58", "1547708", "3.9.19.33:179", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-06-21 10:50:25", "100", "https://search.censys.io/hosts/3.9.19.33", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-06-19 12:02:54", "1547705", "accounts.accountsgooogle.loginlivemiscrosoftonline.duckdns.org", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-06-20 04:00:49", "100", "https://search.censys.io/hosts/185.25.50.107+accounts.accountsgooogle.loginlivemiscrosoftonline.duckdns.org", "AS61272,C2,censys,Havoc,IST-AS", "0", "DonPasci" "2025-06-19 12:02:54", "1547706", "myaccount.google.loginlivemiscrosoftonline.duckdns.org", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-06-20 04:00:50", "100", "https://search.censys.io/hosts/185.25.50.107+myaccount.google.loginlivemiscrosoftonline.duckdns.org", "AS61272,C2,censys,Havoc,IST-AS", "0", "DonPasci" "2025-06-19 12:02:45", "1547704", "128.90.106.71:2000", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-06-21 10:44:24", "100", "https://search.censys.io/hosts/128.90.106.71", "AS40861,AsyncRAT,C2,censys,PARAD-40-ASN,RAT", "0", "DonPasci" "2025-06-19 12:02:44", "1547703", "49.113.76.115:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-06-20 04:00:31", "100", "https://search.censys.io/hosts/49.113.76.115", "AS4134,C2,censys,CHINANET-BACKBONE,Supershell", "0", "DonPasci" "2025-06-19 12:02:33", "1547702", "185.208.158.168:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-06-21 10:47:51", "100", "https://search.censys.io/hosts/185.208.158.168", "AS42624,C2,censys,Sliver,SWISSNETWORK02", "0", "DonPasci" "2025-06-19 12:02:30", "1547701", "62.60.226.198:40101", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-06-21 10:52:49", "100", "https://search.censys.io/hosts/62.60.226.198", "AS214351,C2,censys,FEMOIT,RAT,Remcos", "0", "DonPasci" "2025-06-19 12:02:29", "1547699", "172.111.244.106:37830", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-06-21 10:46:38", "100", "https://search.censys.io/hosts/172.111.244.106", "AS9009,C2,censys,M247,RAT,Remcos", "0", "DonPasci" "2025-06-19 12:02:29", "1547700", "196.251.66.55:5000", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-06-21 10:48:49", "100", "https://search.censys.io/hosts/196.251.66.55", "AS401116,C2,censys,NYBULA,RAT,Remcos", "0", "DonPasci" "2025-06-19 12:02:28", "1547698", "95.216.114.227:2525", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-06-21 10:54:17", "100", "https://search.censys.io/hosts/95.216.114.227", "AS24940,C2,censys,HETZNER-AS,RAT,Remcos", "0", "DonPasci" "2025-06-19 12:02:27", "1547697", "196.251.118.204:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-06-21 10:48:48", "100", "https://search.censys.io/hosts/196.251.118.204", "AS401116,C2,censys,NYBULA,RAT,Remcos", "0", "DonPasci" "2025-06-19 12:02:26", "1547695", "152.42.181.21:6513", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-06-21 10:45:33", "100", "https://search.censys.io/hosts/152.42.181.21", "AS14061,C2,censys,DIGITALOCEAN-ASN,RAT,Remcos", "0", "DonPasci" "2025-06-19 12:02:26", "1547696", "148.251.20.79:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-06-21 10:45:20", "100", "https://search.censys.io/hosts/148.251.20.79", "AS24940,C2,censys,HETZNER-AS,RAT,Remcos", "0", "DonPasci" "2025-06-19 12:02:10", "1547694", "159.75.186.218:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-20 04:00:18", "100", "https://search.censys.io/hosts/159.75.186.218", "AS45090,C2,censys,CobaltStrike,cs-watermark-1234567890,TENCENT-NET-AP", "0", "DonPasci" "2025-06-19 12:02:09", "1547693", "101.42.239.131:2096", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-21 10:55:15", "100", "https://search.censys.io/hosts/101.42.239.131", "AS45090,C2,censys,CobaltStrike,cs-watermark-666666666,TENCENT-NET-AP", "0", "DonPasci" "2025-06-19 12:02:08", "1547692", "66.181.36.161:8081", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-20 06:01:34", "100", "https://search.censys.io/hosts/66.181.36.161", "AS64236,C2,censys,CobaltStrike,cs-watermark-666666666,UNREAL-SERVERS", "0", "DonPasci" "2025-06-19 12:02:05", "1547691", "47.116.197.65:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-21 10:58:35", "100", "https://search.censys.io/hosts/47.116.197.65", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-391144938", "0", "DonPasci" "2025-06-19 12:02:03", "1547689", "3.27.66.78:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-20 04:00:14", "100", "https://search.censys.io/hosts/3.27.66.78", "AMAZON-02,AS16509,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-06-19 12:02:03", "1547690", "3.27.66.78:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-06-20 04:00:14", "100", "https://search.censys.io/hosts/3.27.66.78", "AMAZON-02,AS16509,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" # Number of entries: 397