################################################################
# ThreatFox IOCs: recent domains - CSV format                  #
# Last updated: 2023-12-05 08:43:01 UTC                        #
#                                                              #
# Terms Of Use: https://threatfox.abuse.ch/faq/#tos            #
# For questions please contact threatfox [at] abuse.ch         #
################################################################
#
# "first_seen_utc","ioc_id","ioc_value","ioc_type","threat_type","fk_malware","malware_alias","malware_printable","last_seen_utc","confidence_level","reference","tags","anonymous","reporter"
"2023-12-05 08:43:01", "1210312", "d1lrw1z9ssp44c.cloudfront.net", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321,LIMENET", "0", "drb_ra"
"2023-12-05 08:42:31", "1210303", "www.goodljlagfhss.live", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "ALIBABA-CN-NET Alibaba US Technology Co. Ltd.,CobaltStrike,cs-watermark-391144938", "0", "drb_ra"
"2023-12-05 08:42:01", "1210300", "arbfile.azureedge.net", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-1615775949,DIGITALOCEAN-ASN", "0", "drb_ra"
"2023-12-05 06:18:12", "1209529", "ecox.pt", "domain", "botnet_cc", "win.cloudeye", "GuLoader,vbdropper", "CloudEyE", "", "100", "", "None", "0", "NIXLovesCooper"
"2023-12-05 06:18:11", "1209550", "googlecloudstream.com", "domain", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "", "SocGholish", "0", "threatcat_ch"
"2023-12-05 05:41:00", "1210234", "pool-108-51-80-70.washdc.fios.verizon.net", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "100", "https://search.censys.io/hosts/108.51.80.70+pool-108-51-80-70.washdc.fios.verizon.net", "C2,censys,UUNET", "0", "thehappydinoa"
"2023-12-05 05:40:56", "1210230", "ec2-3-129-208-252.us-east-2.compute.amazonaws.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://search.censys.io/hosts/3.129.208.252+ec2-3-129-208-252.us-east-2.compute.amazonaws.com", "AMAZON-02,C2,censys,RAT", "0", "thehappydinoa"
"2023-12-05 05:40:54", "1210228", "vmi1527355.contaboserver.net", "domain", "botnet_cc", "apk.hook", "None", "Hook", "", "100", "https://search.censys.io/hosts/158.220.117.55+vmi1527355.contaboserver.net", "C2,censys,CONTABO", "0", "thehappydinoa"
"2023-12-05 05:40:53", "1210226", "cpanel.alvarezconstructionri.com", "domain", "botnet_cc", "apk.hook", "None", "Hook", "", "100", "https://search.censys.io/hosts/91.215.85.177+cpanel.alvarezconstructionri.com", "C2,censys,PROSPERO-AS", "0", "thehappydinoa"
"2023-12-05 05:40:53", "1210227", "git.koenig.software", "domain", "botnet_cc", "apk.hook", "None", "Hook", "", "100", "https://search.censys.io/hosts/89.163.255.130+git.koenig.software", "C2,censys", "0", "thehappydinoa"
"2023-12-05 05:40:52", "1210224", "www.agdetails.com", "domain", "botnet_cc", "apk.hook", "None", "Hook", "", "100", "https://search.censys.io/hosts/91.215.85.177+www.agdetails.com", "C2,censys,PROSPERO-AS", "0", "thehappydinoa"
"2023-12-05 05:40:52", "1210225", "www.webgouv.fr.89-163-255-130.plesk.page", "domain", "botnet_cc", "apk.hook", "None", "Hook", "", "100", "https://search.censys.io/hosts/89.163.255.130+www.webgouv.fr.89-163-255-130.plesk.page", "C2,censys", "0", "thehappydinoa"
"2023-12-05 05:40:51", "1210223", "usagers.antai.webgouv.fr.89-163-255-130.plesk.page", "domain", "botnet_cc", "apk.hook", "None", "Hook", "", "100", "https://search.censys.io/hosts/89.163.255.130+usagers.antai.webgouv.fr.89-163-255-130.plesk.page", "C2,censys", "0", "thehappydinoa"
"2023-12-05 05:40:50", "1210221", "www.alvarezconstructionri.com", "domain", "botnet_cc", "apk.hook", "None", "Hook", "", "100", "https://search.censys.io/hosts/91.215.85.177+www.alvarezconstructionri.com", "C2,censys,PROSPERO-AS", "0", "thehappydinoa"
"2023-12-05 05:40:41", "1210214", "mta1.candledmush.net", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/193.124.205.3+mta1.candledmush.net", "C2,censys,RAT", "0", "thehappydinoa"
"2023-12-04 23:19:35", "1210185", "darklight.website", "domain", "botnet_cc", "apk.irata", "None", "IRATA", "", "100", "https://www.joesandbox.com/analysis/1352646#iocs", "C2,IRATA", "0", "onecert_ir"
"2023-12-04 22:30:57", "1209625", "accounts.enscape3d.com", "domain", "botnet_cc", "elf.chaos", "None", "Chaos", "", "75", "https://search.censys.io/hosts/34.149.157.193+accounts.enscape3d.com", "C2,censys,GOOGLE-CLOUD-PLATFORM,RAT", "0", "thehappydinoa"
"2023-12-04 22:30:56", "1209623", "chaoscustomjewelry.joanecornellfinejewelry.com", "domain", "botnet_cc", "elf.chaos", "None", "Chaos", "", "75", "https://search.censys.io/hosts/50.87.178.116+chaoscustomjewelry.joanecornellfinejewelry.com", "C2,censys,RAT,UNIFIEDLAYER-AS-1", "0", "thehappydinoa"
"2023-12-04 22:30:56", "1209624", "accounts.chaos.com", "domain", "botnet_cc", "elf.chaos", "None", "Chaos", "", "75", "https://search.censys.io/hosts/35.241.43.115+accounts.chaos.com", "C2,censys,GOOGLE-CLOUD-PLATFORM,RAT", "0", "thehappydinoa"
"2023-12-04 22:30:55", "1209621", "accounts.corona-renderer.com", "domain", "botnet_cc", "elf.chaos", "None", "Chaos", "", "75", "https://search.censys.io/hosts/35.227.240.139+accounts.corona-renderer.com", "C2,censys,GOOGLE-CLOUD-PLATFORM,RAT", "0", "thehappydinoa"
"2023-12-04 22:30:55", "1209622", "chaos.build", "domain", "botnet_cc", "elf.chaos", "None", "Chaos", "", "75", "https://search.censys.io/hosts/76.76.21.21+chaos.build", "AMAZON-02,C2,censys,RAT", "0", "thehappydinoa"
"2023-12-04 22:30:54", "1209620", "rufatutor.com", "domain", "botnet_cc", "elf.chaos", "None", "Chaos", "", "75", "https://search.censys.io/hosts/192.0.78.25+rufatutor.com", "AUTOMATTIC,C2,censys,RAT", "0", "thehappydinoa"
"2023-12-04 22:30:52", "1209616", "www.chaoslabel.com", "domain", "botnet_cc", "elf.chaos", "None", "Chaos", "", "75", "https://search.censys.io/hosts/45.60.31.79+www.chaoslabel.com", "C2,censys,INCAPSULA,RAT", "0", "thehappydinoa"
"2023-12-04 22:30:52", "1209617", "chaoscard.com.br", "domain", "botnet_cc", "elf.chaos", "None", "Chaos", "", "75", "https://search.censys.io/hosts/76.76.21.21+chaoscard.com.br", "AMAZON-02,C2,censys,RAT", "0", "thehappydinoa"
"2023-12-04 22:30:51", "1209614", "chaos-market.com", "domain", "botnet_cc", "elf.chaos", "None", "Chaos", "", "75", "https://search.censys.io/hosts/23.227.38.67+chaos-market.com", "C2,censys,CLOUDFLARENET,RAT", "0", "thehappydinoa"
"2023-12-04 22:30:51", "1209615", "chaos.health.blog", "domain", "botnet_cc", "elf.chaos", "None", "Chaos", "", "75", "https://search.censys.io/hosts/192.0.78.31+chaos.health.blog", "AUTOMATTIC,C2,censys,RAT", "0", "thehappydinoa"
"2023-12-04 22:30:50", "1209612", "ec2-52-0-83-31.compute-1.amazonaws.com", "domain", "botnet_cc", "elf.chaos", "None", "Chaos", "", "75", "https://search.censys.io/hosts/52.0.83.31+ec2-52-0-83-31.compute-1.amazonaws.com", "AMAZON-AES,C2,censys,RAT", "0", "thehappydinoa"
"2023-12-04 22:30:50", "1209613", "www.jeff.top", "domain", "botnet_cc", "elf.chaos", "None", "Chaos", "", "75", "https://search.censys.io/hosts/185.199.109.153+www.jeff.top", "C2,censys,FASTLY,RAT", "0", "thehappydinoa"
"2023-12-04 22:30:49", "1209610", "chaosparfums.com", "domain", "botnet_cc", "elf.chaos", "None", "Chaos", "", "75", "https://search.censys.io/hosts/23.227.38.69+chaosparfums.com", "C2,censys,CLOUDFLARENET,RAT", "0", "thehappydinoa"
"2023-12-04 22:30:49", "1209611", "ec2-44-194-43-221.compute-1.amazonaws.com", "domain", "botnet_cc", "elf.chaos", "None", "Chaos", "", "75", "https://search.censys.io/hosts/44.194.43.221+ec2-44-194-43-221.compute-1.amazonaws.com", "AMAZON-AES,C2,censys,RAT", "0", "thehappydinoa"
"2023-12-04 22:30:48", "1209609", "shop.hexing.biz", "domain", "botnet_cc", "elf.chaos", "None", "Chaos", "", "75", "https://search.censys.io/hosts/23.227.38.74+shop.hexing.biz", "C2,censys,CLOUDFLARENET,RAT", "0", "thehappydinoa"
"2023-12-04 22:30:47", "1209606", "chaos.run", "domain", "botnet_cc", "elf.chaos", "None", "Chaos", "", "75", "https://search.censys.io/hosts/104.21.84.152+chaos.run", "C2,censys,CLOUDFLARENET,RAT", "0", "thehappydinoa"
"2023-12-04 22:30:47", "1209607", "chaosmade.org", "domain", "botnet_cc", "elf.chaos", "None", "Chaos", "", "75", "https://search.censys.io/hosts/20.52.34.113+chaosmade.org", "C2,censys,MICROSOFT-CORP-MSN-AS-BLOCK,RAT", "0", "thehappydinoa"
"2023-12-04 22:30:47", "1209608", "dyuri.horak.hu", "domain", "botnet_cc", "elf.chaos", "None", "Chaos", "", "75", "https://search.censys.io/hosts/84.236.1.121+dyuri.horak.hu", "C2,censys,DIGICABLE,RAT", "0", "thehappydinoa"
"2023-12-04 22:30:46", "1209604", "mail.antonysoehner.com", "domain", "botnet_cc", "elf.chaos", "None", "Chaos", "", "75", "https://search.censys.io/hosts/66.147.255.176+mail.antonysoehner.com", "C2,censys,RAT,UNIFIEDLAYER-AS-1", "0", "thehappydinoa"
"2023-12-04 22:30:46", "1209605", "aparnaashok.net", "domain", "botnet_cc", "elf.chaos", "None", "Chaos", "", "75", "https://search.censys.io/hosts/3.234.189.133+aparnaashok.net", "AMAZON-AES,C2,censys,RAT", "0", "thehappydinoa"
"2023-12-04 22:30:45", "1209603", "everythingischaos.com", "domain", "botnet_cc", "elf.chaos", "None", "Chaos", "", "75", "https://search.censys.io/hosts/172.67.166.10+everythingischaos.com", "C2,censys,CLOUDFLARENET,RAT", "0", "thehappydinoa"
"2023-12-04 22:30:44", "1209601", "mail.chaoscustomjewelry.com", "domain", "botnet_cc", "elf.chaos", "None", "Chaos", "", "75", "https://search.censys.io/hosts/50.87.178.116+mail.chaoscustomjewelry.com", "C2,censys,RAT,UNIFIEDLAYER-AS-1", "0", "thehappydinoa"
"2023-12-04 22:30:43", "1209598", "chaos.aerles.fr", "domain", "botnet_cc", "elf.chaos", "None", "Chaos", "", "75", "https://search.censys.io/hosts/85.168.229.122+chaos.aerles.fr", "C2,censys,LDCOMNET,RAT", "0", "thehappydinoa"
"2023-12-04 22:30:43", "1209599", "msupgmail.com", "domain", "botnet_cc", "elf.chaos", "None", "Chaos", "", "75", "https://search.censys.io/hosts/45.76.80.199+msupgmail.com", "AS-CHOOPA,C2,censys,RAT", "0", "thehappydinoa"
"2023-12-04 22:30:43", "1209600", "shopify.chaos.cab", "domain", "botnet_cc", "elf.chaos", "None", "Chaos", "", "75", "https://search.censys.io/hosts/23.227.38.74+shopify.chaos.cab", "C2,censys,CLOUDFLARENET,RAT", "0", "thehappydinoa"
"2023-12-04 22:30:41", "1209595", "mail.chaoserp.eu", "domain", "botnet_cc", "elf.chaos", "None", "Chaos", "", "75", "https://search.censys.io/hosts/185.111.89.207+mail.chaoserp.eu", "C2,censys,RAT,WEBSUPPORT-SRO-SK-AS", "0", "thehappydinoa"
"2023-12-04 22:30:41", "1209596", "chaosyau.earlybird.rocks", "domain", "botnet_cc", "elf.chaos", "None", "Chaos", "", "75", "https://search.censys.io/hosts/65.108.150.94+chaosyau.earlybird.rocks", "C2,censys,HETZNER-AS,RAT", "0", "thehappydinoa"
"2023-12-04 22:30:40", "1209593", "mychaos.me", "domain", "botnet_cc", "elf.chaos", "None", "Chaos", "", "75", "https://search.censys.io/hosts/185.199.110.153+mychaos.me", "C2,censys,FASTLY,RAT", "0", "thehappydinoa"
"2023-12-04 22:30:40", "1209594", "mewo.chaoserp.eu", "domain", "botnet_cc", "elf.chaos", "None", "Chaos", "", "75", "https://search.censys.io/hosts/185.111.89.207+mewo.chaoserp.eu", "C2,censys,RAT,WEBSUPPORT-SRO-SK-AS", "0", "thehappydinoa"
"2023-12-04 22:30:38", "1209590", "chaos.borgstrom.se", "domain", "botnet_cc", "elf.chaos", "None", "Chaos", "", "75", "https://search.censys.io/hosts/135.181.105.51+chaos.borgstrom.se", "C2,censys,HETZNER-AS,RAT", "0", "thehappydinoa"
"2023-12-04 22:30:37", "1209588", "chaosgb.co.uk", "domain", "botnet_cc", "elf.chaos", "None", "Chaos", "", "75", "https://search.censys.io/hosts/135.181.86.218+chaosgb.co.uk", "C2,censys,HETZNER-AS,RAT", "0", "thehappydinoa"
"2023-12-04 22:30:37", "1209589", "chaosapparel.net", "domain", "botnet_cc", "elf.chaos", "None", "Chaos", "", "75", "https://search.censys.io/hosts/23.227.38.65+chaosapparel.net", "C2,censys,CLOUDFLARENET,RAT", "0", "thehappydinoa"
"2023-12-04 22:30:36", "1209586", "chaos.dataservices.thesavingsgroup.com", "domain", "botnet_cc", "elf.chaos", "None", "Chaos", "", "75", "https://search.censys.io/hosts/54.91.250.178+chaos.dataservices.thesavingsgroup.com", "AMAZON-AES,C2,censys,RAT", "0", "thehappydinoa"
"2023-12-04 22:30:36", "1209587", "chaos.robbevorsselmans.com", "domain", "botnet_cc", "elf.chaos", "None", "Chaos", "", "75", "https://search.censys.io/hosts/199.36.158.100+chaos.robbevorsselmans.com", "C2,censys,FASTLY,RAT", "0", "thehappydinoa"
"2023-12-04 22:30:35", "1209584", "vraydr.arkinfo.in", "domain", "botnet_cc", "elf.chaos", "None", "Chaos", "", "75", "https://search.censys.io/hosts/13.127.41.55+vraydr.arkinfo.in", "AMAZON-02,C2,censys,RAT", "0", "thehappydinoa"
"2023-12-04 22:30:34", "1209582", "www.whale3ye.com", "domain", "botnet_cc", "elf.chaos", "None", "Chaos", "", "75", "https://search.censys.io/hosts/76.76.21.61+www.whale3ye.com", "AMAZON-02,C2,censys,RAT", "0", "thehappydinoa"
"2023-12-04 22:30:34", "1209583", "cpcalendars.chaoserp.eu", "domain", "botnet_cc", "elf.chaos", "None", "Chaos", "", "75", "https://search.censys.io/hosts/185.111.89.207+cpcalendars.chaoserp.eu", "C2,censys,RAT,WEBSUPPORT-SRO-SK-AS", "0", "thehappydinoa"
"2023-12-04 22:30:33", "1209580", "cpcontacts.chaoserp.eu", "domain", "botnet_cc", "elf.chaos", "None", "Chaos", "", "75", "https://search.censys.io/hosts/185.111.89.207+cpcontacts.chaoserp.eu", "C2,censys,RAT,WEBSUPPORT-SRO-SK-AS", "0", "thehappydinoa"
"2023-12-04 22:30:33", "1209581", "petrveprek.eu", "domain", "botnet_cc", "elf.chaos", "None", "Chaos", "", "75", "https://search.censys.io/hosts/185.199.111.153+petrveprek.eu", "C2,censys,FASTLY,RAT", "0", "thehappydinoa"
"2023-12-04 22:30:31", "1209579", "chaos23.com", "domain", "botnet_cc", "elf.chaos", "None", "Chaos", "", "75", "https://search.censys.io/hosts/172.67.138.181+chaos23.com", "C2,censys,CLOUDFLARENET,RAT", "0", "thehappydinoa"
"2023-12-04 22:30:30", "1209577", "ec2-100-25-226-74.compute-1.amazonaws.com", "domain", "botnet_cc", "elf.chaos", "None", "Chaos", "", "75", "https://search.censys.io/hosts/100.25.226.74+ec2-100-25-226-74.compute-1.amazonaws.com", "AMAZON-AES,C2,censys,RAT", "0", "thehappydinoa"
"2023-12-04 22:30:29", "1209575", "www.chaosoahchaos.com", "domain", "botnet_cc", "elf.chaos", "None", "Chaos", "", "75", "https://search.censys.io/hosts/108.159.227.86+www.chaosoahchaos.com", "AMAZON-02,C2,censys,RAT", "0", "thehappydinoa"
"2023-12-04 22:30:29", "1209576", "www.chaosstore.tw", "domain", "botnet_cc", "elf.chaos", "None", "Chaos", "", "75", "https://search.censys.io/hosts/18.172.134.22+www.chaosstore.tw", "AMAZON-02,C2,censys,RAT", "0", "thehappydinoa"
"2023-12-04 22:30:03", "1209562", "chateau-saint-benoit.89-163-255-130.plesk.page", "domain", "botnet_cc", "apk.hook", "None", "Hook", "", "100", "https://search.censys.io/hosts/89.163.255.130+chateau-saint-benoit.89-163-255-130.plesk.page", "C2,censys", "0", "thehappydinoa"
"2023-12-04 22:30:02", "1209561", "www.usagers.antai.webgouv.fr.89-163-255-130.plesk.page", "domain", "botnet_cc", "apk.hook", "None", "Hook", "", "100", "https://search.censys.io/hosts/89.163.255.130+www.usagers.antai.webgouv.fr.89-163-255-130.plesk.page", "C2,censys", "0", "thehappydinoa"
"2023-12-04 20:49:57", "1209542", "baidusec.top", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited", "0", "drb_ra"
"2023-12-04 20:49:56", "1209540", "esg.baidusec.top", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited", "0", "drb_ra"
"2023-12-04 20:49:55", "1209538", "dsf.baidusec.top", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited", "0", "drb_ra"
"2023-12-04 20:49:53", "1209536", "dns.baidusec.top", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited", "0", "drb_ra"
"2023-12-04 20:49:52", "1209534", "biaozhu.baidusec.top", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited", "0", "drb_ra"
"2023-12-04 19:28:29", "1209525", "swf.help.karachihelpdesk.org", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321,The Constant Company LLC", "0", "drb_ra"
"2023-12-04 19:28:28", "1209524", "login.help.karachihelpdesk.org", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321,The Constant Company LLC", "0", "drb_ra"
"2023-12-04 19:28:26", "1209523", "check.help.karachihelpdesk.org", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321,The Constant Company LLC", "0", "drb_ra"
"2023-12-04 19:27:40", "1209521", "ns1.h1ck0r.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CHINATELECOM-HUBEI-IDC CHINANET Hubei province network,CobaltStrike,cs-watermark-100000", "0", "drb_ra"
"2023-12-04 15:04:40", "1209499", "citrix-update.centralus.cloudapp.azure.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2023-12-04 21:16:14", "100", "None", "CobaltStrike,cs-watermark-1521860932,Microsoft Corporation", "0", "drb_ra"
"2023-12-04 15:04:18", "1209497", "www.hainanwctvme.xyz", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2023-12-04 21:16:12", "100", "None", "CobaltStrike,cs-watermark-987654321,Shenzhen Tencent Computer Systems Company Limited", "0", "drb_ra"
"2023-12-04 14:23:23", "1209462", "guiro.pesca.jordiololab.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/20.42.56.4+guiro.pesca.jordiololab.com", "C2,censys,MICROSOFT-CORP-MSN-AS-BLOCK", "0", "thehappydinoa"
"2023-12-04 14:22:51", "1209421", "aios.yunibobo.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/38.147.171.70+aios.yunibobo.com", "C2,censys", "0", "thehappydinoa"
"2023-12-04 14:22:51", "1209422", "api.guiro.pesca.jordiololab.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/20.42.56.4+api.guiro.pesca.jordiololab.com", "C2,censys,MICROSOFT-CORP-MSN-AS-BLOCK", "0", "thehappydinoa"
"2023-12-04 14:22:50", "1209420", "53.85.92.34.bc.googleusercontent.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/34.92.85.53+53.85.92.34.bc.googleusercontent.com", "C2,censys,GOOGLE-CLOUD-PLATFORM", "0", "thehappydinoa"
"2023-12-04 14:22:48", "1209417", "ecs-116-204-122-201.compute.hwclouds-dns.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/116.204.122.201+ecs-116-204-122-201.compute.hwclouds-dns.com", "C2,censys", "0", "thehappydinoa"
"2023-12-04 14:22:48", "1209418", "guoyashuai.top", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/101.201.50.90+guoyashuai.top", "C2,censys", "0", "thehappydinoa"
"2023-12-04 14:22:36", "1209415", "bolb.wingsofmine.uk", "domain", "botnet_cc", "apk.hook", "None", "Hook", "", "100", "https://search.censys.io/hosts/77.91.78.246+bolb.wingsofmine.uk", "AEZA-AS,C2,censys", "0", "thehappydinoa"
"2023-12-04 14:22:35", "1209414", "hungry-wu.89-163-255-130.plesk.page", "domain", "botnet_cc", "apk.hook", "None", "Hook", "", "100", "https://search.censys.io/hosts/89.163.255.130+hungry-wu.89-163-255-130.plesk.page", "C2,censys", "0", "thehappydinoa"
"2023-12-04 14:22:32", "1209410", "ec2-13-53-125-231.eu-north-1.compute.amazonaws.com", "domain", "botnet_cc", "apk.hook", "None", "Hook", "", "100", "https://search.censys.io/hosts/13.53.125.231+ec2-13-53-125-231.eu-north-1.compute.amazonaws.com", "AMAZON-02,C2,censys", "0", "thehappydinoa"
"2023-12-04 14:22:31", "1209408", "www.practical-bardeen.89-163-255-130.plesk.page", "domain", "botnet_cc", "apk.hook", "None", "Hook", "", "100", "https://search.censys.io/hosts/89.163.255.130+www.practical-bardeen.89-163-255-130.plesk.page", "C2,censys", "0", "thehappydinoa"
"2023-12-04 14:22:31", "1209409", "www.compassionate-saha.89-163-255-130.plesk.page", "domain", "botnet_cc", "apk.hook", "None", "Hook", "", "100", "https://search.censys.io/hosts/89.163.255.130+www.compassionate-saha.89-163-255-130.plesk.page", "C2,censys", "0", "thehappydinoa"
"2023-12-04 14:22:30", "1209405", "77-92-146-147.rdns.internetsahibi.org", "domain", "botnet_cc", "apk.hook", "None", "Hook", "", "100", "https://search.censys.io/hosts/77.92.146.147+77-92-146-147.rdns.internetsahibi.org", "C2,censys,TR-PENTECH-AS", "0", "thehappydinoa"
"2023-12-04 14:22:30", "1209406", "dazzling-mclean.89-163-255-130.plesk.page", "domain", "botnet_cc", "apk.hook", "None", "Hook", "", "100", "https://search.censys.io/hosts/89.163.255.130+dazzling-mclean.89-163-255-130.plesk.page", "C2,censys", "0", "thehappydinoa"
"2023-12-04 14:22:30", "1209407", "vps-07e00eb8.vps.ovh.ca", "domain", "botnet_cc", "apk.hook", "None", "Hook", "", "100", "https://search.censys.io/hosts/51.161.10.33+vps-07e00eb8.vps.ovh.ca", "C2,censys,OVH", "0", "thehappydinoa"
"2023-12-04 14:22:26", "1209402", "compassionate-saha.89-163-255-130.plesk.page", "domain", "botnet_cc", "apk.hook", "None", "Hook", "", "100", "https://search.censys.io/hosts/89.163.255.130+compassionate-saha.89-163-255-130.plesk.page", "C2,censys", "0", "thehappydinoa"
"2023-12-04 14:22:26", "1209403", "fatimafoods.co.uk", "domain", "botnet_cc", "apk.hook", "None", "Hook", "", "100", "https://search.censys.io/hosts/91.215.85.177+fatimafoods.co.uk", "C2,censys,PROSPERO-AS", "0", "thehappydinoa"
"2023-12-04 14:22:25", "1209400", "vmi1514776.contaboserver.net", "domain", "botnet_cc", "apk.hook", "None", "Hook", "", "100", "https://search.censys.io/hosts/158.220.105.223+vmi1514776.contaboserver.net", "C2,censys,CONTABO", "0", "thehappydinoa"
"2023-12-04 14:22:25", "1209401", "cvc.ptechconsult.com", "domain", "botnet_cc", "apk.hook", "None", "Hook", "", "100", "https://search.censys.io/hosts/46.175.149.90+cvc.ptechconsult.com", "C2,censys,SERVERIUS-AS", "0", "thehappydinoa"
"2023-12-04 14:22:24", "1209398", "priceless-lamport.91-215-85-177.plesk.page", "domain", "botnet_cc", "apk.hook", "None", "Hook", "", "100", "https://search.censys.io/hosts/91.215.85.177+priceless-lamport.91-215-85-177.plesk.page", "C2,censys,PROSPERO-AS", "0", "thehappydinoa"
"2023-12-04 14:22:24", "1209399", "mystifying-noyce.89-163-255-130.plesk.page", "domain", "botnet_cc", "apk.hook", "None", "Hook", "", "100", "https://search.censys.io/hosts/89.163.255.130+mystifying-noyce.89-163-255-130.plesk.page", "C2,censys", "0", "thehappydinoa"
"2023-12-04 14:22:23", "1209396", "www.103-61-224-87.cprapid.com", "domain", "botnet_cc", "apk.hook", "None", "Hook", "", "100", "https://search.censys.io/hosts/103.61.224.87+www.103-61-224-87.cprapid.com", "C2,censys", "0", "thehappydinoa"
"2023-12-04 14:22:23", "1209397", "172-104-207-197.ip.linodeusercontent.com", "domain", "botnet_cc", "apk.hook", "None", "Hook", "", "100", "https://search.censys.io/hosts/172.104.207.197+172-104-207-197.ip.linodeusercontent.com", "C2,censys", "0", "thehappydinoa"
"2023-12-04 14:21:25", "1209367", "ec2-54-204-40-27.compute-1.amazonaws.com", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/54.204.40.27+ec2-54-204-40-27.compute-1.amazonaws.com", "AMAZON-AES,C2,censys,SerpentStealer,stealer", "0", "thehappydinoa"
"2023-12-04 14:21:24", "1209365", "ec2-44-198-148-77.compute-1.amazonaws.com", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/44.198.148.77+ec2-44-198-148-77.compute-1.amazonaws.com", "AMAZON-AES,C2,censys,SerpentStealer,stealer", "0", "thehappydinoa"
"2023-12-04 14:21:24", "1209366", "ec2-54-86-130-105.compute-1.amazonaws.com", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/54.86.130.105+ec2-54-86-130-105.compute-1.amazonaws.com", "AMAZON-AES,C2,censys,SerpentStealer,stealer", "0", "thehappydinoa"
"2023-12-04 14:21:23", "1209363", "ec2-3-220-60-95.compute-1.amazonaws.com", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/3.220.60.95+ec2-3-220-60-95.compute-1.amazonaws.com", "AMAZON-AES,C2,censys,SerpentStealer,stealer", "0", "thehappydinoa"
"2023-12-04 14:21:23", "1209364", "ec2-52-206-84-200.compute-1.amazonaws.com", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/52.206.84.200+ec2-52-206-84-200.compute-1.amazonaws.com", "AMAZON-AES,C2,censys,SerpentStealer,stealer", "0", "thehappydinoa"
"2023-12-04 14:21:03", "1209355", "99.177.67.34.bc.googleusercontent.com", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/34.67.177.99+99.177.67.34.bc.googleusercontent.com", "C2,censys,GOOGLE-CLOUD-PLATFORM,Mythic", "0", "thehappydinoa"
"2023-12-04 14:20:37", "1209334", "95-165-99-74.static.spd-mgts.ru", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "100", "https://search.censys.io/hosts/95.165.99.74+95-165-99-74.static.spd-mgts.ru", "ASN-MGTS-USPD,C2,censys", "0", "thehappydinoa"
"2023-12-04 14:20:34", "1209333", "kztime.ddns.net", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "100", "https://search.censys.io/hosts/108.51.80.70+kztime.ddns.net", "C2,censys,UUNET", "0", "thehappydinoa"
"2023-12-04 14:20:33", "1209332", "wiipo.com.ht-hldrotermica.com.br", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "100", "https://search.censys.io/hosts/134.195.198.40+wiipo.com.ht-hldrotermica.com.br", "AS-GLOBALTELEHOST,C2,censys", "0", "thehappydinoa"
"2023-12-04 13:03:11", "1209322", "app.up.karachihelpdesk.org", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "AS-CHOOPA,CobaltStrike,cs-watermark-987654321", "0", "drb_ra"
"2023-12-04 09:34:46", "1209282", "marybskitchen.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "", "ClearFake", "0", "crep1x"
"2023-12-04 08:45:50", "1209246", "unzip2.xyz", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2023-12-05 08:43:13", "100", "None", "CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP-CN Tencent Building Kejizhongyi Avenue", "0", "drb_ra"
"2023-12-04 07:39:05", "1209237", "getwiththelingo.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "", "ClearFake", "0", "crep1x"
"2023-12-04 06:57:31", "1209195", "bolo.lmanber.fun", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "75", "None", "Mirai", "0", "elfdigest"
"2023-12-04 06:57:30", "1209220", "btldinc7.sytes.net", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "100", "None", "nanocore,RAT", "0", "SarlackLab"
"2023-12-03 21:02:31", "1209196", "easyloanbazzar.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "", "ClearFake", "0", "crep1x"
"2023-12-03 20:11:23", "1209187", "ns2.electric-coop.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "AMAZON-AES,CobaltStrike,cs-watermark-1465550183", "0", "drb_ra"
"2023-12-03 20:11:22", "1209186", "ns1.electric-coop.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "AMAZON-AES,CobaltStrike,cs-watermark-1465550183", "0", "drb_ra"
"2023-12-03 20:08:57", "1209183", "greatesttreatise.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "", "ClearFake", "0", "crep1x"
"2023-12-03 14:05:22", "1209110", "sad.fartit.com", "domain", "payload_delivery", "apk.irata", "None", "IRATA", "", "100", "", "IRATA", "0", "onecert_ir"
"2023-12-03 14:05:22", "1209111", "sae.fartit.com", "domain", "payload_delivery", "apk.irata", "None", "IRATA", "", "100", "", "IRATA", "0", "onecert_ir"
"2023-12-03 14:05:22", "1209112", "sahm.fartit.com", "domain", "payload_delivery", "apk.irata", "None", "IRATA", "", "100", "", "IRATA", "0", "onecert_ir"
"2023-12-03 14:05:22", "1209113", "edd.trickip.net", "domain", "payload_delivery", "apk.irata", "None", "IRATA", "", "100", "", "IRATA", "0", "onecert_ir"
"2023-12-03 14:05:21", "1209089", "sed.fartit.com", "domain", "payload_delivery", "apk.irata", "None", "IRATA", "", "100", "", "IRATA", "0", "onecert_ir"
"2023-12-03 14:05:21", "1209090", "saa.fartit.com", "domain", "payload_delivery", "apk.irata", "None", "IRATA", "", "100", "", "IRATA", "0", "onecert_ir"
"2023-12-03 14:05:21", "1209091", "sahamedalatir.fartit.com", "domain", "payload_delivery", "apk.irata", "None", "IRATA", "", "100", "", "IRATA", "0", "onecert_ir"
"2023-12-03 14:05:21", "1209092", "sahamedalatirr.fartit.com", "domain", "payload_delivery", "apk.irata", "None", "IRATA", "", "100", "", "IRATA", "0", "onecert_ir"
"2023-12-03 14:05:21", "1209093", "cds.fartit.com", "domain", "payload_delivery", "apk.irata", "None", "IRATA", "", "100", "", "IRATA", "0", "onecert_ir"
"2023-12-03 14:05:21", "1209094", "sah.fartit.com", "domain", "payload_delivery", "apk.irata", "None", "IRATA", "", "100", "", "IRATA", "0", "onecert_ir"
"2023-12-03 14:05:21", "1209095", "chm.fartit.com", "domain", "payload_delivery", "apk.irata", "None", "IRATA", "", "100", "", "IRATA", "0", "onecert_ir"
"2023-12-03 14:05:21", "1209096", "sca.fartit.com", "domain", "payload_delivery", "apk.irata", "None", "IRATA", "", "100", "", "IRATA", "0", "onecert_ir"
"2023-12-03 14:05:21", "1209097", "swh.fartit.com", "domain", "payload_delivery", "apk.irata", "None", "IRATA", "", "100", "", "IRATA", "0", "onecert_ir"
"2023-12-03 14:05:21", "1209098", "shv.fartit.com", "domain", "payload_delivery", "apk.irata", "None", "IRATA", "", "100", "", "IRATA", "0", "onecert_ir"
"2023-12-03 14:05:21", "1209099", "she.fartit.com", "domain", "payload_delivery", "apk.irata", "None", "IRATA", "", "100", "", "IRATA", "0", "onecert_ir"
"2023-12-03 14:05:21", "1209100", "sahamedalati.fartit.com", "domain", "payload_delivery", "apk.irata", "None", "IRATA", "", "100", "", "IRATA", "0", "onecert_ir"
"2023-12-03 14:05:21", "1209101", "sahw.fartit.com", "domain", "payload_delivery", "apk.irata", "None", "IRATA", "", "100", "", "IRATA", "0", "onecert_ir"
"2023-12-03 14:05:21", "1209102", "edd.fartit.com", "domain", "payload_delivery", "apk.irata", "None", "IRATA", "", "100", "", "IRATA", "0", "onecert_ir"
"2023-12-03 14:05:21", "1209103", "shm.onmypc.us", "domain", "payload_delivery", "apk.irata", "None", "IRATA", "", "100", "", "IRATA", "0", "onecert_ir"
"2023-12-03 14:05:21", "1209104", "edh.fartit.com", "domain", "payload_delivery", "apk.irata", "None", "IRATA", "", "100", "", "IRATA", "0", "onecert_ir"
"2023-12-03 14:05:21", "1209105", "sdn.fartit.com", "domain", "payload_delivery", "apk.irata", "None", "IRATA", "", "100", "", "IRATA", "0", "onecert_ir"
"2023-12-03 14:05:21", "1209106", "sha.fartit.com", "domain", "payload_delivery", "apk.irata", "None", "IRATA", "", "100", "", "IRATA", "0", "onecert_ir"
"2023-12-03 14:05:21", "1209107", "scw.fartit.com", "domain", "payload_delivery", "apk.irata", "None", "IRATA", "", "100", "", "IRATA", "0", "onecert_ir"
"2023-12-03 14:05:21", "1209108", "sch.fartit.com", "domain", "payload_delivery", "apk.irata", "None", "IRATA", "", "100", "", "IRATA", "0", "onecert_ir"
"2023-12-03 14:05:21", "1209109", "sdl.fartit.com", "domain", "payload_delivery", "apk.irata", "None", "IRATA", "", "100", "", "IRATA", "0", "onecert_ir"
"2023-12-03 14:05:20", "1209067", "cse.fartit.com", "domain", "payload_delivery", "apk.irata", "None", "IRATA", "", "100", "", "IRATA", "0", "onecert_ir"
"2023-12-03 14:05:20", "1209068", "eda.fartit.com", "domain", "payload_delivery", "apk.irata", "None", "IRATA", "", "100", "", "IRATA", "0", "onecert_ir"
"2023-12-03 14:05:20", "1209069", "sahe.fartit.com", "domain", "payload_delivery", "apk.irata", "None", "IRATA", "", "100", "", "IRATA", "0", "onecert_ir"
"2023-12-03 14:05:20", "1209070", "ssd.fartit.com", "domain", "payload_delivery", "apk.irata", "None", "IRATA", "", "100", "", "IRATA", "0", "onecert_ir"
"2023-12-03 14:05:20", "1209071", "edla.fartit.com", "domain", "payload_delivery", "apk.irata", "None", "IRATA", "", "100", "", "IRATA", "0", "onecert_ir"
"2023-12-03 14:05:20", "1209072", "e-h-r-a-z-14.trickip.org", "domain", "payload_delivery", "apk.irata", "None", "IRATA", "", "100", "", "IRATA", "0", "onecert_ir"
"2023-12-03 14:05:20", "1209073", "ssh.fartit.com", "domain", "payload_delivery", "apk.irata", "None", "IRATA", "", "100", "", "IRATA", "0", "onecert_ir"
"2023-12-03 14:05:20", "1209074", "e-h-r-a-z-13.trickip.org", "domain", "payload_delivery", "apk.irata", "None", "IRATA", "", "100", "", "IRATA", "0", "onecert_ir"
"2023-12-03 14:05:20", "1209075", "eds.dumb1.com", "domain", "payload_delivery", "apk.irata", "None", "IRATA", "", "100", "", "IRATA", "0", "onecert_ir"
"2023-12-03 14:05:20", "1209076", "ssn.dumb1.com", "domain", "payload_delivery", "apk.irata", "None", "IRATA", "", "100", "", "IRATA", "0", "onecert_ir"
"2023-12-03 14:05:20", "1209077", "shamedalatirs.dnset.com", "domain", "payload_delivery", "apk.irata", "None", "IRATA", "", "100", "", "IRATA", "0", "onecert_ir"
"2023-12-03 14:05:20", "1209078", "sea.dns05.com", "domain", "payload_delivery", "apk.irata", "None", "IRATA", "", "100", "", "IRATA", "0", "onecert_ir"
"2023-12-03 14:05:20", "1209079", "edr.fartit.com", "domain", "payload_delivery", "apk.irata", "None", "IRATA", "", "100", "", "IRATA", "0", "onecert_ir"
"2023-12-03 14:05:20", "1209080", "edli.fartit.com", "domain", "payload_delivery", "apk.irata", "None", "IRATA", "", "100", "", "IRATA", "0", "onecert_ir"
"2023-12-03 14:05:20", "1209081", "e-b-d.fartit.com", "domain", "payload_delivery", "apk.irata", "None", "IRATA", "", "100", "", "IRATA", "0", "onecert_ir"
"2023-12-03 14:05:20", "1209082", "shm.jetos.com", "domain", "payload_delivery", "apk.irata", "None", "IRATA", "", "100", "", "IRATA", "0", "onecert_ir"
"2023-12-03 14:05:20", "1209083", "sham.fartit.com", "domain", "payload_delivery", "apk.irata", "None", "IRATA", "", "100", "", "IRATA", "0", "onecert_ir"
"2023-12-03 14:05:20", "1209084", "shaa.fartit.com", "domain", "payload_delivery", "apk.irata", "None", "IRATA", "", "100", "", "IRATA", "0", "onecert_ir"
"2023-12-03 14:05:20", "1209085", "ssb.onmypc.us", "domain", "payload_delivery", "apk.irata", "None", "IRATA", "", "100", "", "IRATA", "0", "onecert_ir"
"2023-12-03 14:05:20", "1209086", "sahamedalato.ftp1.biz", "domain", "payload_delivery", "apk.irata", "None", "IRATA", "", "100", "", "IRATA", "0", "onecert_ir"
"2023-12-03 14:05:20", "1209087", "bza.fartit.com", "domain", "payload_delivery", "apk.irata", "None", "IRATA", "", "100", "", "IRATA", "0", "onecert_ir"
"2023-12-03 14:05:20", "1209088", "saha.fartit.com", "domain", "payload_delivery", "apk.irata", "None", "IRATA", "", "100", "", "IRATA", "0", "onecert_ir"
# Number of entries: 160