################################################################ # ThreatFox IOCs: recent domains - CSV format # # Last updated: 2025-07-18 20:01:00 UTC # # # # Terms Of Use: https://threatfox.abuse.ch/faq/#tos # # For questions please contact threatfox [at] abuse.ch # ################################################################ # # "first_seen_utc","ioc_id","ioc_value","ioc_type","threat_type","fk_malware","malware_alias","malware_printable","last_seen_utc","confidence_level","reference","tags","anonymous","reporter" "2025-07-18 20:01:00", "1558138", "vmi2330570.contaboserver.net", "domain", "botnet_cc", "apk.hook", "None", "Hook", "", "100", "https://search.censys.io/hosts/198.7.115.133+vmi2330570.contaboserver.net", "AS51167,C2,censys,CONTABO,Hookbot", "0", "DonPasci" "2025-07-18 19:33:04", "1558111", "cichau.lat", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "c2,Lumma,Lumma Stealer,LummaStealer", "0", "pancak3lullz" "2025-07-18 19:33:04", "1558083", "socketapiupdates.com", "domain", "payload_delivery", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "", "100", "None", "SocGholish", "0", "threatcat_ch" "2025-07-18 19:33:03", "1558112", "thoqp.lat", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "c2,Lumma,Lumma Stealer,LummaStealer", "0", "pancak3lullz" "2025-07-18 18:02:09", "1558108", "552e3ca1f307.ngrok-free.app", "domain", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "100", "https://tria.ge/250718-q7hkxscr8w", "android,C2,domain,spynote,triage", "0", "DonPasci" "2025-07-18 18:01:53", "1558107", "mode-civil.gl.at.ply.gg", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "https://tria.ge/250718-tbaf8azyft", "C2,domain,neptunerat,rat,triage", "0", "DonPasci" "2025-07-18 18:01:24", "1558105", "cvv6.com", "domain", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "https://tria.ge/250718-vmeezsskz7", "C2,domain,rat,triage,valleyrat", "0", "DonPasci" "2025-07-18 18:00:52", "1558103", "grigori.ddns.net", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://tria.ge/250718-rwpers1kx9", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2025-07-18 18:00:48", "1558101", "sellers-lit.gl.at.ply.gg", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://tria.ge/250718-varjsaskv3", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2025-07-18 18:00:33", "1558100", "detalles12.duckdns.org", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://tria.ge/250718-q1lzrscr3s", "asyncrat,C2,domain,rat,triage", "0", "DonPasci" "2025-07-18 18:00:23", "1558097", "www.vidrloscobo.com", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/250718-qtb6zs1tds", "C2,domain,rat,remcos,triage", "0", "DonPasci" "2025-07-18 18:00:22", "1558095", "goodfilesvibresgood.dynuddns.net", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/250718-t4gq1asjy6", "C2,domain,rat,remcos,triage", "0", "DonPasci" "2025-07-18 18:00:17", "1558094", "select-soma.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250718-s5ahmsaj2v", "C2,domain,triage,xworm", "0", "DonPasci" "2025-07-18 16:10:44", "1558091", "sx.optionchain.dpdns.org", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2025-07-18 19:10:27", "75", "None", "ixx,Vidar", "0", "abuse_ch" "2025-07-18 16:01:03", "1558086", "f-v1-url-fd220acde0-c.marlin-development.com", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "100", "https://search.censys.io/hosts/4.234.184.5+f-v1-url-fd220acde0-c.marlin-development.com", "AS8075,C2,censys,Havoc,MICROSOFT-CORP-MSN-AS-BLOCK", "0", "DonPasci" "2025-07-18 15:11:01", "1558080", "hfdjmoedkjf.asia", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-07-18 14:29:14", "1558076", "mgmt.studerandson.us", "domain", "botnet_cc", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "", "100", "None", "fakeupdates,SocGholish", "0", "pancak3lullz" "2025-07-18 13:14:04", "1558072", "dl.newtoyourgame.com", "domain", "botnet_cc", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "2025-07-18 13:15:52", "100", "https://infosec.exchange/@monitorsg/114874407979611358", "SocGholish", "0", "monitorsg" "2025-07-18 12:49:49", "1558064", "www.souguo.icu", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-18 19:49:35", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-07-18 12:31:01", "1558058", "bond007.xyz", "domain", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-07-18 12:11:45", "100", "https://infosec.exchange/@monitorsg/114874167499065098", "SmartApeSG", "0", "monitorsg" "2025-07-18 12:31:00", "1558061", "getcredentialingdone.com", "domain", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-07-18 12:11:49", "100", "https://infosec.exchange/@monitorsg/114874167499065098", "SmartApeSG", "0", "monitorsg" "2025-07-18 12:00:16", "1558047", "police-turkish.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250718-mwn2saykx7", "C2,domain,triage,xworm", "0", "DonPasci" "2025-07-18 10:11:50", "1558037", "ourkbpw.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "c2,Lumma,Lumma Stealer,LummaStealer", "0", "pancak3lullz" "2025-07-18 10:11:50", "1558036", "cooawbi.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "c2,Lumma,Lumma Stealer,LummaStealer", "0", "pancak3lullz" "2025-07-18 09:23:25", "1558042", "sleaqwad.shop", "domain", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "https://tria.ge/250718-e49pfsvnv4", "c2,domain,Stealc,triage", "0", "DonPasci" "2025-07-18 08:01:18", "1558028", "pasotslv.shop", "domain", "botnet_cc", "apk.hook", "None", "Hook", "", "100", "https://search.censys.io/hosts/196.251.80.35+pasotslv.shop", "AS401120,C2,censys,CHEAPY-HOST,Hookbot", "0", "DonPasci" "2025-07-18 08:01:00", "1558024", "tryfancify.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/45.81.23.42+tryfancify.com", "AS49870,AS49870-BV,AsyncRAT,C2,censys,RAT", "0", "DonPasci" "2025-07-18 06:08:58", "1557893", "security.flegurasec.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix,CoreSecThree", "0", "HuntYethHounds" "2025-07-18 06:08:58", "1557894", "erpoci.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix,CoreSecThree", "0", "HuntYethHounds" "2025-07-18 06:02:37", "1557970", "v2.egrfbumsu.cn", "domain", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "2025-07-18 06:02:38", "100", "https://tria.ge/250718-gnvayaam4t", "C2,domain,rat,triage,valleyrat", "0", "DonPasci" "2025-07-18 06:02:25", "1557968", "test.accendente.tn", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "https://tria.ge/250718-b6pkhstn19", "C2,domain,njrat,triage", "0", "DonPasci" "2025-07-18 06:01:03", "1557961", "together-well.gl.at.ply.gg", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://tria.ge/250718-c7pscavj12", "asyncrat,C2,domain,rat,triage", "0", "DonPasci" "2025-07-18 04:01:06", "1557924", "aafastservice.top", "domain", "botnet_cc", "apk.hook", "None", "Hook", "2025-07-18 12:00:55", "100", "https://search.censys.io/hosts/156.238.243.16+aafastservice.top", "AS142032,C2,censys,HFTCL-AS-AP,Hookbot", "0", "DonPasci" "2025-07-18 00:01:18", "1557905", "m.fbwatch.live", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2025-07-18 04:01:57", "100", "https://search.censys.io/hosts/159.198.32.118+m.fbwatch.live", "AS22612,censys,EvilGinx,NAMECHEAP-NET,panel,Phishing", "0", "DonPasci" "2025-07-17 23:10:26", "1557897", "ftp.p4.bukharielectro.pk", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2025-07-18 15:10:28", "75", "None", "ixx,Vidar", "0", "abuse_ch" "2025-07-17 20:48:44", "1557890", "fk99sqx08gdcw.cfc-execute.bj.baidubce.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-18 19:49:22", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-07-17 20:01:23", "1557866", "ip-93-115-21-186-122360.vps.hosted-by-mvps.net", "domain", "botnet_cc", "win.mimikatz", "None", "MimiKatz", "", "100", "https://search.censys.io/hosts/93.115.21.186+ip-93-115-21-186-122360.vps.hosted-by-mvps.net", "AS202448,C2,censys,hacktool,Mimikatz,MVPS,open-dir", "0", "DonPasci" "2025-07-17 18:15:09", "1557838", "penkridge-television.com", "domain", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "90", "None", "Fake Software,fakeapp,loader", "0", "pancak3lullz" "2025-07-17 18:15:08", "1557840", "pp.portalstatement.com", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "", "None", "0", "tanner" "2025-07-17 18:01:47", "1557849", "ak4.ksdcks2.org", "domain", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "https://tria.ge/250717-pev5wayyaz", "C2,domain,rat,triage,valleyrat", "0", "DonPasci" "2025-07-17 18:01:33", "1557848", "thomas-drops.gl.at.ply.gg", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "https://tria.ge/250717-vhxqrs1xc1", "C2,domain,njrat,triage", "0", "DonPasci" "2025-07-17 18:00:29", "1557846", "kieixiiXI-25193.portmap.io", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://tria.ge/250717-q2pgaaer6w", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2025-07-17 18:00:25", "1557845", "ASEGURARPUERDI2296.casacam.net", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://tria.ge/250717-pltwdsek9t", "asyncrat,C2,domain,rat,triage", "0", "DonPasci" "2025-07-17 18:00:24", "1557844", "1718dc.4cloud.click", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://tria.ge/250717-t3rvks1wcz", "asyncrat,C2,domain,rat,triage", "0", "DonPasci" "2025-07-17 18:00:12", "1557842", "notes-congress.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250717-vhxqrs1xc1", "C2,domain,triage,xworm", "0", "DonPasci" "2025-07-17 18:00:11", "1557841", "geekyamir-60013.portmap.io", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "2025-07-17 18:00:12", "100", "https://tria.ge/250717-t1cb4sznt7", "C2,domain,triage,xworm", "0", "DonPasci" "2025-07-17 14:58:15", "1557819", "mdlive.help", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "", "ConnectWise,ScreenConnect", "0", "abuse_ch" "2025-07-17 14:56:48", "1557817", "plantsstove.info", "domain", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "100", "", "OffLoader", "0", "abuse_ch" "2025-07-17 14:56:15", "1557816", "wastegrape.info", "domain", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "100", "", "OffLoader", "0", "abuse_ch" "2025-07-17 13:29:25", "1557807", "secure.clinchstar.com", "domain", "botnet_cc", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "2025-07-17 14:01:08", "100", "https://infosec.exchange/@monitorsg/114868742174804482", "SocGholish", "0", "monitorsg" "2025-07-17 12:12:03", "1557799", "zerolendnow.top", "domain", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://infosec.exchange/@monitorsg/114868504439058537", "SmartApeSG", "0", "monitorsg" "2025-07-17 12:02:27", "1557787", "city-applicants.gl.at.ply.gg", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://tria.ge/250717-lr74esxvhx", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2025-07-17 12:01:50", "1557779", "zinghome.vn", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-07-18 04:01:12", "100", "https://search.censys.io/hosts/104.21.80.1+zinghome.vn", "AS13335,C2,censys,CLOUDFLARENET,Havoc", "0", "DonPasci" "2025-07-17 12:01:15", "1557771", "host0.blockchain-projects.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-07-18 04:00:33", "100", "https://search.censys.io/hosts/45.81.23.42+host0.blockchain-projects.com", "AS49870,AS49870-BV,AsyncRAT,C2,censys,RAT", "0", "DonPasci" "2025-07-17 12:01:08", "1557770", "server.weex-marketing.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-07-18 04:00:33", "100", "https://search.censys.io/hosts/45.81.23.43+server.weex-marketing.com", "AS49870,AS49870-BV,AsyncRAT,C2,censys,RAT", "0", "DonPasci" "2025-07-17 11:19:08", "1557760", "sleevesleeve.shop", "domain", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "https://app.any.run/tasks/83e9abec-b2b9-4e92-902a-8a072f9dd461", "None", "0", "pitachu" "2025-07-17 11:19:08", "1557759", "famigh.shop", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "https://app.any.run/tasks/83e9abec-b2b9-4e92-902a-8a072f9dd461", "None", "0", "pitachu" "2025-07-17 11:19:08", "1557758", "dogbij.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "https://app.any.run/tasks/83e9abec-b2b9-4e92-902a-8a072f9dd461", "None", "0", "pitachu" "2025-07-17 11:19:07", "1557764", "rdmfile.eu", "domain", "botnet_cc", "win.purecrypter", "None", "PureCrypter", "", "50", "", "None", "0", "pitachu" "2025-07-17 10:10:28", "1557757", "mx.francotamouls.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2025-07-18 06:48:49", "75", "None", "ixx,Vidar", "0", "abuse_ch" "2025-07-17 08:29:19", "1557714", "skdgh.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-07-17 10:42:17", "100", "None", "c2,Lumma,Lumma Stealer,LummaStealer", "0", "pancak3lullz" "2025-07-17 08:29:19", "1557715", "unxyng.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "c2,Lumma,Lumma Stealer,LummaStealer", "0", "pancak3lullz" "2025-07-17 08:29:18", "1557717", "gehkmx.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "c2,Lumma,Lumma Stealer,LummaStealer", "0", "pancak3lullz" "2025-07-17 08:29:18", "1557716", "trbxlj.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "c2,Lumma,Lumma Stealer,LummaStealer", "0", "pancak3lullz" "2025-07-17 08:29:17", "1557718", "sacrp.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "c2,Lumma,Lumma Stealer,LummaStealer", "0", "pancak3lullz" "2025-07-17 08:29:17", "1557719", "dktnd.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "c2,Lumma,Lumma Stealer,LummaStealer", "0", "pancak3lullz" "2025-07-17 08:29:16", "1557731", "as5yo.top", "domain", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-07-17 08:12:05", "100", "https://infosec.exchange/@monitorsg/114867563467717172", "SmartApeSG", "0", "monitorsg" "2025-07-17 08:29:14", "1557734", "lpdesigns.uk", "domain", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-07-17 12:11:44", "100", "https://infosec.exchange/@monitorsg/114867563467717172", "SmartApeSG", "0", "monitorsg" "2025-07-17 06:01:18", "1557696", "ageillaxnv.a.pinggy.link", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250717-azzapssvat", "C2,domain,triage,xworm", "0", "DonPasci" "2025-07-17 06:01:16", "1557695", "visa.identity-shield.org", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250717-azzapssvat", "C2,domain,triage,xworm", "0", "DonPasci" "2025-07-17 06:01:10", "1557693", "beblbdzjhs.a.pinggy.link", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250717-azzapssvat", "C2,domain,triage,xworm", "0", "DonPasci" "2025-07-17 06:01:06", "1557692", "person-vc.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250717-datwgadk5y", "C2,domain,triage,xworm", "0", "DonPasci" "2025-07-17 06:01:01", "1557691", "wisk43.top", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250717-fbxpvstqv4", "C2,domain,triage,xworm", "0", "DonPasci" "2025-07-17 05:17:16", "1557686", "www.amazonlivenews.com", "domain", "botnet_cc", "win.shadowpad", "POISONPLUG.SHADOW,XShellGhost", "ShadowPad", "", "95", "None", "APT41,ShadowPad", "0", "pancak3lullz" "2025-07-17 04:52:13", "1557612", "wemoips.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix,CoreSecThree", "0", "HuntYethHounds" "2025-07-17 04:52:12", "1557611", "security.fcolareguaard.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix,CoreSecThree", "0", "HuntYethHounds" "2025-07-17 04:52:10", "1557591", "lumen.radium.lol", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "", "Lumen", "1", "hammond1994" "2025-07-17 04:52:00", "1557635", "us10.killall.sh", "domain", "botnet_cc", "js.mints_loader", "None", "MintsLoader", "", "100", "None", "c2,dga,MintsLoader", "0", "pancak3lullz" "2025-07-17 04:51:54", "1557644", "yiyiscrm.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/47.121.136.179+yiyiscrm.com", "AS37963,C2,censys", "0", "dyingbreeds_" "2025-07-17 04:01:44", "1557659", "pakistan-itsupport.serveblog.net", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-07-17 04:02:44", "100", "https://search.censys.io/hosts/178.128.48.155+pakistan-itsupport.serveblog.net", "AS14061,C2,censys,DIGITALOCEAN-ASN,Havoc", "0", "DonPasci" "2025-07-17 02:48:53", "1557641", "news.kaspersky.icu", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-18 19:49:24", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-07-17 02:48:44", "1557640", "7fsnaewwwq6r3.cfc-execute.bj.baidubce.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-18 19:49:16", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-07-17 00:02:15", "1557625", "ec2-35-73-179-148.ap-northeast-1.compute.amazonaws.com", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-07-17 04:02:42", "100", "https://search.censys.io/hosts/35.73.179.148+ec2-35-73-179-148.ap-northeast-1.compute.amazonaws.com", "AMAZON-02,AS16509,C2,censys,Havoc", "0", "DonPasci" "2025-07-16 22:49:04", "1557619", "ns3.nsebseshop.cloud", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-18 19:49:29", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-07-16 22:49:03", "1557618", "ns2.nsebseshop.cloud", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-18 19:49:28", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-07-16 22:49:02", "1557617", "ns1.nsebseshop.cloud", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-07-18 19:49:27", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" # Number of entries: 86