################################################################
# ThreatFox IOCs: recent domains - CSV format                  #
# Last updated: 2023-06-08 16:27:41 UTC                        #
#                                                              #
# Terms Of Use: https://threatfox.abuse.ch/faq/#tos            #
# For questions please contact threatfox [at] abuse.ch         #
################################################################
#
# "first_seen_utc","ioc_id","ioc_value","ioc_type","threat_type","fk_malware","malware_alias","malware_printable","last_seen_utc","confidence_level","reference","tags","anonymous","reporter"
"2023-06-08 16:27:41", "1127447", "surplusofer.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-206546002,HVC-AS", "0", "drb_ra"
"2023-06-08 16:26:52", "1127437", "d1672414.azureedge.net", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-1199750611,DIGITALOCEAN-ASN", "0", "drb_ra"
"2023-06-08 16:25:51", "1127424", "service-jcetme20-1314507962.nj.apigw.tencentcs.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited", "0", "drb_ra"
"2023-06-08 16:25:17", "1127415", "agency.baidubet.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-391144938,YUHONET", "0", "drb_ra"
"2023-06-08 15:58:58", "1127404", "lecture.liveritehealthcare.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "AMAZON-AES,CobaltStrike,cs-watermark-1770750822", "0", "drb_ra"
"2023-06-08 15:58:47", "1127402", "cross.tradinginhealth.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "AMAZON-AES,CobaltStrike,cs-watermark-1075868718", "0", "drb_ra"
"2023-06-08 15:58:35", "1127400", "alarm.bettermoneyhelp.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "AMAZON-AES,CobaltStrike,cs-watermark-1344051375", "0", "drb_ra"
"2023-06-08 15:58:21", "1127398", "highway.steelcdn.org", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "AMAZON-AES,CobaltStrike,cs-watermark-945885036", "0", "drb_ra"
"2023-06-08 15:58:10", "1127396", "description.bettermoneyhelp.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "AMAZON-AES,CobaltStrike,cs-watermark-1555371100", "0", "drb_ra"
"2023-06-08 15:57:59", "1127394", "active.clarusbank.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "AMAZON-AES,CobaltStrike,cs-watermark-284549993", "0", "drb_ra"
"2023-06-08 15:57:50", "1127392", "recover.healthcarecdn.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "AMAZON-AES,CobaltStrike,cs-watermark-1900307348", "0", "drb_ra"
"2023-06-08 15:57:35", "1127390", "primary.dreamwellfarms.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "AMAZON-AES,CobaltStrike,cs-watermark-1071717204", "0", "drb_ra"
"2023-06-08 15:57:22", "1127388", "ns2.zengjunhe.top", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike,cs-watermark-0", "0", "drb_ra"
"2023-06-08 15:57:18", "1127387", "ns1.zengjunhe.top", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike,cs-watermark-0", "0", "drb_ra"
"2023-06-08 15:57:10", "1127385", "master.drobenhealth.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "AMAZON-AES,CobaltStrike,cs-watermark-1151947237", "0", "drb_ra"
"2023-06-08 15:56:58", "1127383", "stop.lycanfinance.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "AMAZON-AES,CobaltStrike,cs-watermark-2077848568", "0", "drb_ra"
"2023-06-08 15:56:48", "1127381", "ask.healthgurues.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "AMAZON-AES,CobaltStrike,cs-watermark-867090819", "0", "drb_ra"
"2023-06-08 09:57:23", "1127325", "srvupdate.duckdns.org", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2023-06-08 11:11:47", "100", "None", "CobaltStrike,cs-watermark-987654321,ORACLE-BMC-31898", "0", "drb_ra"
"2023-06-08 09:36:31", "1127323", "ezemnia3.ddns.net", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "100", "", "None", "0", "Cryptolaemus1"
"2023-06-08 07:57:40", "1127314", "ns4.kagotsurube.org", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321,The Constant Company LLC", "0", "drb_ra"
"2023-06-08 07:57:28", "1127313", "ns3.kagotsurube.org", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321,The Constant Company LLC", "0", "drb_ra"
"2023-06-08 07:54:56", "1127310", "ns1.staticjs.xyz", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,Shenzhen Tencent Computer Systems Company Limited", "0", "drb_ra"
"2023-06-08 07:53:39", "1127308", "asssaaass1.qianxinsecurity.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-1234567890,Shenzhen Tencent Computer Systems Company Limited", "0", "drb_ra"
"2023-06-08 07:53:25", "1127307", "abc1.qianxinsecurity.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-1234567890,Shenzhen Tencent Computer Systems Company Limited", "0", "drb_ra"
"2023-06-08 07:53:15", "1127306", "bot1.qianxinsecurity.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-1234567890,Shenzhen Tencent Computer Systems Company Limited", "0", "drb_ra"
"2023-06-08 07:52:31", "1127304", "dns.antegivi.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-1580103824,Interserver Inc", "0", "drb_ra"
"2023-06-08 07:52:19", "1127303", "antegivi.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-1580103824,Interserver Inc", "0", "drb_ra"
"2023-06-08 07:51:29", "1127301", "dnsproxy.blueseaedu.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "ADCDATA.COM,CobaltStrike,cs-watermark-1359593325", "0", "drb_ra"
"2023-06-08 07:50:21", "1127299", "vigorouseuclid.zscaler.skytapdns.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-856409489,MICROSOFT-CORP-MSN-AS-BLOCK", "0", "drb_ra"
"2023-06-08 07:49:22", "1127297", "ns2.cdnmax.info", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-1234567890,The Constant Company LLC", "0", "drb_ra"
"2023-06-08 07:49:10", "1127296", "ns1.cdnmax.info", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-1234567890,The Constant Company LLC", "0", "drb_ra"
"2023-06-08 07:47:47", "1127294", "ns4.digitelela.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "AMAZON-AES,CobaltStrike,cs-watermark-2029527128", "0", "drb_ra"
"2023-06-08 07:44:07", "1127293", "vfive5ht.top", "domain", "botnet_cc", "win.cryptbot", "None", "CryptBot", "", "100", "https://app.any.run/tasks/1d6afb2c-3480-4a9f-8837-9942575b5ca9", "Cryptbot", "0", "g0njxa"
"2023-06-08 07:40:43", "1127292", "cfive5pn.top", "domain", "botnet_cc", "win.cryptbot", "None", "CryptBot", "", "100", "https://app.any.run/tasks/1acacd8b-9ddd-4464-9a32-f190d4660237/", "Cryptbot", "0", "g0njxa"
"2023-06-08 07:40:43", "1127291", "xthre3ht.top", "domain", "botnet_cc", "win.cryptbot", "None", "CryptBot", "", "100", "https://app.any.run/tasks/1acacd8b-9ddd-4464-9a32-f190d4660237/", "Cryptbot", "0", "g0njxa"
"2023-06-08 07:40:43", "1127290", "xsix6ht.top", "domain", "botnet_cc", "win.cryptbot", "None", "CryptBot", "", "100", "https://app.any.run/tasks/1acacd8b-9ddd-4464-9a32-f190d4660237/", "Cryptbot", "0", "g0njxa"
"2023-06-08 07:40:43", "1127289", "vseven7sr.top", "domain", "botnet_cc", "win.cryptbot", "None", "CryptBot", "", "100", "https://app.any.run/tasks/1acacd8b-9ddd-4464-9a32-f190d4660237/", "Cryptbot", "0", "g0njxa"
"2023-06-08 07:40:43", "1127288", "vone1sr.top", "domain", "botnet_cc", "win.cryptbot", "None", "CryptBot", "", "100", "https://app.any.run/tasks/1acacd8b-9ddd-4464-9a32-f190d4660237/", "Cryptbot", "0", "g0njxa"
"2023-06-08 07:40:43", "1127287", "vfive5sr.top", "domain", "botnet_cc", "win.cryptbot", "None", "CryptBot", "", "100", "https://app.any.run/tasks/1acacd8b-9ddd-4464-9a32-f190d4660237/", "Cryptbot", "0", "g0njxa"
"2023-06-08 07:20:13", "1127285", "roadmap.jufp.com", "domain", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "https://twitter.com/threatcat_ch/status/1666706124836405248", "SocGholish", "0", "threatcat_ch"
"2023-06-08 07:20:13", "1127284", "trust.resourcehost.net", "domain", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "https://twitter.com/threatcat_ch/status/1666706124836405248", "SocGholish", "0", "threatcat_ch"
"2023-06-07 16:25:18", "1127138", "service-ln38c3rd-1257826321.sh.apigw.tencentcs.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2023-06-08 11:57:40", "100", "None", "CobaltStrike,cs-watermark-391144938,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited", "0", "drb_ra"
"2023-06-07 13:34:14", "1127079", "beer.getdraft.shop", "domain", "botnet_cc", "win.redline_stealer", "None", "RedLine Stealer", "", "100", "https://app.any.run/tasks/50db3080-5311-457a-acd6-fbee8207f63e", "Redline", "0", "g0njxa"
"2023-06-07 12:38:19", "1127064", "service-k6swyxf1-1258536377.cd.apigw.tencentcs.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2023-06-08 11:56:10", "100", "None", "CobaltStrike,cs-watermark-100000,Shenzhen Tencent Computer Systems Company Limited", "0", "drb_ra"
"2023-06-07 11:37:11", "1127030", "freduska.com", "domain", "botnet_cc", "win.isfb", "Gozi ISFB,IAP,Pandemyia", "ISFB", "", "75", "", "None", "0", "stoerchl"
"2023-06-07 11:36:55", "1127029", "balkun.com", "domain", "payload_delivery", "win.isfb", "Gozi ISFB,IAP,Pandemyia", "ISFB", "", "75", "", "None", "0", "stoerchl"
"2023-06-07 10:00:58", "1127022", "test3.imortal.icu", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-1234567890,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited", "0", "drb_ra"
"2023-06-07 10:00:44", "1127021", "test2.imortal.icu", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-1234567890,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited", "0", "drb_ra"
"2023-06-07 10:00:33", "1127020", "test1.imortal.icu", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-1234567890,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited", "0", "drb_ra"
"2023-06-07 10:00:18", "1127018", "ns3.imortal.icu", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-1234567890,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited", "0", "drb_ra"
"2023-06-07 10:00:06", "1127017", "ns2.imortal.icu", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-1234567890,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited", "0", "drb_ra"
"2023-06-07 09:59:56", "1127016", "ns1.imortal.icu", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-1234567890,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited", "0", "drb_ra"
"2023-06-07 00:39:52", "1126988", "illustrations.ipocla.org", "domain", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "75", "https://defcon.social/@mithrandir/110498541722535321", "fakeupdates,socgholish", "0", "mithrandir1"
# Number of entries: 53