#domain,ioc,uri_path,ip
24-692.wpsconnect.org,Possible Cobalt Strike C2 Domain,/wp-content/themes/am43-6/dist/records,34.41.14.254
2qjhb2csdk7kr.cfc-execute.bj.baidubce.com,Possible Cobalt Strike C2 Domain,/api/x,115.120.250.85
36.tcp.cpolar.top,Possible Cobalt Strike C2 Fronted Domain,/image/,8.149.128.131
3se9ewodke339f0e82.connectivitytests.com,Possible Cobalt Strike C2 Fronted Domain,/jquery-3.3.1.min.js,171.244.143.184
3se9ewodke339f0e83.connectivitytests.com,Possible Cobalt Strike C2 Fronted Domain,/jquery-3.3.1.min.js,18.162.96.155
704mha60crfrd.cfc-execute.bj.baidubce.com,Possible Cobalt Strike C2 Domain,/jquery-3.3.6.min.js,60.205.56.181
7paa3sg1yhyax.cfc-execute.bj.baidubce.com,Possible Cobalt Strike C2 Domain,/api/x,47.92.205.12
a8tkf5twd0gk0.cfc-execute.bj.baidubce.com,Possible Cobalt Strike C2 Domain,/load,45.136.15.209
api.co-operativefinance.com,Possible Cobalt Strike C2 Domain,/push,44.193.202.139
api.freeresolver.online,Possible Cobalt Strike C2 Domain,/portes-ouvertes/fiche/7362,89.38.131.17
api.googleshop.cc,Possible Cobalt Strike C2 Domain,/jquery-3.3.1.min.js,198.98.57.26
api.tingwen.xyz,Possible Cobalt Strike C2 Fronted Domain,/jquery-3.3.1.min.js,43.165.133.147
api.uploads.winhomesky.com,Possible Cobalt Strike C2 Domain,/GovSistema/76e6f4821267ec98f94336ad5c500b21/download,8.219.211.139
api.xxx.com,Possible Cobalt Strike C2 Fronting Domain,/jquery-3.3.1.min.js,43.165.133.147
api.youtubedns.com,Possible Cobalt Strike C2 Domain,/wc/58462514417,107.148.41.31
apiapi.it121fdg.com,Possible Cobalt Strike C2 Domain,/jquery-3.3.1.min.js,43.163.116.82
at1.227api.com,Possible Cobalt Strike C2 Domain,/activity,154.83.12.115
at2.227api.com,Possible Cobalt Strike C2 Domain,/cx,154.83.12.115
at3.227api.com,Possible Cobalt Strike C2 Domain,/en_US/all.js,154.83.12.115
avrora-servis.ru,Possible Cobalt Strike C2 Domain,/jquery-3.3.1.min.js,213.209.150.218
backup.timebrokepush.com,Possible Cobalt Strike C2 Domain,/fwlink,116.251.216.119
baidu.611110.xyz,Possible Cobalt Strike C2 Domain,/jquery-3.3.1.min.js,158.180.74.142
bigtest.procheckup.com,Possible Cobalt Strike C2 Domain,/__utm.gif,20.0.106.6
casaos.oss-cn-shanghai.aliyuncs.com,Possible Cobalt Strike C2 Fronting Domain,/gateway/api/user,47.98.134.252
catmyinfo.top,Possible Cobalt Strike C2 Domain,/api/catinfo,165.154.244.73
cattwo.top,Possible Cobalt Strike C2 Domain,/api/update/check3,167.88.167.113
cdn.easyjlpt.com,Possible Cobalt Strike C2 Domain,/images/c/5/0/9/favicon.png,188.166.149.250
cdn.efstech.de,Possible Cobalt Strike C2 Domain,/adstats/v1c,212.48.107.109
cdn.gridgatecloud.com,Possible Cobalt Strike C2 Domain,/checkouts/internal/preloads.js,196.251.71.31
cdn.inmediavault.com,Possible Cobalt Strike C2 Domain,/assets/js/jquery-3.7.1.min.js,2a02:4780:c:f10b:0:0:0:1
cdn.ipv6ipts.com,Possible Cobalt Strike C2 Domain,/jquery-3.3.1.min.js,156.238.233.109
cdn.ipv6ipts.com,Possible Cobalt Strike C2 Domain,/jquery-3.3.1.min.js,50.16.2.216
cdn.looklook.sbs,Possible Cobalt Strike C2 Domain,/v2/js/jquery-3.3.1.min.js,47.96.13.97
certs.ltd,Possible Cobalt Strike C2 Domain,/jquery-3.3.1.min.js,104.156.238.213
cfd.njpji.edu.cn,Possible Cobalt Strike C2 Fronted Domain,/gateway/api/user,47.98.134.252
check.judicical.ml,Possible Cobalt Strike C2 Domain,/jquery-3.3.1.min.js,45.32.125.231
check1.judicical.ml,Possible Cobalt Strike C2 Domain,/jquery-3.3.1.min.js,45.32.125.231
client-vedio-config.cn.codm.qq.com,Possible Cobalt Strike C2 Fronted Domain,/next/sensor/login_guide.js,39.100.70.144
cloud-sync-bcjxmnarpb.cn-shanghai.fcapp.run,Possible Cobalt Strike C2 Domain,/img/logo.jpg,39.102.213.118
cnm.rememdam.xyz,Possible Cobalt Strike C2 Domain,/image/,38.47.103.169
cod.fhshan.com.cn,Possible Cobalt Strike C2 Domain,/wc/58462514417,47.120.32.180
coolodyinvest.com,Possible Cobalt Strike C2 Domain,/jquery-3.3.1.min.js,207.231.109.20
cutecats.catonline.top,Possible Cobalt Strike C2 Domain,/jquery-3.3.1.min.js,38.47.239.110
d11vxzkgntd3fu.cloudfront.net,Possible Cobalt Strike C2 Domain,/documents/24462547/Guida_accesso_portale_NoiPA_20130713.pdf,35.158.247.135
d1g585jmjo23vr.cloudfront.net,Possible Cobalt Strike C2 Domain,/functionalStatus/dQ2ZPQXqheAjyNHljYBmkDlsHLW42,50.16.200.52
d1k7knb9rn4tb9.cloudfront.net,Possible Cobalt Strike C2 Domain,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,44.216.156.161
d2pivnfo8jhibw.cloudfront.net,Possible Cobalt Strike C2 Domain,/safebrowsing/hfY-jmSS3/2yZeNHnfHb8fzYiNKq7dF1E6s49Gq1YK,98.84.63.214
data.australiasoutheast.cloudapp.azure.com,Possible Cobalt Strike C2 Domain,/__utm.gif,20.213.217.192
dev.freeresolver.online,Possible Cobalt Strike C2 Domain,/fiche/lycee-professionnel/ET037-22,89.38.131.17
devcomonline.com,Possible Cobalt Strike C2 Fronted Domain,/login.html,196.251.71.245
dhysgs-101-446.123cw.cn,Possible Cobalt Strike C2 Domain,/service_callback/abcdef0123456789abcdef01234567.json,43.139.40.39
dhysgs-101-454.123cw.cn,Possible Cobalt Strike C2 Domain,/service_callback/abcdef0123456789abcdef01234567.json,43.139.40.39
dhysgs-101-460.123cw.cn,Possible Cobalt Strike C2 Domain,/service_callback/abcdef0123456789abcdef01234567.json,43.139.40.39
dhysgs-101-476.123cw.cn,Possible Cobalt Strike C2 Domain,/service_callback/abcdef0123456789abcdef01234567.json,43.139.40.39
dianqi1.dianqi2.jiayongdianqi.xyz,Possible Cobalt Strike C2 Domain,/home/,45.135.118.251
dianqi1.jiayongdianqi.xyz,Possible Cobalt Strike C2 Domain,/home/,45.135.118.251
dianqi2.dianqi1.jiayongdianqi.xyz,Possible Cobalt Strike C2 Domain,/home/,45.135.118.251
dianqi2.jiayongdianqi.xyz,Possible Cobalt Strike C2 Domain,/home/,45.135.118.251
download.ffwssaf.qq.com,Possible Cobalt Strike C2 Fronted Domain,/next/sensor/login_guide.js,39.100.70.144
dubai-wealth-hub.co.uk,Possible Cobalt Strike C2 Domain,/__utm.gif,172.187.169.1
dzeninfra.site,Possible Cobalt Strike C2 Fronted Domain,/mg.css,195.14.123.121
dzeninfra.xyz,Possible Cobalt Strike C2 Fronted Domain,/mg.css,195.14.123.121
easyjlpt.com,Possible Cobalt Strike C2 Domain,/images/c/5/0/9/favicon.png,188.166.149.250
ec2-54-216-72-51.eu-west-1.compute.amazonaws.com,Possible Cobalt Strike C2 Domain,/dpixel,54.216.72.51
ejones.b-cdn.net,Possible Cobalt Strike C2 Domain,/css3/index2.shtml,3.149.232.230
en.chinaaie.com.cn,Possible Cobalt Strike C2 Fronted Domain,/next/sensor/login_guide.js,39.100.70.144
evokvm.eu.org,Possible Cobalt Strike C2 Domain,/avatars,142.171.234.248
exfiltrator.online,Possible Cobalt Strike C2 Domain,/fwlink,45.153.231.3
file.flash-oss.info,Possible Cobalt Strike C2 Domain,/push,107.175.75.19
file1.amelicen.com,Possible Cobalt Strike C2 Domain,/owa/oBdoLTRDQTuAO2AgO8Vg1,216.238.121.119
file2.amelicen.com,Possible Cobalt Strike C2 Domain,/owa/oBdoLTRDQTuAO2AgO8Vg1,216.238.121.119
file3.amelicen.com,Possible Cobalt Strike C2 Domain,/owa/Is9Yu3I8Ed8lKiQc-ZxDfBXW7Mhu3N0wx,216.238.121.119
firebierd.store,Possible Cobalt Strike C2 Fronted Domain,/jquery-3.3.1.min.js,92.118.170.81
firebird.store,Possible Cobalt Strike C2 Fronting Domain,/jquery-3.3.1.min.js,92.118.170.81
frontendtest.nfcos.net.cn,Possible Cobalt Strike C2 Fronted Domain,/gateway/api/user,47.98.134.252
gov.nic-in.com,Possible Cobalt Strike C2 Domain,/fwlink,107.148.37.106
ikun.blacktelson.cloudns.ch,Possible Cobalt Strike C2 Domain,/j.ad,111.230.244.189
liolio.cn,Possible Cobalt Strike C2 Domain,/__utm.gif,47.120.60.201
m.bestseller.com.cn,Possible Cobalt Strike C2 Fronted Domain,/gateway/api/user,47.98.134.252
m.only.cn,Possible Cobalt Strike C2 Fronted Domain,/gateway/api/user,47.98.134.252
maicrosoft365.com,Possible Cobalt Strike C2 Domain,/__utm.gif,139.59.182.127
mcnn.ru,Possible Cobalt Strike C2 Domain,/jquery-3.3.1.min.js,190.2.146.205
meizu.info,Possible Cobalt Strike C2 Domain,/jquery-3.3.1.min.js,193.42.63.158
moscable77.ru,Possible Cobalt Strike C2 Domain,/jquery-3.3.1.min.js,213.209.150.218
ms.quens.top,Possible Cobalt Strike C2 Domain,/jquery-3.3.1.min.js,45.128.146.227
msntp.windowstimezone.com,Possible Cobalt Strike C2 Domain,/search,199.85.209.13
ncs.e-twfpg.com,Possible Cobalt Strike C2 Domain,/jquery-3.3.1.min.js,35.77.36.214
nestquicks.com,Possible Cobalt Strike C2 Fronted Domain,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,20.61.175.58
nicefeide.top,Possible Cobalt Strike C2 Domain,/cx,47.239.148.18
ns.1.3.0o0.foo,Possible Cobalt Strike C2 Domain,/ptj,47.129.171.26
ns.1.4.0o0.foo,Possible Cobalt Strike C2 Domain,/pixel.gif,47.129.171.26
ns.jumpservers.net,Possible Cobalt Strike C2 Domain,/ca,16.162.137.167
ns.tkzvew.tech,Possible Cobalt Strike C2 Domain,/ptj,89.116.211.244
ns.youtubedns.com,Possible Cobalt Strike C2 Domain,/wc/58462514417,107.148.47.247
ns01.certis-cisco.click,Possible Cobalt Strike C2 Domain,/dot.gif,122.248.209.34
ns01.micr0soft.me.uk,Possible Cobalt Strike C2 Domain,/updates.rss,13.214.5.139
ns02.certis-cisco.click,Possible Cobalt Strike C2 Domain,/g.pixel,122.248.209.34
ns02.micr0soft.me.uk,Possible Cobalt Strike C2 Domain,/__utm.gif,13.214.5.139
ns1.akawowfast.com,Possible Cobalt Strike C2 Domain,/jquery-3.3.1.min.js,139.180.189.95
ns1.b5y0up.tech,Possible Cobalt Strike C2 Domain,/jquery-3.3.1.min.js,146.190.91.121
ns1.centos-yum.xyz,Possible Cobalt Strike C2 Fronted Domain,/jquery-3.5.1.slim.min.js,167.179.84.218
ns1.cioudfiear.com,Possible Cobalt Strike C2 Domain,/jquery-3.3.1.min.js,18.222.126.236
ns1.cmbchina.top,Possible Cobalt Strike C2 Domain,/jquery-3.3.1.min.js,8.219.78.159
ns1.connectivitytests.com,Possible Cobalt Strike C2 Domain,/jquery-3.3.1.min.js,171.244.143.184
ns1.ddporn.top,Possible Cobalt Strike C2 Domain,/jquery-3.3.1.min.js,142.171.183.8
ns1.drgeregweg.ip-ddns.com,Possible Cobalt Strike C2 Domain,/push,169.239.129.45
ns1.elouled.com,Possible Cobalt Strike C2 Domain,/functionalStatus/dQ2ZPQXqheAjyNHljYBmkDlsHLW42,50.16.200.52
ns1.ersanca.com,Possible Cobalt Strike C2 Domain,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,52.71.181.100
ns1.glthub.icu,Possible Cobalt Strike C2 Domain,/__utm.gif,139.180.141.50
ns1.hkappdev.com,Possible Cobalt Strike C2 Domain,/__utm.gif,45.32.114.118
ns1.jquery.cn.com,Possible Cobalt Strike C2 Domain,/api,43.154.208.36
ns1.kerrerf.com,Possible Cobalt Strike C2 Domain,/safebrowsing/hfY-jmSS3/2yZeNHnfHb8fzYiNKq7dF1E6s49Gq1YK,98.84.63.214
ns1.lumeala.com,Possible Cobalt Strike C2 Domain,/functionalStatus/YAL7JBd70YE4YCjhlTQRZbDDtJffXJJ-X,34.204.249.62
ns1.nactrace.com,Possible Cobalt Strike C2 Domain,/fwlink,165.232.122.80
ns1.sdsdsdfsdf145.shop,Possible Cobalt Strike C2 Domain,/jquery-3.3.1.min.js,43.245.198.185
ns1.svchost.ddns-ip.net,Possible Cobalt Strike C2 Domain,/api/v1/data/client.js,151.236.20.232
ns1.translategoos.com,Possible Cobalt Strike C2 Domain,/jquery-3.3.1.min.js,207.148.68.118
ns1.vip8025.mom,Possible Cobalt Strike C2 Domain,/jquery-3.3.1.min.js,154.64.231.214
ns1.wpk1.club,Possible Cobalt Strike C2 Domain,/jquery-3.3.1.min.js,117.18.7.37
ns1.zonstcom.com,Possible Cobalt Strike C2 Domain,/push,154.37.223.57
ns2.akawowfast.com,Possible Cobalt Strike C2 Domain,/jquery-3.3.1.min.js,139.180.189.95
ns2.centos-yum.xyz,Possible Cobalt Strike C2 Fronted Domain,/jquery-3.5.1.slim.min.js,167.179.84.218
ns2.cmbchina.top,Possible Cobalt Strike C2 Domain,/jquery-3.3.1.min.js,8.219.78.159
ns2.connectivitytests.com,Possible Cobalt Strike C2 Domain,/jquery-3.3.1.min.js,171.244.143.184
ns2.ddporn.top,Possible Cobalt Strike C2 Domain,/jquery-3.3.1.min.js,142.171.183.8
ns2.drgeregweg.ip-ddns.com,Possible Cobalt Strike C2 Domain,/visit.js,169.239.129.45
ns2.glthub.icu,Possible Cobalt Strike C2 Domain,/__utm.gif,139.180.141.50
ns2.hkappdev.com,Possible Cobalt Strike C2 Domain,/__utm.gif,45.32.114.118
ns2.sdsdsdfsdf145.shop,Possible Cobalt Strike C2 Domain,/jquery-3.3.1.min.js,43.245.198.185
ns2.translategoos.com,Possible Cobalt Strike C2 Domain,/jquery-3.3.1.min.js,207.148.68.118
ns2.vip8025.mom,Possible Cobalt Strike C2 Domain,/jquery-3.3.1.min.js,154.64.231.214
ns2.wpk1.club,Possible Cobalt Strike C2 Domain,/jquery-3.3.1.min.js,117.18.7.37
ns2.zonstcom.com,Possible Cobalt Strike C2 Domain,/pixel.gif,154.37.223.57
ns3.akawowfast.com,Possible Cobalt Strike C2 Domain,/jquery-3.3.1.min.js,139.180.189.95
ns3.drgeregweg.ip-ddns.com,Possible Cobalt Strike C2 Domain,/pixel.gif,169.239.129.45
ns3.kqilife.com,Possible Cobalt Strike C2 Domain,/jquery-3.3.1.min.js,35.79.21.207
ns3.translategoos.com,Possible Cobalt Strike C2 Domain,/jquery-3.3.1.min.js,207.148.68.118
ns3.wpk1.club,Possible Cobalt Strike C2 Domain,/jquery-3.3.1.min.js,117.18.7.37
ns4.eshintechs.shop,Possible Cobalt Strike C2 Domain,/push,45.136.15.209
ns5.eshintechs.shop,Possible Cobalt Strike C2 Domain,/j.ad,45.136.15.209
ns6.eshintechs.shop,Possible Cobalt Strike C2 Domain,/dot.gif,45.136.15.209
online.idc.zone,Possible Cobalt Strike C2 Domain,/jquery-3.3.1.min.js,43.135.99.3
os-hpcigjolof.cn-beijing.fcapp.run,Possible Cobalt Strike C2 Domain,/api/user,111.230.30.197
panel.devcomonline.com,Possible Cobalt Strike C2 Fronting Domain,/login.html,196.251.71.245
portal.thomsonreutors.com,Possible Cobalt Strike C2 Domain,/__utm.gif,107.211.18.49
profiles.arkaviaredteam.cl,Possible Cobalt Strike C2 Domain,/search/ref=nb_something/189-xxxx-xxxx/field-params=articles,172.233.26.237
pull.m1cr0s0ft.xyz,Possible Cobalt Strike C2 Domain,/jquery-3.3.1.min.js,45.128.146.227
q1bkhvr2eqfd.cfc-execute.bj.baidubce.com,Possible Cobalt Strike C2 Domain,/apis/x,180.76.144.239
query.freeresolver.online,Possible Cobalt Strike C2 Domain,/portes-ouvertes/fiche/7352,89.38.131.17
request.freeresolver.online,Possible Cobalt Strike C2 Domain,/portes-ouvertes/liste,89.38.131.17
scan.daztar.com,Possible Cobalt Strike C2 Domain,/images/17.png,139.162.204.37
service-1cao6cjs-1312654103.gz.apigw.tencentcs.com,Possible Cobalt Strike C2 Domain,/admin/login,124.223.200.131
service-a0ahsoek-1257582847.gz.tencentapigw.com.cn,Possible Cobalt Strike C2 Domain,/fwlink,45.136.15.209
service-hzdzk12c-1318485841.gz.apigw.tencentcs.com,Possible Cobalt Strike C2 Domain,/Test/protect/JZJ8DALCUB,43.139.50.42
service-jnajkkdg-1318687485.gz.apigw.tencentcs.com,Possible Cobalt Strike C2 Domain,/Forge/static/HULNWCWI,198.199.122.34
service-rchqbzvz-1301033415.sh.tencentapigw.com,Possible Cobalt Strike C2 Domain,/api/x,150.158.33.10
sf.oss-accelerate.aliyuncs.com,Possible Cobalt Strike C2 Fronting Domain,/next/sensor/login_guide.js,39.100.70.144
skynet-i.asuscomm.com,Possible Cobalt Strike C2 Domain,/en_US/all.js,85.175.101.203
somehost.p0c.xyz,Possible Cobalt Strike C2 Domain,/__utm.gif,165.232.71.57
sso.dzeninfra.site,Possible Cobalt Strike C2 Fronting Domain,/mg.css,195.14.123.121
static.usesless.com,Possible Cobalt Strike C2 Fronted Domain,/gateway/api/user,47.98.134.252
store.gridgatecloud.com,Possible Cobalt Strike C2 Domain,/checkouts/internal/preloads.js,196.251.71.31
sts.tencentopenapi.xyz,Possible Cobalt Strike C2 Domain,/image/,111.229.187.190
support.microsoft.com.volcgslb-mlt.com,Possible Cobalt Strike C2 Fronted Domain,/lib/v2/wcp-consent.js,112.74.184.37
sz-sourcetail-all.volcmlt.com,Possible Cobalt Strike C2 Fronted Domain,/lib/v2/wcp-consent.js,112.74.184.37
sz-sourcetail-v4.volcmlt.com,Possible Cobalt Strike C2 Fronted Domain,/lib/v2/wcp-consent.js,112.74.184.37
szyzs.szunicom.com,Possible Cobalt Strike C2 Fronted Domain,/gateway/api/user,47.98.134.252
t1.nestquicks.com,Possible Cobalt Strike C2 Domain,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,20.61.175.58
test.stg.bitthebyte.com,Possible Cobalt Strike C2 Domain,/image/,84.247.132.220
update.mloadspring.com,Possible Cobalt Strike C2 Domain,/jquery-3.3.1.min.js,70.34.196.238
upgrade.mloadspring.com,Possible Cobalt Strike C2 Domain,/jquery-3.3.1.min.js,70.34.196.238
vccdn.techforgood.qq.com,Possible Cobalt Strike C2 Fronted Domain,/next/sensor/login_guide.js,39.100.70.144
vvindow.top,Possible Cobalt Strike C2 Domain,/jquery-3.3.1.min.js,60.204.234.200
www.163microsoft.com,Possible Cobalt Strike C2 Domain,/_/scs/mail-static/_/js/,198.13.33.74
www.52mxd.org,Possible Cobalt Strike C2 Fronting Domain,/jquery-3.3.1.min.js,155.138.225.144
www.baidu-image.top,Possible Cobalt Strike C2 Domain,/api/v1/get,148.135.120.139
www.cioudfiear.com,Possible Cobalt Strike C2 Domain,/jquery-3.3.1.min.js,18.222.126.236
www.dyshop.online,Possible Cobalt Strike C2 Domain,/decloudAdd.js,111.230.5.199
www.idkghs.com,Possible Cobalt Strike C2 Domain,/jquery-3.3.1.min.js,218.255.96.243
www.mfmni.shop,Possible Cobalt Strike C2 Fronting Domain,/jquery-3.3.1.min.js,171.244.143.184
www.mfmni.shop,Possible Cobalt Strike C2 Fronting Domain,/jquery-3.3.1.min.js,18.162.96.155
www.minernaft.com,Possible Cobalt Strike C2 Domain,/api/v1/get,23.95.193.207
www.nemonet.top,Possible Cobalt Strike C2 Domain,/cm,103.194.107.116
www.of123pro.online,Possible Cobalt Strike C2 Domain,/jquery-3.3.1.min.js,104.168.19.195
www.servgate.me,Possible Cobalt Strike C2 Domain,/jquery-3.3.1.min.js,161.35.170.134
www.servgate.me,Possible Cobalt Strike C2 Domain,/jquery-3.3.1.min.js,178.128.21.88
www.wenopc.tech,Possible Cobalt Strike C2 Domain,/match,47.237.86.35
www.windcapital.click,Possible Cobalt Strike C2 Domain,/jquery-3.3.1.min.js,43.138.54.55
www.xxxb.shop,Possible Cobalt Strike C2 Domain,/jquery-3.3.1.min.js,103.79.186.151
wxx.aliyunn.uno,Possible Cobalt Strike C2 Domain,/jquery-3.3.1.min.js,27.106.110.32
zako.da1suki.com,Possible Cobalt Strike C2 Domain,/us,110.42.109.26
zxsmartauto.com,Possible Cobalt Strike C2 Fronted Domain,/gateway/api/user,47.98.134.252