# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2025-05-20-IOCs-for-AdaptixC2-activity.txt
# Reference: https://app.validin.com/detail?find=7c6372580a9e78e8caff7ba50ef859aa&type=hash&ref_id=9f05271ed4b#tab=host_pairs (# 2025-05-22)

192.153.57.9.sslip.io
23-227-203-191.cprapid.com
64.7.199.193.sslip.io
adaptcia.com
adoring-chatelet.46-21-153-154.plesk.page
am.itgno.ir
amounn.com
api2.utkic.ir
arvest.restoreasec.com
boursoacces.com
casaslab.com
community.christmas
doamin.cc
dtt.alux.cc
ecstatic-mcclintock.46-21-153-154.plesk.page
express1solutions.com
flashfrontlinefeed.com
frejuop.live
ftp-winscp.org
grasslandscapes.com
iorestore.com
ip189.ip-51-254-238.eu
joycas.live
livestreammax.com
ns1.ftp-winscp.org
ns2.ftp-winscp.org
nwzd-csg.com
orange3room.com
outofservice.ru
pushtruelab.com
regonalone.com
restoreasec.com
sunshinemoment.com
td.express1solutions.com
td.iorestore.com
td.restoreasec.com
td1.express1solutions.com
td3.express1solutions.com
tech-system.online
trucks-taxesrefund02.com

# Reference: https://app.validin.com/detail?find=ERROR%20404%20-%20Nothing%20Found&type=raw&ref_id=9fcec45d347#tab=host_pairs (# 2025-05-22)

172-235-52-96.ip.linodeusercontent.com
bbb-appwrite.jonkerdd.nl
bbb.jonkerdd.nl
darkgem.duckdns.org
dha-events.com
ethachu21.com
feutjezelf.jonkerdd.nl
fireservice.direct.quickconnect.to
ip87-106-112-18.pbiaas.com
jelly.gaiznco.dk
jonkerdd.nl
karwanonline.com
mail.main-amarayuk.store
main-amarayuk.store
pattysergio.com
proxy.jonkerdd.nl
risinglightministries.org
streamlineanalytics.net
torrent.gaiznco.dk
vpn519529427.softether.net

# Reference: https://x.com/ViriBack/status/1930351693356548499

144.172.106.67:8000

# Reference: https://app.validin.com/detail?type=hash&find=7c6372580a9e78e8caff7ba50ef859aa#tab=host_pairs (# 2025-06-05)

103stintino.com
197pozzosannicola.com
aqpdftvbdnjfjoewtwoygc.103stintino.com
buenohuy.live
c0a7e95e92d640a8ad8dde629147d713.ddns.gcloud.gg
dumbsec.com
edilduesrl.com
emberjs.site
fabiomenichinimarmi.com
fe.firetrue.live
firetrue.live
lawyeravandia.com
moldostonesupplies.pro
schema17.com
security-research.ch
stintino.host
timbrificioarena.com
tworeniyabizneskurs.com
ue.buenohuy.live
vpn29.com
x6iye.site

# Reference: https://app.validin.com/detail?find=7c6372580a9e78e8caff7ba50ef859aa&type=hash&ref_id=3da1e49c681#tab=host_pairs (# 2025-06-13)

46-21-153-154.plesk.page
1874290-coinbase.com
518912-coinbase.com
689535ed-3.b-cdn.net
adaptix.redteamops.org
adaptixs.redteamops.org
am.mautau.live
appleeid.appleeusvrf.com.idealgroupco.com
auths-securpass-cartepass-assurances.xyz
avacore.tech
continuenetf.allstaffingsolutions.com
cs.xsjl7932.top
ct.nicepliced.live
dh.lokipoki.live
djakoidjatiguailiaipka.com
eliotdevelop.com
ev.veryspec.live
eztest.site
ge.gjkool.live
mautau.live
mingmoonorangepark.com
muatay.live
nissi.bg
novelumbsasa.art
old.bitcoin1004.com
picasosoftai.shop
regularisations-1507505075-contraventions-assurances.com
sign.in.apple.id.apple.com.verification.authentification-id.galaxyswat.com
ty.muatay.live

# Reference: https://www.security.com/threat-intelligence/fog-ransomware-attack

66.112.216.232:443
97.64.81.119:443
protoflint.com
amanda.protoflint.com

# Reference: https://app.validin.com/detail?find=7c6372580a9e78e8caff7ba50ef859aa&type=hash#tab=host_pairs (# 2025-06-25)

03.laurensgoedkoop.com
12.laurensgoedkoop.com
146-70-41-141.cprapid.com
167.88.168.160.sslip.io
167834.monovm.com
23-227-196-19.cprapid.com
38-132-122-198.cprapid.com
38.180.182.102.sslip.io
62165.cloud.hosted-by-virtualdc.ru
account.servcloudmsft.online
advh.servcloudmsft.online
api.pj1store.top
arminvananal.store
assil.xyz
autsh.servcloudmsft.online
azalarmachineszal.store
brightnight.live
cs.j31359931.workers.dev
dods.servcloudmsft.online
dsnjfkdsjkf29432.cqhwmy.com
et.nethops.online
fg.gjkool.live
freegames.freemyip.com
gdjianpeng.store
gestioneventos.net
gjkool.live
graithook.online
hen-sim.store
humansetred.shop
imap.netstore.net
in.ninetype.live
ir.brightnight.live
jdxsmt.com
joyhuias.live
kcaptcha-dev.click
login.servcloudmsft.online
mikrolipi.live
neromubusda.store
new.popylopy.live
ni.repjoin.live
nimoochi.shop
ninetype.live
o.servcloudmsft.online
od3.nimoochi.shop
outk.servcloudmsft.online
panggexxx9823.top
popylopy.live
pts-qc.store
repjoin.live
sautsa.servcloudmsft.online
saverara.live
sci.servcloudmsft.online
se.joyhuias.live
sece.servcloudmsft.online
sepstar-eti.online
servcloudmsft.online
smth.servcloudmsft.online
survlogin.servcloudmsft.online
t.servcloudmsft.online
tr.mikrolipi.live
ulup.servcloudmsft.online
usaa.servcloudmsft.online
va.saverara.live
vhg.servcloudmsft.online
xsjl7932.top
xxcdn.wuyoukm.top
