# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-09-08)

http://3.121.42.179
http://45.9.148.219
103.127.136.239:4444
103.131.149.2:11601
104.36.229.112:443
117.72.68.194:11601
122.114.11.231:11601
13.53.125.54:443
13.60.226.185:443
152.42.160.65:443
163.172.51.82:443
172.86.79.202:443
178.20.42.17:53
179.60.147.149:8081
184.107.5.46:11601
185.205.210.220:443
188.127.249.150:443
20.19.38.35:8080
20.19.88.240:443
20.234.58.105:443
20.70.141.228:443
209.151.144.94:444
217.155.41.50:443
3.9.177.224:443
34.147.39.137:443
38.54.117.71:443
43.201.14.128:443
43.206.219.14:443
45.61.134.19:4444
54.232.65.189:8443
62.0.84.172:4444
66.85.92.8:443
80.76.49.143:11601
88.119.175.234:11601
89.1.88.251:443
94.237.40.93:9999
94.237.57.199:443
94.237.58.45:9999
94.237.59.59:443
98.66.138.81:443

# Reference: https://www.activecountermeasures.com/malware-of-the-day-tunneled-c2-beaconing/

45.9.149.215:11601
91.92.240.71:11601

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-09-14)

13.49.65.37:443
139.162.231.59:443
139.177.196.67:11601
159.75.97.81:8888
20.82.190.146:8443
212.227.235.167:443
34.34.87.71:443
4.211.173.11:443
94.237.59.50:443
94.237.62.165:443

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-09-22)

216.245.184.61:443
27.96.43.135:443
3.22.206.184:443
34.32.223.236:443
38.54.125.192:443
80.76.49.143:443
88.212.254.55:443

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-10-13)

http://192.248.154.28
http://198.12.108.94
http://80.94.95.228
http://94.237.97.93
103.127.137.66:443
109.248.152.61:443
143.110.151.209:8081
157.230.194.28:8443
159.100.9.244:443
159.65.134.235:8443
16.171.200.124:443
165.154.224.216:443
167.99.194.187:443
176.153.187.139:8080
185.208.158.15:443
185.243.215.218:443
188.190.10.154:8443
191.239.121.206:8443
192.95.44.36:443
194.113.72.62:443
194.113.73.57:443
195.200.16.68:443
195.26.249.235:443
207.148.119.57:443
209.151.149.164:443
209.151.149.61:443
209.151.153.193:443
209.151.154.229:443
209.94.57.131:443
34.91.9.210:443
46.149.72.150:443
52.196.149.34:443
66.85.92.8:2222
77.30.170.77:2222
83.136.252.170:443
83.136.255.218:443
85.214.111.149:9443
87.120.125.34:443
94.237.25.172:4433
94.237.49.178:443
94.237.49.98:443
94.237.63.113:443
94.237.87.19:443
94.237.95.103:443
95.216.38.36:443

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-11-10)

http://139.162.199.96
http://15.188.203.126
http://185.200.221.11
http://185.200.221.14
http://198.74.55.123
http://34.95.31.36
http://45.80.207.21
http://45.9.149.121
http://87.120.114.78
http://89.110.89.63
103.136.68.237:443
109.248.147.146:443
122.167.169.4:443
128.199.1.65:8080
138.197.40.165:8443
138.68.169.109:443
139.177.179.242:443
141.164.55.214:443
152.168.169.90:8080
154.205.156.117:443
154.240.155.185:443
154.248.105.246:53
172.203.237.109:443
172.236.20.148:53
172.236.20.35:53
176.31.229.198:53
178.128.39.255:443
188.245.183.77:53
195.128.100.227:443
20.19.38.35:443
209.151.152.80:443
209.250.249.112:443
209.74.66.188:11601
212.47.72.182:53
35.178.213.117:443
35.179.163.207:443
38.175.178.108:443
40.71.175.233:443
41.102.212.124:443
41.103.173.181:443
5.45.101.5:53
51.83.68.102:443
51.83.70.119:443
69.167.7.156:443
83.136.254.149:443
83.138.55.115:443
86.125.233.221:443
89.110.119.89:443
91.152.207.138:8001
92.113.33.37:443
93.185.165.195:18519
94.156.189.154:443
94.237.50.246:443
94.237.67.145:9001
94.237.79.92:4443
95.111.203.158:4433

# Reference: https://hunt.io/blog/sliver-c2-ligolo-ng-targeting-yc

179.60.149.75:22913

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-90day.csv (# 2025-01-02)

http://107.148.51.185
http://107.189.15.149
http://137.184.197.155
http://159.65.173.230
http://167.88.165.145
http://185.200.221.13
http://203.161.43.189
http://209.160.113.86
http://81.161.238.245
http://87.120.126.52
103.82.133.208:3000
107.173.114.236:443
123.56.119.208:8888
128.199.1.65:443
128.90.116.115:443
128.90.145.195:443
128.90.43.224:443
13.231.61.164:443
143.244.129.125:9000
147.45.49.99:443
154.203.197.61:443
156.67.31.238:443
158.247.234.242:443
162.55.208.135:443
163.172.234.8:4443
165.232.191.96:23094
167.99.194.187:8000
172.205.209.3:443
172.233.40.238:443
18.185.7.210:443
185.181.4.54:443
185.82.126.147:7331
193.163.7.229:11601
193.233.48.31:8443
194.113.73.119:443
199.247.12.104:443
2.57.122.74:443
20.127.157.162:443
203.154.83.28:443
209.151.148.203:443
209.151.150.122:443
209.151.151.98:443
209.151.155.122:443
209.151.155.162:443
209.94.57.107:443
217.6.46.91:22
37.27.207.13:7443
38.110.228.180:9090
38.175.188.193:443
38.54.125.192:10443
45.151.62.110:8443
45.61.137.134:443
45.61.169.182:443
45.79.8.240:443
5.22.209.119:443
5.34.182.13:4443
51.137.64.209:2000
62.210.28.199:53
64.253.86.94:443
65.38.120.101:443
66.179.191.213:443
66.179.209.41:443
69.167.10.30:443
77.232.43.48:443
77.238.238.158:443
80.94.95.188:443
81.161.238.204:443
81.161.238.64:443
84.220.29.9:443
86.125.224.142:443
86.125.225.247:443
93.185.165.16:35247
94.237.31.4:443
94.237.42.228:443
94.237.56.191:443
94.237.58.33:445
94.237.74.225:443
94.237.86.125:444
94.237.87.68:443
95.111.194.173:443
95.111.196.96:443
95.111.197.16:443
95.111.215.79:9999
95.111.216.38:443
95.111.217.194:4433

# Reference: https://www.elastic.co/security-labs/betting-on-bots

38.54.125.192:8080
