# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-09-08)

http://3.121.42.179
http://45.9.148.219
103.127.136.239:4444
103.131.149.2:11601
104.36.229.112:443
117.72.68.194:11601
122.114.11.231:11601
13.53.125.54:443
13.60.226.185:443
152.42.160.65:443
163.172.51.82:443
172.86.79.202:443
178.20.42.17:53
179.60.147.149:8081
184.107.5.46:11601
185.205.210.220:443
188.127.249.150:443
20.19.38.35:8080
20.19.88.240:443
20.234.58.105:443
20.70.141.228:443
209.151.144.94:444
217.155.41.50:443
3.9.177.224:443
34.147.39.137:443
38.54.117.71:443
43.201.14.128:443
43.206.219.14:443
45.61.134.19:4444
54.232.65.189:8443
62.0.84.172:4444
66.85.92.8:443
80.76.49.143:11601
88.119.175.234:11601
89.1.88.251:443
94.237.40.93:9999
94.237.57.199:443
94.237.58.45:9999
94.237.59.59:443
98.66.138.81:443

# Reference: https://www.activecountermeasures.com/malware-of-the-day-tunneled-c2-beaconing/

45.9.149.215:11601
91.92.240.71:11601

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-09-14)

13.49.65.37:443
139.162.231.59:443
139.177.196.67:11601
159.75.97.81:8888
20.82.190.146:8443
212.227.235.167:443
34.34.87.71:443
4.211.173.11:443
94.237.59.50:443
94.237.62.165:443

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-09-22)

216.245.184.61:443
27.96.43.135:443
3.22.206.184:443
34.32.223.236:443
38.54.125.192:443
80.76.49.143:443
88.212.254.55:443

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-10-13)

http://192.248.154.28
http://198.12.108.94
http://80.94.95.228
http://94.237.97.93
103.127.137.66:443
109.248.152.61:443
143.110.151.209:8081
157.230.194.28:8443
159.100.9.244:443
159.65.134.235:8443
16.171.200.124:443
165.154.224.216:443
167.99.194.187:443
176.153.187.139:8080
185.208.158.15:443
185.243.215.218:443
188.190.10.154:8443
191.239.121.206:8443
192.95.44.36:443
194.113.72.62:443
194.113.73.57:443
195.200.16.68:443
195.26.249.235:443
207.148.119.57:443
209.151.149.164:443
209.151.149.61:443
209.151.153.193:443
209.151.154.229:443
209.94.57.131:443
34.91.9.210:443
46.149.72.150:443
52.196.149.34:443
66.85.92.8:2222
77.30.170.77:2222
83.136.252.170:443
83.136.255.218:443
85.214.111.149:9443
87.120.125.34:443
94.237.25.172:4433
94.237.49.178:443
94.237.49.98:443
94.237.63.113:443
94.237.87.19:443
94.237.95.103:443
95.216.38.36:443

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-11-10)

http://139.162.199.96
http://15.188.203.126
http://185.200.221.11
http://185.200.221.14
http://198.74.55.123
http://34.95.31.36
http://45.80.207.21
http://45.9.149.121
http://87.120.114.78
http://89.110.89.63
103.136.68.237:443
109.248.147.146:443
122.167.169.4:443
128.199.1.65:8080
138.197.40.165:8443
138.68.169.109:443
139.177.179.242:443
141.164.55.214:443
152.168.169.90:8080
154.205.156.117:443
154.240.155.185:443
154.248.105.246:53
172.203.237.109:443
172.236.20.148:53
172.236.20.35:53
176.31.229.198:53
178.128.39.255:443
188.245.183.77:53
195.128.100.227:443
20.19.38.35:443
209.151.152.80:443
209.250.249.112:443
209.74.66.188:11601
212.47.72.182:53
35.178.213.117:443
35.179.163.207:443
38.175.178.108:443
40.71.175.233:443
41.102.212.124:443
41.103.173.181:443
5.45.101.5:53
51.83.68.102:443
51.83.70.119:443
69.167.7.156:443
83.136.254.149:443
83.138.55.115:443
86.125.233.221:443
89.110.119.89:443
91.152.207.138:8001
92.113.33.37:443
93.185.165.195:18519
94.156.189.154:443
94.237.50.246:443
94.237.67.145:9001
94.237.79.92:4443
95.111.203.158:4433

# Reference: https://hunt.io/blog/sliver-c2-ligolo-ng-targeting-yc

179.60.149.75:22913
