# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2025-05-20-IOCs-for-AdaptixC2-activity.txt
# Reference: https://app.validin.com/detail?find=7c6372580a9e78e8caff7ba50ef859aa&type=hash&ref_id=9f05271ed4b#tab=host_pairs (# 2025-05-22)

192.153.57.9.sslip.io
23-227-203-191.cprapid.com
64.7.199.193.sslip.io
adaptcia.com
adoring-chatelet.46-21-153-154.plesk.page
am.itgno.ir
amounn.com
api2.utkic.ir
arvest.restoreasec.com
boursoacces.com
casaslab.com
community.christmas
doamin.cc
dtt.alux.cc
ecstatic-mcclintock.46-21-153-154.plesk.page
express1solutions.com
flashfrontlinefeed.com
frejuop.live
ftp-winscp.org
grasslandscapes.com
iorestore.com
ip189.ip-51-254-238.eu
joycas.live
livestreammax.com
ns1.ftp-winscp.org
ns2.ftp-winscp.org
nwzd-csg.com
orange3room.com
outofservice.ru
pushtruelab.com
regonalone.com
restoreasec.com
sunshinemoment.com
td.express1solutions.com
td.iorestore.com
td.restoreasec.com
td1.express1solutions.com
td3.express1solutions.com
tech-system.online
trucks-taxesrefund02.com

# Reference: https://app.validin.com/detail?find=ERROR%20404%20-%20Nothing%20Found&type=raw&ref_id=9fcec45d347#tab=host_pairs (# 2025-05-22)

172-235-52-96.ip.linodeusercontent.com
bbb-appwrite.jonkerdd.nl
bbb.jonkerdd.nl
darkgem.duckdns.org
dha-events.com
ethachu21.com
feutjezelf.jonkerdd.nl
fireservice.direct.quickconnect.to
ip87-106-112-18.pbiaas.com
jelly.gaiznco.dk
jonkerdd.nl
karwanonline.com
mail.main-amarayuk.store
main-amarayuk.store
pattysergio.com
proxy.jonkerdd.nl
streamlineanalytics.net
torrent.gaiznco.dk
vpn519529427.softether.net

# Reference: https://x.com/ViriBack/status/1930351693356548499

144.172.106.67:8000

# Reference: https://app.validin.com/detail?type=hash&find=7c6372580a9e78e8caff7ba50ef859aa#tab=host_pairs (# 2025-06-05)

103stintino.com
197pozzosannicola.com
aqpdftvbdnjfjoewtwoygc.103stintino.com
buenohuy.live
c0a7e95e92d640a8ad8dde629147d713.ddns.gcloud.gg
dumbsec.com
edilduesrl.com
emberjs.site
fabiomenichinimarmi.com
fe.firetrue.live
firetrue.live
lawyeravandia.com
moldostonesupplies.pro
schema17.com
security-research.ch
stintino.host
timbrificioarena.com
tworeniyabizneskurs.com
ue.buenohuy.live
vpn29.com
x6iye.site

# Reference: https://app.validin.com/detail?find=7c6372580a9e78e8caff7ba50ef859aa&type=hash&ref_id=3da1e49c681#tab=host_pairs (# 2025-06-13)

46-21-153-154.plesk.page
1874290-coinbase.com
518912-coinbase.com
689535ed-3.b-cdn.net
adaptix.redteamops.org
adaptixs.redteamops.org
am.mautau.live
appleeid.appleeusvrf.com.idealgroupco.com
auths-securpass-cartepass-assurances.xyz
avacore.tech
continuenetf.allstaffingsolutions.com
cs.xsjl7932.top
ct.nicepliced.live
dh.lokipoki.live
djakoidjatiguailiaipka.com
eliotdevelop.com
ev.veryspec.live
eztest.site
ge.gjkool.live
mautau.live
mingmoonorangepark.com
muatay.live
nissi.bg
novelumbsasa.art
old.bitcoin1004.com
picasosoftai.shop
regularisations-1507505075-contraventions-assurances.com
sign.in.apple.id.apple.com.verification.authentification-id.galaxyswat.com
ty.muatay.live

# Reference: https://www.security.com/threat-intelligence/fog-ransomware-attack

66.112.216.232:443
97.64.81.119:443
protoflint.com
amanda.protoflint.com

# Reference: https://app.validin.com/detail?find=7c6372580a9e78e8caff7ba50ef859aa&type=hash#tab=host_pairs (# 2025-06-25)

03.laurensgoedkoop.com
12.laurensgoedkoop.com
146-70-41-141.cprapid.com
167.88.168.160.sslip.io
167834.monovm.com
23-227-196-19.cprapid.com
38-132-122-198.cprapid.com
38.180.182.102.sslip.io
62165.cloud.hosted-by-virtualdc.ru
account.servcloudmsft.online
advh.servcloudmsft.online
api.pj1store.top
arminvananal.store
assil.xyz
autsh.servcloudmsft.online
azalarmachineszal.store
brightnight.live
cs.j31359931.workers.dev
dods.servcloudmsft.online
dsnjfkdsjkf29432.cqhwmy.com
et.nethops.online
fg.gjkool.live
freegames.freemyip.com
gdjianpeng.store
gestioneventos.net
gjkool.live
graithook.online
hen-sim.store
humansetred.shop
imap.netstore.net
in.ninetype.live
ir.brightnight.live
jdxsmt.com
joyhuias.live
kcaptcha-dev.click
login.servcloudmsft.online
mikrolipi.live
neromubusda.store
new.popylopy.live
ni.repjoin.live
nimoochi.shop
ninetype.live
o.servcloudmsft.online
od3.nimoochi.shop
outk.servcloudmsft.online
panggexxx9823.top
popylopy.live
pts-qc.store
repjoin.live
sautsa.servcloudmsft.online
saverara.live
sci.servcloudmsft.online
se.joyhuias.live
sece.servcloudmsft.online
sepstar-eti.online
servcloudmsft.online
smth.servcloudmsft.online
survlogin.servcloudmsft.online
t.servcloudmsft.online
tr.mikrolipi.live
ulup.servcloudmsft.online
usaa.servcloudmsft.online
va.saverara.live
vhg.servcloudmsft.online
xsjl7932.top
xxcdn.wuyoukm.top

# Reference: https://app.validin.com/detail?find=7c6372580a9e78e8caff7ba50ef859aa&type=hash#tab=host_pairs (# 2025-07-05)

23-227-199-53.cprapid.com
app.mahjongways2.xyz
celebrum-approuk.nl
diazsquare.com
electrum-sol.top
escueladeelementos.com
first.biosdmd.live
gh.kilopas.live
gh.nougouk.live
id-manulife.com
kilopas.live
mahjongways2.info
mahjongways2.xyz
mail.mahjongways2.info
nougouk.live
oauth2-sdrive-goocle.com
pressconferencesimulator.com

# Reference: https://x.com/CyberGhost13337/status/1945083485619716555
# Reference: https://www.virustotal.com/gui/file/b89e567949e9c47b4bae5f12f23a58944fba7cbba666e39ba9c7dc531ed8ccdd/detection

67.211.222.140:4455

# Reference: https://app.validin.com/detail?find=7c6372580a9e78e8caff7ba50ef859aa&type=hash#tab=host_pairs (# 2025-07-20)

146-70-24-153.cprapid.com
acn-it32.com
admin.mahjongways2.xyz
anysimpleword.com
api.mahjongways2.xyz
blog.mahjongways2.info
cdn.real-de.myddns.rocks
cg.likerpiker.live
demo.mahjongways2.info
demo2.mahjongways2.info
dev.mahjongways2.xyz
imap.netstore.com
isd.servcloudmsft.online
kuravluatinore.greajoe.live
localhost.mahjongways2.info
mail.gdjianpeng.store
mail.hen-sim.store
mail.pts-qc.store
mail.sepstar-eti.online
msd.servcloudmsft.online
notexistsdemo2.mahjongways2.info
outlook.netstore.net
pop.netstore.com
pop.netstore.net
postcorestat.nanatechs.live
purepowersolutions.us
quedastaji.firetom.live
scalagermine.adwinoe.live
sdad.rockuopa.live
sharepoint.unicredit.zip
test.0b0.pub
totihyo.live
windowsupdate.help
ywb.servcloudmsft.online

# Reference: https://app.validin.com/detail?find=7c6372580a9e78e8caff7ba50ef859aa&type=hash#tab=host_pairs (# 2025-08-08)

101.33.202.134:443
101.42.100.236:443
103.136.150.185:443
103.171.35.40:443
103.180.115.15:443
104.167.16.88:443
104.244.90.70:443
106.12.113.41:443
106.13.211.216:443
106.13.216.152:443
107.149.223.64:443
107.158.128.78:443
107.172.143.14:443
107.174.66.121:443
108.136.233.72:443
108.137.150.223:443
109.196.99.120:443
110.41.44.100:443
111.229.80.204:443
117.72.118.156:443
118.178.191.92:443
120.55.71.141:443
121.43.134.150:443
121.43.224.166:443
13.215.203.179:443
13.232.53.239:443
132.232.113.179:443
132.232.237.212:443
134.209.112.57:443
137.220.134.251:443
138.199.40.58:443
139.180.215.242:443
139.59.17.50:443
139.84.150.129:443
142.189.181.110:443
144.172.103.74:443
144.172.106.67:443
144.172.122.100:443
144.172.122.219:443
144.172.89.30:443
146.70.24.132:443
146.70.24.153:443
146.70.24.160:443
146.70.41.141:443
146.70.41.167:443
146.70.41.176:443
146.70.44.174:443
146.70.44.228:443
146.70.87.237:443
146.70.87.26:443
146.70.87.37:443
146.70.87.42:443
146.70.87.50:443
146.70.87.64:443
146.70.87.96:443
147.93.118.55:443
148.251.135.156:443
15.157.228.170:443
152.136.134.119:443
155.138.224.101:443
156.238.233.69:443
157.180.8.158:443
157.250.195.16:443
161.35.12.89:443
162.120.71.251:443
164.90.197.183:443
164.92.253.61:443
165.154.227.220:443
165.227.221.35:443
167.88.168.160:443
169.150.219.114:443
169.150.221.147:443
170.130.55.223:443
172.232.122.178:443
172.235.52.96:443
172.86.107.75:443
172.86.123.31:443
172.86.89.240:443
172.96.137.160:443
173.232.146.48:443
174.92.170.139:443
174.92.170.237:443
174.93.204.158:443
174.95.230.232:443
178.128.87.154:443
18.209.60.16:443
18.222.232.190:443
18.223.108.252:443
182.16.98.88:443
182.61.50.127:443
184.144.144.140:443
184.144.144.68:443
184.144.174.176:443
184.145.249.18:443
185.111.111.157:443
185.194.53.238:443
185.208.158.168:443
185.233.166.187:443
185.233.166.28:443
185.255.178.11:443
185.255.178.38:443
192.153.57.9:443
193.239.237.120:443
193.5.65.114:443
193.53.127.191:443
194.182.86.110:443
194.58.114.8:443
194.87.105.140:443
194.87.17.219:443
196.251.116.106:443
196.251.118.249:443
198.54.126.112:443
20.17.96.220:443
206.188.196.80:443
209.250.247.174:443
212.192.15.213:443
216.74.123.245:443
217.148.142.28:443
217.148.142.34:443
217.148.142.54:443
217.154.115.105:443
217.28.130.34:443
217.28.130.37:443
217.28.130.44:443
217.28.130.61:443
217.28.130.82:443
23.227.196.115:443
23.227.196.13:443
23.227.196.19:443
23.227.196.62:443
23.227.199.60:443
23.227.199.61:443
23.227.199.82:443
23.227.199.99:443
23.227.202.225:443
23.227.203.128:443
23.227.203.12:443
23.227.203.178:443
23.227.203.190:443
23.227.203.191:443
23.227.203.193:443
23.227.203.198:443
23.227.203.205:443
23.227.203.228:443
23.227.203.246:443
23.227.203.248:443
23.94.61.49:443
24.4.254.185:443
3.0.61.43:443
3.8.187.162:443
3.88.14.227:443
3.97.11.123:443
31.56.146.41:443
31.97.207.197:443
34.102.233.188:443
34.107.179.223:443
34.71.90.210:443
34.98.81.157:443
35.159.38.208:443
37.72.168.135:443
37.72.168.179:443
38.114.101.163:443
38.132.122.133:443
38.132.122.141:443
38.132.122.145:443
38.132.122.161:443
38.132.122.180:443
38.180.182.102:443
38.180.2.155:443
38.207.177.170:443
43.133.211.161:443
43.154.137.247:443
43.156.15.56:443
43.156.244.51:443
43.156.64.185:443
45.129.0.102:443
45.141.86.65:443
45.144.221.24:443
45.61.135.83:443
45.61.165.23:443
45.76.159.208:443
45.77.240.204:443
46.101.241.27:443
46.173.211.240:443
46.21.153.154:443
46.38.240.37:443
46.62.144.142:443
47.116.126.243:443
47.122.27.78:443
47.237.90.16:443
49.13.163.25:443
49.232.253.183:443
5.133.9.244:443
5.253.31.113:443
5.255.88.41:443
5.83.144.14:443
51.210.90.125:443
52.22.15.69:443
54.163.41.38:443
54.250.175.201:443
60.205.3.34:443
64.137.9.118:443
64.7.199.193:443
64.94.84.169:443
66.179.211.88:443
77.232.40.154:443
77.232.42.107:443
77.72.2.29:443
77.73.131.129:443
77.73.131.39:443
79.127.237.132:443
79.127.243.187:443
8.137.85.34:443
8.138.232.116:443
82.118.16.37:443
82.153.138.122:443
83.229.17.94:443
84.17.46.53:443
85.235.67.31:443
85.239.54.47:443
86.106.85.206:443
87.106.112.18:443
88.204.56.40:443
88.214.25.196:443
88.218.94.154:443
89.41.26.173:443
89.41.26.181:443
89.41.26.187:443
89.45.4.74:443
89.46.65.19:443
9.169.156.105:443
91.142.79.140:443
93.165.113.39:443
94.156.236.125:443
94.175.204.229:443
94.198.52.210:443
94.247.42.56:443
95.179.130.57:443
96.9.124.207:443
97.64.82.101:443
api.otpbot.online
board-xyz.asia
chippikinarpam.us
cigikinikin.store
deal.office-online-store.com
defender.office-online-store.com
francheskodevergation.us
github.proof-url.link
hikiritinati.store
hlrevue.com.office-online-store.com
imgs.plumeriamode.com
loginrosso.real-de.myddns.rocks
mail.muacinorgnetcm.online
rap.real-de.myddns.rocks
roclaer.ro
scoporezidoes.bopasdw.live
slack-time.org
stackforges.us
statuscoiis-postescan.com
test.kellyroofing.us
trasnfond.ro
worldmailconnect.com
yourtencent.com
zuopir.com

# Reference: https://x.com/Xanderuxsf5/status/1966107951661293977

43.209.175.55:7010

# Reference: https://threatfox.abuse.ch/browse/malware/win.adaptix_c2/ (# 2025-10-04)

http://162.55.189.96
http://185.253.117.61
http://43.138.186.236
http://45.129.0.102
http://68.64.177.177
101.35.211.3:4321
101.42.100.236:4443
103.106.230.53:5900
103.117.148.226:4321
103.117.148.226:4444
103.171.35.150:4321
103.171.35.150:4444
104.167.16.88:4321
104.238.57.149:4321
107.154.172.8:16010
107.158.128.78:4321
107.175.159.225:443
108.137.150.223:4321
110.41.138.224:3389
110.41.44.100:4433
111.230.163.105:8888
113.44.68.82:9898
113.45.177.81:4321
113.45.177.81:7788
114.132.238.70:8888
117.72.118.156:4321
118.178.191.92:8443
118.178.231.121:4321
119.91.66.244:8888
121.41.113.184:8443
123.249.103.174:44321
123.31.11.213:4321
124.70.144.47:4321
124.70.144.47:4444
128.199.219.80:4443
128.199.41.157:8080
134.122.57.235:4321
134.199.202.205:8443
137.184.201.126:4444
139.129.32.152:8443
139.196.160.235:8443
139.59.113.130:1024
139.59.17.50:4321
141.164.44.177:36580
144.172.103.74:4443
144.172.106.67:4321
144.172.106.67:4444
144.172.106.67:4895
144.172.116.106:1337
144.172.122.100:8443
144.172.122.219:4323
146.19.254.30:4444
146.70.24.160:43331
146.70.41.141:43211
146.70.41.167:43211
146.70.41.176:43212
146.70.44.174:43211
146.70.87.138:43211
146.70.87.237:43211
146.70.87.26:43211
146.70.87.64:43211
146.70.87.96:43211
147.93.155.118:4321
149.28.23.68:31337
149.50.135.215:49152
152.42.140.133:31337
154.223.21.252:443
154.223.21.252:4444
154.36.175.172:43211
154.91.180.29:41433
159.75.155.46:4321
164.90.202.243:4321
164.92.253.61:4321
165.22.119.30:4321
166.1.160.69:65523
166.88.61.58:1433
167.172.188.68:4321
167.172.72.28:8080
167.88.168.160:8443
172.234.86.225:4321
173.212.202.8:8329
174.138.26.222:4321
178.128.87.154:1234
178.16.55.52:8090
179.43.186.234:4321
183.66.27.19:58476
183.66.27.28:58476
185.193.127.211:4321
185.208.158.168:4321
185.239.238.191:443
185.241.208.218:4444
185.253.117.61:4443
185.28.119.6:4444
188.124.51.141:4443
188.166.224.28:31337
192.210.248.11:4444
193.149.176.112:4321
193.5.65.114:43211
194.62.250.101:49011
195.133.1.120:4321
196.251.115.132:4321
196.251.118.249:4433
196.251.71.228:43211
20.17.96.220:60000
20.234.49.186:4321
20.42.107.78:8443
202.182.124.254:5555
203.159.90.59:4321
203.159.90.59:4444
204.152.192.54:4321
209.250.247.174:4321
212.192.15.213:60000
212.34.145.146:4321
212.56.32.90:43219
213.109.147.51:4444
213.199.53.152:4321
217.28.130.34:10443
217.28.130.37:9443
217.28.130.61:8443
217.28.130.82:9443
23.122.222.92:5555
23.227.196.119:43211
23.227.196.13:43211
23.227.196.17:43211
23.227.196.19:43211
23.227.196.85:43211
23.227.199.37:4321
23.227.199.53:53262
23.227.199.60:43211
23.227.199.61:43211
23.227.199.82:43211
23.227.199.99:43212
23.227.202.247:43211
23.227.203.128:43211
23.227.203.178:43211
23.227.203.190:43211
23.227.203.191:43211
23.227.203.193:43211
23.227.203.198:43211
23.227.203.205:43211
23.227.203.213:43211
23.227.203.228:43211
23.227.203.246:43211
23.227.203.248:43211
23.94.111.229:4444
3.88.14.227:4321
34.22.85.55:4321
34.22.85.55:443
34.22.85.55:4444
34.22.85.55:6443
38.132.122.141:43211
38.132.122.145:43211
38.132.122.161:43211
38.132.122.180:43212
38.132.122.198:43211
38.242.155.163:4444
39.108.79.95:3389
40.124.180.118:4444
41.249.151.35:4444
43.140.221.154:4321
43.154.137.247:8443
43.156.15.56:4321
43.156.59.110:4321
43.156.64.185:4444
43.159.45.212:4444
43.159.45.212:5555
43.229.150.95:4444
43.255.159.28:4321
45.136.29.64:4321
45.136.29.64:4444
45.138.16.95:7547
45.144.221.24:1337
45.194.37.194:9595
45.61.135.83:9443
45.76.159.208:5000
45.88.109.34:123
45.94.47.152:8083
46.21.153.146:43211
46.21.153.148:43211
47.110.244.42:7001
47.122.27.78:54321
47.236.132.98:4444
47.99.196.178:7001
49.13.163.25:4321
49.233.215.17:5000
49.233.215.17:6000
5.129.235.207:4321
5.188.86.168:55364
51.178.207.65:443
60.205.3.34:8443
62.113.59.107:4444
62.141.44.37:8001
64.137.9.118:4341
69.5.189.15:4321
69.5.189.19:443
77.232.40.154:8085
77.73.39.176:4444
8.136.48.237:443
8.136.48.237:5443
8.136.48.237:6443
8.137.85.34:4321
8.138.96.41:50010
82.153.138.122:9091
83.229.17.63:443
84.46.243.167:10443
85.202.193.88:4321
85.234.100.245:4321
86.106.84.62:8080
86.106.84.62:8443
86.106.85.206:43211
86.109.75.149:443
89.41.26.181:43211
89.41.26.187:43211
89.45.4.74:43211
94.177.171.194:4321
94.198.52.210:3043
94.232.249.166:1443
