# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://github.com/cobbr/Covenant
# Reference: https://twitter.com/1ZRR4H/status/1333606625551192064

45.83.176.85:7443

# Reference: https://twitter.com/bryceabdo/status/1352017243547250689
# Reference: https://www.virustotal.com/gui/file/1faee2229324a40a4d36e7bf0bcd2ceebe40915878d406efa4dd82b0ec1ee965/detection
# Reference: https://www.virustotal.com/gui/file/d776cdeb7432a2dafdc8d9f1255c278f8ae12051b8538e2a285f6255042f0a5d/detection

http://46.101.251.25

# Reference: https://twitter.com/TheDFIRReport/status/1374024318640742402

http://144.126.209.100
http://3.19.242.30

# Reference: https://twitter.com/TheDFIRReport/status/1372574766851231745

http://195.123.239.170
http://47.94.20.209

# Reference: https://twitter.com/TheDFIRReport/status/1375418278856822788

http://143.110.213.159
http://198.211.96.96
http://45.77.248.89
http://52.247.27.44

# Reference: https://twitter.com/TheDFIRReport/status/1377232960676577280

http://143.110.228.146
http://185.203.117.6

# Reference: https://twitter.com/TheDFIRReport/status/1379388421014122502
# Reference: https://beta.shodan.io/host/138.68.62.253

http://138.68.62.253
138.68.62.253:22
138.68.62.253:443
138.68.62.253:7443
138.68.62.253:8000

# Reference: https://twitter.com/TheDFIRReport/status/1379388421014122502
# Reference: https://beta.shodan.io/host/155.138.227.139

155.138.227.139:443
155.138.227.139:4443
155.138.227.139:5000
155.138.227.139:5432
155.138.227.139:8080

# Reference: https://twitter.com/TheDFIRReport/status/1379388421014122502
# Reference: https://beta.shodan.io/host/173.232.146.167

http://173.232.146.167
173.232.146.167:22
173.232.146.167:7443

# Reference: https://twitter.com/TheDFIRReport/status/1379388421014122502
# Reference: https://beta.shodan.io/host/185.186.244.84

http://185.186.244.84
185.186.244.84:22
185.186.244.84:7443

# Reference: https://twitter.com/TheDFIRReport/status/1379388421014122502
# Reference: https://beta.shodan.io/host/185.206.144.192

http://185.206.144.192
185.206.144.192:22
185.206.144.192:7443

# Reference: https://twitter.com/TheDFIRReport/status/1381636980040159234
# Reference: https://beta.shodan.io/host/165.232.131.109

http://165.232.131.109
165.232.131.109:7443
165.232.131.109:81

# Reference: https://twitter.com/TheDFIRReport/status/1381636980040159234
# Reference: https://beta.shodan.io/host/185.205.209.249

http://185.205.209.249
185.205.209.249:22
185.205.209.249:7443

# Reference: https://twitter.com/TheDFIRReport/status/1381636980040159234
# Reference: https://beta.shodan.io/host/45.32.29.78
http://45.32.29.78
45.32.29.78:22
45.32.29.78:7443
45.32.29.78:8443

# Reference: https://twitter.com/TheDFIRReport/status/1381636980040159234
# Reference: https://beta.shodan.io/host/47.243.14.171

http://47.243.14.171
47.243.14.171:443
47.243.14.171:7443

# Reference: https://twitter.com/TheDFIRReport/status/1384853172175392772
# Reference: https://beta.shodan.io/host/172.105.65.243

http://172.105.65.243
172.105.65.243:22
172.105.65.243:7443

# Reference: https://twitter.com/TheDFIRReport/status/1384853172175392772
# Reference: https://beta.shodan.io/host/45.147.228.146

45.147.228.146:7443

# Reference: https://twitter.com/TheDFIRReport/status/1384853172175392772
# Reference: https://beta.shodan.io/host/51.210.110.104

51.210.110.104:7443

# Reference: https://twitter.com/TheDFIRReport/status/1385567840732946436
# Reference: https://beta.shodan.io/host/139.59.231.248
# Reference: https://beta.shodan.io/host/192.46.234.174

http://192.46.234.174
139.59.231.248:22
139.59.231.248:3306
139.59.231.248:7443
192.46.234.174:22
192.46.234.174:7443

# Reference: https://twitter.com/TheDFIRReport/status/1387070281987108865
# Reference: https://beta.shodan.io/host/3.140.190.218

http://3.140.190.218
3.140.190.218:7443

# Reference: https://twitter.com/TheDFIRReport/status/1387070281987108865
# Reference: https://beta.shodan.io/host/35.211.206.132

http://35.211.206.132
35.211.206.132:22
35.211.206.132:443
35.211.206.132:7443

# Reference: https://twitter.com/TheDFIRReport/status/1389595672635183109
# Reference: https://beta.shodan.io/host/185.186.244.84

http://185.186.244.84
185.186.244.84:22
185.186.244.84:7443

# Reference: https://twitter.com/TheDFIRReport/status/1389595672635183109
# Reference: https://beta.shodan.io/host/185.206.144.192

http://185.206.144.192
185.206.144.192:22

# Reference: https://twitter.com/TheDFIRReport/status/1390652638513926144
# Reference: https://beta.shodan.io/host/195.161.62.228

http://195.161.62.228
195.161.62.228:22
195.161.62.228:7443
195.161.62.228:8834

# Reference: https://twitter.com/TheDFIRReport/status/1392089649984774146
# Reference: https://beta.shodan.io/host/195.123.247.143

http://195.123.247.143
195.123.247.143:7443
195.123.247.143:8834

# Reference: https://twitter.com/TheDFIRReport/status/1403321117692108800
# Reference: https://beta.shodan.io/host/52.175.148.20

52.175.148.20:22
52.175.148.20:3000
52.175.148.20:443
52.175.148.20:7443

# Reference: https://twitter.com/TheDFIRReport/status/1407322479664762890

162.55.184.250:7443
54.185.125.101:7443

# Reference: https://twitter.com/TheDFIRReport/status/1405151926640168964
# Reference: https://beta.shodan.io/host/206.189.0.12

http://206.189.0.12
206.189.0.12:22
206.189.0.12:443
206.189.0.12:7443

# Reference: https://twitter.com/TheDFIRReport/status/1405151926640168964
# Reference: https://beta.shodan.io/host/51.79.160.130

51.79.160.130:7443

# Reference: https://twitter.com/TheDFIRReport/status/1407752816362405895
# Reference: https://beta.shodan.io/host/202.169.39.5

202.169.39.5:22
202.169.39.5:587
202.169.39.5:7443
202.169.39.5:993

# Reference: https://twitter.com/TheDFIRReport/status/1407752816362405895
# Reference: https://beta.shodan.io/host/149.28.131.88

http://149.28.131.88
149.28.131.88:22
149.28.131.88:443
149.28.131.88:8000

# Reference: https://twitter.com/TheDFIRReport/status/1417499549397135363
# Reference: https://beta.shodan.io/host/52.14.0.168

52.14.0.168:22
52.14.0.168:443
52.14.0.168:7443

# Reference: https://twitter.com/TheDFIRReport/status/1417499549397135363
# Reference: https://beta.shodan.io/host/52.151.57.51

52.151.57.51:7443
52.151.57.51:8080

# Reference: https://twitter.com/TheDFIRReport/status/1417499549397135363
# Reference: https://beta.shodan.io/host/52.226.67.129

52.226.67.129:7443

# Reference: https://twitter.com/TheDFIRReport/status/1417499549397135363
# Reference: https://beta.shodan.io/host/165.232.185.3

165.232.185.3:22
165.232.185.3:7443

# Reference: https://twitter.com/TheDFIRReport/status/1423331717117579268
# Reference: https://beta.shodan.io/host/157.245.192.237

http://157.245.192.237
157.245.192.237:500
157.245.192.237:7443

# Reference: https://twitter.com/TheDFIRReport/status/1423331717117579268
# Reference: https://beta.shodan.io/host/195.133.52.108

http://195.133.52.108
195.133.52.108:7443
195.133.52.108:8081

# Reference: https://twitter.com/TheDFIRReport/status/1423331717117579268
# Reference: https://beta.shodan.io/host/3.142.251.33

3.142.251.33:443
3.142.251.33:7443

# Reference: https://twitter.com/TheDFIRReport/status/1423331717117579268
# Reference: https://beta.shodan.io/host/43.129.69.172

http://43.129.69.172
43.129.69.172:111
43.129.69.172:22
43.129.69.172:445
43.129.69.172:7443
43.129.69.172:8080

# Reference: https://twitter.com/TheDFIRReport/status/1423331717117579268
# Reference: https://beta.shodan.io/host/73.34.80.127

http://73.34.80.127
73.34.80.127:21
73.34.80.127:7443

# Reference: https://twitter.com/TheDFIRReport/status/1467860126077911043
# Reference: https://beta.shodan.io/host/3.98.205.30

http://3.98.205.30
3.98.205.30:443
3.98.205.30:7443

# Reference: https://twitter.com/TheDFIRReport/status/1461733507324162056
# Reference: https://beta.shodan.io/host/165.227.132.17

http://165.227.132.17
165.227.132.17:21
165.227.132.17:443
165.227.132.17:7443
165.227.132.17:81

# Reference: https://twitter.com/TheDFIRReport/status/1520043978812493824

http://207.148.118.169
207.148.118.169:21
207.148.118.169:443
207.148.118.169:7443
207.148.118.169:81

# Reference: https://github.com/conexioninversa/MalwareIntel/blob/main/C2_All.csv
# Reference: https://github.com/conexioninversa/MalwareIntel/blob/main/C2_Covenant.txt

103.150.190.90:7443
104.237.142.165:7443
107.182.129.146:7443
109.123.231.70:7443
109.123.251.235:7443
109.202.192.126:7443
116.203.252.63:7443
123.30.234.134:7443
128.199.70.1:7443
13.246.93.11:7443
13.56.40.136:7443
13.69.157.241:7443
130.61.124.23:7443
134.209.108.174:7443
134.209.132.131:7443
134.209.168.47:7443
135.148.73.194:7443
137.135.244.225:7443
137.184.16.177:7443
137.184.177.162:7443
138.197.108.50:7443
138.68.123.125:8443
138.68.168.158:7443
139.59.230.38:7443
139.59.70.91:7443
141.147.78.236:7443
143.198.174.221:7443
143.244.142.98:7443
143.244.164.160:7443
143.47.228.54:7443
147.182.198.82:7443
147.182.239.16:7443
149.248.35.226:7443
150.136.90.238:7443
152.67.26.76:7443
155.138.196.53:7443
157.230.25.72:7443
157.245.143.132:7443
158.247.199.220:7443
158.247.219.80:7443
159.65.92.62:7443
159.75.240.4:7443
159.89.229.33:7443
161.97.66.145:7443
162.19.208.126:7443
164.92.134.208:7443
165.154.167.51:7443
167.179.92.133:7443
167.233.4.178:7443
167.86.83.133:7443
167.99.206.136:7443
167.99.224.203:7443
172.104.157.19:7443
172.105.76.8:7443
172.81.60.10:7443
173.82.106.20:7443
174.138.10.170:7443
174.138.7.112:8443
176.58.121.121:7443
178.62.200.196:7443
178.62.32.161:7443
18.134.39.73:7443
18.157.143.36:7443
18.170.111.218:7443
18.192.103.237:443
18.222.189.135:7443
185.112.35.152:7443
185.198.57.164:7443
185.45.195.18:7443
192.46.225.126:7443
193.105.134.145:443
193.149.176.124:7443
194.163.148.158:7443
194.233.174.126:7443
194.36.189.196:7443
194.87.84.137:7443
194.87.84.139:7443
195.128.248.10:7443
195.15.240.22:7443
198.27.76.162:7443
20.112.75.17:7443
20.118.206.80:7443
20.172.204.218:7443
20.187.47.90:7443
20.213.239.95:7443
20.213.248.0:7443
20.90.25.239:7443
202.169.39.5:7443
203.23.128.118:7443
208.68.39.30:7443
216.93.199.231:7443
217.160.193.134:7443
23.106.123.4:7443
3.128.128.66:7443
3.131.163.207:7443
3.67.204.148:7443
3.72.11.135:7443
34.125.1.141:7443
34.125.10.164:7443
34.140.146.194:443
34.212.111.221:7443
34.27.128.154:7443
35.180.21.188:7443
35.180.58.84:7443
40.69.93.0:7443
43.142.178.122:7443
44.198.64.113:7443
45.32.176.111:7443
45.56.75.103:7443
45.63.127.77:7443
45.76.195.92:7443
45.76.211.73:7443
45.79.155.64:7443
45.79.2.201:7443
45.9.148.192:7443
46.161.40.123:7443
5.182.17.134:7443
5.230.73.38:7443
51.159.195.132:7443
51.89.185.29:7443
51.89.73.156:7443
52.200.202.251:7443
54.166.26.62:7443
54.178.124.65:7443
54.37.225.27:7443
62.210.252.17:7443
64.227.179.34:7443
64.27.27.5:7443
65.108.227.57:7443
65.109.173.97:7443
66.18.171.71:7443
66.42.39.43:7443
68.183.140.238:7443
74.208.208.195:7443
80.78.27.133:7443
81.17.242.130:7443
85.214.251.189:7443
87.242.105.205:443
88.119.170.197:7443
89.163.153.7:7443
89.251.177.85:7443
91.107.136.163:7443
92.41.108.41:7443
93.115.26.76:7443
94.232.43.227:7443
95.179.206.132:7443
96.126.123.25:7443
98.217.254.26:7443
99.112.162.70:7443
linkedllin.ml
wogetrldvisions.site

# Reference: https://twitter.com/MichalKoczwara/status/1648613293387382786

137.184.72.49:443
137.184.72.49:7443
opusmedical.info

# Reference: https://twitter.com/drb_ra/status/1652021318735261696

168.100.232.169:7443

# Reference: https://twitter.com/drb_ra/status/1653833270704889856

193.42.32.228:7443

# Reference: https://twitter.com/drb_ra/status/1654195723687149568

34.89.112.244:7443

# Reference: https://twitter.com/drb_ra/status/1655282798507245569

146.59.10.45:7443

# Reference: https://twitter.com/drb_ra/status/1655645200214024210

92.40.12.16:7443

# Reference: https://twitter.com/drb_ra/status/1655645217112875020

165.22.76.8:7443

# Reference: https://twitter.com/drb_ra/status/1657457256231829506

34.205.137.3:7443

# Reference: https://threatfox.abuse.ch/browse/tag/covenant/

103.234.72.240:7443
109.123.251.235:7443
129.213.138.54:7443
13.48.123.193:7443
138.197.159.128:8443
138.197.159.167:8443
139.144.110.68:7443
139.144.98.36:7443
141.147.78.236:7443
146.70.124.72:7443
147.182.137.253:443
147.182.137.253:8000
159.223.142.45:7443
159.223.206.178:7443
165.227.207.110:7443
167.233.4.178:7443
167.71.222.215:7443
172.104.195.25:7443
172.105.179.88:7443
178.128.194.238:7443
178.54.187.54:50555
18.116.55.129:7443
18.118.200.0:7443
185.11.27.20:8888
185.150.119.102:7443
185.244.51.135:7443
188.239.191.240:25008
188.68.250.179:1443
193.29.62.114:7443
194.135.91.60:80
195.15.195.158:7443
195.15.240.22:7443
195.201.112.181:7443
20.127.203.237:7443
20.213.251.215:7443
20.227.146.141:7443
203.234.238.130:7443
209.126.77.241:7443
3.136.181.193:7443
3.23.238.33:7443
34.28.100.185:7443
35.180.21.188:7443
35.180.219.92:7443
35.92.109.135:7443
4.204.220.187:3389
45.63.127.77:7443
46.101.60.112:7443
5.15.63.158:7443
54.78.223.212:7443
54.82.89.116:7443
64.226.95.13:7443
64.44.101.23:7443
65.21.157.150:7443
68.183.120.153:7443
80.243.140.69:7443
81.17.242.138:7443
92.41.115.60:7443
92.41.96.161:7443
94.131.15.185:7443
98.117.244.39:7443
98.117.244.42:7443

# Reference: https://threatfox.abuse.ch/browse/tag/Covenant/ (# 2023-08-03)

137.184.229.51:7443
34.125.1.141:7443
88.119.170.197:7443

# Reference: https://threatfox.abuse.ch/browse/tag/Covenant/ (# 2023-09-19)

103.13.210.139:7443
103.141.68.145:7443
104.155.74.148:443
104.218.54.245:7443
104.234.254.98:7443
107.189.5.211:7443
109.123.240.37:7443
118.189.204.110:3389
128.199.116.190:5000
128.199.116.190:7443
13.52.244.83:7443
130.61.212.165:7443
137.184.4.41:7443
138.68.173.141:7443
138.91.111.23:7443
142.93.191.198:7443
144.34.244.222:7443
146.190.126.61:7443
146.190.54.95:7443
148.135.121.196:7443
15.235.167.60:7443
154.16.16.43:7443
157.90.129.60:7443
158.255.74.150:7443
159.196.128.120:8443
164.92.83.74:7443
165.154.167.51:7443
166.0.233.102:7443
168.100.8.112:7443
170.187.232.104:7443
172.105.58.129:7443
172.105.76.8:7443
172.233.24.59:7443
178.232.115.65:3389
179.8.14.54:7443
18.102.118.100:7443
18.130.69.162:7443
18.133.235.82:7443
185.198.57.41:7443
188.116.36.73:7443
191.252.214.5:7443
193.149.180.213:7443
193.168.145.73:7443
2.36.57.107:8000
20.77.5.157:7443
207.148.101.73:7443
212.87.204.212:7443
216.238.111.147:7443
220.119.89.139:7443
23.94.66.115:7443
23.96.6.163:7443
3.214.57.4:7443
3.252.36.202:7443
3.253.120.29:7443
3.81.27.148:7443
34.123.6.222:30006
34.124.138.144:7443
34.124.231.204:7443
34.125.64.58:7443
34.173.15.174:3389
34.173.15.174:5986
34.205.127.224:7443
34.247.68.212:7443
34.249.99.131:7443
35.177.215.200:7443
35.189.222.198:443
35.233.38.208:443
37.1.208.232:7443
38.47.180.5:7443
4.199.35.255:7443
44.224.46.16:7443
45.136.6.21:7443
45.32.91.55:7443
45.33.88.174:7443
45.93.20.76:7443
47.100.126.235:7443
5.188.86.214:7443
5.206.224.58:7443
51.222.196.70:443
52.161.69.114:3389
52.166.195.23:7443
54.74.236.38:7443
62.233.50.25:7443
65.109.86.55:7443
74.207.149.114:7443
80.76.51.70:7443
82.146.39.80:7443
85.204.116.225:7443
88.119.174.117:7443
89.116.32.177:7443
90.84.193.31:7443
94.130.30.38:7443
94.142.138.60:7443
94.237.103.164:7443
94.237.88.153:7443
95.111.219.145:7443
95.164.69.62:7443
97.120.154.174:7443
97.154.242.206:7443
97.154.97.29:7443

# Reference: https://twitter.com/drb_ra/status/1694420734162948460

34.16.190.8:7443

# Reference: https://twitter.com/drb_ra/status/1696957435615834168

194.180.49.202:7443

# Reference: https://threatfox.abuse.ch/ioc/1155123/

159.89.48.118:7443

# Reference: https://threatfox.abuse.ch/ioc/1162903/

37.139.129.17:7443

# Reference: https://threatfox.abuse.ch/ioc/1163271/

34.248.167.43:7443

# Reference: https://threatfox.abuse.ch/ioc/1163390/

147.78.47.238:7443

# Reference: https://threatfox.abuse.ch/ioc/1163467/

81.141.154.137:7443

# Reference: https://threatfox.abuse.ch/ioc/1163675/

18.132.243.126:7443

# Reference: https://twitter.com/drb_ra/status/1703480704103862540

45.66.230.165:7443

# Reference: https://twitter.com/drb_ra/status/1714533236909519048

157.254.236.111:7443

# Reference: https://threatfox.abuse.ch/ioc/1198226/

34.124.211.197:7443

# Reference: https://threatfox.abuse.ch/ioc/1201543/

195.20.16.31:7443

# Reference: https://threatfox.abuse.ch/ioc/1201943/

51.77.173.201:7443

# Reference: https://twitter.com/banthisguy9349/status/1755596186495725602

162.0.237.99:7443

# Reference: https://threatfox.abuse.ch/browse/tag/Covenant/ (# 2024-04-10)

109.116.170.118:7443
185.196.8.48:7443
185.196.9.7:7443
217.237.82.88:3389
217.237.84.33:3389
3.88.131.251:7443
47.116.25.208:7443
54.145.56.118:8443
64.176.80.227:7443
94.237.50.44:7443
94.237.56.207:7443

# Reference: https://www.virustotal.com/gui/file/e8a680635d01de1f753dae851b2a31b9e2c0699e8fb0771b727ebde23a70a214/detection

http://154.202.59.124

# Reference: https://threatfox.abuse.ch/browse/tag/Covenant/ (# 2024-05-18)

102.44.180.221:7443
103.136.43.10:7443
109.120.178.98:7443
134.122.85.18:7443
138.68.189.254:7443
147.182.158.94:7443
162.0.230.176:7443
162.0.233.89:443
162.0.233.89:7443
165.227.229.96:7443
166.62.100.52:7443
167.172.53.165:7443
172.105.57.197:7443
172.236.65.158:7443
174.138.179.149:7443
188.25.10.129:7443
194.113.75.56:7443
206.189.127.56:7443
217.160.117.52:7443
217.237.87.199:3389
41.234.57.93:7443
45.133.74.80:7443
45.32.233.38:7443
45.33.116.110:7443
45.41.187.220:7443
45.79.123.66:7443
45.9.148.206:7443
51.222.30.120:7443
51.38.113.200:7443
51.75.17.249:7443
52.174.178.162:3389
54.145.56.118:7443
62.106.66.222:7443
74.207.229.59:7443
77.37.43.47:7443
8.138.104.216:7443
84.129.151.24:3389
86.104.72.20:7443
89.116.110.27:7443
93.127.194.22:7443
97.74.94.45:7443

# Reference: https://cybersecuritynews.com/bondnet-high-performance-bots-c2-server/
# Reference: https://otx.alienvault.com/pulse/6670c9ec24067e93485c2b73
# Reference: https://www.virustotal.com/gui/file/f4cd26320d11a064e2c36da8a7b0a4db5c4d820064062b84d7516de038ca753a/detection
# Reference: https://www.virustotal.com/gui/file/39cc01fd4dc5a45d6d32b26528a6d655c408f40e6d8f7fbb2db0a36c91ecaf45/detection
# Reference: https://www.virustotal.com/gui/file/3016222e1dadd91229abf6bba6f5c47f48dc88503876df91be19817124296c1c/detection

http://185.141.26.116
185.141.26.116:8443

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s.csv (# 2024-08-18)

102.212.245.9:7443
116.2.179.225:7443
116.2.180.131:7443
116.2.180.233:7443
159.65.156.33:7443
162.55.189.20:7443
178.18.254.10:7443
188.166.252.88:7443
195.154.43.21:7443
3.137.170.244:7443
45.76.176.147:7443
5.230.253.211:7443
54.165.195.193:7443
54.82.63.198:7443
88.119.169.47:7443
93.127.186.172:7443

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s.csv (# 2024-08-24)

146.190.212.84:7443
172.215.233.77:3389
205.234.181.199:7443
88.218.17.230:7443

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-09-07)

13.233.184.247:7443
13.233.251.64:7443
13.36.144.221:7443
157.230.0.31:7443
172.164.224.6:7443
45.55.38.145:7443
98.81.82.117:7443

# Reference: https://www.virustotal.com/gui/file/d6acb9c0e9145574ea900be03b1fa10d7ff0316670f208623ed622c824c2c939/detection

comigoninguempodes.shop
limpandoacasa.store
cojct.limpandoacasa.store
dpqje.limpandoacasa.store
gzygo.limpandoacasa.store
immqs.limpandoacasa.store
jvlma.limpandoacasa.store
mduhe.limpandoacasa.store
mmwzw.limpandoacasa.store
vrmjo.limpandoacasa.store
vtxtn.limpandoacasa.store
apczv.comigoninguempodes.shop
gaxxg.comigoninguempodes.shop
kmcsn.comigoninguempodes.shop
leffp.comigoninguempodes.shop
lvvmj.comigoninguempodes.shop
ngyfo.comigoninguempodes.shop
nxlkl.comigoninguempodes.shop
nzfui.comigoninguempodes.shop
tcvhd.comigoninguempodes.shop
terha.comigoninguempodes.shop
yhpmm.comigoninguempodes.shop
zlniz.comigoninguempodes.shop
ztxwf.comigoninguempodes.shop

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-10-13)

107.178.101.250:7443
138.68.188.35:7443
144.126.245.91:7443
154.44.10.197:7443
185.229.224.244:7443
185.241.208.167:7443
37.60.242.208:7443
46.101.120.37:7443
51.83.133.9:7443
54.37.225.27:8443

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-11-10)

116.2.181.39:7443
124.70.90.193:7443
162.33.177.7:7443
172.81.60.45:7443
20.224.236.240:7443
20.73.70.146:7443
204.13.234.44:7443
45.138.16.65:7443
45.61.160.251:7443
58.65.172.131:7443
60.17.14.33:7443

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-90day.csv (# 2024-12-15)

103.212.37.98:7443
116.2.185.125:7443
116.2.186.183:7443
13.65.87.113:7443
148.135.92.176:7443
198.12.107.149:7443
20.244.95.136:443
3.108.51.146:7443
35.225.115.143:443
37.27.63.76:7443
45.61.133.20:7443
50.17.68.102:7443
51.79.160.204:7443
54.205.247.115:7443
60.17.2.125:7443
74.48.192.231:7443
85.215.221.231:7443

# Reference: https://x.com/smica83/status/1869018362535460888
# Reference: https://www.virustotal.com/gui/file/eddc8c1dfd0be5f5848ac8997110fd2cc0456f8cac93deb8366f8beb60d3856b/detection

104.168.48.198:443

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-90day.csv (# 2025-01-02)

116.2.185.245:7443
173.199.70.18:7443
173.46.80.137:7443
210.89.45.122:7443
217.160.22.70:7443
34.132.16.207:443
34.132.16.207:7443
34.134.212.77:7443
5.42.223.135:7443
50.18.195.138:7443

# Reference:: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-90day.csv (# 2025-06-14)

104.194.132.41:7443
107.152.32.206:7443
107.189.27.205:7443
109.176.207.177:7443
116.2.176.204:7443
116.2.180.50:7443
116.2.184.197:7443
147.182.165.92:7443
150.136.146.232:7443
150.241.69.126:7443
152.42.251.12:7443
153.92.209.104:7443
158.179.209.175:7443
159.65.91.137:7443
159.89.173.66:7443
161.35.3.214:7443
167.88.173.70:7443
194.59.30.50:7443
195.2.92.39:7443
202.71.14.75:7443
209.38.71.109:7443
209.94.61.154:7443
217.160.22.184:7443
23.26.201.169:7443
34.30.196.214:7443
35.181.245.151:7443
35.188.50.102:7443
37.114.57.39:7443
45.9.148.232:7443
51.20.75.173:7443
54.151.11.72:7443
54.176.66.101:6443
8.218.196.181:7443
91.81.248.10:7443

# Reference: https://dti.domaintools.com/malware-in-dns/

/api/v1/nps/payload/
/api/v1/nps/payload/stage1

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-90day.csv (# 2025-07-26)

115.187.41.77:7443
209.141.47.199:7443

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-90day.csv (# 2025-10-05)

102.212.247.231:7443
102.31.147.43:7443
103.118.254.189:7443
139.59.104.5:7443
167.172.185.9:8443
173.212.222.49:7443
176.98.186.13:7443
178.17.62.9:7443
18.214.2.45:7443
185.170.215.191:7443
194.116.214.53:7443
20.199.67.52:7443
51.75.205.189:8443
54.190.133.237:7443
76.29.173.227:7443
83.229.83.138:7443

# Generic

/covenantuser/
/covenantuser/login
