# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://twitter.com/ViriBack/status/1713716866034651479
# Reference: https://twitter.com/g0njxa/status/1713809471351185466

http://104.234.10.81
http://107.22.26.223
http://116.203.236.185
http://13.125.54.224
http://13.37.135.154
http://138.68.80.187
http://146.190.35.190
http://146.59.3.210
http://149.28.209.56
http://15.161.176.25
http://157.230.51.55
http://166.70.204.60
http://18.118.127.185
http://18.190.40.112
http://18.193.196.64
http://18.233.73.116
http://185.217.125.195
http://192.169.176.26
http://194.113.64.34
http://212.227.193.41
http://24.182.23.41
http://24.2.3.253
http://3.10.24.207
http://3.124.154.213
http://3.127.3.0
http://3.13.227.246
http://3.13.238.127
http://3.130.22.176
http://3.135.98.249
http://3.220.246.141
http://3.226.239.69
http://3.228.71.222
http://3.72.5.222
http://3.76.24.44
http://3.98.221.50
http://34.198.241.131
http://34.89.145.222
http://35.183.195.233
http://35.188.254.146
http://35.244.96.115
http://34.252.72.252
http://35.71.135.147
http://35.89.189.173
http://44.213.6.50
http://44.240.101.230
http://44.242.31.231
http://45.9.63.19
http://47.87.147.61
http://51.81.72.51
http://52.223.28.236
http://52.47.141.98
http://54.157.167.166
http://54.158.205.32
http://54.203.121.158
http://54.214.141.11
http://54.226.123.244
http://54.227.77.167
http://79.160.200.173
http://82.66.183.173
http://90.162.124.251
http://99.79.86.238
100.11.109.176:8088
100.20.24.177:8080
100.21.187.197:8080
100.8.103.82:8080
103.108.228.25:9123
103.72.79.60:8080
104.2.139.250:8080
104.248.62.124:8080
107.159.152.240:8888
107.159.211.38:8888
107.159.239.208:8888
107.171.209.110:8082
107.22.182.64:8080
107.22.26.223:443
109.131.174.186:8080
109.236.92.24:8080
116.203.52.243:443
13.125.54.224:443
13.237.65.10:443
13.239.126.103:8080
13.250.104.31:8080
13.37.135.154:443
13.41.55.191:8080
13.49.15.29:8080
13.54.185.156:8080
13.54.94.224:8080
13.58.117.167:8080
13.64.102.21:443
131.191.114.37:8080
134.209.244.69:9090
134.255.225.140:8080
135.125.190.193:8080
135.148.138.23:8080
137.184.101.238:9090
137.184.148.79:8080
137.184.216.56:8080
137.184.45.179:8080
137.184.57.223:8080
138.197.136.233:8080
138.197.146.181:8080
138.197.172.204:8080
138.197.235.128:8080
138.68.166.105:8080
139.144.235.139:8080
139.144.31.164:8080
139.162.131.212:8080
140.238.171.185:8080
141.145.198.95:8080
142.115.152.58:8080
142.93.199.234:8080
142.93.200.187:8080
143.110.162.255:8080
143.198.75.6:8080
143.244.173.173:8080
144.172.80.21:8080
144.202.29.246:8080
144.91.107.229:28080
144.91.70.241:8080
146.190.188.105:8080
146.190.199.135:8080
146.59.3.210:443
147.182.219.77:8080
149.202.51.44:8080
149.28.175.130:8080
149.56.147.90:8080
15.161.176.25:443
15.188.108.138:8080
15.204.227.28:8080
15.223.67.241:8080
15.235.199.226:8080
15.236.3.153:8080
15.237.139.18:8080
152.67.58.223:8080
157.230.118.220:8080
157.230.51.55:443
157.230.9.141:8080
157.245.54.197:8080
158.101.167.230:8084
158.180.58.209:443
159.203.159.63:8080
159.203.48.104:8080
159.203.57.244:8080
159.65.215.80:8080
159.89.34.159:8080
16.170.13.168:443
16.170.13.168:8080
161.35.2.61:8080
161.35.244.57:8080
161.49.96.244:8080
162.243.167.239:8080
163.172.181.15:8080
164.90.216.108:8080
164.90.246.2:8080
165.22.37.191:8080
165.227.139.249:8080
165.227.175.117:8080
165.227.41.66:8080
165.227.7.108:8080
165.232.159.37:8080
166.70.204.60:443
167.172.253.115:8080
167.235.24.67:8080
167.71.23.98:8080
168.100.225.143:8080
168.119.170.152:8080
170.187.203.233:8080
170.187.240.35:8080
170.64.190.5:8080
170.64.254.43:8080
172.104.155.100:8080
172.104.203.250:8080
172.105.254.252:8080
172.172.32.86:8888
172.6.89.158:8080
172.93.54.40:8080
173.168.120.231:8080
173.199.118.188:443
173.255.216.83:8080
174.138.11.150:8080
174.16.49.240:8080
174.16.70.184:8080
174.16.81.232:8080
176.58.110.176:8080
178.128.161.140:8080
178.190.242.184:8080
178.191.40.166:8080
178.191.43.111:8080
178.62.216.61:8080
18.117.201.110:8080
18.118.127.185:443
18.134.45.34:8080
18.135.209.57:8080
18.168.217.50:8080
18.170.246.72:8080
18.181.162.201:8080
18.184.245.118:8080
18.189.36.128:8080
18.190.40.112:443
18.194.126.72:8080
18.204.144.112:8080
18.212.11.131:8080
18.213.176.233:8080
18.213.199.113:8080
18.213.6.190:8080
18.214.66.76:8080
18.218.46.111:8080
18.220.193.242:8080
18.221.238.209:8080
185.178.193.159:8080
185.178.193.160:8080
185.196.21.143:443
188.149.153.245:8080
188.165.28.53:8080
188.166.57.15:8080
188.166.81.141:8080
188.214.144.53:8080
191.101.165.182:8080
191.252.191.90:8080
192.164.142.34:8080
192.164.29.64:8080
192.243.102.124:8080
192.9.231.106:443
193.148.175.131:8080
193.40.7.21:8080
193.80.215.115:8080
194.118.147.73:8080
194.118.29.94:8080
194.166.119.30:8080
194.166.28.80:8080
194.195.127.180:8080
194.96.52.136:8080
195.113.80.203:3333
195.15.223.245:8080
195.90.216.97:443
195.90.216.97:8080
198.16.237.165:8888
198.16.251.190:8888
198.199.64.162:8080
198.23.137.45:8080
198.58.110.134:8080
199.247.25.253:8080
199.247.3.102:8080
20.100.207.23:8080
20.115.89.130:8080
20.118.226.255:8080
20.121.98.181:8080
20.199.83.47:8080
20.231.194.162:8080
20.28.180.168:443
20.68.146.166:8080
20.77.6.131:8080
202.169.113.164:8080
202.61.205.19:8080
202.61.230.102:8080
202.61.237.58:443
202.61.237.58:8080
203.118.151.27:8081
204.48.21.242:8080
206.189.21.240:8080
206.85.224.106:3000
206.85.224.106:443
207.154.210.29:8080
207.177.22.11:8080
207.38.67.162:4444
208.72.154.203:8080
209.250.224.51:8080
212.227.181.41:8080
212.227.70.151:8080
212.227.71.95:8080
212.88.24.117:8080
216.128.128.78:8080
217.160.26.149:8080
217.160.67.136:8080
23.163.208.120:8080
23.20.48.126:8080
23.22.247.145:8080
23.227.163.6:8082
23.23.251.217:8080
23.239.3.18:8080
23.92.16.67:8080
24.144.232.156:8080
24.144.68.49:8080
24.182.23.41:8443
24.240.98.230:8080
27.118.25.76:8080
3.10.24.207:443
3.10.70.226:8080
3.105.204.165:8081
3.11.124.241:8080
3.11.92.126:8080
3.124.154.213:443
3.125.137.144:8080
3.127.3.0:443
3.129.50.97:8080
3.13.238.127:443
3.130.13.22:8080
3.130.216.253:8080
3.130.22.176:443
3.131.70.27:8080
3.134.153.251:8080
3.134.188.81:8080
3.135.62.36:8080
3.135.98.249:443
3.137.128.247:8080
3.138.185.63:8080
3.138.198.138:8080
3.139.174.118:8080
3.140.90.155:8080
3.143.175.125:8080
3.143.198.139:8080
3.143.42.196:8080
3.144.40.153:8888
3.16.125.73:443
3.16.86.199:8080
3.20.135.199:8080
3.20.2.53:8080
3.211.109.134:8080
3.212.153.46:8080
3.216.6.51:443
3.22.219.236:8080
3.220.246.141:443
3.224.110.21:8080
3.226.119.211:443
3.226.239.69:443
3.228.106.146:8080
3.228.71.222:443
3.229.245.75:8080
3.23.201.130:8080
3.232.16.227:8080
3.234.133.201:8080
3.66.145.34:8080
3.66.247.7:8080
3.66.81.140:8080
3.70.10.51:8080
3.72.190.191:8080
3.72.191.64:8080
3.72.211.33:8080
3.72.5.222:443
3.75.162.63:8080
3.76.154.178:8080
3.76.170.137:8080
3.76.24.44:443
3.77.91.252:8080
3.78.118.33:8080
3.78.157.36:8080
3.80.194.102:8080
3.88.114.18:8080
3.9.218.106:8080
3.97.162.160:8080
3.98.221.50:443
3.99.115.30:8080
31.220.63.158:8081
34.198.241.131:443
34.199.66.228:8080
34.213.133.84:8080
34.216.181.186:8080
34.218.70.48:8080
34.223.131.103:8080
34.227.126.116:8080
34.72.114.209:8080
34.77.24.176:8080
34.87.202.9:8080
34.89.145.222:443
35.162.28.18:8080
35.164.21.201:8080
35.171.99.207:8080
35.176.119.103:8080
35.178.113.9:8080
35.179.73.255:8080
35.183.195.233:8080
35.188.254.146:443
35.211.110.222:8080
35.240.6.194:8080
35.71.135.147:443
35.89.189.173:443
4.246.214.148:8080
44.195.195.181:443
44.207.242.127:8080
44.208.113.136:8080
44.210.175.18:8080
44.213.6.50:443
44.227.229.139:8080
44.228.184.122:443
44.228.28.50:8080
44.232.3.13:8080
44.232.97.191:8080
44.233.34.245:8080
44.239.200.150:8080
44.240.101.230:443
44.242.31.231:443
45.33.86.52:8080
45.33.95.56:8080
45.55.121.89:8080
45.56.70.253:8080
45.61.56.252:9999
45.76.229.194:8080
45.77.200.160:8080
45.79.211.55:443
45.9.63.19:443
47.156.33.61:8080
47.158.112.60:8080
47.87.147.61:443
49.50.249.29:8080
5.132.159.48:8080
5.196.27.125:8080
5.230.68.141:8080
50.116.33.70:8080
50.116.6.75:8080
50.28.7.128:8080
51.161.35.92:8081
51.178.42.21:8080
51.255.39.182:8080
51.68.199.104:8080
51.68.220.158:8080
51.75.202.98:8080
51.77.201.194:8080
51.81.72.51:443
51.91.252.46:8080
52.2.192.226:8080
52.202.155.18:8080
52.202.172.77:8080
52.202.237.206:8080
52.205.116.200:8080
52.205.116.6:8080
52.223.28.236:443
52.28.103.13:8080
52.3.32.201:8080
52.36.255.202:8080
52.39.38.37:8080
52.44.78.90:8080
52.62.45.125:8080
52.90.211.35:8080
54.145.173.94:8080
54.157.167.166:443
54.169.35.171:8080
54.184.159.2:8080
54.187.127.253:8080
54.188.199.20:8080
54.202.121.133:8080
54.203.121.158:443
54.203.124.71:8080
54.204.234.201:8080
54.205.52.244:8080
54.214.27.209:8080
54.227.77.167:443
54.68.249.160:8080
54.76.231.141:8080
54.83.202.99:8080
54.88.1.171:7443
62.46.68.66:8080
64.251.24.77:9002
65.0.166.103:8080
65.108.209.72:8080
65.21.127.32:9999
65.49.206.35:8080
66.29.134.24:8080
67.174.194.34:8080
67.205.186.210:8081
68.183.176.115:8080
68.183.206.116:8080
68.183.94.12:8080
68.74.122.20:8080
68.98.126.117:443
71.217.49.79:443
71.217.95.126:443
76.252.151.246:8080
77.33.121.145:60443
80.15.75.59:443
80.28.183.57:8080
80.82.66.89:8080
81.169.239.22:8080
81.49.203.71:8080
81.5.199.52:8080
82.165.48.158:8080
82.165.7.140:8080
82.223.65.177:8080
82.66.183.173:443
83.76.129.79:8080
83.79.143.102:8080
85.214.136.226:8080
85.214.17.175:8080
85.214.247.130:443
85.215.176.219:8080
85.90.244.171:8080
88.198.209.95:8080
88.202.185.165:8084
91.21.152.36:8080
91.53.22.24:8080
91.53.28.36:8080
92.205.58.181:8080
92.219.41.92:8585
92.220.123.156:443
92.220.123.156:8080
93.90.195.60:8080
94.177.9.11:8080
94.201.123.50:8080
95.111.247.127:8080
97.122.198.169:8080
97.122.205.7:8080
97.122.247.67:8080
98.128.172.74:8082
99.79.86.238:443
99.92.184.105:9012
001.ozarkmoving.com
10011010.com
1337c2.com
2a.quest
2peeeps.ozarkmoving.com
321music.ozarkmoving.com
5l33p3rx3ll.com
714hackers.com
7420c418a.ozarkmoving.com
a.skkylight.com
admin.pinnaclesteelerectors.com
adservices.sytes.net
ahmadjasem.com
ahohl.com
alaskanpirate.com
alexandersuperhaks.online
alspineapple.org
aneh92.ozarkmoving.com
apmgmt.tradertech.org
apopgnosis.com
arbitrarycloud.com
argentina.ozarkmoving.com
arka135.ozarkmoving.com
ataritaco.com
atlasdigitalservices.com
atopsecretlocation.com
avl-security.com
azsports1.ozarkmoving.com
b1.ozarkmoving.com
badr0bot.com
bbs.meadowbridgefarms.com
bcdisd.com
bear.ozarkmoving.com
bengoodman.tech
benjicmd.com
bezoar.net
blackbox.nextwall.com
blueskydogs.net
bodenresearch.com
bogozoa.ozarkmoving.com
boiperfect.ozarkmoving.com
boomchocalaca.net
br1sh.com
braelay.net
brish.cloud
brish.net
bsd2.ozarkmoving.com
builtbydad.com
bulletins.ozarkmoving.com
burado.ozarkmoving.com
burbachdevelopments.com
c2.aeversole.com
c2.aeversolellc.com
c2.cfpad.com
c2.cyber-security-lab.net
c2.d33pn2s3cur1ty.com
c2.dcsapps.com
c2.delacluyse.com
c2.edevers.com
c2.egg82.ninja
c2.ergongrp.com
c2.flyingpoe.com
c2.h07.wlh.io
c2.hacksec.io
c2.hulahan64.com
c2.incurs1on.com
c2.jcarpentier.ca
c2.jceauditing.com
c2.jjanata.cz
c2.moses.host
c2.node.cloud.bagros.eu
c2.php-systems.com
c2.planetskizz.com
c2.rogerhalls.com
c2.rorvig.net
c2.talisnet.ca
c2.tenebris.net
c2.thebishops2010.co.uk
c2.theguzmanfamily.com
c2.tongsystems.com
c2.toptechconnect.com
c2.viewpointav.com
c2.wasteman.info
c2c2-dev.hak5.org
c2cloud.dannyreed.biz
c2cloud.mv-sistemi.com
c2now.net
c2serveryo.com
candydolls.ozarkmoving.com
capture.obscure-domain.com
cc.iizumi.io
ceh.avbeheer.com
ceh.avbeheer.nl
changsha.ozarkmoving.com
checkm8.link
cic.mi80.com
clearfogofwar.net
clemtitsworth.com
cloud-c2.hak5.org
cloud.infopathways.com
cloudc2.killerwifi.com
cloudc2security.com
com.meadowbridgefarm.com
com.meadowbridgefarms.com
cubaupdate.ozarkmoving.com
cuponatic.ozarkmoving.com
cust63.ozarkmoving.com
cxremote.com
cyber-security-lab.net
cyberamauta.com
cybernerddallas.com
d33pn2s3cur1ty.com
dad-law.ozarkmoving.com
darkastra.com
darkcloud.mobi
datamining.ozarkmoving.com
datatesters.net
december1.oaklandstatebank.com
defnotsusatall.com
dev.investortube.com
dil.ozarkmoving.com
dontclickme.link
dparra.net
drc2.net
drive.file-hosting.net
ehl-iblog.ozarkmoving.com
elmranch.com
employees.ozarkmoving.com
encza.ozarkmoving.com
fallingthunder.com
fantomsecure.com
ff0000.is-lost.org
files.sitecarro.com
firmdaddy.ozarkmoving.com
foreskin.ozarkmoving.com
fornevermore.com
foundry.mikedawoud.com
freeware.ozarkmoving.com
fs.ozarkmoving.com
gaspent.com
ghostinfosec.com
ghouliec2.com
glitch404.com
gmocloudc2.com
gotpwned.online
h4zm4tts-server.net
h5c2.b1sec.com
h5c2.cyberhq.tools
h5cc2.nulldatabyte.com
h5mgmt.sedara.io
hack.d3mo.se
hack0rama.com
hak.peterannabel.com
hak5.hakureishrine.com
hak5.tothestar.com
hak5.tracesecurity.com
hc.kds-rz.de
health4supplement.com
heckerc2.com
hedfuncinc.com
hello.intware.com
hitalpha.ddns.net
horizons1.net
house.ozarkmoving.com
hunterscehlab.com
i-trap-bugs.com
ibismortis.cloud
ihak.xyz
imap.ozarkmoving.com
inc.ozarkmoving.com
is.intellisoftalpin.ch
isms-expert.com
japandown.ozarkmoving.com
jaycloudbase.com
jcancelc2.com
jerochim.com
kamissore.ozarkmoving.com
kenpaar.ozarkmoving.com
klbvs.ozarkmoving.com
konnero.com
krmc2.online
kwellkorn.de
labpineapple.com
larsm.de
lightsail01.rdlg.net
loja.sitecarro.com
lojaveiculos.sitecarro.com
lolplzsec.cloud
lonelynest851.com
lulomx.ozarkmoving.com
m.brish.cloud
m.cyber-security-lab.net
m.health4supplement.com
m.martin902.com
m.meadowbridgefarm.com
m.meadowbridgefarms.com
m.mm-moving.com
m.moorecocompanies.com
m.osagecreekcabins.com
m.ozarkbuffalo.com
m.ozarkmoving.com
m.pinnaclesteelerectors.com
m.sitecarro.com
m0zhgan.ozarkmoving.com
machiboo.ozarkmoving.com
macrosloth.net
mail6.rwg-kamatics.com
mailhost.rwg-kamatics.com
malware.securitytactics.com
martin902.com
mast3rofnon3.com
math.ozarkmoving.com
mcscloud2.com
meadowbridgefarm.com
meadowbridgefarms.com
menofcolor.ozarkmoving.com
metrostatecyber.com
mexivasco.ozarkmoving.com
mgarcia.technology
middlethirty.com
midnyteshade.com
miguelitopapaya.com
mikecheval.com
minodlogin.ozarkmoving.com
mjolnirtechsec.com
mm-moving.com
mongosec.com
moorecocompanies.com
moosemoose.net
mrqauckqauck.net
mta.pinnaclesteelerectors.com
mx.rwg-kamatics.com
mx3.rwg-kamatics.com
myc2.hermandoze.nl
nestmetrics.net
netswitch22.com
new.impactees.com
nexlessos.ca
nexusrisksolutions.com
nightingale.page
nimbostratus.dev
ninjawolfden.com
notinyetc2.com
nova-cloudlab.uk
ns2.rwg-kamatics.com
nzqa.ozarkmoving.com
oracle.infinit0.com
osagecreekcabins.com
outrwg-kamatics.com
ozarkbuffalo.com
ozarkmoving.com
paginas.ozarkmoving.com
painel.sitecarro.com
payloads.vip
pen.alticnetwork.com
penzeller.com
peregrinec2.net
pianoramic.ozarkmoving.com
pichomohre.ozarkmoving.com
pinnaclesteelerectors.com
playbuzz.ozarkmoving.com
plusplus.cc
polienne.ozarkmoving.com
poserz.net
pro100.ozarkmoving.com
psykick.click
puppet.colonynetworks.com
pwnsec.org
r4d10.net
r4nc1d.com
reallycoolcloudc24.com
recore.cloud
redorbluepill.uk
retrodoll.ozarkmoving.com
rflab-cbcc.com
rich.ozarkmoving.com
rose33.ozarkmoving.com
rosenkrantztesla.com
rtprotection.us
rtsg-ngt.com
ruwitha.ozarkmoving.com
rwg-deutschland.com
rwg-frankenjura.com
rwg-kamatics.com
samaritaninstance.com
scelba.org
schreibercyber.net
sdhak.com
secretsquirrelclub.org
secureozarkmoving.com
server2.rwg-kamatics.com
shades-secrets.com
shantwon.info
sharkananas.ninja
sirbc2.com
sitecarro.com
soccertv.ozarkmoving.com
speednet.ozarkmoving.com
sports.ozarkmoving.com
staticdope.com
stephsplayzone.com
stizzo.net
store.impactees.com
store.meadowbridgefarm.com
sttacademy.com
sudocodeadmins.net
sukanstar.ozarkmoving.com
supersecretsquirrels.com
sviluppo.ozarkmoving.com
syphenc2.com
taikang.com.meadowbridgefarm.com
tanz.ozarkmoving.com
taylorshrum.net
techsentrac2.live
tehgroundz.link
teknomancy.work
telias.ozarkmoving.com
tellutcm.ozarkmoving.com
testlabking.com
theboominc.com
toooeazy.com
trad-mania.ozarkmoving.com
trevisanto.com
trondemon.com
type445-xen.chem.ut.ee
u18.telecloud360.com
u2fanlife.ozarkmoving.com
v1.artareaproject.com
v4clou.com
vespak1ll.com
vi-veri-universum-vivus-vici.net
vivicon.org
voetsek.net
voti-fanta.ozarkmoving.com
vps-c7e51876.vps.ovh.net
vsv1963.ozarkmoving.com
warcatdope.com
watafakifak.com
whitehat.guru
wifi.trace3.me
woldberg.se
x.pirat.me
xanaxginseng.com
ycyx88888.ozarkmoving.com
yeetleetc2.net
yesika-sex.ozarkmoving.com
yourit.vip
zcybersec.net
zimsec.net

# Reference: https://twitter.com/1ZRR4H/status/1742604862582382989

http://104.234.25.18
http://129.146.31.103
http://13.58.42.201
http://148.81.138.8
http://178.62.5.113
http://18.153.221.77
http://18.195.227.45
http://2.202.33.172
http://3.106.28.151
http://3.226.119.211
http://52.205.96.14
http://52.57.79.63
http://54.90.152.55
http://82.165.7.140
http://88.78.149.110
http://88.78.149.17
104.228.7.222:8080
104.234.25.18:443
120.24.179.84:8080
13.58.42.201:443
137.184.113.177:443
143.244.211.97:8080
146.190.118.60:8080
146.59.3.189:8080
148.81.138.8:443
15.236.67.253:8080
15.236.69.55:8080
157.90.234.142:6789
158.69.224.9:443
16.16.75.146:8080
164.92.112.142:8080
172.200.219.250:8080
173.167.173.233:8080
176.58.100.129:8080
18.153.221.77:443
18.195.227.45:443
18.216.133.250:8080
185.111.99.168:9999
185.111.99.207:9999
192.164.245.112:8080
193.80.78.215:8080
195.90.201.138:8080
198.16.209.50:8888
20.15.235.10:8080
20.234.206.163:443
20.64.84.1:8080
23.94.62.238:9090
3.106.28.151:443
3.132.103.12:8080
3.15.229.207:8080
3.19.233.189:8080
3.82.49.1:8080
34.198.186.77:8080
34.205.200.160:8080
34.224.206.171:8080
34.247.249.26:8080
35.165.53.17:8080
35.166.57.84:8080
4.151.107.12:8080
40.119.35.140:8080
44.214.174.238:8080
44.217.218.37:8080
44.218.70.242:8080
44.224.133.25:8080
51.20.177.232:8080
52.202.116.210:8080
52.47.38.43:8080
52.57.79.63:8080
54.157.65.11:8080
54.167.65.206:8080
54.185.235.168:8080
54.37.137.190:8080
54.90.152.55:443
61.7.147.227:9090
69.181.146.246:8080
69.248.217.153:8080
78.115.184.11:8080
78.47.121.254:8080
80.89.103.118:8080
81.82.244.62:8080
82.165.7.140:443
84.63.16.32:443
85.0.228.74:8080
88.78.149.17:443
91.21.145.168:8080
91.53.21.105:8080
91.53.8.141:8080
91.92.252.130:8080
97.106.1.34:8080
[2a01:7e01::f03c:91ff:feac:f30f]:8080

# Reference: https://twitter.com/TLP_R3D/status/1750135843744870505

bypassingsecurity.com
o6tl7ucw4ik5den26omter4k2hllnbzxilp3oscuktvdofeuktb7qqid.onion

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-08-18)

http://148.81.138.15
http://66.175.210.153
100.20.51.26:58008
144.91.86.139:2155
148.81.138.15:443
161.35.40.151:8080
172.105.85.61:3080
18.158.145.15:443
185.21.216.147:31010
193.123.57.133:51029
198.16.208.3:8888
3.127.133.106:8080
44.219.87.13:8080
44.222.52.24:8080
52.54.42.29:8080
74.208.201.158:8080
91.53.17.96:8080

# Reference: https://app.validin.com/detail?find=57f501d6fee2fdb024795abbdb750ad5&type=hash#tab=host_pairs_v2

159-223-173-63.ipv4.staticdns3.io
172-105-250-105.ip.linodeusercontent.com
22fathoms.net
4712-ttyl.org
49.ip-151-80-57.eu
4sr.nl
acc3ss.cc
accesscloudc2.com
agent355.culpersec.com
alpha.sempervespallc.com
argentcybersolutions.com
atk.areax.io
authsmtp.safe-netsurfing.com
autoconfig.slg-hafen-hamburg.de
autoconfig.svp-hamburg-sportschuetzen.de
autodiscover.slg-hafen-hamburg.de
autodiscover.svp-hamburg-sportschuetzen.de
aws.mikzbots.xyz
baconmcburgerton.com
badmin.cloud
batcave.pha3t0n.com
beamadmin.com
big-morpheus.com
bitwars.org
blisteur.c2.mylittlepwnies.tech
blupanthr.consulting
c.w3k.io
c2-1.4k-iptv.xyz
c2-demo.hak5.org
c2-junk.hopto.org
c2-kraft.de
c2.2day.es
c2.2workplace.com
c2.abc.com.ro
c2.abqtech.net
c2.achimhaag.com
c2.adapdev.com.au
c2.aits.ie
c2.arctix.xyz
c2.aws.qns.cloud
c2.bad-bit.ch
c2.bgs.ms
c2.bowser.mookitty.net
c2.capital2.cc
c2.castelnuovo.dev
c2.chinacat.co
c2.citohio.com
c2.cloud-instance.zone
c2.core-basspro.com
c2.crazykitten.net
c2.ctconnect.link
c2.dklapproth.de
c2.dmoutault.ovh
c2.donserdal.nl
c2.draclab.ca
c2.dragonflysecurity.com
c2.drogja.de
c2.eddiequinn.xyz
c2.emptyinbox.ca
c2.finelinesecurity.com
c2.flow-sec.de
c2.fortify.cloud
c2.glod.lu
c2.gohydra.net
c2.gulfport.run
c2.h7-technologies.com
c2.hiddenlogic.io
c2.hoag.cloud
c2.hopto.org
c2.hxk.ch
c2.ipfreaks.de
c2.irt-tx.com
c2.itlnet.net
c2.itsystemsec.it
c2.jcvhome.xyz
c2.jktech.dev
c2.jordanchesley.xyz
c2.juliodellaflora.com
c2.ksmtwifi.net
c2.kwellkorn.de
c2.lachateau.net
c2.lusosec.com
c2.lycheegirl.cloud
c2.matrix2600.com
c2.mcglo.io
c2.mchughcyber.io
c2.millerbros.digital
c2.milot.io
c2.mjbates.com
c2.motherduck.net
c2.mumaw-lab.net
c2.mylittlepwnies.tech
c2.n0stra.com
c2.network-protection.com
c2.nit-solutions.com
c2.nordcom.ca
c2.notzeus.com
c2.orion-secure.com
c2.owo.company
c2.peaks.dev
c2.presumptive.ninja
c2.prjx.de
c2.psdl.tech
c2.ptaas.pt
c2.ranftler.eu
c2.redc2portal.com
c2.redteamatx.com
c2.rego680.xyz
c2.rehjr.com
c2.rggi.cx
c2.rmenetworks.com
c2.saltsec.at
c2.sec.craigasimon.com
c2.shadowtester.uk
c2.sr2soc.com
c2.syn0cta.ch
c2.sys-security.de
c2.teamprime.dev
c2.thecyberdefenders.com
c2.thegoldenpanda.com
c2.thek0der.com
c2.threathunter.ninja
c2.trustnetinc.com
c2.twobytwo.io
c2.tycycc.com
c2.vaidas.net
c2.victory.cloud
c2.vincentguitard.net
c2.webogroup.eu
c2.xertainty.com
c2.zanedurk.in
c2.zenmock.at
c2.ztb.dk
c2c.sparkbrightconsulting.com
c2c.westeurope.cloudapp.azure.com
c2cloud.nl
c2console.vypernet.cloud
c2demo.aspirets.com
c2goodies.com
c2p0.bridgetownsecurity.com
c2technetmsp.com
c2test.ranftler.eu
c3.planet12industries.tech
calendar.ozarkmoving.com
cam-a.com
cc2.cyriliantsecurity.com
cc2.exfillabs.com
cdn-picks.sxzxsp.com
cheapdivers.com
chicago.cloudc2.io
circlixa.org
cl0od-c2.honami.club
cloud.c2serveraed.com
cloud.fallingstuff.net
cloud.legroeder.rocks
cloud.my-itsme.com
cloud5.clirsec.com
cloudc2.americantechsystems.com
cloudc2.andrewsdev.com
cloudc2.conversys.com.br
cloudc2.lsec.ninja
cloudc2.oddessylabs.com
cloudc2.oviedocyber.com
cloudc2.planetkyle.io
cloudc2.secutec.at
cloudc2.siddim.net
cloudc2.simpat.co
cloudc2.swagsdale.com
cnc.3fg.us
cobaltlabs-wc2.com
comms.securesandiego.com
control.strlght.io
crazyforest.net
cs.cyber-security-lab.net
ctwo.brnwx.com
cyber.gbinvestigations.ca
cyberkobre.com
daddydick.click
dantooseetoo.easymetrics.com
darkiron.cloud
defnet.myvnc.com
derekrwilliams.us
devices.gummiente.xyz
devlab.oceanlab.website
dl.cyber-security-lab.net
dockermgmt.crazykitten.net
doom.exp101t.me
dumdiduc2.zarvanjski.de
e.xploit.one
epay.jobmost.org
epicshelter.org
erebour2c.myddns.me
fe198.windmilltest.xyz
finallyhandled.com
fix1.nask.waw.pl
fortifiedsolutionstech.com
fun.marian-schneider.de
grid.mikemyers.me
h1.mindseyeit.com
h5.gstreet.duckdns.org
h5.pass-support.de
h5c2.h3x.it
hack3r.pro
hack5.mikeslab.ca
hak.biboy.icu
hak.burbachdevelopments.com
hak5.cybersecure.church
hak5.krypton.codes
hak5.myphishserver.com
hc.agorasecurity.it
hc2.snowfensive.com
hcc.reca11.com
helligan.com
hermaeus.pw
hmp.fyi
hub.bitwars.org
ideas.palmetto-cyber.com
ilak-cc.itseqr.net
invadersam.cloud
ip49.ip-151-80-57.eu
iposel.cz
irt-tx.com
island-tech.bitwars.org
it.wolfpackmobileauto.repair
jane.sdi.icu
jens-koller.de
khipu.kicks-ass.net
laks.garnfisker.no
lelantos.nyx.chat
lobsterbyte.com
loot-drop.duckdns.org
loot.cursecure.fr
lumpt-mothership.com
mail.bitwars.org
mail.brish.net
mail.meadowbridgefarm.com
mail.meadowbridgefarms.com
manage.afaryz.de
manmgr.zymptomlabs.com
markymark7.duckdns.org
mgkbg.com
mhconsult.dk
milkmancam.com
minion.archmage.tech
monitor.wintech-systems.co.uk
monitors.win
mrdooby.net
muller.pm
multip.ath.cx
mx0.exeko-saas.net
nantzypantz.com
nocturnalninja.com
nucflashloot.com
nudez.zip
obuwniczy.lol
oca.logspool.com
oortoutpost.tsvit.io
orion.xs-net.tech
pandora.bradley.edu
penetraitors.com
phishingfactory.com
pine.ian.sh
pineapple.daggersec.com
pop.ozarkmoving.com
portal.iwantone.com.au
ppc-ads.net
pr0t31n.com
psdl-c2.info
purplepuma.net
r3ds0nia.org
red.itsb.se
redteam-hack.com
redteam.hocloud.de
rocketisland.net
rockybek.cloud
routermgt.perus-postr.shop
s3raphirc2.net
safe-netsurfing.com
scrizzledizzle.net
secure.place
shep.jordanchesley.xyz
six1three.com
smtp.ozarkmoving.com
smtpout.ozarkmoving.com
sneel.serveftp.com
so-soest.com
squizza.thompsoncare.au
srv595234.hstgr.cloud
stats.navisec.io
stayclassyomg.de
telesystemc2.chillepod.com
terms-of-agreement.com
test.leofontaine.cloud
testsite.holyfcknghostone.click
testwifi.precicom.com
texascybersecuritytoday.com
thedigitalinvestigator.ca
theparsons.io
timot-303.com
trampolines.is-gone.com
trapcreates.pw
turbii.space
tx-sc.com
u2yfbwnrmkzjmn.flashvps.xyz
unifi.ddscontracting.co.uk
updates.westus2.cloudapp.azure.com
uselessbastard.com
v22019087639994807.supersrv.de
v2202005110562117746.hotsrv.de
vi1ops01.internal.inl.io
vmd71595.contaboserver.net
vpn.ableit.solutions
wh669-management.centralus.cloudapp.azure.com
wizeguy.co.il
wolf.support-it.services
xinux.nl
xsjfd.xyz
youdontgnomemecloud.com
zaqwsxcderfvbgtyhnmjuiklop.com

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-08-24)

http://13.75.157.54
http://149.28.79.139
http://151.80.57.49
http://172.236.119.80
http://18.118.172.142
http://23.94.200.61
http://52.209.170.64
100.20.5.200:8080
104.229.111.180:8096
104.248.90.33:8080
107.20.73.185:8080
123.208.14.112:8080
123.255.55.81:8080
128.65.199.205:8080
13.234.101.227:8080
13.50.67.62:8080
13.75.157.54:443
139.144.31.99:8080
141.144.248.207:65001
146.190.190.34:8080
161.97.140.46:443
162.19.64.24:8080
165.22.224.232:8080
172.105.93.65:8080
172.234.96.122:8080
176.97.114.244:8080
18.118.172.142:443
18.221.179.81:8080
188.226.181.11:8080
192.236.161.186:8080
194.113.64.34:8080
205.209.114.235:8080
207.154.208.19:443
208.72.84.151:8080
216.48.178.35:8080
217.160.39.160:8080
23.94.200.61:443
3.10.70.226:443
3.105.132.133:8080
3.138.238.151:8080
3.214.11.74:8080
3.72.134.220:8082
3.78.29.203:8080
34.225.122.98:8080
34.254.137.216:8080
34.41.141.186:8080
35.181.212.161:8080
35.208.129.166:8080
43.204.225.157:8080
44.212.140.150:8080
44.218.140.108:8080
44.226.160.77:8080
45.76.91.117:8080
51.138.224.218:8085
51.77.230.33:30228
52.20.46.180:8080
52.209.170.64:443
52.44.29.15:8080
54.183.255.39:8080
54.190.92.4:8080
54.71.126.189:8080
54.90.58.181:8080
68.183.156.215:8080
68.183.55.214:8080
73.27.36.55:8080
76.145.78.23:8080
78.132.79.229:8080
80.242.61.174:8080
85.215.72.56:8080
85.90.245.82:8081
91.53.24.175:8080
94.185.79.214:1976
96.246.38.157:8080
99.79.172.196:8080

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (#2024-09-08)

http://114.23.165.109
http://74.118.71.26
114.23.165.109:443
125.254.10.125:8080
139.144.198.225:8080
148.113.201.62:8080
195.90.201.73:8080
198.58.233.197:8888
199.241.139.249:8090
3.132.77.172:8080
3.133.93.32:8080
3.140.30.131:8080
3.15.77.157:8080
34.139.220.233:8080
44.226.44.75:8080
51.79.156.67:8080
52.21.90.4:8080
67.245.25.17:8080
71.190.232.144:8080
71.254.6.4:8080
86.246.227.114:8080
93.51.102.235:8443
96.232.200.229:8080

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-09-14)

http://34.72.247.51
104.156.237.99:8080
138.68.109.62:443
139.162.230.13:8080
146.190.240.99:8080
15.204.229.144:8080
154.216.17.79:8080
172.235.56.104:8080
46.125.80.31:8080
46.125.91.187:8080
78.132.74.105:8080
8.213.18.119:8080
8.213.35.190:8080
93.127.223.234:12345
98.113.38.131:8080

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-09-22)

http://107.172.61.46
143.198.155.71:8080
148.71.255.65:5009
167.179.142.162:8080
173.77.204.224:8080
185.228.82.52:8080
34.72.247.51:443
46.124.110.217:8080
46.125.83.213:8080
72.80.171.56:8080
78.132.104.38:8080
78.132.71.14:8080
78.132.78.109:8080

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-10-13)

http://107.170.76.67
http://137.27.77.44
http://159.203.152.65
107.159.50.199:8888
107.170.76.67:443
107.172.61.46:443
107.191.56.44:8080
109.247.124.155:443
109.90.120.225:8489
123.208.236.165:8080
137.27.77.44:443
138.197.151.102:8080
138.2.136.23:8080
143.244.167.148:8080
159.203.152.65:443
159.223.173.63:443
163.5.107.80:8080
165.22.5.113:8080
172.105.152.63:8080
185.197.195.77:8080
20.118.232.180:8080
20.29.34.50:8080
206.119.171.243:8080
208.85.17.127:8080
213.171.203.153:8080
3.19.170.215:443
31.220.87.121:9090
34.254.246.218:443
45.226.163.126:8282
46.124.110.171:8080
46.124.114.142:8080
46.124.119.236:8080
46.125.42.182:8080
46.125.42.197:8080
46.125.47.35:8080
46.125.49.180:8080
46.125.81.252:8080
46.125.85.126:8080
46.125.88.112:8080
46.125.90.163:8080
66.228.59.125:8080
78.132.109.241:8080
78.132.67.202:8080
78.132.80.137:8080
78.132.83.146:8080
78.132.98.27:8080
81.16.6.166:8080
87.106.203.84:8080
91.247.37.151:8080
96.239.72.91:8080
98.113.39.82:8080

# Reference: https://app.validin.com/detail?find=57f501d6fee2fdb024795abbdb750ad5&type=hash#tab=host_pairs_v2

641a.eu
ap3xmcserver.com
c2.amusing.cc
c2.bitfee.ch
c2.iron-security.dk
c2.jdsecurity.ca
cloudc2.org
cloudc2.skredderdata.no
dobbelfemti.no
eggejakt.xn--dsnes-mra.no
hak5.cyberforcerd.co.il
hardware.truvantis.tech
rnicrosoft.live
securehaven.business
turtle.redirectplease.com
update.rnicrosoft.live
xn--dsnes-mra.no

# Reference: https://app.validin.com/detail?find=57f501d6fee2fdb024795abbdb750ad5&type=hash#tab=host_pairs (# 2024-11-09)

anarchistpenguin.org
ap3xc2authportal.org
api.cloud-wireless.xyz
c2.c0mms.1sht.com
c2.dsgpentest.win
c2.nues.network
c2.spaceball.one
cl0ud-c2.honami.club
meow-it.protosec.ai
techtech.tsukuyomi.money
texas.netwide.net

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-11-10)

http://13.244.204.48
http://162.243.197.144
103.74.5.26:8888
107.159.185.112:8888
107.159.197.147:8888
107.159.247.243:8888
107.159.59.24:8888
107.175.18.18:8080
142.171.82.87:8080
150.136.143.202:8080
162.243.197.144:443
163.123.41.205:8080
170.187.149.4:8080
172.104.128.38:8080
172.173.148.158:8080
173.52.78.157:8080
178.254.39.49:8080
203.166.228.161:8080
207.211.157.237:8080
216.41.190.50:443
24.80.252.175:8081
27.252.218.49:8081
38.34.217.153:8080
40.67.177.114:443
46.124.107.101:8080
46.124.111.44:8080
46.124.116.30:8080
46.125.42.218:8080
46.125.46.68:8080
46.125.64.122:8080
46.125.66.130:8080
46.125.75.32:8080
46.125.80.234:8080
62.238.149.206:22222
66.179.242.82:8080
72.80.171.35:8080
73.55.126.89:8080
74.48.0.53:8080
78.132.104.67:8080
78.132.118.105:8080
78.132.118.12:8080
78.132.65.2:8080
78.132.65.51:8080
78.132.80.229:8080
8.222.237.128:33442
91.21.156.59:8080
91.53.26.4:8080
91.53.31.120:8080
95.179.135.253:8834
96.246.38.65:8080
97.83.150.148:8080

# Reference: https://app.validin.com/detail?find=57f501d6fee2fdb024795abbdb750ad5&type=hash#tab=host_pairs (# 2024-12-03)

alfalock.ch
c-2.uksouth.cloudapp.azure.com
c0mms.1sht.com
c2.24-3.zip
c2.abacussysteme.de
c2.alfalock.ch
c2.c0mms.1sht.com
c2.ducky.blue
c2.hakpd.ru
c2.keloha-it.com
c2.mickool.net
c2.notcare.de
c2.seanchiarot.com
c2.stevenloftus.com
c2.tecnek.info
c2.v7e.dev
c2.zudell.io
c2l.alfalock.ch
cc2.dalhome.xyz
cloud-c2.fnlqxz.my.id
cloud.cybershell.link
cloudc2.ignitseq.net
cloudc2.nechry.net
cyberc2.sbs
cybershell.link
ever6node.elanmask6.info
groundzer0-home.duckdns.org
hak5.zero-dark.io
hak5cloudc2.chpm78.org
highway.lan-security.de
hkcloud.cloud
maps.alfalock.ch
music.jalusch.ch
notify.badserver.ninja
pentestserver.ca
pwned.icu
rnsmd.com
rubixmaster.com
sec.blooo.dev
siyp.ca
slushes.pw
snakysec.com
wss.c0mms.1sht.com
y-files.com

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-12-11)

http://13.60.228.171
http://35.195.47.66
http://66.179.255.138
103.100.225.177:11003
103.45.247.247:8080
104.251.168.8:8080
107.159.236.116:8888
107.159.49.198:8888
129.44.248.65:8080
129.80.95.103:8080
138.201.173.13:8080
139.99.171.5:8081
142.127.151.190:6362
142.127.151.190:8008
142.163.139.68:8080
157.245.76.203:8080
159.2.132.179:8080
161.35.193.161:8080
164.90.220.91:8080
165.22.177.175:8080
172.105.26.151:8080
172.187.129.21:8080
173.56.32.160:8080
173.67.179.74:8080
18.194.74.170:8080
18.220.44.138:8080
18.223.108.21:8080
188.155.39.162:443
188.155.39.162:8080
193.24.209.240:8080
20.221.235.226:8080
213.47.24.45:8000
23.23.138.222:8080
27.252.205.209:8081
3.120.73.34:8080
3.15.12.246:8080
3.230.93.51:8080
35.180.175.234:8080
44.209.129.149:8080
44.244.76.38:420
46.124.119.162:8080
46.125.43.19:8080
46.125.43.230:8080
46.125.81.166:8080
50.112.8.9:8080
52.170.219.109:8080
52.29.192.235:8080
54.210.16.21:8080
54.37.226.76:8080
64.225.82.97:8080
64.23.242.75:8080
72.167.132.62:8080
74.101.124.55:8080
78.132.118.204:8080
78.132.66.145:8080
78.132.72.175:8080
78.132.72.35:8080
78.132.77.23:8080
78.132.83.58:8080
84.247.13.17:9999
92.236.125.110:8080
96.232.156.26:8080
96.232.200.162:8080
96.246.236.224:8080
98.82.11.100:8080
99.79.62.15:8080

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-90day.csv (# 2025-01-02)

http://23.21.105.248
http://82.66.70.48
107.175.101.213:8081
140.238.208.140:443
146.190.119.193:8080
149.202.44.138:8086
16.16.122.206:8080
172.104.20.50:8080
172.232.96.214:8080
188.155.39.162:8081
188.166.186.205:8080
216.48.181.46:8080
23.21.105.248:443
24.199.77.166:8080
3.15.211.77:8080
3.18.121.200:8080
40.119.47.117:8080
43.224.181.80:8080
43.224.183.39:8080
44.193.70.229:8080
48.211.136.107:8080
52.215.79.91:443
73.109.14.216:8080
74.101.154.53:8080
78.132.47.237:8080
82.66.70.48:443
96.239.36.16:8080
98.84.58.121:8080

# Reference: https://app.validin.com/detail?type=hash&find=07e157bb00783c96a2ae2a402c36c588#tab=host_pairs (# 2025-01-03)

c2.citadelofsolitude.com
c2.jasonbruder.com
c2.torn-lotus.com
cnc.pdxits.com
erichubbard.net
ge0.works
vmi1341970.contaboserver.net

# Reference: https://github.com/drb-ra/C2IntelFeeds/blob/master/feeds/unverified/IPPortC2s-90day.csv (# 2025-01-20)

http://46.101.78.109
http://54.212.251.241
104.248.166.144:8080
123.208.236.27:8080
139.144.31.16:8080
168.119.48.244:8080
172.236.122.15:8080
185.145.148.107:8080
195.117.36.80:8080
24.168.55.83:8080
24.199.114.224:8080
38.34.216.136:8080
43.224.183.39:8081
44.216.99.64:8080
45.79.125.62:8080
46.124.85.81:8080
46.125.78.27:8080
46.125.79.164:8080
51.254.21.253:443
51.254.21.253:8080
54.212.251.241:443
54.82.145.108:8080
68.132.245.170:8080
78.132.3.155:8080
78.132.7.95:8080
88.98.84.242:8081
91.53.18.130:8080
96.250.84.224:8080

# Reference: https://app.validin.com/detail?find=57f501d6fee2fdb024795abbdb750ad5&type=hash&ref_id=b4140eca307#tab=host_pairs (# 2025-01-20)

api.appiimmo.fr
birdsmusic.org
bone-bleed.com
bowsky.net
c2.3624.ch
c2.ayva.cloud
c2.kummer.solutions
c2.pentesting-uidgaugd2.co.uk
c2.rudio.cloud
c2.sterckx-it.be
c2.syslogic.link
cloud.vmavs.com
cloudc2.pen-test.xyz
devicebackend.gbus.cc
hhousec2.homefirewalls.net
ip253.ip-51-254-21.eu
mcc2.derekmacdonald.net
pentesting-uidgaugd2.co.uk
vks7371361.au

# Reference: https://app.validin.com/detail?find=57f501d6fee2fdb024795abbdb750ad5&type=hash#tab=host_pairs (# 2025-02-17)

bashducky.com
benjidunn.net
c2.asoik.dev
c2.bytecake.net
c2.catanbri.com
c2.infra.htb.systems
c2.lettner.tech
c2.ops.1sht.com
c2.ravensec.eu
c2.systemd.de
cloud-c2.net
cloudpbx.webservi.net
compromise-assessment.com
fog.kisow.org
hak5.wasacon.net
lettner.tech
lynch.gdn
phishcatcher.shieldvault.us
slumdog.kisow.org
sparrowc2.chickenkiller.com

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-90day.csv (# 2025-02-17)

http://139.144.31.16
http://20.29.32.244
http://213.165.87.135
http://72.23.229.75
107.159.186.218:8888
107.159.216.234:8888
107.159.221.171:8888
13.60.195.217:443
137.184.223.13:8080
138.68.111.57:8080
139.144.31.16:443
143.110.220.185:443
15.156.233.70:8080
154.0.164.175:8080
164.52.208.52:8080
172.234.237.138:8080
173.214.227.60:8080
174.138.85.103:8080
192.210.196.25:8080
198.16.184.114:8888
20.29.32.244:443
209.38.106.90:8080
212.34.136.14:8080
213.165.87.135:443
34.57.209.46:8080
44.199.78.3:8080
46.124.70.116:8080
46.124.74.216:8080
46.124.84.67:8080
5.1.100.217:8080
52.23.37.150:8080
54.146.236.153:8080
67.225.186.68:8080
72.23.229.75:443
78.132.19.133:8080
78.132.45.120:8080
81.169.141.81:443
96.232.156.10:8080
96.232.200.31:8080
96.246.154.99:8080
96.250.173.19:8080

# Reference: https://app.validin.com/detail?type=hash&find=57f501d6fee2fdb024795abbdb750ad5#tab=host_pairs (# 2025-04-19)

139-144-31-16.ip.linodeusercontent.com
172-105-5-222.ip.linodeusercontent.com
173-255-248-36.ip.linodeusercontent.com
3050.duckdns.org
accomassist.redherringdigital.com.au
adogstail.redherringdigital.com.au
asuna-c2.glfyinfra.net
autoconfig.marketstallco.com.au
autoconfig.polishedcontent.com.au
autodiscover.polishedcontent.com.au
base.danclark.net
bear.sytes.net
bin.thebeastdev.dk
build.polishedcontent.com.au
bunkerdoor.com
c2.anonymous.wtf
c2.araya.vip
c2.bentlybro.com
c2.danclark.net
c2.dualzit.nl
c2.gatewaycsb.co
c2.hackbox.se
c2.homelabs.pro
c2.huntergulley.com
c2.insecurity.be
c2.istealyourdomain.org
c2.its-ny.de
c2.lukastheblack.net
c2.mushou.de
c2.netqa.de
c2.nifty-is.com
c2.onbudget.gr
c2.ondrejsramek.cz
c2.op-center.com
c2.rh-dev.io
c2.sccs.limited
c2.securedge.live
c2.sneel.net
c2.swisscheesesecurity.net
c2.tabris2025.duckdns.org
c2.test.you-tor.com
c2.thenowakfamily.space
c2.uniai.co.kr
c2.wuncler-security.xyz
c2.zerobrainsystems.de
c2server.uksouth.cloudapp.azure.com
c3.daigle.cc
cloud-c2.poneycorp.fr
cloud.mikebosland.com
cloud2.mikebosland.com
cloudc2.click
cloudc2.velkura.online
cloudc2labor.org
cpanel.biotechcm.com
cpanel.marketstallco.com.au
cpanel.polishedcontent.com.au
cpcalendars.biotechcm.com
cpcalendars.marketstallco.com.au
cpcalendars.polishedcontent.com.au
cpcontacts.biotechcm.com
cpcontacts.marketstallco.com.au
cpcontacts.polishedcontent.com.au
cyber.jp.net
dashbord.thebeastdev.dk
democ2.aspirets.com
dev.avemquirks.com.au
dev.cliftonspringsgolfclub.com.au
dev.marketstallco.com.au
dev.polishedcontent.com.au
dev.redherringdigital.com.au
dev.speedway.com.au
evil.genysis.xyz
forms.redherring.net.au
fountaine.me
fqhcit.duckdns.org
fsenergy.redherringdigital.com.au
ftp.marketstallco.com.au
ftp.polishedcontent.com.au
ftp.redherringdigital.com.au
gcc.redherringdigital.com.au
geospacial.ironhorse.dev
groundedworks.redherringdigital.com.au
gungnir-nebula.viewdns.net
h.itsupporthelpdesk.com.au
h5.online2.leszazas.fr
h5.redwolfpack.nl
h5c2.istormsolutions.online
hackconway.com
hades.theunderworldproject.net
hak5.area404.nl
hak5.byronwai.xyz
heartichokehack.com
hk5.8eer.in
ishimoo.redherringdigital.com.au
ishimoostaging.redherringdigital.com.au
jasper.sempervespallc.com
kona.principe.ai
lawless.in
mail.biotechcm.com
mail.marketstallco.com.au
mail.polishedcontent.com.au
mail.routhe.net
mail.thebeastdev.dk
myc2syn.com
nadia.thebeastdev.dk
nguard-c2-01.ngmass.co
omega.thebeastdev.dk
orioncomms.net
p3dhack.thebeastdev.dk
paw.redherringdigital.com.au
pawel-szychowski.online
phil-funky.xyz
pine.tyates.one
pineapplepti.duckdns.org
polishedcontent.com.au
r3-prime.com
red-void.com
rmhollingsworth.com
routhe.net
routhe.thebeastdev.dk
s1.thebeastdev.dk
s2.thebeastdev.dk
service.cdnregistry.net
shantwon.com
shark.infinity-systems.it
skyeboo.com
smfpine.duckdns.org
staging.redherringdigital.com.au
store.vipers.dk
suanite-se.fracturelabs.red
task.thebeastdev.dk
techlebox.net
thegrazingfox.redherringdigital.com.au
theloveshop.me
tracker.thebeastdev.dk
uat.marketstallco.com.au
v1202504268565335359.yourpserver.net
vault.thebeastdev.dk
vmi350204.corjol.nl
vmi579810.contaboserver.net
vpn.mikebosland.com
vps.vdmt.au
wbw.redherringdigital.com.au
webdisk.biotechcm.com
webdisk.marketstallco.com.au
webdisk.polishedcontent.com.au
webmail.biotechcm.com
webmail.marketstallco.com.au
webmail.polishedcontent.com.au
webmail.thebeastdev.dk
wfc.redherringdigital.com.au
whm.marketstallco.com.au
whm.polishedcontent.com.au
widicloudc2.duckdns.org
williamstownfc.au
xktc2.net
yarraville.redherringdigital.com.au
zammad.marxup.de

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-90day.csv (# 2025-06-14)

http://147.182.245.220
http://165.227.9.193
http://23.240.145.153
http://52.255.177.241
http://54.219.85.101
http://54.78.72.160
http://54.80.190.97
http://67.219.109.190
100.11.94.195:8088
100.24.202.230:8080
103.127.139.213:8080
107.159.250.23:8888
107.179.191.64:8080
13.202.143.79:8080
13.229.90.30:8080
13.52.81.40:443
134.122.117.59:8080
134.122.54.122:8080
137.184.54.114:8080
139.177.205.24:8080
142.93.97.216:8080
143.177.215.177:8081
144.76.230.53:8080
144.91.86.139:443
146.190.197.95:8080
146.190.211.163:8088
147.182.245.220:443
149.28.54.130:8080
150.230.160.117:8080
152.53.131.80:443
152.53.131.80:8080
152.86.101.19:9090
157.180.37.89:8080
157.90.155.53:8080
159.223.51.157:8080
165.227.9.193:443
167.99.6.177:8080
173.249.31.173:8080
173.56.76.77:8080
176.78.164.17:8080
178.33.104.190:8080
18.116.154.100:8080
18.132.143.131:8080
18.191.242.50:3000
18.193.176.139:8080
18.220.84.132:8080
18.221.131.129:8080
18.221.252.115:8080
184.72.240.125:8080
192.227.249.141:8080
194.87.161.238:8080
196.251.112.123:8080
198.16.144.195:8888
198.16.181.153:8888
198.16.190.14:8888
198.16.199.62:8888
198.16.212.87:8888
198.58.169.140:8888
2.83.22.183:443
20.172.208.189:8080
206.189.22.239:8080
209.38.147.115:8080
23.254.229.33:8080
23.94.25.28:8080
24.105.180.14:8080
24.199.85.200:8080
3.126.163.194:8080
3.13.123.140:8080
3.134.135.2:8080
3.16.81.203:8080
3.215.201.31:8080
3.224.31.143:8080
3.76.15.17:8080
3.76.224.245:8080
34.155.142.186:8080
34.210.162.163:8080
34.57.214.58:8080
4.236.163.136:8080
40.124.111.109:8080
44.211.13.188:8080
44.224.65.14:8080
44.236.90.180:8080
44.239.224.219:8080
45.19.137.135:443
45.55.104.211:8080
46.125.71.188:8080
46.162.83.27:8080
46.229.55.29:8080
47.225.169.71:8080
47.33.51.119:8080
5.132.80.195:8081
5.181.132.225:8080
50.17.122.48:8080
52.209.91.88:443
52.23.0.145:8080
52.44.151.139:8080
52.56.244.154:8080
52.90.83.128:8080
54.184.174.60:8080
54.219.85.101:443
54.78.72.160:443
54.80.190.97:443
62.171.130.29:8080
63.177.45.64:8080
66.25.116.48:443
67.219.109.190:443
68.81.83.94:8080
77.85.29.28:8080
78.132.141.76:8080
78.132.43.225:8080
78.132.51.61:8080
78.132.65.254:8080
78.47.209.45:8080
79.137.31.97:8080
82.180.161.168:8080
84.104.36.8:8080
85.215.125.206:8080
86.95.108.202:8080
89.237.147.250:2425
90.27.122.14:8080
92.63.163.8:8080
94.67.173.161:8080
95.217.208.202:8080
96.239.119.185:8080
96.239.36.135:8080
96.239.36.35:8080
96.239.36.39:8080
96.246.38.135:8080

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-90day.csv (# 2025-07-26)

http://15.188.12.194
http://44.229.216.182
http://52.209.91.88
http://52.215.79.91
104.163.156.16:8888
107.172.201.160:444
13.42.107.253:8080
13.53.34.74:8080
13.58.190.142:8080
139.162.177.103:8080
16.176.59.216:8080
162.199.182.209:8080
165.22.178.182:8080
165.22.21.102:8080
172.93.54.176:8080
173.206.248.90:8888
173.81.180.59:8080
18.217.136.196:8080
18.221.239.131:8080
198.16.128.192:8888
20.0.240.122:8080
20.234.166.219:8080
20.57.113.144:8080
206.162.22.75:8080
208.92.21.5:8080
213.161.176.93:8080
24.9.117.208:8080
3.105.6.232:8080
3.82.94.251:8080
44.201.219.171:8080
45.33.97.69:8080
51.195.148.62:8080
54.226.88.3:8080
78.132.71.21:8080
88.80.191.114:22

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-90day.csv (# 2025-10-05)

http://204.44.70.159
http://207.104.104.120
http://209.38.89.184
http://3.104.135.43
http://4.157.249.169
http://4.251.111.177
http://54.189.192.84
http://98.158.162.7
107.159.254.2:8888
13.233.23.5:443
13.48.58.23:8080
135.181.141.156:8080
139.162.181.101:8080
144.2.110.95:8080
15.236.167.86:443
159.203.3.107:8080
164.132.50.235:8080
165.232.140.218:8080
170.64.242.144:443
173.214.226.23:8080
174.138.33.113:8080
175.139.244.237:9000
176.78.167.33:8080
188.155.213.52:8080
188.155.213.52:8081
192.248.189.64:8080
198.16.209.19:8888
2.83.28.150:443
204.44.70.159:8080
213.109.162.38:443
23.239.27.109:8080
3.104.135.43:443
3.87.72.135:443
4.251.111.177:443
44.232.202.232:8080
46.124.67.40:8080
46.124.74.55:8080
46.125.67.81:8080
46.125.70.237:8080
46.125.91.240:8080
46.125.95.102:8080
51.21.191.164:8080
52.204.152.121:8080
52.36.251.99:8080
54.172.168.145:443
54.177.244.130:8080
54.81.68.254:8080
65.109.32.118:8080
69.164.253.60:8080
69.195.132.4:8081
69.48.204.225:8088
72.10.134.202:8888
72.60.123.196:8080
78.132.49.230:8080
89.117.2.138:8080
91.239.118.157:8081
91.98.26.48:8080
95.82.0.207:8080
98.158.162.7:443
98.87.254.246:8080
