# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://twitter.com/MichalKoczwara/status/1641113392843718660
# Reference: https://twitter.com/MichalKoczwara/status/1641117793612447747

129.151.170.99:443
139.162.52.150:443
139.59.227.34:443
142.93.154.140:443
143.198.62.146:443
143.42.110.206:443
144.126.202.135:443
158.101.169.125:443
165.154.231.221:443
165.232.123.47:443
167.114.115.246:443
170.187.232.126:443
173.254.204.109:443
18.140.234.35:443
18.204.35.247:443
185.163.204.32:443
185.163.45.65:443
185.216.71.178:4443
188.166.170.1:443
192.46.211.76:443
194.87.218.16:443
2.58.14.26:443
20.12.180.13:443
20.67.246.154:443
203.150.243.176:443
204.48.29.223:443
206.189.22.24:443
209.151.155.42:443
212.87.204.177:443
23.105.212.89:443
23.95.44.80:8443
27.124.44.241:8443
3.72.110.16:443
3.8.184.124:443
31.220.89.214:443
34.229.221.1:443
34.243.164.16:443
35.198.216.30:443
42.193.116.134:443
43.133.22.48:443
43.142.149.130:443
44.192.60.164:443
44.202.199.164:443
45.125.67.244:443
45.135.135.107:443
45.144.30.143:443
45.144.31.129:443
45.77.74.229:443
46.101.79.16:443
47.109.41.48:443
64.176.39.146:443
64.227.8.84:443
65.20.75.178:443
77.91.73.143:443
8.210.103.41:443
8.210.104.188:443
80.158.37.73:6443
81.70.249.195:443
82.223.64.37:443
82.66.183.37:443
89.58.33.82:443
94.102.49.165:443
99.238.119.93:443

# Reference: https://twitter.com/Gi7w0rm/status/1625645124247076870
# Reference: https://www.zscaler.com/blogs/security-research/havoc-across-cyberspace
# Reference: https://www.virustotal.com/gui/file/dba614a3b64db6ab346bf37683a9d13b5013fb4b7def2acdd8a697d26b62e48d/detection
# Reference: https://www.virustotal.com/gui/file/f577e247a29f74cf5517d47cc4821dc4d087cb96d5456ebb2f6f858dbe828ccd/detection
# Reference: https://www.virustotal.com/gui/file/ccb6d9742cf9329f2cb8030a25be663d098878ece7ffcfaa483b50856ad3c08e/detection
# Reference: https://www.virustotal.com/gui/file/c9a395ec3fb69e124c672823333ec165fce21a5773618153bc251cc8b2503dc4/detection
# Reference: https://www.virustotal.com/gui/file/b19f1eb30638f1f4695fe0741a1ccdb8ce0aa78b6ea343b4799a64ca1f1b1971/detection
# Reference: https://www.virustotal.com/gui/file/aea22bdf30f2b5ece1f867d4193ddbf48a5e8ebf812d9b7586db4aa54f1abf5d/detection

http://146.190.48.229
146.190.48.229:2323
146.190.48.229:3939
146.190.48.229:6963
146.190.48.229:7777
146.190.48.229:9797

# Reference: https://twitter.com/MichalKoczwara/status/1642218400691699851

194.36.190.103:443

# Reference: https://twitter.com/sicehice/status/1647624379830812673
# Reference: https://www.virustotal.com/gui/file/c0c13de44f445a1e38d1b2ebc5e87882e8bd9af82d0a1c9a90b721cc67a99e54/detection

4.240.86.147:1337
4.240.86.147:8080

# Reference: https://twitter.com/sicehice/status/1647650130684723202

159.223.250.77:9090

# Reference: https://twitter.com/drb_ra/status/1651298448757358608

190.135.186.92:443

# Reference: https://twitter.com/drb_ra/status/1652021857502019622

18.208.213.147:443

# Reference: https://twitter.com/drb_ra/status/1652384835946659840

50.255.107.170:443

# Reference: https://twitter.com/drb_ra/status/1652384849074835458

51.15.133.32:443

# Reference: https://www.virustotal.com/gui/file/c234a376a6de44dcc5f311937d3d705311599233804db547d7271cee796e86fb/detection

81.161.229.121:8080

# Reference: https://twitter.com/drb_ra/status/1653109032226283543

http://3.105.246.81

# Reference: https://twitter.com/drb_ra/status/1653109056112844804

13.41.55.238:443

# Reference: https://twitter.com/drb_ra/status/1653109091340804106

165.227.106.175:443

# Reference: https://twitter.com/drb_ra/status/1653109102019506177

167.99.194.51:443

# Reference: https://twitter.com/drb_ra/status/1653109118775746580

185.239.225.17:8443

# Reference: https://twitter.com/drb_ra/status/1653109134575689752

http://192.99.223.135

# Reference: https://twitter.com/drb_ra/status/1653109137385873422

205.185.113.85:443

# Reference: https://twitter.com/drb_ra/status/1653471476383727616

80.249.147.147:8081

# Reference: https://twitter.com/drb_ra/status/1653471492196188172

157.245.55.19:443

# Reference: https://twitter.com/MichalKoczwara/status/1652988028011290625

5.252.178.157:443
85.209.135.74:443
91.107.130.122:443
stingray.gay

# Reference: https://twitter.com/drb_ra/status/1653833821219856399

http://13.246.26.24

# Reference: https://twitter.com/drb_ra/status/1653833832926158864

16.171.56.119:8443

# Reference: https://twitter.com/drb_ra/status/1653833844863148053

18.158.68.206:443

# Reference: https://twitter.com/drb_ra/status/1653833854883340289

18.208.213.147:4443

# Reference: https://twitter.com/drb_ra/status/1654458500326514691

157.245.199.109:443

# Reference: https://twitter.com/drb_ra/status/1654458530617753601

209.250.255.119:443

# Reference: https://twitter.com/drb_ra/status/1655283458623647746

185.158.94.217:8000

# Reference: https://twitter.com/drb_ra/status/1655645809193410563

3.105.246.81:443

# Reference: https://twitter.com/drb_ra/status/1655645838612258824

51.68.148.55:443

# Reference: https://twitter.com/drb_ra/status/1655645853019693076

70.29.173.138:443

# Reference: https://twitter.com/MichalKoczwara/status/1655994573280116756

http://51.68.148.55
http://51.83.182.155
51.83.182.155:443

# Reference: https://twitter.com/drb_ra/status/1656008250775543808
# Reference: https://twitter.com/drb_ra/status/1656008254307147783

http://3.249.31.242
3.249.31.242:443

# Reference: https://twitter.com/drb_ra/status/1656008271600263190

13.246.26.24:4444

# Reference: https://twitter.com/drb_ra/status/1656008292634697733

51.83.182.155:443

# Reference: https://twitter.com/drb_ra/status/1656008305427324940

51.255.45.74:443

# Reference: https://twitter.com/drb_ra/status/1656008318282866708

52.19.114.156:443

# Reference: https://twitter.com/drb_ra/status/1656008337362677764

146.59.10.45:443

# Reference: https://twitter.com/drb_ra/status/1656370613445881886

51.68.148.48:443

# Reference: https://twitter.com/drb_ra/status/1656370630160183309

54.160.113.74:445

# Reference: https://twitter.com/drb_ra/status/1656370660740853772

198.211.102.42:443

# Reference: https://twitter.com/drb_ra/status/1656733184384442369

35.136.215.120:443

# Reference: https://twitter.com/drb_ra/status/1656733205938962457

65.21.56.40:443

# Reference: https://twitter.com/drb_ra/status/1656733220782604290

109.106.255.148:443

# Reference: https://twitter.com/drb_ra/status/1656733232786702394

114.117.244.233:443

# Reference: https://twitter.com/drb_ra/status/1656733250180481037

http://165.22.21.249

# Reference: https://twitter.com/drb_ra/status/1657095463651139605

3.26.1.74:443

# Reference: https://twitter.com/drb_ra/status/1657095499281752080

76.65.175.53:443

# Reference: https://twitter.com/drb_ra/status/1657095516113494024

107.172.90.146:443

# Reference: https://twitter.com/drb_ra/status/1657095546828382213

176.123.8.200:443

# Reference: https://twitter.com/drb_ra/status/1657095561009397761

193.233.48.14:443

# Reference: https://twitter.com/drb_ra/status/1657458200063385602

104.200.20.89:8881

# Reference: https://twitter.com/drb_ra/status/1657458238734888973

190.133.143.80:443

# Reference: https://twitter.com/drb_ra/status/1657820277173092353

167.58.245.20:443

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/

http://108.177.235.233
http://128.199.207.220
http://13.213.147.86
http://13.246.26.24
http://135.181.254.184
http://142.93.45.33
http://149.28.207.18
http://165.22.21.249
http://177.67.71.17
http://188.191.106.251
http://190.135.176.171
http://192.99.223.135
http://193.43.94.63
http://194.4.51.90
http://195.123.241.72
http://20.109.45.183
http://20.126.20.79
http://3.105.246.81
http://3.249.31.242
http://3.85.21.250
http://45.12.253.239
http://5.188.87.39
http://51.158.77.242
http://64.227.130.238
http://66.55.65.150
http://74.207.237.246
http://82.223.64.37
100.26.241.235:445
101.42.246.105:443
101.42.246.105:4433
103.253.43.146:443
104.248.120.60:4343
107.172.90.146:8443
107.174.95.55:443
108.174.57.187:443
108.177.235.233:443
109.105.198.141:443
109.172.44.233:443
109.94.110.94:443
118.31.66.10:443
123.249.38.254:9999
129.150.46.86:443
129.151.233.130:443
13.125.17.253:443
13.244.111.157:443
13.244.144.1:443
13.39.48.10:443
13.93.75.195:443
134.122.45.166:443
136.244.80.185:443
137.184.100.52:443
137.74.253.250:443
138.68.103.181:443
139.144.22.116:443
139.144.39.22:443
139.144.57.50:443
139.180.144.171:443
140.238.217.117:443
141.164.45.80:443
143.198.105.62:443
143.198.136.12:8089
143.198.218.5:443
143.198.53.218:443
143.42.110.206:555
146.190.104.255:443
146.190.120.225:443
146.70.35.170:443
146.70.87.109:443
147.182.241.180:443
149.28.207.18:443
151.236.25.237:4444
151.236.25.237:4445
157.245.47.66:443
157.254.195.51:443
158.247.223.37:4444
159.223.202.160:443
159.223.250.77:443
159.65.149.47:8443
164.92.241.44:443
165.22.12.239:443
166.88.77.16:443
167.172.106.238:443
167.56.104.241:443
167.56.105.95:443
167.56.112.216:443
167.56.122.192:443
167.56.122.29:443
167.56.194.219:443
167.56.196.20:443
167.56.198.150:443
167.56.198.48:443
167.56.203.196:443
167.56.66.214:443
167.58.233.226:443
167.59.76.141:443
167.59.76.50:443
168.138.174.173:2083
168.138.174.173:2087
168.138.174.173:2096
168.138.174.173:40006
168.138.174.173:8443
170.187.142.23:8899
172.105.66.217:443
172.86.78.127:443
172.93.165.118:41686
172.93.165.118:443
174.138.28.5:11443
174.138.28.5:41156
175.178.226.246:443
176.124.32.160:443
177.67.71.17:443
179.25.216.69:443
179.25.221.138:443
179.25.222.247:443
18.134.161.59:443
18.157.84.230:443
18.185.111.207:443
18.196.203.78:33688
18.196.203.78:443
18.214.99.112:443
18.224.73.25:443
182.61.19.90:443
182.61.19.90:48888
184.73.53.214:443
185.112.144.20:443
185.112.144.20:8443
185.163.45.244:443
185.203.118.50:443
185.225.74.223:4433
185.247.224.13:443
185.32.126.34:443
185.39.204.47:443
185.64.247.201:443
185.74.222.204:443
187.95.25.167:443
188.166.251.121:443
188.191.106.34:443
190.133.129.34:443
190.133.130.250:443
190.133.139.168:443
190.133.150.121:443
190.133.150.206:443
190.133.155.21:443
190.133.159.153:443
190.133.232.69:443
190.133.235.6:443
190.133.236.207:443
190.133.237.30:443
190.133.238.68:443
190.134.139.110:443
190.134.148.138:443
190.134.155.238:443
190.134.200.111:443
190.134.202.117:443
190.134.43.116:443
190.134.50.10:443
190.135.124.228:443
190.135.126.109:443
190.135.168.212:443
190.135.176.171:443
190.135.177.179:443
190.135.182.53:443
190.135.184.127:443
190.135.209.12:443
190.135.233.148:443
192.121.163.90:443
192.153.57.181:443
192.153.57.73:443
192.99.223.135:443
193.37.69.123:443
193.43.94.63:443
194.135.33.127:9080
194.58.98.232:443
194.58.98.232:8888
195.123.241.72:443
195.24.66.110:443
195.85.114.214:443
20.109.45.183:443
20.115.112.114:443
20.15.162.87:443
20.158.49.49:443
20.235.26.66:443
20.74.236.100:443
20.92.20.220:443
20.94.83.139:9000
207.148.127.136:10025
209.141.50.192:443
209.38.232.99:443
209.79.69.200:443
212.227.9.150:443
23.106.215.192:443
23.94.59.56:15443
3.17.156.183:443
3.26.10.74:443
3.67.64.179:40156
3.67.64.179:4043
3.71.188.11:443
3.72.1.193:8443
3.72.106.201:443
31.187.76.237:443
34.136.114.164:443
34.18.9.224:443
35.158.109.72:443
35.207.109.124:443
35.226.91.165:443
35.75.17.242:443
37.187.123.146:443
38.54.107.202:443
38.54.107.202:8082
39.99.45.71:2443
4.196.211.113:443
4.231.105.17:8443
40.76.236.54:443
43.153.184.17:3389
43.153.184.17:443
44.200.59.2:443
44.203.114.48:4443
45.117.81.126:443
45.125.67.100:443
45.125.67.117:443
45.153.242.73:443
45.56.76.86:443
45.77.233.83:443
45.77.254.85:443
45.79.90.123:40000
45.8.251.210:7443
45.9.149.144:443
45.9.150.150:443
45.93.28.77:443
46.161.53.217:443
46.183.184.149:443
46.29.234.73:443
47.90.254.130:443
5.161.197.230:443
5.252.178.146:443
5.255.97.196:443
5.44.42.124:443
5.53.125.31:7443
51.15.195.71:443
51.15.59.83:443
51.158.77.242:443
51.158.77.242:5555
51.158.77.242:8443
52.147.196.140:443
52.211.176.121:443
54.144.152.176:443
54.246.21.155:443
54.251.23.219:443
54.64.152.213:8443
54.78.24.98:443
62.234.185.181:443
64.176.34.205:443
64.176.34.205:8443
64.176.47.227:443
64.176.47.227:8080
64.176.47.227:8888
64.226.111.133:443
64.227.130.238:443
64.227.130.238:8080
66.55.65.150:443
68.183.185.231:443
74.119.193.28:443
74.207.237.246:8443
74.234.230.67:443
77.139.130.110:443
77.91.73.143:4433
8.208.95.78:443
8.217.111.67:443
8.222.230.219:443
85.206.172.192:443
88.99.28.233:5000
89.147.108.250:8085
90.107.73.133:443
91.92.128.200:443
94.131.102.61:443
94.131.110.14:9090
98.252.137.125:443

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2023-07-28)

104.168.237.121:443
108.177.235.191:443
146.190.113.107:443
168.138.174.173:443
18.219.102.188:443
23.83.133.160:443
23.83.133.164:443
24.99.36.214:443
35.90.217.46:443
44.202.218.193:443
44.212.22.10:22222
54.255.154.71:443
77.223.122.145:443

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2023-07-30)

http://95.164.47.3
13.39.237.2:443
16.171.60.36:443
45.81.34.65:11443
95.164.47.3:443

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (#2023-07-31)

139.99.66.96:443
185.39.204.47:447
64.227.79.229:10025
http://146.70.145.212

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (#2023-08-01)

106.55.228.192:4455
16.171.60.36:22222
185.239.225.17:7744
35.202.166.59:443
43.131.252.233:443

# Reference: https://twitter.com/TheDFIRReport/status/1686338899314987008

45.92.1.60:5111

# Reference: https://threatfox.abuse.ch/ioc/1146718/

146.70.145.212:443

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2023-08-03)

http://185.246.189.72
109.106.255.148:8443
109.106.255.148:40055

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2023-08-05)

http://54.211.1.105
151.236.216.137:443
163.172.140.159:443
206.189.143.81:443
43.131.252.233:8888
45.61.169.102:443

# Reference: https://twitter.com/sicehice/status/1687601960164216833

157.245.47.66:8080

# Reference: https://urlhaus.abuse.ch/url/2640642/

mott54874.b-cdn.net

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2023-08-07)

54.238.83.76:3306
54.238.83.76:443

# Reference: https://threatfox.abuse.ch/ioc/1149181/

http://85.206.172.192

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2023-08-09)

13.48.45.227:443
138.68.174.88:443
5.182.37.3:443

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2023-08-11)

http://146.190.29.203
http://176.31.163.140
106.55.228.192:8080
13.214.204.113:443
167.56.66.27:443
176.31.163.140:443
20.160.143.1:443
207.244.226.182:443
34.100.240.82:443
43.153.87.78:443

# Reference: https://www.virustotal.com/gui/file/53e8a1861bed12148803a34ea8bc2b844c4dab73759df6882f77c301f1151dcd/detection

161.97.156.7:43595
havoc718.ddns.net

# Reference: https://twitter.com/drb_ra/status/1691523144966610945

3.87.213.122:8080

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2023-08-16)

http://52.88.128.181
134.209.147.35:443
185.158.248.34:443
34.231.34.198:443
39.100.87.25:443
52.157.71.131:443
52.88.128.181:443
81.161.229.45:443
90.212.33.49:8443

# Reference: https://threatfox.abuse.ch/ioc/1150423/

http://34.231.34.198

# Reference: https://threatfox.abuse.ch/ioc/1150556/

64.227.130.114:443

# Reference: https://threatfox.abuse.ch/ioc/1150868/

52.76.227.205:443

# Reference: https://threatfox.abuse.ch/ioc/1150887/

http://77.91.68.133

# Reference: https://twitter.com/drb_ra/status/1693334655540363746

38.47.107.170:443

# Reference: https://twitter.com/drb_ra/status/1693334699224011263
# Reference: https://threatfox.abuse.ch/ioc/1151516/

209.38.225.63:443
209.38.240.41:443

# Reference: https://twitter.com/drb_ra/status/1693697132304257088

20.224.91.188:443

# Reference: https://threatfox.abuse.ch/ioc/1151453/

2.59.254.20:443

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2023-08-22)
# Reference: https://search.censys.io/hosts/78.135.73.140
# Reference: https://www.deepinstinct.com/blog/operation-rusty-flag-a-malicious-campaign-against-azerbaijanian-targets

http://159.203.122.205
38.47.107.170:8443
77.91.68.133:443
78.135.73.140:10443
78.135.73.140:35667
78.135.73.140:47878
94.128.22.194:443

# Reference: https://twitter.com/drb_ra/status/1694421398062506302

http://47.100.30.74

# Reference: https://twitter.com/drb_ra/status/1694965057107468557

77.74.208.123:443

# Reference: https://threatfox.abuse.ch/ioc/1152181/

16.171.254.242:443

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2023-09-01)

http://100.25.164.220
http://158.247.243.219
http://164.215.103.105
http://164.92.134.166
http://2.56.10.6
http://207.244.226.182
http://34.100.240.82
http://47.245.126.218
100.25.164.220:443
109.228.61.245:443
109.63.232.77:443
129.158.249.215:443
141.136.44.52:443
149.40.63.23:443
152.228.170.254:443
16.171.242.239:443
167.99.147.192:8443
170.187.207.78:443
178.128.48.128:443
181.164.204.99:443
188.166.159.86:443
206.166.251.95:443
207.244.226.182:8443
217.6.46.91:8443
34.100.240.82:40056
34.93.29.231:443
34.92.127.28:443
43.132.172.77:443
43.153.193.220:443
47.245.126.218:443
51.255.45.74:40016
78.157.163.36:443
94.131.112.139:443

# Reference: https://twitter.com/drb_ra/status/1696958168209772953

http://164.215.103.173

# Reference: https://twitter.com/drb_ra/status/1696958171774877936

164.215.103.173:443

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2023-09-06)

http://159.223.205.33
http://46.101.97.100
http://73.196.213.146
117.50.178.24:8088
139.180.212.188:443
167.172.86.3:443
167.172.86.3:8080
206.188.197.20:443
206.71.148.148:443
24.199.106.201:443
37.120.239.175:443
46.101.97.100:443
64.226.81.144:443
66.135.16.39:443
73.196.213.146:443
80.85.152.108:443

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2023-09-11)

152.89.198.175:443
34.231.97.149:443
34.235.159.186:443
45.131.3.18:443
5.61.41.71:443
61.4.102.37:443
86.82.10.130:53
92.39.211.142:443

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2023-09-12)

http://165.232.151.90
http://64.176.211.167
168.100.10.213:443
139.180.158.92:443
139.180.158.92:7443
159.223.205.33:443
193.149.190.230:443
206.71.148.79:443
209.38.212.101:443
3.215.181.98:443
38.6.163.12:443
45.195.204.20:443
45.195.204.29:443
45.195.204.53:443
51.68.169.167:443

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2023-09-19)

http://103.101.205.215
http://164.90.162.240
http://172.233.67.65
http://3.215.181.98
http://52.202.108.119
http://52.194.222.149
103.101.205.215:443
124.156.167.196:4433
128.199.88.129:443
164.132.229.221:443
164.90.162.240:443
172.233.67.65:443
217.182.199.147:40070
217.182.199.147:443
217.6.46.91:4443
47.122.21.21:443
50.255.107.171:443
51.16.9.5:8443
52.192.111.170:443
52.202.108.119:443
74.207.242.75:443

# Reference: https://twitter.com/drb_ra/status/1703481233949237614

5.182.37.3:444

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2023-09-21)

http://172.105.139.42
http://51.210.243.250
101.33.116.17:10249
16.171.237.4:443
175.27.146.212:443
178.128.122.128:443
192.144.211.13:443
193.117.208.108:7305
193.218.118.143:8083
193.218.118.143:8085
202.162.108.120:443
34.116.228.55:443
43.135.138.227:443
45.183.247.131:443
47.245.42.208:443
65.21.105.102:443
165.22.58.208:8443
172.105.92.100:443

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2023-09-25)

http://134.122.54.122
http://164.215.103.86
http://198.148.112.58
http://47.96.174.148
104.248.149.186:443
146.190.67.179:443
16.170.217.78:443
37.120.239.175:23450
40.117.129.162:40056
45.79.238.141:8080
47.96.174.148:443
162.0.231.130:443

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2023-09-29)

http://8.217.13.6
101.99.91.224:443
103.214.157.66:4443
134.195.198.40:443
138.68.69.79:443
168.100.11.139:443
173.212.236.170:443
18.195.241.171:443
185.243.114.106:443
185.243.115.154:443
185.243.115.252:443
192.153.57.227:443
192.53.171.76:443
194.26.192.110:443
20.52.249.198:443
3.6.98.232:18976
31.223.16.23:443
34.227.89.96:443
34.227.89.96:8443
40.117.129.162:888
44.202.151.94:443
45.138.16.248:443
45.195.204.20:3320
45.195.204.29:3320
45.195.204.53:3320
45.61.136.107:443
51.158.107.162:443
54.202.46.22:4443
54.211.1.105:40056
66.94.109.152:443
91.90.192.233:443

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2023-10-07)

http://172.105.183.87
http://172.105.190.170
111.90.148.125:443
178.128.111.190:443
178.128.216.62:443
194.182.78.107:443
20.19.1.146:443

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2023-10-09)

http://185.235.138.63
http://54.146.112.196
139.180.195.227:443
51.142.94.204:443
98.66.139.133:8443
aadcdn.the-admiralty.co.uk
aadcdn.ukho.org
acad.bmcybersecurity.net
acadtr.bmcybersecurity.net
support-par8o.com
addressverification.support-par8o.com
alerts-service.com
backstopsolution.net
bankbubyan.com
banochotelgh.com
biswapvoilet.com
bluelinedevelop.com
caldwellmedical.org
cenaa3.viverindia.com.br
centrecertifieplus.com
chuangshiclub.com
contrariancapital.backstopsolution.net
cpcontacts.banochotelgh.com
cpcontacts.biswapvoilet.com
jagoanstoregame.duckdns.org
cpcontacts.jagoanstoregame.duckdns.org
crm.banochotelgh.com
deltidentalil.com
erci.banochotelgh.com
fahope.com
files.bmcybersecurity.net
givex.help
gracefoundme.top
if00d.com.br
iglensonc2.com
l2chartsapi.com
banochotelgh.com
lime.banochotelgh.com
linkair.top
login.doc-usign.net
login.officeonline.ri-rqc.sk
login.ri-rqc.sk
lucie.ddns.net
alerts-service.com
mail.alerts-service.com
backstopsolution.net
mail.backstopsolution.net
mail.biswapvoilet.com
biswapvoilet.com
myalectra.com
nginx-rev-prox-rj33nb72rsqni.westeurope.cloudapp.azure.com
officeonline.ri-rqc.sk
omricybersecurity.com
purple.cassa.my.id
ri-rqc.sk
salvation.banochotelgh.com
siptestasets.com
artsavingsclub.co.za
staging.artsavingsclub.co.za
support-par8o.com
suse.space
the-admiralty.co.uk
uiurbur.guieoer.pserver.ru
google-service.workers.dev
update.google-service.workers.dev
update.netsecgroup.com
netsecgroup.com
bmcybersecurity.net
biswapvoilet.com
vulnmetrics.bmcybersecurity.net
webdisk.biswapvoilet.com
webmail.biswapvoilet.com
perubahan-tarif-brlmo.com
webmail.perubahan-tarif-brlmo.com
wss.payloads.online
payloads.online
yinksoft-update.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2023-10-11)

120.53.93.251:443
157.245.142.4:443
54.146.112.196:443
95.217.219.48:8080

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2023-10-13)

http://163.172.234.31
16.171.65.50:443
163.172.234.31:443
164.92.168.80:443
176.124.215.91:443
185.225.17.127:4433
2.102.90.244:4444
alexis-dasilva.com
sharepointoneline.com
stellantis-invite.com
stellantis-service.com
idpm.stellantis-invite.com
wapprod.stellantis-service.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2023-10-16)

http://194.180.49.251
104.233.140.137:8088
16.171.54.181:8443
164.92.168.80:40056
185.165.169.117:443
43.135.163.36:443
89.116.72.113:21024
air-canadaa.com
search-online.workers.dev

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2023-10-19)

http://172.233.192.25
http://216.128.180.160
http://95.92.201.169
13.53.84.163:443
130.51.20.136:5900
134.195.198.40:40056
137.184.84.90:443
138.68.174.88:40056
141.94.69.198:443
161.35.25.219:443
172.233.192.25:443
185.193.125.140:443
194.169.175.238:8083
194.169.175.238:8443
195.77.176.178:4444
23.94.50.240:443
45.12.253.39:443
52.56.179.139:443
54.246.47.176:443
88.99.71.225:443
89.147.111.205:4443
adblockext.ru
securitytest.lat
api.microsoft-service.workers.dev
login.sharepointoneline.com
microsoft-service.workers.dev

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2023-10-23)

5.255.123.86:443
5.255.123.86:5000
alexis-dasilva.pro
bitwarden-server.payloads.online
cesig8.online
vip.cesig8.online

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2023-10-25)

http://66.219.103.8
141.105.71.141:443
157.230.124.53:443
158.160.74.251:8443
149.102.143.96:443
167.114.113.96:443
191.96.53.80:443
194.169.175.238:8080
3.6.115.64:10000
34.217.46.159:8443
34.93.89.189:443
38.242.132.121:443
47.157.37.112:5001
50.116.39.137:443
51.254.33.199:443
52.15.200.151:443
68.183.68.156:443
88.99.71.225:801
abaadoffice.net
aspidaprotection.com
atisgst.fit
msonline-security.com
prfectr.xyz
analytics.prfectr.xyz
staging.prfectr.xyz
mail.abaadoffice.net
login.msonline-security.com
wapprod.stellantis-invite.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2023-10-29)

http://146.70.79.19
http://83.212.96.62
136.243.185.107:443
139.84.144.181:443
161.142.78.158:8080
175.136.232.225:8080
175.136.232.226:8080
176.31.163.140:40056
24.144.90.189:443
35.221.29.34:443
57.128.171.220:443
80.78.22.31:443
buesem2021.com
havoc.riggcorp.com
idpm.stellantis-service.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2023-11-01)

208.115.220.176:443
35.167.204.55:443
46.8.158.224:443
heylele.com
msftonline.org
testsite.uno
config-update-ms.francecentral.cloudapp.azure.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2023-11-02)

136.243.185.107:8443
185.193.125.140:41909
20.220.86.194:443
20.94.83.139:443
35.178.199.73:443
35.226.174.151:443
64.227.179.34:443
91.92.255.32:443
mircofots.online
apix.mircofots.online

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2023-11-04)

http://172.208.90.130
http://176.126.113.164
http://212.71.238.198
http://40.76.55.180
http://8.208.95.78
128.140.47.106:443
13.215.191.59:4444
139.28.36.5:443
144.76.182.181:443
146.190.41.228:443
154.8.142.178:443
159.65.168.135:443
16.16.26.234:3306
16.16.26.234:443
164.92.189.96:443
165.22.184.182:443
167.71.38.111:443
167.71.6.13:443
170.64.171.160:443
172.232.123.21:443
173.255.196.101:443
174.138.4.105:443
176.9.43.114:8443
178.62.57.69:587
185.193.125.118:443
185.236.202.153:4444
194.169.175.238:443
194.169.175.238:9443
20.157.16.178:443
20.52.226.156:443
20.55.94.241:443
20.71.97.27:443
20.93.5.194:8089
203.135.101.181:82
31.220.94.133:443
34.224.40.221:443
34.232.77.201:443
35.178.199.78:443
35.178.203.77:443
40.76.55.180:8090
43.138.87.237:443
45.66.216.108:443
45.76.71.236:443
45.79.249.116:443
46.246.1.155:7443
51.15.195.71:40056
51.158.107.162:40056
52.151.252.137:443
52.87.167.149:443
54.188.132.103:443
54.93.236.31:443
54.93.236.31:8000
62.210.207.211:443
64.226.72.6:443
79.133.183.84:443
79.133.183.84:8081
79.141.169.72:4443
80.78.24.47:443
85.208.117.147:4443
88.214.25.36:443
91.206.14.228:8989
94.156.64.184:4433
95.165.99.74:443
7desktop.com
abb-bank.wiki
bedlinnenoutlet.nl
daanzeegersdesign.nl
donotopenthis.zip
toroz.nl

# Reference: https://threatfox.abuse.ch/ioc/1201397/
# Reference: https://www.virustotal.com/gui/file/fa02f2c47b8a22acff47d86da8e5b97f2453aee4606f585b5d979429eb85a0d3/detection

werbeagenturbraunschweig.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2023-11-22)

172.208.90.130:443
172.208.97.188:443
185.254.238.160:443
209.250.248.246:443
45.78.58.175:6379
blha.tail9ed4d.ts.net
cloudflare-tls.workers.dev
ctvnews.eastus.cloudapp.azure.com
launchpad.pusd.fi
login.pusd.fi
mstraffic.cloudflare-tls.workers.dev
pusd.fi

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2023-11-25)

http://172.208.97.188
104.237.11.5:443
172.105.66.217:23966
198.176.59.64:443
37.187.176.161:443
80.78.22.93:443
85.209.176.146:8088
88.99.150.167:8443
pwshrepo.com
sd-50950.dedibox.fr
vpn-eu.dsikw.com

# Reference: https://twitter.com/banthisguy9349/status/1731290942785601583

46.8.158.224:8000

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2023-12-03)

http://13.42.17.180
http://167.71.38.111
http://172.191.67.230
http://18.191.149.233
http://188.116.22.65
http://198.176.59.64
http://64.176.164.102
http://80.211.208.51
108.51.80.70:443
124.220.224.87:8888
124383.msk.web.highserver.ru
139.28.36.237:443
139.59.40.198:443
142.93.185.248:443
146.190.231.230:443
146.190.231.230:80
146.190.45.248:443
146.70.79.110:4445
148.135.75.34:443
157.230.223.248:443
165.22.159.164:443
178.128.122.128:40069
178.62.57.69:40056
18.196.5.34:443
185.221.216.103:443
198.176.59.64:6379
209.38.226.163:443
212.227.211.81:443
24.199.125.30:443
45.123.188.186:443
45.15.159.79:443
45.76.156.94:443
47.108.117.51:8081
5.161.118.248:443
504e165d.host.njalla.net
52.91.116.180:443
62.84.116.13:443
62.84.116.13:4443
62.84.116.13:61237
77.103.140.46:443
cdn239.for149.xyz
contato8.appsysten.com
kztime.ddns.net
lido-fi.dev
nginx-typhoon.westeurope.cloudapp.azure.com
wiipo.com.ht-hldrotermica.com.br

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2023-12-05)

http://113.52.134.114
http://141.94.69.198
http://207.180.215.36
http://35.92.41.20
104.248.15.194:443
113.52.134.114:443
113.52.134.114:4433
113.52.134.114:6379
158.160.84.31:443
159.89.4.80:443
162.216.241.236:443
167.172.45.219:443
174.138.7.112:40065
212.51.144.128:443
3.110.107.80:443
34.29.20.95:443
43.163.210.218:443
45.79.6.132:443
45.9.62.223:443
47.251.70.97:443
62.210.207.211:8000
62.234.202.129:443
66.228.60.47:8000
74.119.195.176:443
79.124.58.134:443
u1.cc0.ir
worker-jolly-unit-e3af.jacobnero11.workers.dev

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2023-12-17)

http://172.232.123.21
http://37.221.197.42
107.174.115.43:8443
138.68.123.125:40065
138.68.123.125:443
142.93.185.248:8080
16.170.155.141:443
170.64.204.218:443
185.216.68.69:443
185.216.68.70:443
192.46.215.47:443
193.181.23.43:443
194.33.191.214:40056
195.35.25.136:443
216.146.25.85:443
3.149.246.173:443
35.158.7.214:443
37.221.197.42:443
43.138.25.26:443
51.20.113.6:443
62.234.202.129:48892
66.228.60.47:443
87.121.87.101:444
92.220.154.91:8443
aadcdn.nolog.no
accounts.cdcadvania.no
accounts.nolog.no
analytics.nolog.no
apis.cdcadvania.no
apis.nolog.no
cdcadvania.no
content.cdcadvania.no
content.nolog.no
fonts.nolog.no
login.nolog.no
login.test.nolog.no
mail2.nolog.no
myaccount.cdcadvania.no
myaccount.nolog.no
nolog.no
notifications.nolog.no
ogs.nolog.no
play.cdcadvania.no
play.nolog.no
ssl.cdcadvania.no
ssl.nolog.no
test.nolog.no
tysers.ltd
www2.nolog.no
youtube.nolog.no

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2023-12-24)

http://13.209.21.1
http://139.196.241.226
http://18.116.150.89
http://20.107.115.8
http://206.237.23.155
103.174.114.187:443
124.222.63.238:8020
13.213.218.169:45923
13.38.219.27:443
139.196.241.226:40000
139.84.147.34:443
144.76.182.181:6666
15.188.15.165:443
15.188.62.181:443
18.116.150.89:443
185.196.11.27:8443
193.233.203.168:443
198.13.36.52:8443
198.13.36.52:9443
206.237.23.155:443
206.237.23.155:8443
207.180.215.36:443
3.110.107.80:40069
3.84.191.39:443
31.222.238.48:443
45.120.177.198:443
45.133.216.82:443
45.145.228.123:8080
45.76.184.28:443
62.204.41.67:443
65.20.84.176:443
69.164.199.179:8443
79.133.51.66:443
80.211.65.159:443
80.78.27.224:40056
91.92.250.227:443
91.92.253.137:443
crm.salesatelier.at

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2024-01-01)

http://109.206.246.130
http://207.174.28.42
109.206.246.130:30003
109.206.246.130:443
18.216.147.202:443
5.35.34.36:443
achiversacademy.shop
passwordsecurity.cloud
tracktheway.shop
lastpass.passwordsecurity.cloud
v2202304197391224451.megasrv.de
v2202304199058227026.goodsrv.de

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2024-01-03)

159.223.92.16:443
172.232.36.73:10443
35.173.234.124:8443
74.119.194.110:8888
85.215.215.94:443
activelifes.shop
authenticateoffice.com
cdn.authenticateoffice.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2024-01-05)

http://45.61.187.244
103.59.94.45:443
13.235.254.216:443
146.190.236.181:443
160.238.36.135:8080
179.96.164.30:445
179.96.164.40:445
188.166.39.71:443
64.156.192.19:2222
api.msservice.workers.dev
helpdesktops.com
lightfull.shop
msservice.workers.dev
v2202002114563109588.megasrv.de
v2202311142188246753.nicesrv.de
walbuschgruppe.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2024-01-06)

http://20.61.52.34
http://34.239.255.86
http://91.92.251.215
120.26.241.141:8443
139.84.172.20:8443
139.84.172.248:443
161.35.239.147:443
167.99.156.77:443
179.96.164.83:445
185.196.10.126:8443
188.166.39.71:4444
195.90.223.120:443
20.107.115.8:443
213.136.71.179:443
3.110.101.202:443
34.203.229.137:443
34.239.255.86:443
45.126.125.144:443
47.76.181.76:443
8.219.206.59:443
88.119.171.83:443
91.92.251.215:443
91.92.251.215:8443
20402177.xyz
cloud.cy-security.de
dl.info-163.com
esdm-internal.com
ethicalhackersworkshop.com
git.cy-security.de
hc.info-163.com
info-163.com
kasm.cy-security.de
login.microsoft.authenticateoffice.com
lucarne-films.com
microsoft-webservices.com
microsoft.authenticateoffice.com
nadon.net
namyonghospital.net
nvidiaapp.cloud
oxyphyllous.20402177.xyz
thesirenmika.xyz
vpn.cy-security.de

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2024-01-15)

http://13.235.248.157
http://193.222.96.163
107.172.57.92:443
125.229.208.221:8080
13.235.248.157:443
141.94.69.198:8443
164.92.79.49:443
172.105.109.228:443
193.222.96.163:7443
20.199.89.215:443
23.94.198.26:443
3.208.22.29:443
47.74.90.4:443
54.185.217.31:443
84.32.188.80:65534
90.46.97.127:4443
app.berkeleyisyou.com
berkeleyisyou.com
cy-security.de
havoc.redethics.online
kesselfoodmarket.com
redethics.online
whoami.cy-security.de

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2024-01-17)

http://167.172.80.227
http://172.172.163.9
http://52.66.109.117
138.197.4.123:443
16.62.217.129:443
172.172.163.9:443
20.84.6.140:443
45.126.127.218:443

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2024-01-23)

http://206.237.1.36
http://34.123.166.220
http://98.71.223.72
103.149.91.138:443
13.235.247.85:443
137.184.9.46:443
15.206.164.202:443
157.245.29.228:443
18.117.107.132:443
192.46.228.106:443
195.90.223.120:40056
20.197.230.164:443
206.237.1.36:443
209.97.131.69:443
23.26.55.9:443
34.123.166.220:443
34.123.166.220:6667
34.171.56.109:6667
35.209.123.246:8443
4.246.234.87:443
40.113.134.142:443
43.138.25.26:4431
52.76.234.184:443
64.23.154.205:443
83.97.20.211:443
98.71.223.72:443
99.153.7.177:443
cooltk.asia
ha.redethics.xyz
jamesdesign.blog
lmanage.net
longkey.02561854.xyz
primalbrainhacks.com
redethics.xyz
tradeplayz.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2024-01-28)

http://137.117.205.207
http://52.136.223.233
http://89.245.139.188
116.203.129.118:443
137.117.205.207:443
137.117.205.207:4444
141.144.233.60:443
146.70.155.203:443
15.235.130.29:10443
164.92.125.68:443
206.189.139.96:443
3.21.227.143:443
31.192.235.164:443
4.205.75.12:443
52.136.223.233:443
52.136.223.233:4444
89.245.139.188:443
89.245.139.188:4444
96.30.193.6:443

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2024-01-31)

http://34.244.129.215
http://79.137.226.104
http://91.92.252.217
http://91.92.253.160
141.136.44.219:4443
34.244.129.215:443
38.242.209.51:443
49.157.28.96:443
50.118.225.41:443
91.92.252.217:10443
91.92.252.217:7443
91.92.253.138:443
98.186.108.222:443
ekfb.site
pgad.emkd.ru

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2024-02-04)

http://103.195.6.58
http://104.248.249.135
http://122.114.8.164
http://192.46.228.106
http://20.38.38.37
http://54.199.117.47
104.238.60.14:443
13.235.8.98:443
138.197.134.200:8443
143.198.78.107:443
148.135.34.21:443
158.160.65.88:443
164.92.180.123:443
172.105.62.186:443
175.41.143.87:443
18.188.25.88:443
192.52.166.9:443
193.168.141.92:443
193.178.147.164:8010
211.24.117.21:443
3.83.182.180:443
44.200.32.105:443
45.147.250.155:443
47.236.237.46:443
47.76.61.241:443
88.99.150.149:4444
88.99.150.167:4444
88.99.150.167:8080
91.92.253.138:6075
91.92.253.160:6075
91.92.253.204:8080
ambankgruop.store
premier-stream.co.uk
rss-bridge.emkd.ru
www-12.eekal.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2024-02-12)

http://121.127.33.246
http://122.114.156.104
http://136.54.125.106
http://141.98.168.243
http://18.117.144.139
http://40.90.255.165
http://49.13.149.129
104.236.67.20:443
114.29.237.119:443
124.220.235.28:1002
134.209.244.69:443
141.98.168.243:443
150.143.137.163:443
159.203.167.57:443
159.69.207.158:443
162.55.40.203:443
164.90.233.164:443
165.154.132.129:50013
165.227.122.136:443
168.119.96.5:443
172.105.14.104:443
172.105.14.104:4444
172.202.30.12:443
185.189.196.191:40056
193.178.147.164:443
20.224.11.48:443
3.143.234.125:443
4.255.104.31:443
40.90.255.165:443
43.132.212.200:22694
43.132.212.200:443
45.137.10.34:3333
45.61.159.30:443
45.78.32.214:443
45.79.196.203:4443
45.79.196.203:8080
45.9.191.183:443
49.12.7.88:443
51.103.213.14:443
54.169.174.23:443
61.19.254.6:2123
79.113.86.126:443
91.107.200.181:443
files.paronibarry.net
healthpips.com
microsft-security.com
panel.dalkson.com
qa-dhs.wavenet-solutions.com
reporttest.rubecon.co.za
staging.recruitis.josefbenjac.cz
zqpvr01.sandcats.io

# Reference: https://twitter.com/suyog41/status/1760991549687742771
# Reference: https://www.virustotal.com/gui/file/b8f5012bbc6e16628d3c62486b72ef5e54649ff093d4fa1b73df1961cd820746/detection
# Reference: https://www.virustotal.com/gui/file/6f12b6087b124b6595929cdb14b31f9cf966a8c35a7483332f979b6df2777eef/detection
# Reference: https://www.virustotal.com/gui/file/5e31bc7b8d65336df908bc9bcc6237cc40b7ab08570533415de101874792e70d/detection
# Reference: https://www.virustotal.com/gui/file/24ecad57d387c8d06eb80d1b4769b321fdd0e01a1b0190c7c7ea9e461ad3a659/detection

212.47.244.109:3773
212.47.244.109:443

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2024-02-24)

http://13.233.144.170
http://165.227.122.136
http://173.237.206.178
http://178.62.57.69
http://185.236.234.129
http://195.78.220.27
http://35.177.215.200
http://35.178.199.73
http://35.178.199.78
http://45.59.118.25
107.173.118.89:443
138.124.180.245:443
139.84.137.249:443
141.94.221.216:443
146.190.165.243:443
146.70.79.64:443
158.101.163.23:443
159.253.120.2:443
168.119.96.5:40056
18.153.179.54:443
185.236.234.129:443
191.96.53.132:443
192.109.241.139:443
193.239.86.189:443
20.189.118.216:443
23.227.193.214:443
23.88.118.173:443
24.199.107.91:443
3.253.247.39:443
3.84.126.255:443
34.116.205.0:443
34.141.124.126:443
34.76.179.109:443
37.1.210.109:40056
37.1.210.109:443
45.150.67.45:8081
45.55.200.153:443
45.59.118.25:443
45.63.120.163:443
45.78.32.214:8080
47.232.161.146:443
49.13.129.77:443
51.159.175.8:443
51.210.244.254:443
52.184.85.209:443
58.65.172.132:443
88.214.25.240:443
89.116.227.76:443
89.147.111.163:443
94.102.49.161:8080
94.130.169.13:443
94.156.65.16:443
dbdfbd.xyz
digital20.agriprotechx.com
edgarmcneil.autos
glptestasets.com
imperiummalczyc.pl
irenecameron.autos
kendraesparza.autos
laboratoriodiagnosticoescobar.com
linki.one
maribelgould.autos
reneesellers.autos
smtracking.suparamining.swp23.com
wapt.dgcs.cloud

# Reference: https://twitter.com/1ZRR4H/status/1764907546324656458

http://24.199.107.91

# Reference: https://twitter.com/1ZRR4H/status/1767775296441221163

http://124.106.197.167
124.106.197.167:443

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2024-03-17)

http://103.139.93.20
http://122.114.10.11
http://122.114.156.47
http://122.114.192.234
http://122.114.192.32
http://122.114.197.147
http://122.114.225.100
http://139.162.36.86
http://193.178.147.164
http://23.95.48.151
http://3.88.102.160
http://3.94.102.197
http://45.137.10.34
http://45.138.157.4
http://47.236.84.82
http://54.221.151.132
http://65.1.107.60
http://69.30.249.147
http://69.30.249.148
http://78.129.165.233
http://81.69.242.185
http://82.67.60.21
http://89.23.107.13
103.113.68.85:443
103.113.68.85:81
103.139.93.20:3306
103.152.254.139:443
115.85.46.21:443
124.106.197.167:4343
124.222.63.238:8029
124.223.215.119:443
124.223.215.119:65413
13.232.135.125:443
139.162.180.174:443
139.180.144.32:9001
15.228.57.29:443
152.136.171.162:4433
157.245.45.26:443
159.69.207.158:40056
161.35.79.43:443
170.187.200.132:443
172.105.0.147:443
172.233.174.11:443
172.247.113.97:8443
173.249.27.72:443
174.138.6.9:443
175.197.65.135:6379
175.197.65.135:8082
185.11.61.57:443
185.130.46.164:443
185.130.46.231:443
185.174.8.138:8080
185.94.164.105:443
188.119.66.163:443
188.40.19.86:443
192.46.228.106:445
194.124.33.109:443
194.124.33.109:8443
194.246.114.147:443
194.26.192.57:443
198.13.47.158:443
20.127.230.167:443
20.127.96.164:443
20.191.195.105:443
20.197.20.154:443
20.244.47.98:443
200.234.235.200:443
206.81.31.145:443
210.2.169.247:443
23.227.193.87:443
23.227.194.177:443
23.227.194.232:443
23.95.48.151:8443
3.35.14.154:443
34.162.156.94:443
34.69.171.116:443
35.193.229.206:443
35.193.229.206:60000
37.1.208.20:443
37.1.208.95:40056
37.1.208.95:443
37.1.210.247:40056
37.1.210.247:443
37.1.212.112:40056
37.1.212.112:443
37.1.214.247:40056
37.1.214.247:443
37.1.214.6:40056
37.1.214.6:443
38.180.91.39:443
39.105.194.87:443
43.138.70.217:443
45.134.9.138:443
45.134.9.140:443
45.144.31.57:40000
45.144.31.57:8080
45.8.146.116:443
45.87.246.76:443
46.37.96.110:443
47.122.6.179:443
47.236.84.82:443
5.161.64.218:443
51.195.91.31:4443
51.195.91.31:8080
54.209.66.233:443
54.221.151.132:443
62.182.80.97:56432
64.227.179.34:40056
69.30.249.148:443
69.30.249.148:81
78.40.117.84:443
8.130.10.159:443
8.219.183.36:443
81.69.242.185:443
81.94.150.166:443
81.95.8.174:443
89.116.22.214:443
89.23.103.208:443
89.23.107.13:443
91.92.246.48:443
91.92.253.59:443
92.39.211.142:4444
93.185.167.79:443
94.156.66.44:443
94.156.67.244:443
94.156.67.85:443
94.232.45.42:443
accept.gbdvs.shop
bignas.shop
cardiochallenge.at
fresocialcasinogames.com
gbdvs.shop
kardiocentrumnitra-fingera.com
kcrn.sk
smtracking.web_hassinezarrat.swp23.com
test-control.rnb-team.com
time.vmupdate.org
vmupdate.org
www2.laboratoriodiagnosticoescobar.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2024-03-24)

http://114.130.36.121
http://8.219.183.36
103.81.38.242:443
124.106.197.167:4242
139.162.51.167:443
155.138.229.25:443
159.65.212.61:443
162.33.177.165:443
165.22.72.160:443
172.172.152.168:443
172.178.112.227:443
172.247.113.106:8443
176.120.75.169:443
185.22.155.92:443
185.248.143.18:8443
192.227.234.164:443
193.149.189.103:55006
193.239.86.163:443
207.148.73.248:443
23.227.193.238:443
4.153.122.111:443
45.134.9.138:41056
45.78.32.214:40056
46.17.107.164:443
52.27.42.38:443
62.234.28.147:443
64.23.181.57:443
64.23.185.215:443
65.108.19.239:443
79.174.95.201:443
82.157.236.128:6443
83.166.150.213:4443
92.116.36.5:443
92.116.37.169:443
92.116.39.103:443
92.116.39.245:443
95.179.171.52:443

# Reference: https://twitter.com/banthisguy9349/status/1773009385259708808

45.87.246.76:8000

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2024-03-31)

http://16.16.187.254
http://165.232.68.248
http://185.239.209.56
http://3.86.233.198
http://52.173.131.28
http://54.84.224.146
http://77.232.143.114
101.33.35.171:10000
110.40.133.81:443
140.246.157.86:4433
165.232.68.248:443
185.94.165.191:443
192.52.166.37:443
20.79.165.186:443
45.134.9.139:41056
45.134.9.140:41056
45.77.255.164:443
5.181.20.63:443
52.173.131.28:443
54.84.224.146:443
62.171.158.126:8080
64.23.140.175:443
64.23.230.161:443
77.232.143.114:443
81.43.22.249:443
81.43.23.68:443
92.116.36.151:443
92.116.36.212:443
92.116.37.117:443
92.116.37.99:443
92.116.39.126:443

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2024-04-07)

http://104.236.70.31
http://110.40.133.81
http://141.164.57.125
http://161.35.138.53
http://193.124.205.100
http://3.83.189.245
http://37.114.41.230
http://45.156.85.187
101.33.35.171:8081
103.20.60.248:443
104.236.70.31:443
104.248.44.99:443
137.220.197.178:443
137.220.197.178:8443
137.220.197.198:443
137.220.197.198:8080
137.220.197.198:8443
141.164.57.125:443
141.164.57.125:8080
149.88.67.40:443
151.236.220.113:443
151.80.152.122:443
154.12.179.67:10000
154.90.63.63:443
159.65.173.112:9443
162.33.177.165:40056
165.22.39.29:443
172.233.120.154:443
172.233.230.75:443
185.149.146.252:443
194.246.114.147:40050
207.180.230.175:443
217.196.60.141:443
3.111.169.215:443
38.55.201.92:443
45.152.115.131:8000
47.238.200.165:443
47.243.188.147:443
62.72.26.78:443
64.176.224.27:443
8.217.88.225:443
81.43.22.106:443
86.104.72.149:443
86.125.229.50:443
92.116.36.36:443
93.127.163.159:4433

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2024-04-10)

http://13.82.179.86
http://137.220.197.178
http://147.45.136.226
http://15.222.252.34
http://154.12.179.67
http://165.227.223.174
http://167.172.246.65
http://167.71.105.169
http://18.206.197.222
http://18.253.226.108
http://185.150.26.240
http://195.35.16.247
http://3.250.35.163
http://34.142.80.46
http://39.106.250.105
http://45.156.85.187
http://45.32.100.118
http://68.183.56.211
http://8.137.171.164
http://80.78.22.18
http://94.156.65.156
http://95.217.210.118
101.43.211.59:443
101.99.94.224:4433
103.195.6.58:443
103.215.80.54:443
103.249.112.105:8181
103.249.112.118:8181
103.30.17.17:443
103.82.132.120:443
103.82.132.120:8443
103.82.195.234:443
103.82.195.234:8443
103.82.36.91:443
103.82.36.91:8443
108.34.181.65:443
119.45.176.135:443
122.248.198.64:443
124.220.235.28:1003
13.82.179.86:443
137.184.78.220:443
138.197.134.200:443
138.197.28.158:443
138.197.28.158:8080
138.197.80.243:443
142.93.142.34:443
143.198.237.101:443
143.244.200.146:443
144.202.47.116:443
146.190.60.217:443
147.45.149.10:443
147.45.79.42:443
147.78.103.182:443
157.230.66.27:443
159.223.0.103:443
159.69.195.86:443
16.16.233.72:443
16.171.148.52:443
164.215.103.89:443
164.92.80.224:443
165.22.72.160:40056
165.227.136.196:443
165.227.223.174:443
167.114.90.243:443
167.172.246.65:443
167.71.105.169:443
170.64.140.92:443
170.64.210.247:443
170.64.231.144:443
172.105.81.73:443
172.210.41.151:443
172.233.120.154:40056
178.128.134.221:443
178.128.22.83:443
18.118.8.124:443
18.177.137.182:443
18.253.226.108:443
185.140.12.198:443
185.196.11.251:443
185.62.58.73:443
191.96.1.195:443
192.162.68.201:443
193.226.15.100:443
194.87.106.163:443
195.123.226.83:443
195.35.16.247:443
195.35.16.247:8443
20.186.89.88:443
207.180.230.175:40056
207.180.230.175:9443
207.231.109.20:808
210.3.101.68:443
23.95.61.136:29443
3.105.212.12:443
3.105.98.157:443
3.249.36.72:443
3.250.35.163:443
31.192.107.143:443
31.192.107.143:8443
31.220.80.82:1234
31.220.80.82:8443
31.42.185.190:443
31.42.185.190:8443
34.210.168.103:443
35.192.76.216:443
35.89.154.15:4443
39.106.250.105:443
43.132.130.145:443
43.135.55.212:10000
43.135.55.212:8080
43.143.170.206:443
44.222.74.172:443
45.133.238.227:443
45.137.155.36:443
45.137.155.47:443
45.137.155.52:443
45.14.246.124:443
45.14.246.53:443
45.15.158.15:6969
45.153.229.132:443
45.59.118.122:443
45.76.190.37:443
45.87.155.112:443
47.236.151.19:443
47.245.38.152:443
49.13.151.150:443
49.13.214.35:443
5.42.85.10:443
5.42.85.10:8443
50.114.37.38:443
50.114.37.38:8443
51.15.225.131:443
51.15.249.226:443
51.8.90.242:443
54.66.9.58:443
54.78.161.42:443
62.169.25.187:443
65.109.58.235:443
66.78.40.230:443
68.183.56.211:443
74.208.123.12:443
74.208.123.12:8443
77.232.143.114:40056
77.91.74.239:443
8.140.193.181:8443
80.76.32.4:443
80.87.206.160:2080
80.87.206.160:8443
81.43.24.55:443
86.60.160.90:443
87.121.69.206:3306
88.214.26.33:8443
89.38.225.168:4433
91.225.218.38:443
91.238.181.233:8443
91.92.250.2:4433
91.92.252.107:443
94.156.65.156:443
94.156.65.156:4433

# Reference: https://x.com/banthisguy9349/status/1796211325242135021

174.138.24.101:443

# Reference: https://twitter.com/ShanHolo/status/1787551650493747688

/Shhhavoc.py

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2024-06-15)

http://103.152.255.69
http://103.245.39.231
http://104.248.223.131
http://107.175.115.199
http://107.175.115.91
http://13.51.174.30
http://138.197.37.104
http://146.190.122.253
http://155.138.144.27
http://159.100.29.70
http://159.203.143.205
http://159.223.0.103
http://159.65.114.122
http://159.65.12.129
http://172.172.150.146
http://185.140.12.198
http://193.149.189.27
http://195.123.225.88
http://20.83.27.106
http://20.93.16.228
http://200.234.232.64
http://202.169.39.4
http://43.138.25.26
http://45.32.233.38
http://47.101.67.119
http://47.236.36.46
http://47.243.185.50
http://47.76.120.184
http://54.157.194.229
http://93.123.39.194
http://98.64.127.186
1.34.91.90:8080
100.27.0.53:443
103.151.111.138:443
103.245.39.231:443
103.82.194.41:443
104.248.223.131:443
104.248.34.11:443
107.172.57.113:443
107.175.115.91:18189
107.175.115.91:443
107.175.115.91:8443
109.123.234.20:443
118.33.178.150:8880
121.127.33.107:53
121.127.33.246:38442
121.37.252.50:443
122.248.226.169:443
122.51.194.153:8888
123.60.181.176:443
128.199.184.87:10000
128.199.184.87:443
13.231.126.178:443
13.49.238.38:443
13.55.48.44:443
13.60.83.83:443
138.124.180.93:7443
138.197.37.104:443
138.2.135.17:8080
143.110.211.214:443
143.110.211.214:50001
146.190.122.253:47001
147.135.92.77:443
147.45.136.226:443
15.164.161.42:4443
152.89.92.204:443
155.138.144.27:443
157.245.117.178:443
158.160.140.150:443
158.160.166.214:443
158.160.172.199:443
159.203.143.205:443
159.65.114.122:443
159.65.12.129:443
16.171.84.168:443
162.216.243.183:443
162.216.243.61:443
162.238.154.3:2000
164.90.253.167:443
165.227.79.41:443
167.179.81.150:800
172.105.76.71:443
172.172.150.146:443
172.173.169.179:443
172.207.80.170:443
174.138.103.97:40056
174.138.23.208:443
176.107.154.149:443
178.128.170.218:443
18.118.127.83:443
18.188.159.82:443
18.206.197.222:443
181.237.195.93:8443
182.30.4.130:443
185.142.184.203:443
185.196.11.117:443
185.208.158.37:443
185.22.64.121:40056
185.22.64.121:443
185.245.61.76:443
192.3.86.166:2096
192.46.232.196:443
193.122.115.146:443
193.149.189.27:443
194.246.114.20:443
194.67.207.216:443
194.87.148.48:443
195.123.225.88:443
195.77.176.178:443
198.46.215.32:443
20.21.130.76:443
20.55.194.105:443
20.56.35.166:9443
200.234.232.64:8443
202.169.39.4:443
207.148.125.4:443
209.38.50.170:443
212.47.244.109:40056
212.47.247.193:443
23.177.56.78:443
3.106.207.57:443
3.145.14.200:443
3.26.243.129:443
3.74.121.88:23175
3.99.177.194:443
34.221.207.33:8443
34.242.178.11:443
34.30.75.53:443
35.178.232.65:443
35.90.91.89:443
35.95.145.156:8443
37.114.42.26:443
37.27.47.248:443
38.207.176.36:9999
38.242.151.91:443
38.60.203.99:443
39.96.169.89:443
41.216.183.135:8443
43.134.47.80:2096
43.143.170.206:8443
43.155.16.246:443
44.200.252.252:443
44.211.3.42:443
45.153.70.148:443
45.32.100.118:443
45.33.97.250:443
45.88.91.78:8443
45.92.9.110:443
45.95.234.87:443
45.95.234.87:8888
46.101.3.161:443
46.183.25.51:443
47.236.116.179:443
5.188.86.231:8443
5.252.176.53:443
5.42.104.202:443
51.15.225.131:40056
51.20.124.126:443
51.8.82.12:40056
52.170.209.28:443
52.200.215.252:443
52.40.136.42:443
54.157.194.229:443
54.174.87.114:40056
54.174.87.114:443
54.203.168.251:443
54.227.37.24:443
54.71.125.251:7443
62.234.162.181:8443
63.250.56.156:8088
63.250.56.164:8008
64.225.27.95:443
65.109.237.32:4443
66.228.59.65:443
74.235.204.9:443
74.249.96.36:443
74.48.115.132:443
77.232.137.28:443
78.41.139.60:443
79.137.117.20:443
79.137.117.24:443
79.141.173.238:443
8.147.119.54:443
81.43.243.155:443
81.43.27.250:443
81.70.190.242:443
82.153.138.180:10443
82.168.162.65:443
85.31.238.253:443
86.104.72.20:443
86.48.7.17:443
87.106.230.151:64443
87.249.50.32:443
87.249.50.32:8888
89.116.236.42:443
89.117.1.117:14431
91.132.95.28:10443
91.210.107.202:30252
91.210.107.202:443
91.237.124.162:443
91.245.255.64:443
91.245.255.99:443
91.92.245.27:443
91.92.245.65:4433
91.92.255.178:443
93.123.39.168:443
93.123.39.194:443
94.156.68.220:443
94.156.69.89:443
94.20.154.243:443
95.144.6.229:443
99.79.63.116:443

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2024-06-22)

http://149.28.147.99
http://149.28.153.80
http://195.123.219.150
http://45.32.128.142
110.175.49.3:443
121.45.71.8:443
139.59.161.102:443
144.34.163.218:443
149.28.147.99:443
149.28.153.80:443
159.65.114.122:8443
172.233.121.249:443
176.97.124.217:443
182.30.23.115:443
185.38.142.151:443
194.156.98.101:443
195.123.219.150:443
198.23.173.178:60012
20.51.213.216:443
207.154.199.92:443
35.209.99.39:443
45.32.128.142:443
45.61.135.31:443
45.77.190.71:443
5.181.159.86:443
5.252.177.220:443
64.7.199.244:443
74.119.193.120:443
81.43.20.223:443
91.231.186.203:443
98.66.154.97:443

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2024-07-07)

http://144.24.16.54
http://164.90.128.199
http://185.236.78.56
http://51.158.70.117
http://92.118.112.10
http://98.66.155.188
103.252.116.243:443
104.238.57.234:443
141.98.233.72:443
144.24.16.54:443
144.91.76.242:44300
146.70.113.159:443
146.70.113.159:50025
150.158.53.58:9200
159.223.0.103:42069
163.172.136.161:443
164.90.128.199:443
167.71.47.133:443
172.104.157.219:443
172.232.44.70:443
185.208.158.176:443
185.236.78.56:443
204.13.232.251:443
206.188.196.135:8443
220.133.126.65:8080
220.133.126.65:9200
34.155.186.128:443
34.163.119.131:443
38.147.162.174:443
38.180.7.161:443
47.94.110.53:9999
5.42.221.151:60606
51.158.70.117:443
52.59.102.101:23175
52.88.83.125:443
54.254.249.67:443
62.234.162.181:443
63.250.56.42:81
63.250.56.42:8443
63.250.56.42:88
66.70.202.83:443
77.105.142.52:443
8.220.193.117:7144
81.169.158.60:443
81.169.158.60:8443
81.19.141.238:443
81.43.24.131:443
81.82.57.202:55000
84.46.244.20:1999
85.215.215.94:41057
85.215.215.94:8443
88.2.202.148:443
91.92.241.13:8443
92.118.112.10:443
94.102.49.161:55001
94.154.34.100:443
94.156.68.252:8443
94.156.8.20:443
98.66.155.188:443
anchondrica.info
dev2.stocktok.io
ec2-13-233-144-170.ap-south-1.compute.amazonaws.com
ec2-13-235-248-157.ap-south-1.compute.amazonaws.com
ec2-13-235-8-98.ap-south-1.compute.amazonaws.com
ec2-15-206-164-202.ap-south-1.compute.amazonaws.com
ec2-175-41-143-87.ap-southeast-1.compute.amazonaws.com
ec2-18-153-179-54.eu-central-1.compute.amazonaws.com
ec2-3-84-126-255.compute-1.amazonaws.com
ec2-34-244-129-215.eu-west-1.compute.amazonaws.com
ec2-52-76-234-184.ap-southeast-1.compute.amazonaws.com
ec2-54-169-174-23.ap-southeast-1.compute.amazonaws.com
ec2-54-199-117-47.ap-northeast-1.compute.amazonaws.com
infodigitalbusiness.com
itconsultoriayseguridad.com
mybadsite.com
ossadmin.site
seetoo.ossadmin.site
senesolde.com
strykercp.com

# Reference: https://x.com/drb_ra/status/1811654200377385220
# Reference: https://x.com/9823f_/status/1811803065202167967

167.88.32.99:443
dawpa2000.com
giggitygiggitygoogle.com
goasi.com
halovoltage.biz
oakleyeng.com
t11.ca

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s.csv

http://101.42.21.172
http://104.208.90.240
http://104.248.0.193
http://146.70.71.176
http://154.64.253.182
http://20.243.212.181
http://20.3.244.24
http://210.2.169.247
http://27.32.139.82
http://34.253.213.248
http://52.136.201.239
http://54.255.248.29
http://8.138.98.254
http://80.82.77.211
http://94.232.249.73
101.42.21.172:443
103.185.44.231:443
107.191.57.153:443
109.164.100.56:1998
111.118.36.69:443
111.229.10.136:443
137.184.45.196:443
138.197.79.113:443
144.91.76.242:40056
146.59.15.195:443
147.189.168.82:6005
154.40.45.232:443
154.64.253.182:443
157.20.182.103:443
160.238.36.135:9200
164.92.235.130:443
170.64.131.82:443
171.33.119.178:443
172.233.85.110:443
176.96.226.8:443
178.128.53.71:8443
18.198.52.32:23175
185.140.12.198:8888
185.142.184.125:443
185.165.171.49:443
185.180.199.67:443
185.228.234.171:443
185.244.150.231:443
193.200.16.245:443
194.233.92.148:443
194.36.171.35:389
194.36.171.35:443
194.55.186.206:443
20.127.222.106:443
20.185.144.222:443
20.199.78.13:443
201.92.137.48:8081
210.2.169.205:443
23.123.90.188:443
23.95.61.136:61057
27.54.170.50:4444
3.89.81.54:443
34.253.213.248:443
38.45.65.99:443
38.45.65.99:8080
38.45.65.99:8443
38.54.4.112:443
38.54.76.41:443
4.180.20.2:8443
43.156.57.179:443
43.205.101.205:443
45.11.92.100:443
45.129.13.135:40000
45.15.143.151:8443
45.231.133.54:443
45.66.231.211:443
46.161.15.203:443
51.195.138.219:443
51.195.138.219:8443
52.205.241.18:443
52.207.232.114:443
52.237.200.231:443
54.153.244.10:443
54.255.248.29:443
64.176.219.139:443
65.20.70.73:443
79.110.49.51:443
8.222.235.145:443
80.211.228.62:443
80.82.77.211:443
80.87.206.197:443
82.180.133.1:443
82.223.120.182:443
84.247.185.157:443
91.92.252.73:443
94.156.66.181:443
94.232.249.73:443

# Reference: https://x.com/JAMESWT_MHT/status/1815399555183034464
# Reference: https://app.any.run/tasks/7662f569-af72-4c37-a1ed-f4ef3d14c0a7/

74.119.195.176:4443

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-08-03)

http://159.223.11.215
http://94.156.65.211
104.209.44.61:443
104.248.0.193:443
104.248.131.123:1337
104.248.223.131:40056
105.189.46.254:443
119.28.83.149:8443
122.114.198.43:443
137.74.197.73:443
139.84.139.17:443
142.171.31.154:10001
143.244.212.99:443
143.244.212.99:8080
146.190.72.88:443
154.38.167.90:443
158.247.198.34:443
158.247.203.218:8443
164.68.102.235:443
174.51.23.126:443
194.154.146.234:443
196.112.189.186:443
20.243.212.181:443
207.148.113.73:443
23.225.14.17:7443
3.80.74.240:443
45.131.46.215:443
45.131.46.228:443
45.66.231.137:443
52.31.123.152:40056
65.109.58.235:40056
66.70.202.85:9000
77.90.37.165:443
81.17.25.9:443
91.206.14.228:44511

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2024-08-10)

http://194.87.69.245
http://52.166.219.203
http://8.220.219.76
103.193.178.32:443
108.160.128.66:443
154.216.20.40:443
154.223.21.197:443
172.104.187.12:443
173.230.135.186:443
18.231.222.20:443
185.247.226.166:7443
194.87.69.245:443
194.87.69.245:53
200.234.228.208:8085
200.234.228.208:8443
3.6.115.182:18737
45.141.87.10:443
47.121.115.154:443
52.151.251.216:443
64.176.44.34:443
66.70.202.85:443
81.43.22.192:443
91.227.114.51:443
91.92.241.141:82

# Reference: https://x.com/HackingLZ/status/1824236568430690668

136.144.160.175:8080

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-08-18)

http://108.143.97.221
http://111.229.35.187
http://13.231.179.125
http://13.49.225.100
http://138.201.163.183
http://142.93.65.165
http://149.248.79.228
http://159.203.168.216
http://165.227.177.7
http://20.188.119.195
http://54.202.144.36
103.175.221.174:443
103.29.190.28:443
104.248.207.116:443
105.189.9.90:443
111.229.35.187:443
136.144.160.175:443
139.59.161.102:40056
142.93.65.165:443
142.93.65.165:8443
159.203.168.216:443
159.203.168.216:8443
159.203.168.216:9443
165.227.177.7:443
180.131.145.178:8000
193.122.89.13:7443
194.238.19.162:8082
195.200.4.244:443
198.7.124.125:443
2.201.175.217:443
20.188.119.195:443
201.68.220.23:8081
3.87.184.184:443
3.87.184.184:8443
34.220.13.70:443
36.229.191.191:443
37.27.41.167:443
45.135.180.100:443
45.158.13.30:443
47.116.165.7:443
47.99.83.224:443
62.233.53.224:443
66.42.63.166:443
68.183.155.253:443
70.34.222.167:443
70.34.222.167:50001
80.76.42.226:443
80.76.42.226:53
85.192.41.70:8443
91.92.245.253:10443
95.141.43.71:443

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-08-24)

http://162.55.40.203
121.127.33.23:443
122.51.240.117:6379
154.26.210.97:8080
172.214.182.168:443
192.241.157.109:8443
194.26.232.247:443
194.26.29.243:443
194.26.29.243:8443
198.23.173.178:7788
20.109.43.28:443
20.121.116.0:443
20.233.17.19:443
23.225.14.17:443
3.79.115.249:443
35.152.60.226:443
35.152.60.226:445
40.116.101.15:443
52.14.69.122:443
64.227.157.114:443
85.214.91.184:443
91.92.245.253:7443

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2024-08-25)

http://172.214.182.168
http://40.116.101.15
http://45.61.137.232
http://52.233.199.88
http://75.119.136.117
192.169.6.122:40056
20.109.43.28:8080
75.119.136.117:443

# Reference: https://x.com/malwrhunterteam/status/1829109740485349760
# Reference: https://www.virustotal.com/gui/file/71f409086f2c11bc9736d54810300bd3d5ea8e35f1f8610ca164440deb828de5/detection

nginx-imfi.fcv3.1197883384467965.cn-hangzhou.fc.devsapp.net

# Reference: https://blog.talosintelligence.com/threat-actors-using-macropack/

http://122.114.166.92

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-09-08)

http://13.81.120.19
http://137.184.244.10
http://143.198.143.45
http://165.232.130.11
http://18.197.128.230
http://20.109.43.28
http://3.79.146.22
http://45.61.137.180
http://52.58.188.221
102.135.199.82:443
106.75.226.114:9001
106.75.226.114:9010
118.25.19.148:40056
122.114.141.214:443
123.207.42.39:2083
125.124.188.121:40056
137.184.101.173:4005
16.171.150.224:9443
163.172.167.168:443
165.227.168.67:443
165.227.81.186:4433
167.99.82.188:443
170.64.192.242:443
170.64.225.124:443
170.64.254.168:443
172.236.19.11:443
172.86.75.37:8443
18.101.137.47:8443
18.102.61.167:443
185.141.35.22:2625
185.142.184.204:443
185.198.234.7:443
185.208.158.43:443
185.246.189.126:7443
185.26.96.208:7443
185.40.251.46:443
185.62.56.81:443
194.26.232.247:40056
20.3.244.24:443
20.4.75.5:443
209.208.110.104:8082
209.208.110.104:8088
3.86.94.200:443
31.220.80.82:8085
44.203.4.194:443
45.125.67.73:443
45.61.137.180:443
45.87.247.55:443
45.89.247.93:443
45.95.232.41:443
46.29.162.93:443
5.206.224.211:443
5.206.224.218:443
52.189.253.111:443
72.5.42.209:443
81.244.241.171:4443
98.71.215.235:8443

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2024-09-08)

http://122.51.240.117
http://172.236.19.11
http://185.198.234.7
101.42.21.172:8080
143.198.143.45:443
194.156.98.150:443
40.116.101.15:8080
91.92.241.141:8082

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2025-09-09)

http://23.88.32.34
172.232.142.127:443
194.165.16.32:443
47.76.26.254:443

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-09-14)

142.93.236.252:40056
142.93.236.252:443
207.189.164.112:443
45.152.64.245:443
45.66.231.229:443
54.93.40.26:443
89.187.28.133:443
91.92.247.158:9090

# Reference: https://x.com/banthisguy9349/status/1846945986435830037
# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-09-22)

http://13.93.69.87
http://169.1.16.29
100.42.189.154:443
146.190.230.162:443
15.161.134.59:443
152.250.151.174:8081
164.92.163.29:443
169.1.16.29:443
172.214.182.168:8080
172.233.121.249:40056
185.216.68.105:443
212.193.30.11:443
212.193.30.11:8888
3.91.193.187:443
4.196.75.0:443
45.89.126.26:443
52.230.23.114:8443
57.129.16.213:443
66.228.42.244:443
67.205.141.0:8443
8.209.253.194:443
8.219.169.226:443
89.22.234.92:8443
92.60.77.97:443
97.107.134.79:443

# Reference: https://app.validin.com/detail?find=f0003fecc5f9c8c2cbac&type=hash#tab=host_pairs_v2
# Reference: https://www.virustotal.com/gui/file/ae3b7072916b3897e67caa4fd01f589a18643d339e5138c3ba103c47219c0241/detection

103.106.228.51:443
13.51.193.253:443
138.197.18.143:443
145.220.74.141:443
146.185.22.149:443
147.78.103.165:443
167.71.175.190:443
167.99.197.178:443
172.211.39.141:443
18.133.180.232:443
18.183.146.250:443
18.198.246.147:443
185.112.83.110:443
189.126.111.158:443
194.147.71.19:443
20.2.251.56:443
23.106.223.105:443
23.95.169.23:443
3.101.103.197:443
3.110.162.232:443
3.111.47.205:443
3.125.58.130:443
3.81.124.194:443
45.56.75.204:443
46.101.70.245:443
47.253.151.200:443
54.158.117.186:443
54.198.14.125:443
54.248.210.150:443
54.81.29.31:443
64.227.157.239:443
65.0.99.75:443
69.30.249.150:443
81.165.145.181:443
82.156.127.143:443
87.120.117.194:443
94.156.104.75:443
103-152-255-69.cprapid.com
13-51-193-253.plesk.page
137-184-45-196.cprapid.com
137-184-45-196.ipv4.staticdns3.io
140.ip-176-31-163.eu
143-198-143-45.cprapid.com
161-35-239-147.cprapid.com
165-227-168-67.cprapid.com
18-133-180-232.cprapid.com
32182-37523.pph-server.de
42211-12936.pph-server.de
74.ip-51-255-45.eu
abbick.cc
accerte-grupopmzpromocaoparceiro.if00d.com.br
angry-rosalind.13-51-193-253.plesk.page
app2.t1.fabian-schneider.de
autodiscover.gosyslygi.su
autotransportcompany.info
bazcyber.ifood.tec.br
charlie-twice.suiteb.io
chase0line0010.duckdns.org
cloud1.cartiermarketingcloudserver.com
company.disco-la-cola.de
cpanel.chase0line0010.duckdns.org
cpanel.onlinechase000.duckdns.org
cpcontacts.chase0line0010.duckdns.org
cpcontacts.onlinechase000.duckdns.org
crazyskiller2024.com
cryptoschool.pro
csp.bulktrading.cloud
curriculodeantoniojosesilva.if00d.com.br
cyber.secur.fvds.ru
cyberdma.org
dashboard.t1.fabian-schneider.de
devinemillimet.authsharefile.com
disco-la-cola.de
dullis.disco-la-cola.de
early1.com
fmmudancas.com.br
foodguard-pro.com
frnkln.cloud
gaf.azureadsync.com
goodiegoal.com
grafana.mattera.io
ha.redethics.xyz
habib.inalum.web.id
hadoop-master.swintlsone.com
harnpden.co.uk
hev.ifood.tec.br
hugport.com
hyrule-nkucpgrm.cycura.ninja
icicidiirect.com
icicisecuriities.com
icicisecuritie.com
if00d.com.br
iglensonc2.com
imediatta-servicosdeseguranca.securityx.com.br
interatelleifoodsempre.if00d.com.br
ip85.ip-66-70-202.net
jokmaximbloggers.com
kafaka-node1.nikecloudsrv.com
lakawoot.xyz
live-account.early1.com
live-login.early1.com
live-outlook.early1.com
logicaliseifooddiversaogarantida.if00d.com.br
londen-insurance.net
mail.143-198-143-45.cprapid.com
mail.161-35-239-147.cprapid.com
mail.abbick.cc
mail.chase0line0010.duckdns.org
mail.onlinechase000.duckdns.org
mail.revshell.party
maxoutblogers.com
mc.lgbtqia.cab
mixedraceporn.com
moinhoeifoodmesjuninopromocao.if00d.com.br
mom1mall.com
ms-account.early1.com
msoobe.com
mvinteuil.xyz
my.early1.com
newyrgoalz.com
ns1.pantraveler.com
ohgreatstone.com
ohio.o365.live
onedrive.early1.com
onlinechase000.duckdns.org
onlineproxydata.com
pa1mall.com
pareciousness.08108570.xyz
peaklemoreblog.com
petzsupersecao-ifoodvouchercolaboradores.if00d.com.br
pma.disco-la-cola.de
pna-logicalis.if00d.com.br
poste-pay.confermazione-online-della-verifica.dns05.com
postepay.confermazione-online-della-verifica.dns05.com
pro.gestao21.eco.br
prometheus.mattera.io
purplenovembro.if00d.com.br
rec.solucaoambiental.eco.br
runtime.gphosting.de
seetoo.ossadmin.site
siptestasets.com
standoff365.site
strykercp.com
t1.fabian-schneider.de
tacticc.site
techspx.duckdns.org
test.waf.ovh
update.suiteb.io
updategenius.tech
use-datasystem.securityx.com.br
valentines.early1.com
vibrant-proskuriakova.185-228-234-171.plesk.page
vks18885.ip-176-31-163.eu
vmi1504073.contaboserver.net
vps-22ee9484.vps.ovh.net
vps-adb56384.vps.ovh.net
vps683982.ovh.net
webexcelsior.org
webmail.onlinechase000.duckdns.org
wiki.game-paradise.de
xn--caeem-kp1b.com
xn--mcdonas-vib.com
xn--netflx-t9a.com
xn--noo-k5y.com
z8h.lex.fo

# Reference: https://www.virustotal.com/gui/file/1be047069ed08063ba280dccc9fb13af6856e08f50f1ce52236bff434b0a4f4b/detection
# Reference: https://www.virustotal.com/gui/file/5eae4826346083deff47bbac8db86f3c1fd3deaaadf051d85e07a97388dcaa66/detection

http://181.215.135.141
181.215.135.141:443

# Reference: https://www.virustotal.com/gui/file/482a86391842a2b869ffd38af0dbfa96de7501a92986e644b54d8ae731bdaf64/detection
# Reference: https://www.virustotal.com/gui/file/ab963f165c5269b14b0275a2b25f2e1110a7e3ca903324e106701a4167026270/detection

http://84.201.150.223
84.201.150.223:443
84.201.150.223:8443

# Reference: https://www.virustotal.com/gui/ip-address/34.27.109.111/detection

34.27.109.111:443

# Reference: https://x.com/MichalKoczwara/status/1846625221505118382
# Reference: https://www.virustotal.com/gui/file/c22f0544e29c803d2cacbca3a57617496e3691389e9b65da84c374c90e699433/detection

finances-news.com
pushservice_api.finances-news.com

# Reference: https://app.validin.com/detail?find=f0003fecc5f9c8c2cbac&type=hash#tab=host_pairs_v2 (# 2024-10-17)

107.172.88.160:443
13.251.3.88:443
193.36.15.250:443
34.123.158.175:443
43.154.250.187:443
49.232.86.118:443
54.173.235.60:443
agistaging.dev
he110w0r1d.com
libreimport.com
melontech.io
revshell.party
ns1.he110w0r1d.com
update.revshell.party

# Reference: https://x.com/banthisguy9349/status/1854575385964368184
# Reference: https://www.virustotal.com/gui/ip-address/84.247.147.214/relations

84.247.147.214:8443

# Reference: https://app.validin.com/detail?find=f0003fecc5f9c8c2cbac&type=hash#tab=host_pairs (# 2024-11-09)

139-144-31-55.ip.linodeusercontent.com
204-48-21-144.ipv4.staticdns3.io
aadcdn.avina.cloud
aadcdn.fortinet.app
acadian.cc
account.fortinet.app
accounts-googleworkspace.com
admin.lmsdev.mygoodpeople.com
api.fortinet.app
api10.fortinet.app
appincloud.francecentral.cloudapp.azure.com
avina.cloud
capitalunionbank.co
crm.avina.cloud
dmresorts.co
dzss.in
getatrade.co.nz
gosyslygi.su
gulfcoast.college
h2875518.stratoserver.net
host-185-193-126-192.njalla.net
hostmaster.api.fortinet.app
htxss.buzz
login.avina.cloud
login.dmresorts.co
owa.gosyslygi.su
p001.falarmais.com.br
pianrun.online
pogito.com
portal.avina.cloud
portal.centralbank.bz
portal.fortinet.app
putrahostingxzzx.xyz
test.ticketsmasters.net
vps-8c99fe51.vps.ovh.ca
zynntzy.putrahostingxzzx.xyz

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-11-10)

http://13.251.3.88
http://136.144.220.174
http://164.90.141.45
http://167.99.197.178
http://170.64.239.90
http://172.211.39.141
http://172.86.75.51
http://173.46.80.38
http://178.32.106.144
http://198.46.190.142
http://212.56.32.90
http://23.21.86.233
http://3.38.251.220
http://34.146.88.47
http://34.238.110.222
http://35.230.85.16
http://40.114.246.167
http://46.101.85.96
http://47.253.151.200
http://5.255.118.31
http://62.68.75.16
http://67.217.228.206
1.94.148.96:443
1.94.254.230:8080
103.75.180.125:8080
103.82.101.180:443
108.142.143.153:443
109.138.141.153:443
109.166.233.139:40056
13.231.152.17:443
13.232.143.22:443
13.43.58.188:443
139.144.31.55:443
139.59.145.252:443
139.59.27.43:443
140.143.119.10:443
143.198.137.175:443
143.198.238.204:443
148.113.192.160:443
15.223.1.140:443
154.205.130.120:443
154.216.20.170:10337
157.230.119.230:21337
162.0.238.206:443
165.227.158.213:443
165.227.81.186:40056
167.71.160.223:443
170.64.160.51:8443
170.64.239.90:443
172.105.255.152:443
172.173.229.245:443
178.215.224.174:443
178.32.106.144:443
178.62.102.19:8000
18.118.215.209:443
185.174.101.203:443
185.186.146.228:4444
185.192.96.173:443
185.193.126.192:443
185.241.208.246:5555
185.246.65.149:443
185.26.96.208:40056
189.126.111.158:21
192.241.157.109:8080
193.36.15.253:443
195.10.205.144:443
195.26.227.204:443
195.7.4.41:443
198.44.174.39:443
20.166.251.45:443
20.2.211.79:40056
204.48.21.144:443
207.148.117.38:443
209.38.224.30:443
209.38.26.113:443
212.46.38.224:3389
212.46.38.224:443
213.109.147.20:3389
213.109.147.20:443
23.227.203.226:40056
3.136.231.230:443
3.38.251.220:443
3.80.117.23:443
31.13.224.32:443
34.222.149.67:443
35.181.93.190:443
37.228.129.37:7443
38.207.132.88:10002
38.242.135.61:443
38.54.86.240:443
38.55.193.28:443
4.201.154.55:443
45.13.227.200:443
45.14.226.17:443
45.141.139.164:4433
45.231.132.158:443
45.61.137.44:443
45.95.169.45:443
46.8.236.23:7443
5.101.4.196:9999
5.101.5.196:9999
5.181.3.6:443
5.34.176.172:443
51.79.68.233:443
52.191.13.175:443
52.72.240.160:443
54.146.41.133:443
62.169.22.60:443
62.234.2.127:443
62.68.75.16:443
64.225.28.140:8443
64.7.198.196:443
65.38.121.151:443
66.179.243.12:8880
66.78.40.136:443
66.85.92.8:2096
66.85.92.8:8443
68.183.123.72:443
70.24.242.42:443
72.18.215.108:443
74.208.249.109:8082
74.208.249.109:8088
76.204.56.154:443
77.81.139.58:4444
8.222.226.141:50056
8.222.226.141:50443
80.66.79.169:38472
81.161.238.253:443
81.4.100.39:443
85.192.42.132:443
85.198.109.226:443
85.214.64.117:443
87.120.126.153:443
87.120.126.175:443
87.120.126.55:10443
87.120.126.55:7443
88.120.202.79:443
89.23.107.27:443
89.251.22.11:2080
89.251.9.71:443
91.219.237.110:443
91.245.255.97:443
95.217.87.142:19888
96.73.26.29:4443
98.66.183.110:443
98.66.183.110:8443
98.66.183.110:9443
98.82.19.152:443

# Reference: https://x.com/k3yp0d/status/1856323584152490337
# Reference: https://x.com/k3yp0d/status/1856323591178010915
# Reference: https://x.com/N3wbound/status/1856350392071622770
# Reference: https://www.virustotal.com/gui/file/852135a46ec74fcb2d3b70989d318cc26ed894c58b77b11fccd127b1bdb948c5/detection

black-friday.homes
investments-management.com

# Reference: https://x.com/karol_paciorek/status/1859241811941752899
# Reference: https://www.virustotal.com/gui/file/9c2f38ff50e06b43727c0e61b0fb112c7a623d448f4eb213a68d46362ba9f5a6/detection

http://62.60.239.58
87.121.61.80:443

# Reference: https://app.validin.com/detail?find=f0003fecc5f9c8c2cbac&type=hash&ref_id=9acf05bd401#tab=host_pairs (# 2024-11-20)

http://136.144.166.132
http://138.197.105.230
http://141.147.89.33
http://143.244.191.43
http://145.239.43.135
http://154.216.17.161
http://159.89.182.136
http://167.71.140.220
http://180.188.179.113
http://181.215.134.108
http://185.196.11.26
http://185.255.179.150
http://195.123.233.245
http://195.200.30.173
http://199.193.153.16
http://20.49.161.16
http://44.199.252.247
http://44.208.162.116
http://46.38.233.113
http://80.78.24.206
http://87.120.116.153
http://87.121.61.80
136.144.166.132:443
138.197.105.230:443
141.147.89.33:443
143.244.191.43:443
145.239.43.135:443
154.216.17.161:443
159.89.182.136:443
167.71.140.220:443
180.188.179.113:443
181.215.134.108:443
185.196.11.26:443
185.255.179.150:443
195.123.233.245:443
195.200.30.173:443
199.193.153.16:443
20.49.161.16:443
44.199.252.247:443
44.208.162.116:443
46.38.233.113:443
80.78.24.206:443
87.120.116.153:443
87.121.61.80:443
45-14-226-17.cprapid.com
941999defaf6.seetiehost.de
adfs.fortinet.app
azurecloud.live
cheappricesforedmedicine.com
cohenandjudaflorda.com
dc-5483326c413f.seetiehost.de
dms.x-pt.net
fortinet.app
forum.seetiehost.de
git.geelabs.de
ip144.ip-178-32-106.eu
login.fortinet.app
marketsentinels.shop
securebank.nl
serviceaids.cohenandjudaflorda.com
v22018076557869542.ultrasrv.de
v2202409234927287665.happysrv.de

# Reference: https://app.validin.com/detail?find=f0003fecc5f9c8c2cbac&type=hash#tab=host_pairs (# 2024-12-15)

adoring-matsumoto.193-239-86-216.plesk.page
autologon.crsdorg.in
beautiful-antonelli.193-239-86-216.plesk.page
browser.crsdorg.in
cool-mirzakhani.193-239-86-216.plesk.page
dalgarint.info
dmrcorg.com
dreamy-keller.193-239-86-216.plesk.page
ec2-13-231-152-17.ap-northeast-1.compute.amazonaws.com
example.secure-d.center
ext.delightfulgrass-a1c0fe70.canadaeast.azurecontainerapps.io
friendly-curie.193-239-86-216.plesk.page
funkytimery.com
gallant-pike.193-239-86-216.plesk.page
gallant-wright.193-239-86-216.plesk.page
gracious-hellman.193-239-86-216.plesk.page
hopeful-wescoff.193-239-86-216.plesk.page
inspiring-ramanujan.193-239-86-216.plesk.page
jovial-galois.193-239-86-216.plesk.page
login.crsdorg.in
loving-blackwell.193-239-86-216.plesk.page
mail.172-208-106-5.cprapid.com
musing-tesla.193-239-86-216.plesk.page
ns1.lucidohq.com
office365.crsdorg.in
outlook-us.crsdorg.in
pensive-rosalind.193-239-86-216.plesk.page
phpmyadmin.geelabs.de
potatopetal.com
reporting.crsdorg.in
rt.mod0.ch
securemicrosoftonline.in
sleepy-khorana.193-239-86-216.plesk.page
troublenm.com
ulweb.club
vibrant-mccarthy.193-239-86-216.plesk.page
vigilant-shamir.193-239-86-216.plesk.page
wonderful-cannon.193-239-86-216.plesk.page

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-90day.csv (# 2024-12-15)

http://104.238.189.4
http://106.14.148.143
http://134.3.182.224
http://164.92.216.215
http://18.220.30.121
http://185.196.9.125
http://189.1.245.145
http://20.234.196.254
http://20.73.47.175
http://3.138.181.50
http://34.146.231.125
http://34.146.54.108
http://38.180.37.230
http://43.202.62.102
http://43.246.208.193
http://45.77.46.13
http://5.78.85.47
http://52.166.98.58
http://72.145.5.203
http://74.207.233.116
http://78.141.210.179
101.126.149.119:443
101.34.217.130:9999
103.29.189.125:443
104.194.134.254:443
104.41.34.16:443
124.126.140.208:8010
128.199.171.220:443
13.38.249.182:443
13.40.115.95:443
134.122.176.181:65312
134.209.85.138:443
138.201.163.183:443
139.162.48.242:443
139.59.237.172:4444
145.239.43.135:40056
146.190.238.73:443
147.93.130.19:443
148.113.181.169:443
149.104.23.212:443
15.228.13.190:443
150.109.254.194:443
158.160.59.214:443
159.65.6.251:443
161.35.182.190:443
161.35.50.104:443
162.33.179.44:443
164.92.225.122:443
165.154.100.7:443
167.172.29.103:443
170.130.55.240:443
170.64.221.254:443
172.191.133.229:443
172.208.106.5:443
172.235.60.145:443
176.123.10.109:443
178.215.224.174:40056
18.100.113.206:8443
18.226.96.112:443
185.137.122.62:443
185.196.9.174:443
185.25.50.107:443
188.166.194.114:40056
188.166.40.224:443
191.205.11.59:8081
193.239.86.216:443
193.37.69.63:443
194.3.165.55:443
198.12.107.149:4443
199.192.27.36:443
199.193.153.15:443
199.193.153.15:8443
199.193.153.16:2096
199.193.153.16:8443
20.197.13.21:443
20.234.166.153:443
20.234.196.254:443
20.56.14.162:443
20.83.27.106:443
20.90.112.111:443
213.252.232.209:443
23.92.30.15:9001
3.128.202.39:443
3.86.191.252:443
34.126.119.87:8443
34.55.255.130:10000
35.183.3.164:443
38.180.37.230:443
38.180.91.21:443
38.54.40.228:443
4.175.197.154:443
4.248.11.186:443
45.134.39.167:111
45.14.226.198:443
45.141.177.3:10443
45.141.177.3:7443
45.200.149.98:443
45.55.172.71:4443
45.55.96.141:443
45.61.136.65:22222
45.79.221.12:443
45.94.209.210:443
46.8.68.235:443
47.238.210.216:443
5.166.42.13:443
5.188.86.69:443
50.114.5.24:8000
51.136.16.65:443
51.89.22.146:8443
52.166.123.20:4444
52.188.186.207:8083
52.188.186.207:8084
52.188.186.207:8088
52.221.72.120:443
54.179.145.170:443
54.37.226.59:40056
54.79.166.152:443
54.91.103.9:443
57.129.16.213:40056
64.176.165.233:443
64.176.44.33:4444
64.227.122.252:443
64.227.157.239:40056
64.7.198.196:3389
65.109.238.119:443
66.179.243.12:8088
68.183.124.105:443
68.183.147.153:4443
74.234.130.253:443
77.105.161.192:443
77.105.161.202:443
77.238.233.217:443
78.141.198.64:443
8.147.105.89:443
8.213.43.1:443
80.109.230.6:4444
80.66.66.40:443
80.78.26.81:443
81.161.238.253:40056
81.43.25.202:443
81.43.27.187:443
84.46.244.20:1998
87.120.113.125:443
87.120.114.100:10443
87.120.114.100:7443
87.120.114.137:10443
87.120.114.137:7443
89.169.153.86:443
89.35.131.96:443
91.92.247.82:10443
93.113.25.40:443
94.103.87.98:443
94.156.69.92:443
98.66.183.110:7443
98.66.210.39:443

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-90day.csv (# 2025-01-02)

http://188.68.229.55
http://195.133.51.144
http://3.226.113.51
http://45.141.177.4
http://45.79.221.12
http://62.60.238.194
http://77.105.161.192
http://77.105.161.202
104.248.123.182:4443
121.36.198.211:443
121.41.130.182:443
13.55.94.79:443
136.144.160.175:40056
138.68.152.143:443
146.59.116.59:443
148.113.201.239:8080
165.154.32.94:443
165.232.164.245:443
165.232.75.214:443
172.190.218.195:8089
172.233.32.196:443
172.94.30.35:9000
176.188.105.70:443
179.60.150.151:443
18.101.28.182:8443
182.237.8.222:8443
185.196.9.125:39944
185.196.9.195:443
185.198.234.213:443
188.79.46.203:443
193.149.176.190:443
195.201.36.118:443
209.74.66.221:8443
211.21.110.252:443
217.163.28.202:443
23.227.203.210:7443
3.226.113.51:443
43.204.112.34:443
45.141.177.4:10443
45.141.177.4:7443
51.178.83.13:443
51.254.238.189:443
52.215.25.229:443
54.234.71.196:443
54.92.179.181:443
54.95.208.190:443
59.16.126.150:57172
62.133.61.78:443
64.176.162.142:443
72.5.42.220:443
80.78.27.159:8555
87.106.58.168:9443
89.110.99.169:443
95.179.233.26:443

# Reference: https://x.com/G60930953/status/1880712135980073320
# Reference: https://www.virustotal.com/gui/file/207b27f4f17802dc951b6300eaeeaed181ee7567526325f940e66242f54d3add/detection

https://47.250.118.131
47.250.118.131:443
army-mil.b-cdn.net
army-mil.zapto.org

# Reference: https://x.com/malwrhunterteam/status/1902710467341980017
# Reference: https://x.com/G60930953/status/1903769185743720903
# Reference: https://dmpdump.github.io/posts/Unattributed_Downloader_Cambodia/
# Reference: https://www.virustotal.com/gui/file/23d76c49128994d83f878fd08829d003c2ffcd063d03ec7ff1fe4fe41ffb36c3/detection

easyboxsync.com
live.easyboxsync.com

# Reference: https://app.validin.com/detail?find=f0003fecc5f9c8c2cbac&type=hash#tab=host_pairs (# 2025-04-20)

23-227-199-59.static.hvvc.us
23-227-202-132.static.hvvc.us
23-227-202-141.static.hvvc.us
23-227-203-148.static.hvvc.us
31033-50051.bacloud.info
45.120.60.34.bc.googleusercontent.com
79-72-70-85.dynamic.dsl.as9105.com
94-156-189-245.cprapid.com
account.fdwx.net
account.st4b4n.fr
accounts.youtube.gloggle.tech
ad.cf90.cc
ai.cf90.cc
autologon.farmandconstructionequipment.com
avtest.salsaspots.com
b.stats.st4b4n.fr
baiqingee.com
bifit.digital
bitcdemo-com.farmandconstructionequipment.com
blogger.farmandconstructionequipment.com
browser.farmandconstructionequipment.com
c.st4b4n.fr
c2ts.live
c6.st4b4n.fr
caixaoitopharma.parceirosolucoes.com.br
caoaa.xyz
caobb.xyz
caodd.xyz
carsrpg.online
cdn.fdwx.net
cdn.st4b4n.fr
company.fithiphealthy.com
device.login.st4b4n.fr
ec2-3-136-231-230.us-east-2.compute.amazonaws.com
etherreceipt.fun
farmandconstructionequipment.com
fdwx.net
fonts.farmandconstructionequipment.com
gemcoverinc.com
gemcoverinc.org
goetruehi.space
h1.redethics.es
hackmaster.fr
hiltonrp.fvds.ru
hnd.stats.st4b4n.fr
image2excel.shop
ip-96-126-124-158.cloudezapp.io
ip234.ip-51-81-171.us
ip85.215.173.244.pbiaas.com
iptv-reseller-internal.com
iuer.iioo.one
job.baiqingee.com
jolly-turing.85-215-173-244.plesk.page
live.farmandconstructionequipment.com
loader.yougame.biz
login-us.farmandconstructionequipment.com
login.fdwx.net
login.st4b4n.fr
m.st4b4n.fr
macpek.kohlandfisch.com
mail.94-156-189-245.cprapid.com
mcasproxy.farmandconstructionequipment.com
mein-bereich.com
myaccount.farmandconstructionequipment.com
mylogin.fr
notifications.farmandconstructionequipment.com
ns2.m113.ru
octdeploy.com
office365.farmandconstructionequipment.com
oitopharma.parceirodocontador.com.br
optimistic-leakey.23-227-202-132.plesk.page
outlook-us.farmandconstructionequipment.com
outlook.farmandconstructionequipment.com
outlook.st4b4n.fr
payu-doladowania.com
percoin.xyz
phpmyadmin.carsrpg.online
play.farmandconstructionequipment.com
projectbussiness.online
projectbussiness.store
projectdocs.io
proximus-me.com
qsdfar.live
repoman.io
salsaspots.com
sampahdo4.mahavpn.my.id
ssh2.smithsecurity.biz
ssl.farmandconstructionequipment.com
t.st4b4n.fr
teamdocumentation.com
thirsty-curran.85-215-173-244.plesk.page
ultraddam.co.kr
up.octdeploy.com
vds2309970.my-ihor.ru
vds2369972.my-ihor.ru
vds2386299.my-ihor.ru
vds2405267.my-ihor.ru
vertulfee.online
vmd163234.contaboserver.net
x007.xyz
z996.xyz

# Reference: https://x.com/NullPwner/status/1915467035037061578
# Reference: https://www.virustotal.com/gui/file/8e56af917cb649665d57b6b8a19ddaa5c814039e42c9e19e4464a0565e6c5450/detection

http://96.126.124.158
barrysploitbucket.s3.us-west-2.amazonaws.com

# Reference: https://x.com/smica83/status/1933222651964674377
# Reference: https://www.virustotal.com/gui/file/24004da32632b49dd4a17cd8bca6b6780d0a1d78e78b59bce704f88be91fbdc4/detection

login-sync.com
onedrive.login-sync.com

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-90day.csv (# 2025-06-14)

http://124.222.111.244
http://13.60.202.169
http://14.225.33.238
http://146.70.113.188
http://147.45.78.188
http://15.204.95.228
http://15.223.185.126
http://159.223.73.228
http://159.65.230.103
http://16.171.253.150
http://165.22.248.142
http://167.172.244.201
http://172.111.148.131
http://172.174.239.189
http://172.86.110.217
http://18.132.191.71
http://185.130.213.219
http://185.39.207.117
http://188.166.174.146
http://188.166.205.148
http://192.142.18.32
http://192.236.177.2
http://194.164.93.107
http://20.124.80.116
http://20.124.86.1
http://20.255.61.139
http://20.3.249.45
http://20.55.31.188
http://212.192.12.110
http://212.224.86.165
http://23.95.247.249
http://27.102.128.199
http://3.135.219.5
http://3.148.223.152
http://3.35.26.26
http://3.86.154.189
http://3.91.134.143
http://34.134.221.76
http://34.9.238.133
http://35.159.245.137
http://35.183.37.202
http://35.202.0.75
http://35.87.10.168
http://37.252.19.120
http://37.27.89.195
http://4.236.186.94
http://40.127.74.195
http://40.68.206.54
http://44.211.135.190
http://45.129.3.177
http://5.181.159.73
http://51.81.171.234
http://52.14.71.8
http://52.169.163.36
http://52.224.246.136
http://54.227.80.194
http://54.95.208.190
http://79.72.19.74
http://79.72.70.85
http://85.23.46.61
http://88.218.0.194
http://96.9.125.165
1.15.106.229:443
101.200.159.69:3389
101.33.81.86:443
103.159.50.30:443
103.179.191.112:4433
103.57.251.96:2096
103.68.251.174:4433
104.160.41.102:443
104.168.12.21:40056
104.194.152.74:8443
104.237.133.29:40056
104.248.5.186:8080
104.47.142.205:443
106.75.62.22:443
107.172.230.178:443
107.172.3.15:4346
107.191.49.250:9999
108.181.0.228:443
109.176.229.54:443
109.248.162.19:40056
109.248.162.19:4433
111.229.202.115:8443
116.204.211.132:30213
119.3.221.6:4444
122.51.240.117:60056
123.56.127.50:443
124.126.212.126:8010
124.220.235.28:443
125.234.108.28:443
129.148.50.133:443
13.201.30.7:443
13.201.30.7:8080
13.233.246.131:443
13.238.124.252:443
13.49.227.38:443
13.60.202.169:443
13.60.23.162:443
13.60.246.102:443
13.60.38.245:443
13.61.8.192:443
13.76.63.34:443
13.95.206.187:4424
134.209.157.90:443
135.181.172.67:443
138.124.180.209:443
138.197.32.49:443
138.199.216.110:2096
139.162.1.232:443
139.162.149.223:8001
139.64.172.67:443
139.84.132.65:8080
139.84.158.174:443
139.84.163.88:443
139.84.164.200:443
139.84.241.157:443
139.9.131.153:443
142.132.190.156:443
142.171.168.59:2053
143.198.186.79:443
143.244.181.199:443
144.126.207.185:443
144.172.94.131:443
144.24.88.88:30001
144.34.163.218:8001
146.190.173.119:443
146.190.173.119:8080
146.70.113.133:40090
146.70.113.188:8080
146.70.158.85:443
146.70.232.28:443
146.70.24.151:10443
146.70.24.151:15443
146.70.24.193:10443
146.70.24.193:443
148.135.106.227:8443
149.28.131.74:443
149.28.137.96:443
149.28.174.215:443
151.243.81.80:443
152.42.195.54:443
152.42.218.167:8443
152.42.219.50:443
154.146.241.246:443
154.205.130.180:2053
154.205.143.45:443
154.205.145.133:2096
154.205.145.208:40056
154.21.201.16:7878
154.21.201.16:8080
154.37.155.198:443
154.8.231.43:443
154.90.34.185:443
156.225.26.79:443
156.244.31.144:443
156.244.6.101:443
157.230.38.27:40056
157.230.93.200:443
158.180.231.221:443
158.180.232.131:443
158.247.202.163:443
158.247.243.20:443
158.62.198.120:443
158.62.198.124:443
159.100.30.181:443
159.13.56.149:443
159.203.143.205:40056
159.223.32.131:443
159.65.29.33:443
159.89.17.182:443
159.89.36.127:443
16.16.184.252:443
16.163.143.235:443
16.170.203.55:443
16.170.233.47:443
16.171.114.30:443
16.171.14.57:443
161.132.68.248:443
161.35.176.231:443
161.35.3.214:8080
161.97.138.238:443
162.248.225.187:443
163.172.178.82:40056
164.90.170.149:8000
165.154.112.80:3389
165.154.112.80:443
165.22.189.77:8080
165.22.248.142:443
165.73.102.186:888
166.108.207.55:4433
166.88.225.113:15443
166.88.225.91:10443
166.88.225.91:15443
166.88.225.91:443
167.172.244.201:443
167.179.118.29:443
168.100.10.21:443
168.231.71.22:443
168.63.30.81:443
170.64.162.236:443
170.64.169.87:81
170.64.216.254:443
172.104.162.149:443
172.105.91.248:443
172.166.104.19:443
172.167.163.14:443
172.174.239.189:443
172.178.115.148:443
172.187.178.33:443
172.190.116.65:443
172.191.137.101:443
172.191.35.117:443
172.201.216.161:443
172.205.115.95:443
172.233.65.36:443
172.234.115.91:40056
172.86.110.114:443
172.86.110.217:443
172.86.113.200:443
172.86.116.76:443
172.86.75.168:443
172.86.88.65:443
172.86.97.13:443
172.94.30.35:8443
173.212.208.95:443
173.237.206.178:443
173.249.198.224:26678
173.249.45.65:443
173.249.52.37:443
176.123.4.184:443
176.31.163.88:443
176.57.150.105:4443
176.65.137.250:443
176.65.138.231:8082
176.65.143.133:443
176.9.29.148:443
177.68.42.191:8081
178.255.222.6:443
178.32.113.93:443
178.62.48.123:8000
179.43.172.173:443
18.116.195.248:443
18.181.191.249:443
18.184.225.196:443
18.189.194.55:9090
18.228.31.163:443
18.97.23.200:443
18.97.23.201:443
180.188.179.113:40056
185.10.68.146:42069
185.10.68.146:443
185.101.38.7:443
185.112.147.18:443
185.118.79.175:5000
185.14.30.133:443
185.143.241.98:443
185.177.239.155:443
185.177.59.217:443
185.193.126.20:443
185.193.127.252:443
185.196.11.90:443
185.203.118.105:7443
185.208.156.157:443
185.208.159.245:40056
185.208.159.245:443
185.215.54.195:443
185.233.166.195:443
185.233.166.66:40088
185.241.208.247:443
185.43.5.227:40156
185.43.5.227:443
185.5.124.254:445
185.7.214.128:8080
186.212.27.148:8081
186.212.31.203:8081
186.249.218.242:443
188.132.183.201:443
188.166.174.146:8080
188.166.205.148:443
188.225.9.121:443
188.68.229.55:8001
191.13.208.53:8081
191.13.60.126:8081
191.13.60.146:8081
191.13.60.184:8081
191.13.60.33:8081
191.13.60.99:8081
192.117.9.22:8443
192.144.179.101:443
192.153.57.116:443
192.248.152.197:443
193.233.203.26:8993
193.239.85.15:2083
193.242.184.179:443
193.36.15.250:9000
193.37.212.91:8443
194.48.248.71:443
194.87.220.47:443
195.158.82.221:4433
195.211.190.134:8080
196.189.21.66:443
196.251.117.165:4444
196.251.118.109:443
196.251.118.210:49998
196.251.118.210:8088
196.251.73.47:443
196.251.85.139:443
196.251.85.215:443
196.251.86.20:443
196.251.86.90:443
198.46.190.142:443
199.193.153.14:8443
2.39.10.26:443
2.57.241.105:443
20.121.51.90:443
20.124.80.116:443
20.124.86.1:443
20.190.118.69:443
20.229.185.124:443
20.244.94.209:443
20.249.208.141:443
20.26.234.252:443
20.51.130.180:443
20.55.31.188:443
20.67.242.112:443
20.92.165.192:443
201.27.179.219:8081
201.27.181.65:8081
201.42.217.177:8081
201.43.190.13:8081
201.43.190.174:8081
201.43.190.225:8081
201.43.50.139:8081
201.43.52.170:8081
202.61.192.161:4433
204.48.27.82:8443
206.166.251.139:443
206.188.197.197:443
206.206.76.72:25252
207.180.231.197:443
207.244.236.115:443
207.244.236.115:44567
209.38.136.123:40056
209.38.23.41:443
210.2.169.213:443
211.25.3.238:8080
212.192.12.110:443
212.224.86.165:8080
212.232.22.202:443
212.27.12.9:443
213.109.227.99:18333
213.209.143.31:8080
213.218.212.100:443
217.182.141.142:443
217.182.77.118:443
217.196.63.241:443
217.77.8.151:443
219.143.134.20:8010
219.143.134.210:8010
23.152.0.81:8089
23.184.48.240:443
23.184.48.4:443
23.227.199.118:11443
23.227.199.118:14443
23.227.199.118:15443
23.227.199.118:443
23.227.199.118:45677
23.227.199.59:10443
23.227.199.59:14443
23.227.199.59:15443
23.227.199.59:443
23.227.199.59:45677
23.227.202.132:12443
23.227.202.141:10443
23.227.202.141:12443
23.227.202.141:15443
23.227.202.141:443
23.227.203.148:10443
23.227.203.148:12443
23.227.203.148:15443
23.227.203.148:443
23.227.203.225:10443
23.227.203.225:443
23.254.201.207:443
23.254.215.118:443
23.254.215.118:445
23.88.120.188:40056
23.94.214.186:443
23.94.214.186:8443
24.11.76.114:443
3.107.91.52:443
3.120.200.27:443
3.141.7.174:5000
3.231.84.74:443
3.36.76.212:443
3.36.95.115:443
3.66.192.59:443
3.71.71.121:443
3.75.154.229:443
3.84.178.184:443
3.9.3.45:443
3.96.173.28:443
31.130.148.231:443
31.192.107.221:25143
31.220.80.82:443
31.42.191.74:443
31.57.228.28:8443
31.57.243.91:443
31.57.33.110:8080
31.59.186.9:443
34.134.126.120:443
34.170.250.223:3389
34.173.145.169:3389
34.219.245.253:10080
34.225.150.212:443
34.225.248.122:443
34.229.143.231:443
34.31.17.178:3389
34.59.157.246:443
34.59.157.246:60000
34.60.120.45:443
34.60.162.2:3389
34.68.63.205:3389
34.9.238.133:3389
35.170.182.125:443
35.177.77.164:443
35.223.112.67:3389
35.244.101.227:4443
35.84.3.139:443
37.252.19.120:443
37.27.89.195:443
37.59.108.112:443
37.72.168.146:15443
37.72.168.146:443
38.132.122.177:12443
38.132.122.177:443
38.134.148.106:443
38.180.137.18:443
38.180.141.143:443
38.54.115.190:47739
38.54.31.112:40056
38.54.68.38:2096
38.54.86.240:2096
38.54.87.29:4432
39.105.138.106:3389
4.157.247.247:443
4.232.129.60:443
4.234.160.148:443
4.236.160.76:443
4.236.186.94:443
4.240.2.164:8443
40.66.43.203:443
41.188.124.175:443
41.216.189.77:2096
43.128.130.252:443
43.128.147.70:443
43.129.40.31:443
43.129.41.152:443
43.134.185.202:4443
43.139.57.190:42567
43.139.57.190:50001
43.156.59.110:9998
44.197.118.25:443
44.209.63.85:443
44.246.108.245:443
45.10.41.105:443
45.114.60.56:8443
45.131.66.229:443
45.141.86.123:8443
45.141.86.94:443
45.146.234.153:443
45.154.98.173:443
45.155.69.107:443
45.195.197.1:5006
45.207.197.50:31001
45.38.20.246:443
45.55.123.49:443
45.61.132.47:443
45.61.137.211:443
45.61.151.127:2096
45.61.169.4:443
45.76.144.143:443
45.77.151.146:443
45.79.145.180:443
45.82.152.218:443
45.89.127.190:443
45.89.127.190:8080
45.89.127.190:8081
45.89.66.107:443
45.9.100.168:443
45.9.149.38:443
46.105.31.193:443
46.149.70.229:443
46.201.81.233:443
46.250.243.47:443
46.29.166.15:443
47.121.140.39:443
47.122.119.248:9032
47.236.125.49:443
47.236.177.123:443
47.236.177.123:8081
47.254.247.118:443
47.83.134.97:443
47.83.188.104:443
47.95.157.213:443
49.0.246.145:443
5.101.103.31:8088
5.101.150.252:443
5.161.207.95:8080
5.180.27.6:1443
5.188.33.181:8999
5.252.176.179:443
5.252.176.4:443
5.252.177.108:443
5.252.177.110:443
5.255.105.163:443
5.255.98.216:443
5.35.125.180:443
50.85.82.218:443
51.178.83.13:40056
51.20.83.11:443
51.21.171.165:443
51.21.219.123:443
52.165.19.23:443
52.212.234.248:10443
52.224.246.136:443
52.231.109.121:443
52.52.133.100:443
52.58.184.210:443
54.206.1.218:443
54.216.172.128:443
54.68.184.184:443
54.90.248.127:443
59.110.140.142:3389
60.205.139.49:443
62.113.118.24:443
62.113.59.30:443
62.113.59.30:8080
62.133.60.82:443
62.146.226.21:443
62.68.75.16:40056
62.72.36.127:443
64.176.54.73:443
64.23.163.5:8080
65.109.145.253:443
65.87.7.206:443
66.63.187.42:443
66.78.40.136:40056
66.78.40.163:46921
66.78.40.166:40056
66.78.40.166:443
66.78.40.197:443
69.62.119.97:8443
70.185.170.81:443
70.77.120.233:20443
70.77.124.96:20443
72.14.179.130:443
72.14.179.130:8080
72.145.5.203:443
72.5.43.114:443
73.45.177.209:443
74.176.200.142:443
74.235.56.15:443
74.249.102.229:443
75.119.159.249:8000
77.246.99.16:8443
77.83.198.61:443
78.128.112.209:443
78.135.93.218:443
78.135.93.218:8443
79.137.192.230:443
79.141.164.222:443
79.72.70.85:443
8.130.119.153:8080
8.130.15.174:443
8.130.171.18:8080
8.130.24.206:8080
8.155.58.138:443
8.213.228.20:4443
80.211.202.226:443
80.255.6.5:443
80.66.81.75:443
80.74.27.53:8888
82.115.18.229:443
82.153.79.9:443
82.5.33.90:443
82.5.33.90:50001
83.238.212.60:443
84.32.22.36:443
84.32.25.119:443
85.10.140.75:8843
85.10.144.98:40056
85.10.144.98:443
85.192.29.65:443
85.192.30.40:443
85.215.173.244:443
85.217.171.203:443
85.217.171.203:8443
85.217.184.73:443
85.217.184.73:8443
85.31.236.216:443
86.54.42.182:443
88.119.169.197:443
88.119.169.53:443
88.119.169.53:9001
88.119.175.233:443
88.89.218.240:443
88.89.219.131:443
88.89.219.235:443
89.40.31.201:443
89.40.31.203:443
91.107.135.69:443
91.200.101.43:443
91.217.91.153:443
91.231.186.41:443
91.245.255.53:443
91.84.97.102:443
91.92.128.17:443
91.92.128.3:443
93.113.25.26:443
93.183.81.23:4433
94.141.122.170:8443
94.156.144.8:443
94.156.144.8:8443
94.156.189.245:443
94.156.35.184:443
94.26.90.62:443
95.111.243.2:443
95.169.180.96:443
95.179.167.116:443
96.9.124.205:443
96.9.125.165:443
98.71.32.5:443

# Reference: https://x.com/G60930953/status/1939506390692774384

djlmwd9b-80.euw.devtunnels.ms

# Reference: https://x.com/skocherhan/status/1942045447515668972

http://178.62.48.123

# Reference: https://app.validin.com/detail?type=hash&find=f0003fecc5f9c8c2cbac#tab=host_pairs (# 2025-07-20)

112.ip-37-59-108.eu
116b1bac-dcea-42f0-befb-e4383be4037a.k8s.ondigitalocean.com
118.ip-217-182-77.eu
128-199-171-220.cprapid.com
13.201.30.7.nip.io
13.ip-51-178-83.eu
136-144-166-132.colo.transip.net
139-162-1-232.ip.linodeusercontent.com
139-162-48-242.ip.linodeusercontent.com
146.68.10.185.ro.ovo.sc
157-230-34-254.cprapid.com
167-172-29-103.cprapid.com
172-105-7-218.ip.linodeusercontent.com
185-143-241-98.verelox.com
185-170-58-214.cprapid.com
185-196-9-195.cprapid.com
193.ip-46-105-31.eu
23-227-199-118.static.hvvc.us
23736-47762.bacloud.info
246.157.59.34.bc.googleusercontent.com
28558-46574.bacloud.info
2c8b3f19-0325-4acc-a3dd-31a918e4dbf5.random.2-okta.com
360pressureshowerhead.info
37-72-168-146.static.hvvc.us
376c72920f94f48053da51102771f637.cheappricesforedmedicine.com
45-94-209-210.serversfinder.com
504e1a51.host.njalla.net
62.113.59.30.sslip.io
65.109.209.40.nip.io
85-10-144-98.colo.transip.net
88.ip-176-31-163.eu
941999defaf6.seetiehost.de
952cd7f5-55c2-472f-bc9d-08487ef75661.random.avina.cloud
952cd7f5-55c2-472f-bc9d-08487ef75661.random.fithiphealthy.com
96-126-124-158.ip.linodeusercontent.com
aadcdn.microsoft-onedrive.upgrade1.zip
aadcdn.microsoft.upgrade1.zip
aadcdn.mllcrosoft.com
aadcdn.secure-d.center
aadcdn.upgrade1.zip
ac58f930e9b4.cybervip.co.za
acc.crsdorg.in
acc.microsoft-onedrive.upgrade1.zip
acc.microsoft.upgrade1.zip
acc.mllcrosoft.com
acc.upgrade1.zip
account.avina.cloud
account.crsdorg.in
account.microsoft-onedrive.upgrade1.zip
account.microsoft.upgrade1.zip
account.miscrosoftonline.duckdns.org
account.mllcrosoft.com
account.secure-d.center
account.upgrade1.zip
accounts.accountsgoogle.loginlivemiscrosoftonline.duckdns.org
accounts.google.loginlivemiscrosoftonline.duckdns.org
accounts.secure-verifications.es
accounts.upgrade1.zip
accounts.youtube.upgrade1.zip
adfs.fdwx.net
admicrosoft.com
admin.fithiphealthy.com
admin.sentdrop.com
adviseur-oakk.nl
adviseur.adviseur-oakk.nl
amioelagfb.top
analytics.citrosucoeventos.com
api.adviseur-oakk.nl
api.upgrade1.zip
apis.upgrade1.zip
apm.vpce.gdw55e.microsoft-onedrive.upgrade1.zip
apm.vpce.gdw55e.microsoft.upgrade1.zip
apm.vpce.gdw55e.mllcrosoft.com
apm.vpce.gdw55e.upgrade1.zip
app.feds.cat
aprilmanagement.pro
auth.geelabs.de
auth.market-streams.com
autoconfig.payday.holiday
autoconfig.srv601012.hstgr.cloud
autodiscover.fithiphealthy.com
autodiscover.payday.holiday
autodiscover.srv601012.hstgr.cloud
azprod.northeurope.cloudapp.azure.com
bayareapublicschools.info
bdaegxwlvmr.cheappricesforedmedicine.com
beni.bigbankorg.com
bestmedicalcareers.info
bestoffersfortoday.store
bestsports.gamesandufabetpro.website
bim.opalvn.com
bithosting.store
blackteam.network
blogger.accountsgoogle.loginlivemiscrosoftonline.duckdns.org
bonusnewmember.fyi
burberryoutlet.store
business-activation.net
buyofferproduct.store
c11.wltstocknewsupdate.com
c2.ph4nt0m.fr
c2.zerotr4ce.online
caa9.ecologyqf.com
cdn.secure-d.center
cecbank.online
cectekpowersports.info
ci.yourcontentishere.com
classboard.njodin.com
cloud.services.market-streams.com
cloud1.bogdanna.com
codeload-github.com
connect-edge.francecentral.cloudapp.azure.com
consultoriaturistica.info
content.upgrade1.zip
cool-cartwright.193-239-86-216.plesk.page
cov.ph4nt0m.fr
cpanel.auth-key.duckdns.org
cpanel.fithiphealthy.com
cpanel.srv601012.hstgr.cloud
cpcalendars.fithiphealthy.com
cpcalendars.srv601012.hstgr.cloud
cpcontacts.fithiphealthy.com
cpcontacts.wltstockalerts.com
cpcontacts.wltstockinsights.com
csp.crsdorg.in
csp.microsoft-onedrive.upgrade1.zip
csp.microsoft.upgrade1.zip
csp.mllcrosoft.com
csp.upgrade1.zip
cytotec.payday.holiday
darumajapanesecuisine.info
dataset.acemap.info
detfec.com
device.login.microsoft-onedrive.upgrade1.zip
dock4.deneb.it
doe-gov.com
dulcidora.com.br
dumbtalks.info
e07f911c0939.techsoom.com
ec2-13-233-246-131.ap-south-1.compute.amazonaws.com
ec2-15-223-185-126.ca-central-1.compute.amazonaws.com
ec2-16-163-143-235.ap-east-1.compute.amazonaws.com
ec2-16-171-253-150.eu-north-1.compute.amazonaws.com
ec2-18-228-31-163.sa-east-1.compute.amazonaws.com
ec2-3-121-114-119.eu-central-1.compute.amazonaws.com
ec2-3-145-32-11.us-east-2.compute.amazonaws.com
ec2-3-35-26-26.ap-northeast-2.compute.amazonaws.com
ec2-3-81-124-194.compute-1.amazonaws.com
ec2-3-84-178-184.compute-1.amazonaws.com
ec2-3-85-192-21.compute-1.amazonaws.com
ec2-3-91-134-143.compute-1.amazonaws.com
ec2-34-219-200-70.us-west-2.compute.amazonaws.com
ec2-34-229-143-231.compute-1.amazonaws.com
ec2-35-73-179-148.ap-northeast-1.compute.amazonaws.com
ec2-43-202-62-102.ap-northeast-2.compute.amazonaws.com
ec2-44-211-135-190.compute-1.amazonaws.com
ec2-52-215-25-229.eu-west-1.compute.amazonaws.com
ec2-54-216-172-128.eu-west-1.compute.amazonaws.com
ec2-54-234-71-196.compute-1.amazonaws.com
ecs-121-36-198-211.compute.hwclouds-dns.com
elegant-bassi.193-239-86-216.plesk.page
enrollment.lancer-insurance.com
eu-mobile.login.st-micro.fr
events.api.microsoft-onedrive.upgrade1.zip
events.api.microsoft.upgrade1.zip
events.api.mllcrosoft.com
events.api.upgrade1.zip
exciting-goldberg.193-239-86-216.plesk.page
files.uksouth.cloudapp.azure.com
firsthandphilly.org
freemartialartsvideos.info
ftp.projectdocs.io
ftp.repoman.io
ftp.teamdocumentation.com
g-statistics.com
g.mllcrosoft.com
g.sst.microsoft-onedrive.upgrade1.zip
g.sst.microsoft.upgrade1.zip
g.sst.mllcrosoft.com
g.sst.upgrade1.zip
gdw55e.upgrade1.zip
genealogie.famillegautheron.fr
gerhtr.live
git.deneb.it
gitlab.geelabs.de
globalph.top
google.loginlivemiscrosoftonline.duckdns.org
gop.mllcrosoft.com
gophish.upgrade1.zip
gorillagamestudios.com
gstatic.upgrade1.zip
gui.crsdorg.in
gui.microsoft-onedrive.upgrade1.zip
gui.microsoft.upgrade1.zip
gui.mllcrosoft.com
gui.upgrade1.zip
h2952531.stratoserver.net
helpdesk.cecbank.online
heuristic-gould.45-77-46-13.plesk.page
hhd-repair.net
host-77-238-233-217.hosted-by-vdsina.com
hostmaster.api10.fortinet.app
hostmaster.fortinet.app
hotxxxteens.top
hsk-oray.app
hvc.adc-aero.online
hwsrv-1285168.hostwindsdns.com
hyperoutdoorssporting.info
img1.microsoft.upgrade1.zip
img1.mllcrosoft.com
img1.upgrade1.zip
img6.microsoft.upgrade1.zip
img6.mllcrosoft.com
img6.upgrade1.zip
incognitoradio.com
internal.delightfulgrass-a1c0fe70.canadaeast.azurecontainerapps.io
ip135.ip-145-239-43.eu
ip93.ip-178-32-113.eu
ipv6.172-208-106-5.cprapid.com
ipv6.srv601012.hstgr.cloud
jatekfejleszto.hu
jpeyem.com
jwt.cpyc.at
k-riverland.jpeyem.com
kara2000.info
kdc2k19.com
keraladesignchallenge.com
kgjxtnxcadasdg.pro
khs.parkeermijnsite.nl
kingsett.onboarding-support.com
korlazymax.net.afrihost.co.za
lachenes.com
leexsirzz.safepanel.my.id
lightning.coinigy.com
live.crsdorg.in
live.microsoft-onedrive.upgrade1.zip
live.microsoft.upgrade1.zip
live.mllcrosoft.com
live.upgrade1.zip
loadmoreporn.top
login-us.crsdorg.in
login.microsoft-onedrive.upgrade1.zip
login.microsoft.upgrade1.zip
login.mllcrosoft.com
login.my.gov.au.upgrade1.zip
login.secure-d.center
login.secure-verifications.es
login.secured-authentication.ru
login.securemicrosoftonline.in
login.upgrade1.zip
loginlivemiscrosoftonline.duckdns.org
lpcausa.com
lpmrsa.net
lucid-wilson.193-239-86-216.plesk.page
m.cheappricesforedmedicine.com
m.crsdorg.in
m.fithiphealthy.com
mail.103-152-255-69.cprapid.com
mail.167-172-29-103.cprapid.com
mail.185-196-9-195.cprapid.com
mail.cheappricesforedmedicine.com
mail.coinhako.us
mail.fithiphealthy.com
mail.fmmudancas.com.br
mail.google.loginlivemiscrosoftonline.duckdns.org
mail.secure-verifications.es
mail.srv601012.hstgr.cloud
market-streams.com
matildabailey.info
mbshop.tamsonvn.com
mcasproxy.crsdorg.in
meet.deneb.it
memoriesofmrsbarthel.info
menkamatkovi.info
meteoclok.online
microsoft-onedrive.upgrade1.zip
microsoft-servicesuite.com
microsoft.upgrade1.zip
midwesteyephysicians.info
mir-zhenshiny.info
mllcrosoft.com
mon-rhumatologue.pro
mta-sts.payday.holiday
musiklandniedersachsen.info
my.gov.au.upgrade1.zip
myaccount.secured-authentication.ru
myaccount.upgrade1.zip
n8229h55.sprintdatacenter.net
nc.sdfcloud.net
net-2-39-10-26.cust.vodafonedsl.it
news-api.co-th.info
nextcloud-f84ow4w00g4gg4g04wgk84wk.cloud1.bogdanna.com
node-leexsirzz.safepanel.my.id
nolvadex.payday.holiday
nortonware.org
ns.lifeinhealth.net
ns1.market-streams.com
ns1.penetore.com
ns1.securitygroup.pro
ns1.tictell.com
ns2.1da.be
ns2.ai-notification.xyz
ns2.app24.store
ns2.cashprofit.online
ns2.emailsharing.com
ns2.epicz.shop
ns2.hostmu00.store
ns2.market-streams.com
ns2.penetore.com
ns2.securitygroup.pro
ns2.tictell.com
ns3.market-streams.com
ns4.market-streams.com
objective-sutherland.193-239-86-216.plesk.page
office-mirror-ue.duckdns.org
office300.duckdns.org
office302.duckdns.org
office365.microsoft-onedrive.upgrade1.zip
ogs.accountsgoogle.loginlivemiscrosoftonline.duckdns.org
ok.microsoft-onedrive.upgrade1.zip
ok.microsoft.upgrade1.zip
ok.mllcrosoft.com
ok.upgrade1.zip
okta.microsoft-onedrive.upgrade1.zip
okta.microsoft.upgrade1.zip
okta.mllcrosoft.com
okta.upgrade1.zip
onlinecareershub.com
oog07m.easypanel.host
optimistic-beaver.193-239-86-216.plesk.page
out.microsoft-onedrive.upgrade1.zip
out.microsoft.upgrade1.zip
out.mllcrosoft.com
out.upgrade1.zip
outlook-1.crsdorg.in
outlook.crsdorg.in
outlook.microsoft-onedrive.upgrade1.zip
outlook.microsoft.upgrade1.zip
outlook.mirosoft.uk
outlook.mllcrosoft.com
outlook.upgrade1.zip
pakistan-itsupport.serveblog.net
pay.innotts.com
payday.holiday
payments.cecbank.online
pedantic-heisenberg.45-14-226-198.plesk.page
pentest-setup.eastus.cloudapp.azure.com
phpmyadmin.timeweb25.ru
picscoll.top
piecakeproductions.info
pinkveda.com
play.accountsgooogle.loginlivemiscrosoftonline.duckdns.org
play.upgrade1.zip
pornfilefolder.top
porntorage.top
portal.mirosoft.co.uk
portimujeremprendedora.com
practical-elbakyan.193-239-86-216.plesk.page
prroyalgd.org
ptst.sy.gs
ptst.syss.de
pumacapitalgroup.uksouth.cloudapp.azure.com
pumacapitalinvestments.uksouth.cloudapp.azure.com
rajendra-kc.com.np
random.2-okta.com
random.avina.cloud
random.fithiphealthy.com
rath3r.xyz
recruit.technology
redirect-mailgun.com
reporting.microsoft-onedrive.upgrade1.zip
reporting.microsoft.upgrade1.zip
reporting.mllcrosoft.com
reporting.upgrade1.zip
res.microsoft-onedrive.upgrade1.zip
res.microsoft.upgrade1.zip
res.mllcrosoft.com
res.upgrade1.zip
school-one.one
schumacher-onlime.de
scm.delightfulgrass-a1c0fe70.canadaeast.azurecontainerapps.io
season-event.com.tr
secured-authentication.ru
security.cecbank.online
securitygroup.pro
sentdrop.com
server.omidnerd.ir
shadow-flux.co-th.info
shopcanadianhandmade.pro
silly-yalow.45-14-226-198.plesk.page
sliv.ph4nt0m.fr
slutfolder.top
smtp.cheappricesforedmedicine.com
soc-team.de
solarwest.co.bw
sopc69.onelimited.my.id
srv15118837.ultasrv.net
srv601012.hstgr.cloud
ssl.microsoft-onedrive.upgrade1.zip
ssl.microsoft.upgrade1.zip
ssl.mllcrosoft.com
ssl.upgrade1.zip
sso.crsdorg.in
sso.microsoft-onedrive.upgrade1.zip
sso.microsoft.upgrade1.zip
sso.mllcrosoft.com
sso.st-micro.fr
sso.upgrade1.zip
sst.upgrade1.zip
static.148.29.9.176.clients.your-server.de
static.69.135.107.91.clients.your-server.de
supabasekong-v4080cgc4cgcks8k0k4004sc.cloud1.bogdanna.com
support.cecbank.online
supportcash.app
sweetdesignrelief.info
taiwanspinecenter.info
teenzboom.top
thailisting.net
thealert.info
thehypostaticunion.info
tictell.com
timeweb25.online
timeweb25.ru
toyota-treffen.de
traefik.gitlab.paps.pro
travelbrands.eaglecorn.org
travelbrands.onboarding-support.com
tro0per.linkpc.net
tulipadsflower.com
unifi.deneb.it
upbeat-chaum.193-239-86-216.plesk.page
updates.e-formsonline.com
upgrade1.zip
v220111041546360.yourvserver.net
v22015041947824569.yourvserver.net
vdi.acadian.cc
vegasvalleyshortsale.info
vi.metaphoreflowers.com
viagra.payday.holiday
video.on-demand.market-streams.com
vigilant-gagarin.193-239-86-216.plesk.page
vistageinternationals.info
vks14753.ip-37-59-108.eu
vks18937.ip-176-31-163.eu
vm4.deneb.it
vmi1920464.contaboserver.net
vmi2236147.contaboserver.net
vmi2283794.contaboserver.net
vmi2325880.contaboserver.net
vpce.gdw55e.upgrade1.zip
vpn.bithosting.store
vpn.docucal.com
vpn636567983.softether.net
vps-6cefb42d.vps.ovh.net
webdisk.fithiphealthy.com
webdisk.wltinvestnews.com
webdisk.wltstockalerts.com
webmail.detfec.com
webmail.fithiphealthy.com
webmail.srv601012.hstgr.cloud
welmkburberryoutlet.info
wltinvestnews.com
wltstockalerts.com
wltstockinsights.com
wltstocknewsupdate.com
wtvqingest.encoders.univtec.com
ww5.fithiphealthy.com
ww6.fithiphealthy.com
x.1da.be
x.cpyc.at
xn--57h.coinigy.com
xpornlinks.top
xqrs69.scwill.my.id
youtube.upgrade1.zip
zealous-cohen.196-251-73-47.plesk.page
zen.payday.holiday
zips.duckdns.org

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-90day.csv (# 2025-07-26)

http://113.45.177.81
http://145.223.69.2
http://188.226.220.215
http://194.69.162.205
http://213.218.212.100
http://34.100.150.65
http://34.219.200.70
http://34.44.118.54
http://35.244.112.145
http://35.244.127.70
http://4.213.161.104
http://52.23.67.10
http://54.188.179.41
1.12.248.6:8082
102.209.118.14:443
106.52.179.150:4433
106.54.206.169:443
107.152.45.119:443
107.173.9.50:443
110.42.229.59:443
110.42.229.59:7000
116.62.107.27:443
118.89.81.66:15432
118.89.81.66:443
120.53.14.145:443
124.222.111.244:7000
128.199.152.169:443
13.38.251.136:443
13.49.73.176:443
136.144.181.45:443
136.32.173.92:443
138.68.184.166:443
139.84.149.95:443
139.84.208.251:443
139.84.216.191:443
139.84.217.236:443
143.110.177.141:443
144.172.96.98:443
144.172.98.124:443
144.91.69.246:443
145.223.69.2:443
147.182.217.64:443
147.93.137.12:443
148.251.157.116:443
150.109.111.98:443
151.242.189.33:443
154.37.155.252:443
154.91.180.231:443
156.244.14.177:443
157.230.34.254:40056
157.230.38.27:13337
157.254.167.29:443
157.254.167.67:443
158.247.210.164:443
159.146.116.57:443
159.223.21.58:443
159.223.77.165:443
159.65.129.249:443
159.69.152.161:443
164.92.112.82:9999
165.154.224.234:8443
167.172.63.184:443
167.172.63.184:65533
167.86.110.155:443
172.233.44.144:443
172.236.1.218:443
172.86.84.43:443
173.230.136.136:8080
175.178.85.21:443
177.198.123.177:8081
178.128.48.155:443
178.159.43.123:443
179.145.47.137:8081
179.43.186.224:443
18.166.178.208:443
18.168.225.154:443
181.174.164.139:443
185.130.214.105:443
185.130.214.121:443
185.196.11.206:1000
185.196.11.206:443
185.250.207.163:443
191.13.231.91:8081
193.181.209.35:443
194.59.30.239:443
195.123.225.126:443
196.251.116.85:443
20.33.48.7:8080
201.92.134.212:8081
201.92.135.205:8081
206.189.13.43:443
206.189.32.112:443
207.180.213.79:52037
213.209.150.225:443
216.144.227.103:443
216.245.184.59:8443
216.252.238.44:34056
217.154.120.115:443
217.77.8.151:8443
23.227.199.118:12443
23.227.199.118:13443
23.254.215.118:441
23.92.20.65:443
27.102.132.202:443
27.254.164.212:443
27.255.75.137:443
3.121.114.119:443
3.129.217.57:443
3.141.12.40:443
3.145.32.11:443
3.64.144.241:443
3.76.252.105:443
3.85.192.21:443
3.90.201.175:443
34.134.239.46:443
34.171.56.100:3389
34.27.147.214:443
34.42.229.193:3389
34.55.116.150:443
34.55.12.52:443
35.170.185.100:443
35.180.37.142:443
35.181.43.130:443
35.224.191.236:443
35.244.127.70:443
35.73.179.148:443
37.72.168.146:45677
39.99.244.83:443
42.194.179.129:443
42.194.179.129:4433
43.138.209.230:443
43.162.116.108:443
43.254.132.241:443
44.245.0.39:10080
44.251.164.0:10080
45.152.84.192:443
45.33.73.196:443
45.38.20.86:443
45.76.155.161:443
45.76.187.58:443
45.76.253.74:443
45.77.231.137:443
45.77.254.96:443
45.88.76.50:445
45.91.201.244:443
46.19.46.99:8000
47.117.12.211:443
47.117.167.30:443
47.122.80.126:3389
47.122.95.37:443
5.166.42.9:443
5.181.2.21:443
51.15.193.108:40056
51.81.171.234:443
51.96.104.251:443
52.148.201.81:40056
52.167.137.175:443
52.43.0.86:10080
52.63.73.110:443
54.165.195.193:443
54.242.171.49:443
54.74.21.122:443
57.128.162.7:443
61.4.109.87:443
61.4.109.91:443
64.94.84.22:443
74.207.237.219:443
77.246.110.116:443
77.90.153.154:443
78.128.112.209:48965
8.130.113.207:443
80.149.60.140:443
81.43.20.0:443
82.66.75.169:443
83.7.213.183:443
88.218.0.198:443
88.88.255.180:443
89.117.123.250:8443
91.214.78.134:443
93.95.231.28:443

# Reference: https://www.fortinet.com/blog/threat-research/havoc-sharepoint-with-microsoft-graph-api-turns-into-fud-c2
# Reference: https://www.virustotal.com/gui/file/2fcf83c80bf77a388fad8b11afdef875d8ccb810c60e34377c4cee82daa26ac7/detection

hao771.sharepoint.com

# Reference: https://x.com/midnight_comms/status/1966618103023861883
# Reference: https://www.virustotal.com/gui/file/534af8897745ae7f6fc509d191bd66c28b3c5485b35fcaeeb50dbe6fb19060a1/detection
# Reference: https://www.virustotal.com/gui/file/ce6be19320eb7c037d2a65726bebd27f88faa99216d15362ad1941a744a0ea03/detection

91.245.255.43:17866
91.245.255.43:8765

# Reference: https://x.com/malwrhunterteam/status/1968946899039224197
# Reference: https://www.virustotal.com/gui/file/9036ae120b3e6cfccbd60440da5df402eaa8ea307fb62b42bea624ad34df7b24/detection

45.79.175.160:443
45.79.175.160:8080
bigtrashbandit.com
eternalpeaceflame.org

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-90day.csv (# 2025-10-05)

http://107.158.128.36
http://13.62.136.145
http://135.181.41.9
http://138.68.169.109
http://143.244.138.159
http://152.42.220.255
http://172.201.216.161
http://176.103.63.246
http://18.207.109.66
http://181.174.164.116
http://185.202.236.143
http://196.251.73.223
http://20.169.181.39
http://206.189.80.194
http://38.54.12.47
http://38.60.216.184
http://44.215.46.4
http://44.244.111.160
http://52.215.25.229
http://54.165.195.193
http://68.183.183.150
http://90.48.210.177
http://95.85.34.215
1.94.65.81:48956
103.235.75.42:443
103.235.75.42:8080
104.129.12.197:443
104.164.55.75:443
104.37.186.116:443
107.172.3.15:4343
107.172.3.15:4344
107.172.3.15:4345
107.172.3.15:4347
107.191.60.202:443
108.129.219.36:4443
117.247.198.235:443
13.216.130.82:443
13.239.199.169:443
13.37.220.47:443
13.37.250.113:443
13.39.23.222:443
13.48.106.87:8443
13.60.68.235:443
13.62.134.6:443
13.62.134.6:8443
130.193.41.75:443
134.209.151.104:8081
134.209.157.90:40000
138.201.85.33:8081
139.177.206.95:443
139.180.222.41:443
139.84.133.84:443
139.84.142.64:443
139.84.144.98:443
139.84.147.18:443
139.84.153.31:443
139.84.156.53:443
139.84.193.193:443
139.84.216.159:443
139.84.219.109:443
142.54.161.132:443
143.198.50.31:443
143.198.91.116:8080
144.172.108.175:56443
144.91.103.204:443
146.70.113.188:40056
146.70.113.188:444
149.28.129.77:443
149.28.157.225:443
15.204.95.228:40056
154.9.228.49:443
154.9.232.178:40056
157.245.109.89:8081
157.245.207.17:9999
157.245.54.105:443
157.245.54.105:8080
158.247.254.170:443
158.69.197.228:443
159.223.171.199:8443
159.89.198.249:443
16.170.232.86:443
16.171.159.253:443
16.171.254.61:443
16.171.5.39:443
170.130.165.178:443
170.130.55.204:37908
172.104.142.143:443
172.104.206.108:443
172.104.53.127:443
172.104.99.167:443
172.105.48.75:443
172.105.53.12:443
172.86.107.200:443
176.103.63.246:443
176.9.163.47:10443
179.43.147.87:40000
179.43.186.224:6566
18.119.67.85:445
18.231.126.146:443
185.126.237.188:443
185.157.160.127:443
185.168.129.114:443
185.169.180.220:40000
185.169.180.220:443
185.196.10.10:402
185.43.207.58:443
188.226.169.207:443
192.142.0.63:40056
192.142.0.63:443
192.253.248.18:8443
194.182.85.28:443
195.209.210.34:443
196.251.70.55:443
196.251.84.186:443
198.167.207.76:443
20.119.77.135:443
20.169.181.39:443
20.188.119.195:40056
20.42.107.78:443
202.71.14.166:443
203.161.41.158:8443
204.12.233.125:443
206.82.9.213:443
207.180.231.197:1337
208.85.21.245:443
209.25.140.16:4524
212.11.64.49:443
212.56.32.90:443
213.109.147.181:443
213.165.80.114:443
216.49.29.31:9002
23.227.199.58:443
3.106.249.233:443
3.110.210.126:8082
3.123.17.149:443
3.135.184.218:443
3.145.163.124:443
3.146.105.91:443
3.27.140.57:443
31.129.42.36:443
31.14.142.50:4000
31.14.142.50:9990
31.32.149.33:443
31.57.118.236:443
31.57.118.27:443
31.57.63.237:443
31.58.220.77:443
31.58.220.77:808
31.97.148.19:443
34.17.100.127:8080
34.203.198.198:443
34.220.66.55:443
34.248.206.212:443
34.47.138.207:443
34.61.132.78:3389
34.61.132.78:443
34.70.39.30:443
35.179.93.188:443
35.180.135.155:443
35.180.159.173:443
35.180.234.10:443
35.208.140.76:8443
35.213.179.117:50666
35.75.228.75:443
38.127.216.195:443
38.60.217.35:443
38.60.253.163:443
4.228.56.150:443
42.96.5.54:443
44.245.0.39:8080
45.12.254.27:8443
45.131.183.22:445
45.134.26.131:443
45.137.99.68:443
45.150.128.160:443
45.197.133.28:443
45.31.209.24:8080
45.32.154.228:443
45.38.20.240:443
45.59.124.82:443
45.59.125.26:443
45.76.184.41:8080
45.76.184.41:8443
45.76.47.75:443
45.77.248.240:443
45.77.31.47:443
45.79.175.160:40056
45.86.155.104:4434
46.17.57.37:2096
46.62.147.9:443
5.101.84.173:443
5.129.197.185:443
5.161.144.140:443
5.230.70.57:5555
5.35.85.225:443
51.20.53.225:443
51.21.194.182:443
51.83.76.197:443
52.14.250.59:443
54.163.75.207:443
54.46.100.212:443
54.66.50.36:443
60.204.225.69:40056
62.109.3.99:40056
62.113.59.116:443
63.178.148.142:443
64.225.126.237:443
65.20.109.42:443
66.63.187.17:443
68.183.183.150:443
69.166.223.19:8443
69.5.189.9:443
69.62.65.188:443
74.163.97.231:443
74.225.26.148:443
78.141.230.133:443
8.222.237.70:443
80.149.60.139:443
80.92.206.8:443
82.153.138.122:9090
85.23.245.182:443
85.239.63.3:443
86.106.85.191:443
86.106.85.80:443
86.54.42.217:40056
89.117.123.250:8000
89.238.176.20:443
91.149.222.151:443
91.245.255.43:6758
92.161.137.94:4443
92.63.97.16:40050
95.163.228.101:443
95.179.186.204:443
95.179.197.245:443
95.216.191.29:444
95.216.207.39:443
98.86.138.98:443

# Generic

/Havoc/payload/
/Havoc/payloads/
/havoc-handler.rc
