# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-09-08)

http://3.121.42.179
http://45.9.148.219
103.127.136.239:4444
103.131.149.2:11601
104.36.229.112:443
117.72.68.194:11601
122.114.11.231:11601
13.53.125.54:443
13.60.226.185:443
152.42.160.65:443
163.172.51.82:443
172.86.79.202:443
178.20.42.17:53
179.60.147.149:8081
184.107.5.46:11601
185.205.210.220:443
188.127.249.150:443
20.19.38.35:8080
20.19.88.240:443
20.234.58.105:443
20.70.141.228:443
209.151.144.94:444
217.155.41.50:443
3.9.177.224:443
34.147.39.137:443
38.54.117.71:443
43.201.14.128:443
43.206.219.14:443
45.61.134.19:4444
54.232.65.189:8443
62.0.84.172:4444
66.85.92.8:443
80.76.49.143:11601
88.119.175.234:11601
89.1.88.251:443
94.237.40.93:9999
94.237.57.199:443
94.237.58.45:9999
94.237.59.59:443
98.66.138.81:443

# Reference: https://www.activecountermeasures.com/malware-of-the-day-tunneled-c2-beaconing/

45.9.149.215:11601
91.92.240.71:11601

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-09-14)

13.49.65.37:443
139.162.231.59:443
139.177.196.67:11601
159.75.97.81:8888
20.82.190.146:8443
212.227.235.167:443
34.34.87.71:443
4.211.173.11:443
94.237.59.50:443
94.237.62.165:443

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-09-22)

216.245.184.61:443
27.96.43.135:443
3.22.206.184:443
34.32.223.236:443
38.54.125.192:443
80.76.49.143:443
88.212.254.55:443

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-10-13)

http://192.248.154.28
http://198.12.108.94
http://80.94.95.228
http://94.237.97.93
103.127.137.66:443
109.248.152.61:443
143.110.151.209:8081
157.230.194.28:8443
159.100.9.244:443
159.65.134.235:8443
16.171.200.124:443
165.154.224.216:443
167.99.194.187:443
176.153.187.139:8080
185.208.158.15:443
185.243.215.218:443
188.190.10.154:8443
191.239.121.206:8443
192.95.44.36:443
194.113.72.62:443
194.113.73.57:443
195.200.16.68:443
195.26.249.235:443
207.148.119.57:443
209.151.149.164:443
209.151.149.61:443
209.151.153.193:443
209.151.154.229:443
209.94.57.131:443
34.91.9.210:443
46.149.72.150:443
52.196.149.34:443
66.85.92.8:2222
77.30.170.77:2222
83.136.252.170:443
83.136.255.218:443
85.214.111.149:9443
87.120.125.34:443
94.237.25.172:4433
94.237.49.178:443
94.237.49.98:443
94.237.63.113:443
94.237.87.19:443
94.237.95.103:443
95.216.38.36:443

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-11-10)

http://139.162.199.96
http://15.188.203.126
http://185.200.221.11
http://185.200.221.14
http://198.74.55.123
http://34.95.31.36
http://45.80.207.21
http://45.9.149.121
http://87.120.114.78
http://89.110.89.63
103.136.68.237:443
109.248.147.146:443
122.167.169.4:443
128.199.1.65:8080
138.197.40.165:8443
138.68.169.109:443
139.177.179.242:443
141.164.55.214:443
152.168.169.90:8080
154.205.156.117:443
154.240.155.185:443
154.248.105.246:53
172.203.237.109:443
172.236.20.148:53
172.236.20.35:53
176.31.229.198:53
178.128.39.255:443
188.245.183.77:53
195.128.100.227:443
20.19.38.35:443
209.151.152.80:443
209.250.249.112:443
209.74.66.188:11601
212.47.72.182:53
35.178.213.117:443
35.179.163.207:443
38.175.178.108:443
40.71.175.233:443
41.102.212.124:443
41.103.173.181:443
5.45.101.5:53
51.83.68.102:443
51.83.70.119:443
69.167.7.156:443
83.136.254.149:443
83.138.55.115:443
86.125.233.221:443
89.110.119.89:443
91.152.207.138:8001
92.113.33.37:443
93.185.165.195:18519
94.156.189.154:443
94.237.50.246:443
94.237.67.145:9001
94.237.79.92:4443
95.111.203.158:4433

# Reference: https://hunt.io/blog/sliver-c2-ligolo-ng-targeting-yc

179.60.149.75:22913

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-90day.csv (# 2025-01-02)

http://107.148.51.185
http://107.189.15.149
http://137.184.197.155
http://159.65.173.230
http://167.88.165.145
http://185.200.221.13
http://203.161.43.189
http://209.160.113.86
http://81.161.238.245
http://87.120.126.52
103.82.133.208:3000
107.173.114.236:443
123.56.119.208:8888
128.199.1.65:443
128.90.116.115:443
128.90.145.195:443
128.90.43.224:443
13.231.61.164:443
143.244.129.125:9000
147.45.49.99:443
154.203.197.61:443
156.67.31.238:443
158.247.234.242:443
162.55.208.135:443
163.172.234.8:4443
165.232.191.96:23094
167.99.194.187:8000
172.205.209.3:443
172.233.40.238:443
18.185.7.210:443
185.181.4.54:443
185.82.126.147:7331
193.163.7.229:11601
193.233.48.31:8443
194.113.73.119:443
199.247.12.104:443
2.57.122.74:443
20.127.157.162:443
203.154.83.28:443
209.151.148.203:443
209.151.150.122:443
209.151.151.98:443
209.151.155.122:443
209.151.155.162:443
209.94.57.107:443
217.6.46.91:22
37.27.207.13:7443
38.110.228.180:9090
38.175.188.193:443
38.54.125.192:10443
45.151.62.110:8443
45.61.137.134:443
45.61.169.182:443
45.79.8.240:443
5.22.209.119:443
5.34.182.13:4443
51.137.64.209:2000
62.210.28.199:53
64.253.86.94:443
65.38.120.101:443
66.179.191.213:443
66.179.209.41:443
69.167.10.30:443
77.232.43.48:443
77.238.238.158:443
80.94.95.188:443
81.161.238.204:443
81.161.238.64:443
84.220.29.9:443
86.125.224.142:443
86.125.225.247:443
93.185.165.16:35247
94.237.31.4:443
94.237.42.228:443
94.237.56.191:443
94.237.58.33:445
94.237.74.225:443
94.237.86.125:444
94.237.87.68:443
95.111.194.173:443
95.111.196.96:443
95.111.197.16:443
95.111.215.79:9999
95.111.216.38:443
95.111.217.194:4433

# Reference: https://www.elastic.co/security-labs/betting-on-bots

38.54.125.192:8080

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-90day.csv (# 2025-06-14)

http://116.203.64.53
http://123.231.15.43
http://13.49.76.5
http://13.53.182.237
http://13.60.2.16
http://13.60.76.45
http://147.182.240.86
http://152.42.247.107
http://18.169.176.205
http://196.251.69.236
http://212.102.115.131
http://23.94.131.138
http://34.1.4.48
http://45.95.175.213
http://51.20.187.253
http://51.21.13.63
http://51.21.245.253
http://56.228.15.4
http://56.228.9.132
http://93.183.81.23
http://94.131.120.158
101.99.93.231:11601
103.1.186.205:444
104.248.242.121:443
109.248.6.228:4443
119.194.33.194:443
124.222.21.138:8888
128.24.106.255:443
128.90.116.187:443
128.90.116.226:443
13.43.185.127:443
134.122.74.160:8080
137.184.103.230:443
137.184.249.19:8443
139.162.191.44:8800
142.116.33.252:2222
142.93.169.192:443
143.110.241.184:443
143.244.129.125:443
144.172.130.202:443
144.172.85.46:443
147.45.116.128:10443
148.135.13.80:443
15.237.157.156:443
153.92.126.165:443
154.90.39.229:443
155.94.155.231:4443
157.230.239.122:443
159.223.171.199:8159
159.223.24.199:443
159.89.17.182:443
163.172.82.3:11601
164.138.240.26:443
164.90.155.43:443
164.92.182.67:1080
164.92.200.55:443
167.99.230.12:443
168.138.143.131:8443
170.64.133.136:11601
170.64.232.38:443
172.111.179.70:8443
172.86.117.98:443
173.211.70.180:443
176.122.27.90:11601
176.153.187.139:53
178.128.40.89:443
18.197.125.87:443
185.143.102.175:443
185.200.221.17:8443
185.217.197.146:443
185.226.64.62:443
185.233.118.120:1337
185.25.50.173:8443
185.253.117.61:8443
190.244.165.215:8080
191.234.214.190:8081
191.235.239.200:8443
192.142.18.119:443
193.107.109.228:443
193.124.33.210:8443
194.113.73.47:443
194.113.75.39:443
194.113.75.93:443
194.190.153.186:8443
194.190.153.50:8443
195.211.190.189:443
196.251.69.234:8080
196.251.70.157:443
196.251.71.164:443
196.251.73.75:443
196.251.73.90:443
198.23.171.159:443
20.19.35.167:443
20.206.138.78:8080
20.240.253.245:443
20.58.146.215:443
201.231.116.148:8080
206.189.104.65:443
208.91.69.165:443
208.91.70.156:443
208.91.70.160:443
209.151.151.46:443
209.151.153.100:443
209.151.155.52:443
209.160.113.106:443
209.94.56.13:443
212.192.14.160:443
212.34.128.168:443
213.163.199.138:443
213.175.37.212:443
213.226.127.102:58561
217.6.46.91:8081
24.47.111.124:443
3.147.238.142:40000
3.72.246.218:443
35.77.218.134:443
37.221.67.141:8000
37.35.109.48:443
38.146.27.227:443
38.60.198.152:8443
38.80.148.157:4443
44.193.74.83:443
45.131.40.108:10001
45.151.62.158:8443
45.227.255.78:58325
45.63.43.75:443
45.77.132.130:443
45.80.207.21:443
45.88.91.105:443
45.9.148.101:443
45.9.148.136:443
46.121.26.40:4433
46.30.43.114:10443
48.211.166.74:9001
5.101.50.94:40013
5.22.212.127:443
5.22.212.142:443
5.22.213.130:443
5.22.213.153:443
5.22.214.87:4443
5.252.177.19:443
5.253.59.23:443
51.124.96.148:443
51.159.190.222:9001
51.250.98.202:443
51.77.200.184:443
51.79.250.104:443
54.232.65.189:443
54.248.160.170:445
54.72.11.37:8443
57.151.97.112:443
64.227.42.199:443
64.23.196.40:443
64.44.42.92:8443
64.72.210.19:11601
64.94.85.137:443
64.95.10.251:8080
65.21.167.140:443
66.206.17.10:443
67.79.14.163:443
69.166.204.168:443
69.166.206.101:443
69.166.206.206:443
69.166.206.49:443
69.167.37.118:443
69.167.39.36:443
79.137.184.173:443
80.94.95.13:443
83.136.249.184:443
83.136.254.183:443
84.32.191.183:8888
85.193.84.85:4433
85.215.116.229:443
85.239.151.5:443
85.9.196.124:443
85.9.197.78:443
85.9.200.182:443
85.9.200.61:443
85.9.201.140:443
85.9.201.159:443
85.9.201.85:443
85.9.202.155:443
85.9.202.162:443
85.9.203.237:443
85.9.204.131:443
85.9.204.181:443
85.9.204.22:443
85.9.204.236:443
85.9.204.81:443
85.9.205.76:53
85.9.206.34:443
85.9.207.176:443
85.9.208.42:443
85.9.209.128:443
85.9.213.131:443
85.9.215.102:443
85.9.219.164:9999
86.242.93.59:8080
88.175.108.174:49152
88.214.25.73:8081
89.110.88.69:443
89.22.168.8:443
89.23.103.93:443
89.23.113.101:8443
89.23.113.129:11601
89.58.15.157:11601
91.84.100.59:443
91.99.10.2:443
94.237.123.113:443
94.237.26.49:443
94.237.48.16:5000
94.237.50.232:443
94.237.55.46:443
94.237.56.200:443
94.237.59.219:443
94.237.61.211:9001
94.237.62.139:443
94.237.62.92:443
94.237.63.140:443
94.237.82.43:443
94.237.90.131:9001
94.237.90.155:443
94.237.96.162:8080
94.237.98.160:443
95.111.219.197:4433
95.164.113.238:5000
95.221.46.227:443
98.142.253.97:443
98.66.168.144:8088

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-90day.csv (# 2025-07-26)

http://102.130.112.15
http://116.203.37.67
http://13.39.50.26
http://157.250.198.38
http://188.245.243.200
http://194.206.111.213
http://196.251.117.33
http://34.147.156.134
103.47.130.195:443
13.37.220.35:443
134.199.198.49:443
15.223.69.59:5985
152.168.213.12:8080
159.65.48.234:443
164.92.139.145:443
164.92.224.52:443
172.104.153.87:443
175.159.194.159:443
176.32.38.168:443
178.176.15.1:11601
185.158.153.13:443
185.253.117.61:443
188.227.16.2:443
194.113.72.110:443
194.113.72.117:443
196.251.83.107:443
198.50.245.203:443
20.19.83.232:443
20.5.129.212:443
203.161.38.57:11601
206.189.11.142:443
206.189.111.244:443
212.193.2.162:3389
3.25.148.164:443
37.157.155.205:443
37.18.27.27:443
38.80.148.157:443
4.201.193.160:8443
4.236.162.67:443
45.80.151.96:8443
46.101.119.100:443
5.178.96.115:443
5.22.212.43:443
51.79.165.150:443
52.252.27.196:443
57.129.82.162:443
62.0.121.162:8080
64.227.42.199:8080
77.105.161.30:6611
77.110.113.96:8443
79.80.159.45:8888
83.136.250.237:443
83.136.252.138:443
85.9.192.35:443
85.9.193.43:443
85.9.194.33:443
85.9.194.64:443
85.9.211.78:1234
85.9.216.81:443
89.22.169.22:443
89.22.237.85:11601
91.99.136.143:11601
94.237.120.100:443
94.237.120.76:9999
94.237.48.209:443
94.237.93.38:443

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-90day.csv (# 2025-10-05)

http://129.212.193.17
http://152.53.207.3
http://167.71.43.36
http://178.128.39.255
http://178.15.47.110
http://18.176.93.76
http://183.77.176.244
http://35.221.185.218
http://5.189.184.115
http://51.79.250.104
http://62.113.66.7
http://77.238.241.9
http://91.151.89.128
http://93.51.52.232
103.57.250.99:11601
104.131.190.132:65500
109.205.213.174:4443
128.199.233.192:11601
135.181.161.106:10443
135.181.173.184:10443
142.93.117.223:1234
144.172.89.79:443
146.59.153.194:8443
15.204.9.214:11601
15.236.226.221:443
152.53.49.222:443
154.127.56.153:443
157.173.222.22:443
157.180.25.196:443
159.223.171.199:1337
159.223.30.0:443
164.92.224.52:8000
167.172.150.156:8090
167.99.248.28:8081
172.174.238.109:443
172.233.145.245:41337
172.86.107.222:443
172.86.90.120:443
173.212.199.220:8080
173.249.13.174:443
176.58.115.59:443
176.9.181.194:4443
185.82.216.239:11601
191.96.235.19:8443
192.248.154.28:8080
194.164.245.180:443
194.195.213.191:443
194.59.30.11:443
194.59.30.187:443
194.87.137.150:443
195.114.193.30:443
195.227.50.251:443
196.251.72.158:443
198.13.40.144:443
2.59.134.223:11601
20.120.248.82:8081
20.213.217.142:443
20.80.251.169:8443
209.151.145.120:443
209.151.146.193:443
209.151.150.125:8080
209.151.154.121:443
209.94.62.9:8080
212.22.90.116:11601
213.109.163.166:443
213.163.203.220:443
217.117.32.90:443
217.6.46.91:8000
34.19.22.113:8081
34.203.75.116:5000
34.38.216.20:443
38.54.30.76:8443
38.54.33.31:443
38.54.45.13:443
4.246.233.163:53
45.155.108.82:8080
45.201.0.201:135
45.56.117.13:443
5.188.118.251:11601
5.22.215.100:443
5.22.215.171:443
52.243.94.26:443
62.169.29.174:53
64.176.9.135:8080
64.176.9.135:8443
64.227.123.42:443
66.42.49.55:26729
67.217.61.6:4443
69.197.186.237:8443
72.5.43.9:443
73.213.108.128:8000
75.158.42.85:443
77.238.241.9:443
78.140.223.27:143
81.169.197.173:53
82.23.146.215:8443
83.136.250.251:443
83.166.237.37:81
83.166.242.24:11601
84.200.192.179:443
84.247.182.55:8080
85.9.192.132:443
85.9.196.166:443
85.9.199.250:8082
85.9.207.164:443
88.21.3.229:8443
89.22.173.65:11601
91.207.183.197:11601
91.212.166.194:11602
91.99.96.66:443
93.115.203.87:8443
94.156.189.127:443
94.237.121.47:443
94.237.123.179:444
94.237.58.152:443
94.237.59.16:443
94.237.65.62:3306
94.237.89.51:443
94.237.93.183:443
94.237.95.180:8080
95.111.197.8:8888
95.214.181.235:8082
95.217.205.128:10443
95.217.97.220:443

# Generic

/ligolo-ng.history
/ligolo-ng.yaml
