# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: AlfaC2

# Reference: https://twitter.com/nahamike01/status/1627960015129841664

http://103.56.19.194
http://8.219.185.174
103.56.19.194:443
8.219.185.174:443

# Reference: https://twitter.com/g0njxa/status/1720071259294454119

http://163.172.131.9
http://51.158.75.109
103.146.179.89:8080
103.163.119.151:8080
104.168.133.197:443
109.234.34.16:8080
121.237.45.213:50050
130.61.188.252:8080
130.61.253.246:8088
139.162.115.96:8080
141.164.46.37:8080
143.42.18.74:8080
144.34.250.208:8080
146.70.149.22:8080
146.70.149.23:8080
146.70.53.136:8080
15.235.149.123:8080
154.12.42.177:8080
158.247.217.205:443
162.38.112.155:8080
164.90.178.138:8080
175.178.106.178:8788
185.10.68.111:8080
185.158.248.34:8080
188.40.50.55:8000
20.48.114.39:8080
206.189.36.249:8080
211.23.217.248:8080
212.193.62.78:8080
216.189.149.206:8080
222.95.44.103:50050
4.249.95.230:8080
43.138.37.110:8080
43.138.37.110:9090
45.14.185.146:8080
45.76.80.199:443
45.77.175.119:443
45.88.66.128:8080
45.88.66.159:8080
45.88.66.41:8080
45.88.66.61:8080
45.88.66.78:8080
49.233.58.224:9090
52.70.106.122:8080
54.249.95.230:8080
74.249.80.56:8080
74.57.71.175:8080
83.171.101.183:5051
85.206.172.151:8080
88.119.161.110:8080
94.228.112.147:8080
95.142.46.45:8080

# Reference: https://twitter.com/karol_paciorek/status/1726615986516938942

http://179.60.147.176
179.60.147.176:8080

# Reference: https://twitter.com/Tac_Mangusta/status/1729082425320600025
# Reference: https://app.any.run/tasks/843f239a-3c5e-422d-9717-2f5cb670bcfd/
# Reference: https://www.virustotal.com/gui/file/c97cd63b91e358e5e961d88ae7e54e836cd8072cfd04563742bd3f94f576b648/detection
# Reference: https://www.virustotal.com/gui/file/7e1aa8cea655bac81a5b4300c98419927baf2b1f4b85e7c7214e422d595922c9/detection

213.183.63.99:8080
agence-perinel.fr

# Reference: https://twitter.com/banthisguy9349/status/1735212305946689707

http://130.61.253.246
62.32.74.107:9000
/chaos/httpd
/chaos/systemd-serviceunit.service

# Reference: https://twitter.com/cyber_ra1/status/1783161656593555871

http://123.56.16.123
http://161.97.117.117
113.161.80.96:8080
117.20.108.15:10397
117.20.108.15:10398
117.20.108.15:10399
123.56.16.123:27017
123.56.16.123:33060
123.56.16.123:8001
123.56.16.123:8080
123.56.16.123:81
123.56.16.123:888
154.9.235.104:5985
154.9.235.104:8080
161.97.117.117:222
161.97.117.117:26738
161.97.117.117:27182
161.97.117.117:28016
161.97.117.117:3000
161.97.117.117:4002
161.97.117.117:4003
161.97.117.117:4008
161.97.117.117:4009
161.97.117.117:4010
161.97.117.117:6556
161.97.117.117:7200
161.97.117.117:8000
161.97.117.117:8080
172.9.165.216:8096
193.41.226.148:3000
193.41.226.148:8081
217.15.168.97:8080
46.10.180.67:8040
46.10.180.67:8041
46.10.180.67:8047
46.10.180.67:8057
46.10.180.67:8088
47.113.145.151:8080
47.113.145.151:888
47.113.145.151:8888
47.113.145.151:9090
89.58.16.251:2223
89.58.16.251:2224
89.58.16.251:2225
89.58.16.251:2226
89.58.16.251:57250
89.58.16.251:7443

# Reference: https://x.com/0Dayhta/status/1831758927165600159

209.38.190.93:8080

# Reference: https://search.censys.io/search?q=services.software.uniform_resource_identifier%3D%22cpe%3A2.3%3Aa%3Achaos%3Achaos%3A%5C%2A%3A%5C%2A%3A%5C%2A%3A%5C%2A%3A%5C%2A%3A%5C%2A%3A%5C%2A%3A%5C%2A%22&resource=hosts

http://212.227.211.88
103.56.19.194:8443
110.41.34.51:28080
145.239.90.35:8081
164.92.230.22:8080
167.86.96.96:8088
172.232.50.39:8080
194.158.209.132:4444
2.58.56.77:8080
213.252.245.22:8080
47.236.43.52:6240
8.135.112.178:59989
8.138.123.57:8080
94.131.110.106:8080

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-09-07)

http://159.223.62.95
159.223.75.130:9200
161.97.117.117:26773
207.154.253.206:443
51.120.7.79:8080
94.130.111.106:8080

# Reference: https://x.com/cyberfeeddigest/status/1839948093468340612

193.29.13.203:8080
2.56.126.204:8080
