# Copyright (c) 2014-2026 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: duperunner, dupehike

# Reference: https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2025-05-20-IOCs-for-AdaptixC2-activity.txt
# Reference: https://app.validin.com/detail?find=7c6372580a9e78e8caff7ba50ef859aa&type=hash&ref_id=9f05271ed4b#tab=host_pairs (# 2025-05-22)

192.153.57.9.sslip.io
23-227-203-191.cprapid.com
64.7.199.193.sslip.io
adaptcia.com
adoring-chatelet.46-21-153-154.plesk.page
am.itgno.ir
amounn.com
api2.utkic.ir
arvest.restoreasec.com
boursoacces.com
casaslab.com
community.christmas
doamin.cc
dtt.alux.cc
ecstatic-mcclintock.46-21-153-154.plesk.page
express1solutions.com
flashfrontlinefeed.com
frejuop.live
ftp-winscp.org
grasslandscapes.com
iorestore.com
ip189.ip-51-254-238.eu
joycas.live
livestreammax.com
ns1.ftp-winscp.org
ns2.ftp-winscp.org
nwzd-csg.com
orange3room.com
outofservice.ru
pushtruelab.com
regonalone.com
restoreasec.com
sunshinemoment.com
td.express1solutions.com
td.iorestore.com
td.restoreasec.com
td1.express1solutions.com
td3.express1solutions.com
tech-system.online
trucks-taxesrefund02.com

# Reference: https://app.validin.com/detail?find=ERROR%20404%20-%20Nothing%20Found&type=raw&ref_id=9fcec45d347#tab=host_pairs (# 2025-05-22)

172-235-52-96.ip.linodeusercontent.com
bbb-appwrite.jonkerdd.nl
bbb.jonkerdd.nl
darkgem.duckdns.org
dha-events.com
ethachu21.com
feutjezelf.jonkerdd.nl
fireservice.direct.quickconnect.to
ip87-106-112-18.pbiaas.com
jelly.gaiznco.dk
jonkerdd.nl
karwanonline.com
mail.main-amarayuk.store
main-amarayuk.store
pattysergio.com
proxy.jonkerdd.nl
streamlineanalytics.net
torrent.gaiznco.dk
vpn519529427.softether.net

# Reference: https://x.com/ViriBack/status/1930351693356548499

144.172.106.67:8000

# Reference: https://app.validin.com/detail?type=hash&find=7c6372580a9e78e8caff7ba50ef859aa#tab=host_pairs (# 2025-06-05)

103stintino.com
197pozzosannicola.com
aqpdftvbdnjfjoewtwoygc.103stintino.com
buenohuy.live
c0a7e95e92d640a8ad8dde629147d713.ddns.gcloud.gg
dumbsec.com
edilduesrl.com
emberjs.site
fabiomenichinimarmi.com
fe.firetrue.live
firetrue.live
lawyeravandia.com
moldostonesupplies.pro
schema17.com
security-research.ch
stintino.host
timbrificioarena.com
tworeniyabizneskurs.com
ue.buenohuy.live
vpn29.com
x6iye.site

# Reference: https://app.validin.com/detail?find=7c6372580a9e78e8caff7ba50ef859aa&type=hash&ref_id=3da1e49c681#tab=host_pairs (# 2025-06-13)

46-21-153-154.plesk.page
1874290-coinbase.com
518912-coinbase.com
689535ed-3.b-cdn.net
adaptix.redteamops.org
adaptixs.redteamops.org
am.mautau.live
appleeid.appleeusvrf.com.idealgroupco.com
auths-securpass-cartepass-assurances.xyz
avacore.tech
continuenetf.allstaffingsolutions.com
cs.xsjl7932.top
ct.nicepliced.live
dh.lokipoki.live
djakoidjatiguailiaipka.com
eliotdevelop.com
ev.veryspec.live
eztest.site
ge.gjkool.live
mautau.live
mingmoonorangepark.com
muatay.live
nissi.bg
novelumbsasa.art
old.bitcoin1004.com
picasosoftai.shop
regularisations-1507505075-contraventions-assurances.com
sign.in.apple.id.apple.com.verification.authentification-id.galaxyswat.com
ty.muatay.live

# Reference: https://www.security.com/threat-intelligence/fog-ransomware-attack

66.112.216.232:443
97.64.81.119:443
protoflint.com
amanda.protoflint.com

# Reference: https://app.validin.com/detail?find=7c6372580a9e78e8caff7ba50ef859aa&type=hash#tab=host_pairs (# 2025-06-25)

03.laurensgoedkoop.com
12.laurensgoedkoop.com
146-70-41-141.cprapid.com
167.88.168.160.sslip.io
167834.monovm.com
23-227-196-19.cprapid.com
38-132-122-198.cprapid.com
38.180.182.102.sslip.io
62165.cloud.hosted-by-virtualdc.ru
account.servcloudmsft.online
advh.servcloudmsft.online
api.pj1store.top
arminvananal.store
assil.xyz
autsh.servcloudmsft.online
azalarmachineszal.store
brightnight.live
cs.j31359931.workers.dev
dods.servcloudmsft.online
dsnjfkdsjkf29432.cqhwmy.com
et.nethops.online
fg.gjkool.live
freegames.freemyip.com
gdjianpeng.store
gestioneventos.net
gjkool.live
graithook.online
hen-sim.store
humansetred.shop
imap.netstore.net
in.ninetype.live
ir.brightnight.live
jdxsmt.com
joyhuias.live
kcaptcha-dev.click
login.servcloudmsft.online
mikrolipi.live
neromubusda.store
new.popylopy.live
ni.repjoin.live
nimoochi.shop
ninetype.live
o.servcloudmsft.online
od3.nimoochi.shop
outk.servcloudmsft.online
panggexxx9823.top
popylopy.live
pts-qc.store
repjoin.live
sautsa.servcloudmsft.online
saverara.live
sci.servcloudmsft.online
se.joyhuias.live
sece.servcloudmsft.online
sepstar-eti.online
servcloudmsft.online
smth.servcloudmsft.online
survlogin.servcloudmsft.online
t.servcloudmsft.online
tr.mikrolipi.live
ulup.servcloudmsft.online
usaa.servcloudmsft.online
va.saverara.live
vhg.servcloudmsft.online
xsjl7932.top
xxcdn.wuyoukm.top

# Reference: https://app.validin.com/detail?find=7c6372580a9e78e8caff7ba50ef859aa&type=hash#tab=host_pairs (# 2025-07-05)

23-227-199-53.cprapid.com
app.mahjongways2.xyz
celebrum-approuk.nl
diazsquare.com
electrum-sol.top
escueladeelementos.com
first.biosdmd.live
gh.kilopas.live
gh.nougouk.live
id-manulife.com
kilopas.live
mahjongways2.info
mahjongways2.xyz
mail.mahjongways2.info
nougouk.live
oauth2-sdrive-goocle.com
pressconferencesimulator.com

# Reference: https://x.com/CyberGhost13337/status/1945083485619716555
# Reference: https://www.virustotal.com/gui/file/b89e567949e9c47b4bae5f12f23a58944fba7cbba666e39ba9c7dc531ed8ccdd/detection

67.211.222.140:4455

# Reference: https://app.validin.com/detail?find=7c6372580a9e78e8caff7ba50ef859aa&type=hash#tab=host_pairs (# 2025-07-20)

146-70-24-153.cprapid.com
acn-it32.com
admin.mahjongways2.xyz
anysimpleword.com
api.mahjongways2.xyz
blog.mahjongways2.info
cdn.real-de.myddns.rocks
cg.likerpiker.live
demo.mahjongways2.info
demo2.mahjongways2.info
dev.mahjongways2.xyz
imap.netstore.com
isd.servcloudmsft.online
kuravluatinore.greajoe.live
localhost.mahjongways2.info
mail.gdjianpeng.store
mail.hen-sim.store
mail.pts-qc.store
mail.sepstar-eti.online
msd.servcloudmsft.online
notexistsdemo2.mahjongways2.info
outlook.netstore.net
pop.netstore.com
pop.netstore.net
postcorestat.nanatechs.live
purepowersolutions.us
quedastaji.firetom.live
scalagermine.adwinoe.live
sdad.rockuopa.live
sharepoint.unicredit.zip
test.0b0.pub
totihyo.live
windowsupdate.help
ywb.servcloudmsft.online

# Reference: https://app.validin.com/detail?find=7c6372580a9e78e8caff7ba50ef859aa&type=hash#tab=host_pairs (# 2025-08-08)

101.33.202.134:443
101.42.100.236:443
103.136.150.185:443
103.171.35.40:443
# 103.180.115.15:443
104.167.16.88:443
104.244.90.70:443
106.12.113.41:443
106.13.211.216:443
106.13.216.152:443
107.149.223.64:443
107.158.128.78:443
107.172.143.14:443
107.174.66.121:443
108.136.233.72:443
108.137.150.223:443
109.196.99.120:443
110.41.44.100:443
111.229.80.204:443
117.72.118.156:443
118.178.191.92:443
120.55.71.141:443
121.43.134.150:443
121.43.224.166:443
13.215.203.179:443
13.232.53.239:443
132.232.113.179:443
132.232.237.212:443
134.209.112.57:443
137.220.134.251:443
# 138.199.40.58:443
139.180.215.242:443
139.59.17.50:443
139.84.150.129:443
142.189.181.110:443
144.172.103.74:443
144.172.106.67:443
144.172.122.100:443
144.172.122.219:443
144.172.89.30:443
146.70.24.132:443
146.70.24.153:443
146.70.24.160:443
146.70.41.141:443
146.70.41.167:443
146.70.41.176:443
146.70.44.174:443
146.70.44.228:443
146.70.87.237:443
146.70.87.26:443
146.70.87.37:443
146.70.87.42:443
146.70.87.50:443
146.70.87.64:443
146.70.87.96:443
147.93.118.55:443
148.251.135.156:443
15.157.228.170:443
152.136.134.119:443
155.138.224.101:443
156.238.233.69:443
157.180.8.158:443
157.250.195.16:443
161.35.12.89:443
162.120.71.251:443
164.90.197.183:443
164.92.253.61:443
165.154.227.220:443
165.227.221.35:443
167.88.168.160:443
# 169.150.219.114:443
# 169.150.221.147:443
170.130.55.223:443
172.232.122.178:443
172.235.52.96:443
172.86.107.75:443
172.86.123.31:443
172.86.89.240:443
172.96.137.160:443
173.232.146.48:443
174.92.170.139:443
174.92.170.237:443
174.93.204.158:443
174.95.230.232:443
178.128.87.154:443
18.209.60.16:443
18.222.232.190:443
18.223.108.252:443
182.16.98.88:443
182.61.50.127:443
184.144.144.140:443
184.144.144.68:443
184.144.174.176:443
184.145.249.18:443
# 185.111.111.157:443
185.194.53.238:443
185.208.158.168:443
185.233.166.187:443
185.233.166.28:443
185.255.178.11:443
185.255.178.38:443
192.153.57.9:443
193.239.237.120:443
193.5.65.114:443
193.53.127.191:443
194.182.86.110:443
194.58.114.8:443
194.87.105.140:443
194.87.17.219:443
196.251.116.106:443
196.251.118.249:443
198.54.126.112:443
20.17.96.220:443
206.188.196.80:443
209.250.247.174:443
212.192.15.213:443
216.74.123.245:443
217.148.142.28:443
217.148.142.34:443
217.148.142.54:443
217.154.115.105:443
217.28.130.34:443
217.28.130.37:443
217.28.130.44:443
217.28.130.61:443
217.28.130.82:443
23.227.196.115:443
23.227.196.13:443
23.227.196.19:443
23.227.196.62:443
23.227.199.60:443
23.227.199.61:443
23.227.199.82:443
23.227.199.99:443
23.227.202.225:443
23.227.203.128:443
23.227.203.12:443
23.227.203.178:443
23.227.203.190:443
23.227.203.191:443
23.227.203.193:443
23.227.203.198:443
23.227.203.205:443
23.227.203.228:443
23.227.203.246:443
23.227.203.248:443
23.94.61.49:443
24.4.254.185:443
3.0.61.43:443
3.8.187.162:443
3.88.14.227:443
3.97.11.123:443
31.56.146.41:443
31.97.207.197:443
34.102.233.188:443
34.107.179.223:443
34.71.90.210:443
34.98.81.157:443
35.159.38.208:443
37.72.168.135:443
37.72.168.179:443
38.114.101.163:443
38.132.122.133:443
38.132.122.141:443
38.132.122.145:443
38.132.122.161:443
38.132.122.180:443
38.180.182.102:443
38.180.2.155:443
38.207.177.170:443
43.133.211.161:443
43.154.137.247:443
43.156.15.56:443
43.156.244.51:443
43.156.64.185:443
45.129.0.102:443
45.141.86.65:443
45.144.221.24:443
45.61.135.83:443
45.61.165.23:443
45.76.159.208:443
45.77.240.204:443
46.101.241.27:443
46.173.211.240:443
46.21.153.154:443
46.38.240.37:443
46.62.144.142:443
47.116.126.243:443
47.122.27.78:443
47.237.90.16:443
49.13.163.25:443
49.232.253.183:443
5.133.9.244:443
5.253.31.113:443
5.255.88.41:443
5.83.144.14:443
51.210.90.125:443
52.22.15.69:443
54.163.41.38:443
54.250.175.201:443
60.205.3.34:443
64.137.9.118:443
64.7.199.193:443
64.94.84.169:443
66.179.211.88:443
77.232.40.154:443
77.232.42.107:443
77.72.2.29:443
77.73.131.129:443
77.73.131.39:443
# 79.127.237.132:443
# 79.127.243.187:443
8.137.85.34:443
8.138.232.116:443
82.118.16.37:443
82.153.138.122:443
83.229.17.94:443
# 84.17.46.53:443
85.235.67.31:443
85.239.54.47:443
86.106.85.206:443
87.106.112.18:443
88.204.56.40:443
88.214.25.196:443
88.218.94.154:443
89.41.26.173:443
89.41.26.181:443
89.41.26.187:443
89.45.4.74:443
89.46.65.19:443
9.169.156.105:443
91.142.79.140:443
93.165.113.39:443
94.156.236.125:443
94.175.204.229:443
94.198.52.210:443
94.247.42.56:443
95.179.130.57:443
96.9.124.207:443
97.64.82.101:443
06fd4763-2.b-cdn.net
0a2f39f91fc127f8d.siliod.com
116811168.xyz
128-199-84-174.cprapid.com
139-180-142-221.cprapid.com
139-180-215-242.cprapid.com
146-70-41-182.cprapid.com
158-94-209-239.cprapid.com
165-227-221-35.cprapid.com
188-166-244-201.cprapid.com
188.166.244.201.sslip.io
198-74-56-253.ip.linodeusercontent.com
199.247.18.13.sslip.io
228.ip-37-59-103.eu
23-227-203-72.cprapid.com
24-144-87-226.nip.io
45645646.xyz
4c85b7a956c941bdb027792b8a194b94.ddns.gcloud.gg
4h.locompsrep.com
6f5d7c7b-d.b-cdn.net
75827d3b-9.b-cdn.net
7b8a6fbe-705f-4986-9dea-6277ebfbb3ec.cryptointel.art
84.20.97.83.ro.ovo.sc
99d07024-7.b-cdn.net
a.doibase.top
a.evrhub.top
a1.dd9899.com
a1.hh9899.com
a2.dd9899.com
a2.hh9899.com
a3.dd9899.com
a3.hh9899.com
aaa9538f-7.b-cdn.net
aadcdn.kandilandscaping.net
absb1t.easypanel.host
absolule.online
acc.kandilandscaping.net
acc.shredfilexfed.click
account.homeworkassist.org
account.kandilandscaping.net
account.shredfilexfed.click
adadhjo.top
adapt.joinppapa.com
adfs-godaddy-443.kandilandscaping.net
adfs-godaddy.kandilandscaping.net
adfs.kandilandscaping.net
admin.dcbank.net
admin.kubegroup.co
admin.zkporter.org
adobeacrobat.click
adv.southeastasia.cloudapp.azure.com
ae.veraslut.live
air-lync.office-online-store.com
airwrecker.vip
alibarokah.my.id
almanex.online
analyticsbrasil.com
anonswap.info
anonswap.live
anonswap.pro
anzemet.us
ap.idoltw.com
api.appgleappcsgcc.online
api.cspapeleriaonline.com
api.dcbank.net
api.healthcheck-cache.uk
api.kandilandscaping.net
api.microsoft-dns.top
api.microsoft-updata.link
api.naturgrup.com
api.nm.24-144-87-226.nip.io
api.otpbot.online
api.pannunzio.eu
api.proof-url.link
api.rce.zone
api.shredfilexfed.click
apm.vpce.gdw55e.kandilandscaping.net
apmcx4uore.cloudedgecdn.com
app.domaininfo.top
app.fly-vpn.app
app.live.lexrochat.com
app.rustture.com
asset.dcbank.net
autodiscover.detmir.store
autodiscover.waltherwolf.com
autodiscover.ztsec.ru
avld.tech
azureportal.dpdns.org
b.stats.homeworkassist.org
bacon.tigerlabs.net
baconpancake.oksigin.com
bandaliavondaerster.trapyyd.live
barjusagremico.liokasc.live
batman.vibia.io
battlebears.space
bbva-support.com
bh.ztsec.ru
bitcbet.com
blog.plumeriamode.com
blog.vadimdenisov.ru
bloomberg-finance.com
board-xyz.asia
bookstack.kubegroup.co
brasildatahub.com
broker.nm.24-144-87-226.nip.io
bw.spar-group.xyz
c2makkuro.com
c509e575-2.b-cdn.net
ca.joycallwest.live
cache.axiscybercore.com
cache.cdn-center.net
cake.officeproductsweepstakes.com
cdn.cloudrefresh.net
cdn.discord-games.com
cdn.micosoff.top
cdn.moraware.duckdns.org
cdn.r-tec.com
cdnupdate.online
cezplateb.com
chat.ductape.webcam
chat.live.lexrochat.com
chatbuilderwiz.com
chickenwaffles.bloomberg-finance.com
chippikinarpam.us
cho-it.de
cigikinikin.store
ckmtechnology.com
cleanguttersusa.com
cloud.googleapistatic.site
coin.gtamods.vip
coltbosshome.com
com.office-online-store.com
connect.mikata.ru
connectorteam.eastus2.cloudapp.azure.com
content-api.swappercrypto.info
content-api.swappercrypto.live
content-api.swappercrypto.pro
cookie69.portmap.io
copioustrade.com
cortexpaloaltonetworks.com
cpanel.chat-whatsapp-7xx4xrajabkp.duckdns.org
crecerapp.eastus2.cloudapp.azure.com
csp.kandilandscaping.net
cumulative-updates.com
cusrpaphilafirales.uewwss.live
dashboard.offshift.io
david-xf.de
dc.dcbank.net
dcbank.net
de.saraidesign.nl
deal.office-online-store.com
defender.office-online-store.com
demo.cryptointel.art
desqiscdn.com
detmir.store
dev.ttb-bank.com
dhcp-207-235-129-5.metro86.ru
diginexas.com
dilxzcukai.agcloud.my.id
dilxzcukai.shop-panel.biz.id
directpostecanada.com
discord-games.com
disslidaxiilels.dsllx.live
dixiepower.com-v2-status.com
dl.cryptointel.art
dns.csbilin.xyz
dns.office-online-store.com
docs.healthcheck-cache.uk
doibase.top
downloads.com-v2-status.com
dply.help
dsooeannnonunmea.com
ductape.webcam
dumbsec.space
dy.huyduy.live
edgeupdate.buzz
edtechproject.aliciabochnak.com
eduppage.org
elastic.proof-url.link
esperaliatosmatic.joakiaas.live
events.api.kandilandscaping.net
events.api.shredfilexfed.click
evrhub.top
ex-msedge.live
expatailurtegonias.ureet.live
f.fwuhs.com
fieldhub.day
figma.oktosign.com-v2-status.com
filmduty.com
fin27.pay-greensonsmower.com
finnminip.no
first.noapsls.live
first.noklaswo.live
flash-sale.office-online-store.com
flowerbuy.site
flowersniko.ink
francheskodevergation.us
ftldataanalytics.com
g.sst.kandilandscaping.net
galionbooster.com
gchq-github.com
gdw55e.kandilandscaping.net
genie.aws-notify.com
geoportal.kafcol.edu.np
gercekmedyumhocayorumlari.com
gesfankinerfukes.gfsks.live
gettingdrypress.top
github.proof-url.link
github.safe-url.link
googleapistatic.site
googloechhsbnbeoiasf.org
grafana.nm.24-144-87-226.nip.io
greenbaytourism.com
greensignal.vip
gui.kandilandscaping.net
gui.shredfilexfed.click
hakiimi.xyz
hasbiviragrendedson.reconrt.live
healthcheck-cache.uk
hikiritinati.store
hlrevue.com.office-online-store.com
homefront.casa
homeworkassist.org
host-185-193-127-211.njalla.net
host-5befd0ab.hostiman.com
hostproger.com
hreadleanihoiwer.hdrew.live
hv.qitlab.com.office-online-store.com
hyrpyrhetuuvintu.yrteuu.live
hyuyi7i.com
ik1.kubegroup.co
img1.shredfilexfed.click
img6.shredfilexfed.click
imgs.plumeriamode.com
infinnite.de
ip65.ip-51-178-207.eu
itmaintenance.ru
jekdessefakviaronur.kfdss.live
jicehaefilestericos.jackidrr.live
jolyfal.live
jsdeliver.info
juarewellengimpe.jangodkd.live
kaijin.chat
kaijin.cloud
kaijin.download
kaijin.support
kaijin.zip
kandilandscaping.net
kawaiicatlwy.cn
kellyroofing.us
kerimapenappi.us
kesleendibidenepaicer.klsde.live
kickolcoirticascs.kikccs.live
kobania.net
kstaesliestierrdirginesdas.kdsee.live
ktv365.cc
lakeimagingcenter.com
larissathephoenix.com
libnewtimes.com
live.kandilandscaping.net
live.shredfilexfed.click
locompsrep.com
log.muacinorgnetcm.online
login-live.kandilandscaping.net
login-microsoft.kandilandscaping.net
login.dedatech.info
login.dixiepower.com-v2-status.com
login.kandilandscaping.net
login.microsoft.optimismwednesday.org
login.office-online-store.com
login.office-works-bundle-codes.store
login.optimismwednesday.org
login.quantumpixelvault.com
login.shredfilexfed.click
loginrosso.real-de.myddns.rocks
m.dtscoutt.com
m365.microsoft.optimismwednesday.org
maclashiafajisatleser.maciasllc.live
mail.hyuyi7i.com
mail.muacinorgnetcm.online
mail.rsb-plan.com
mail.rt-ib.tech
mail.ztsec.ru
malaysiakini.it.com
marigold.officeproductsweepstakes.com
mcscindgccssd.online
metabase.kubegroup.co
micosoff.top
microcchipusa.com
microsoft-updateservice.org
microsoft.optimismwednesday.org
microsoftonline.office-online-store.com
microsoftonline.safe-url.link
monitor.dcbank.net
msync-ifm.com
multipathnetworks.com
mx20.saraidesign.nl
nearlogeordincam.asdloas.live
netmaker-exporter.nm.24-144-87-226.nip.io
news.bloomberg-finance.com
news.ttb-bank.com
ninpaerternitosen.nintr.live
nlasdaeeridatiasnica.niaslds.live
nm.24-144-87-226.nip.io
nnight.resolve.bar
notify.safe-url.link
ns.fortiwork.com
ns.sipazarets.com
ns1.d9s.xyz
ns1.mlcrosotf.com
ns1.sid-hacks.com
ns2.d9s.xyz
ns2.mlcrosotf.com
ns2.sid-hacks.com
ntc.tailee0733.ts.net
oci-bom.abirdey.com
office-online-store.com
office-works-bundle-codes.store
oksigin.com.office-online-store.com
okta.com-v2-status.com
okta.kandilandscaping.net
orangeapplerunt.online
orcacore.org
outlook.kandilandscaping.net
outlook.microsoft.optimismwednesday.org
outlook.shredfilexfed.click
outlooksts.kandilandscaping.net
owa.ztsec.ru
owncloud.kubegroup.co
owntracks.imanol.me
paitohongkongpools.com
panvenorbilis.moaiks.live
pay-greensonsmower.com
pay.greensonsmower.com
payadapt-220n2y26-155.prplstk.com
paymentbuckaroo.com
payroll.kakitangan.cam
payrollpanda.online
pbabexad.com
pcexolop.com
perf.giftster.com
pgevamenest.com
phagicelab.com
phocus.iten.es
pkihogirverse.com
plswhitelist.me
pmovajoxlyx.com
poletecisisa.com
portal.kandilandscaping.net
portal.takumablog.club
portal.thecameronjones.com
ppunago.com
prarituaro.com
pratibimblab.com
privacynotice.account.kandilandscaping.net
prometheus.nm.24-144-87-226.nip.io
prosuvetzen.com
protoflint.org
prtsuiai.cloud
pstorespro.com
pt.dcbank.net
pwn.ztsec.ru
pxuvopabaro.com
python-scripting.com
qallann-marketing.com
qe.quantumpixelvault.com
qhs.kawaiicatlwy.cn
qitlab.com.office-online-store.com
qq.rqelo.live
quantumpixelvault.com
rap.real-de.myddns.rocks
re.tresmes.live
real-de.myddns.rocks
reesiliyhosretios.reesyio.live
reporting.kandilandscaping.net
restalivarascl.retsaa.live
rgitrastoraes.rtgdsh.live
ricoocafe.com
roclaer.ro
roseme.club
rosha-sochi.tech
rpt03.r-tec.net
rsognetiaticaerpac.reoop.live
rt-ib.tech
rt-rb.tech
ru16.cdnflow.stream
rulikkastearles.resakk.live
ruthverenaweber.com
s1.downloads.com-v2-status.com
s1.kubegroup.co
salesforce.safe-url.link
sampledemo2.pilotgaeasrv.online
saraidesign.nl
sbencaliarteas.lopascw.live
scarasiltandiarteroken.assinc.live
scaropoestamina.gruoaww.live
scoporezidoes.bopasdw.live
secure.firmwaresync.com.tr
secureasel.com
secureitsecuritysolutions.com
sentry.dcbank.net
server.milkbanana1.store
shfooplaoq.cloud
shortion.online
shredfilexfed.click
sipazarets.com
siqehrefiarelliaforewdas.sqweep.live
skagents.webn.cc
skincarefiends.com
skype.office-online-store.com
slack-time.org
smartsotfpower.ro
spaeriefliersatetregan.treska.live
spar-group.xyz
sparraniwalitsica.rttduu.live
sperdirotrecoriander.bubledj.live
sq.anzemet.us
sreagletecinarices.regtehh.live
srv1.msvc-update.online
ssl.kandilandscaping.net
sso.azurecdnserver.shop
sso.kandilandscaping.net
sso.oksigin.com.office-online-store.com
sso.shredfilexfed.click
sst.kandilandscaping.net
stackforges.us
staging.admin.kubegroup.co
stan-company.tech
starbiarverajestand.grwee.live
startb.top
static.itcom888.online
statuscoiis-postescan.com
support.okardcare.com
support.proof-url.link
swappercrypto.info
swappercrypto.live
swappercrypto.pro
swappercrypto.world
swappercrypto.xyz
swarmpit.kubegroup.co
swavihontarenstar.mkascp.live
sylverixstrategy.com
tampabayclosers.com
te66a.vip
teams.office-online-store.com
termacneartorics.loakscs.live
test.kellyroofing.us
test.rewardlyapp.com
testarostellastaris.tressa.live
tihuloj.com
timeu.azure365.sbs
tirlagasrelavitariz.treuu.live
toyotaleasing.info
trasnfoncl.ro
trasnfond.ro
travaux-publics-laffargue.fr
trentdale.site
ttb-bank.com
ukn0w.com
umbalazz.org
umkm.enpitsu.my.id
unicredit.zip
update-ms-sec.com
updates.com-v2-status.com
urlprotection.online
vadimdenisov.ru
vip-api.swappercrypto.info
vip-api.swappercrypto.live
vip-api.swappercrypto.pro
vip.cloudflarer.cc
vks36658.ip-37-59-103.eu
vnjaepv8afnaj.keigo-bank.com
void.czyz.no
voyager420.com
vp.hakiimi.xyz
vpce.gdw55e.kandilandscaping.net
vpn657707099.softether.net
vpn903730403.softether.net
vroostiarigales.rttdoti.live
waltherwolf.com
web.cloudflarer.cc
webmail.cmjornalpt.cc
webstats.live
whovlocofergasindores.oodps.live
wippkreissaegen.com
wishingdots.saraidesign.nl
worldmailconnect.com
xuanlvwedding.com
y7.jolyfal.live
yourtencent.com
zkporter.org
ztsec.ru
zuopir.com

# Reference: https://x.com/Xanderuxsf5/status/1966107951661293977

43.209.175.55:7010

# Reference: https://threatfox.abuse.ch/browse/malware/win.adaptix_c2/ (# 2025-10-04)

http://162.55.189.96
http://185.253.117.61
http://43.138.186.236
http://45.129.0.102
http://68.64.177.177
101.35.211.3:4321
101.42.100.236:4443
103.106.230.53:5900
103.117.148.226:4321
103.117.148.226:4444
103.171.35.150:4321
103.171.35.150:4444
104.167.16.88:4321
104.238.57.149:4321
107.154.172.8:16010
107.158.128.78:4321
107.175.159.225:443
108.137.150.223:4321
110.41.138.224:3389
110.41.44.100:4433
111.230.163.105:8888
113.44.68.82:9898
113.45.177.81:4321
113.45.177.81:7788
114.132.238.70:8888
117.72.118.156:4321
118.178.191.92:8443
118.178.231.121:4321
119.91.66.244:8888
121.41.113.184:8443
123.249.103.174:44321
123.31.11.213:4321
124.70.144.47:4321
124.70.144.47:4444
128.199.219.80:4443
128.199.41.157:8080
134.122.57.235:4321
134.199.202.205:8443
137.184.201.126:4444
139.129.32.152:8443
139.196.160.235:8443
139.59.113.130:1024
139.59.17.50:4321
141.164.44.177:36580
144.172.103.74:4443
144.172.106.67:4321
144.172.106.67:4444
144.172.106.67:4895
144.172.116.106:1337
144.172.122.100:8443
144.172.122.219:4323
146.19.254.30:4444
146.70.24.160:43331
146.70.41.141:43211
146.70.41.167:43211
146.70.41.176:43212
146.70.44.174:43211
146.70.87.138:43211
146.70.87.237:43211
146.70.87.26:43211
146.70.87.64:43211
146.70.87.96:43211
147.93.155.118:4321
149.28.23.68:31337
149.50.135.215:49152
152.42.140.133:31337
154.223.21.252:443
154.223.21.252:4444
154.36.175.172:43211
154.91.180.29:41433
159.75.155.46:4321
164.90.202.243:4321
164.92.253.61:4321
165.22.119.30:4321
166.1.160.69:65523
166.88.61.58:1433
167.172.188.68:4321
167.172.72.28:8080
167.88.168.160:8443
172.234.86.225:4321
173.212.202.8:8329
174.138.26.222:4321
178.128.87.154:1234
178.16.55.52:8090
179.43.186.234:4321
183.66.27.19:58476
183.66.27.28:58476
185.193.127.211:4321
185.208.158.168:4321
185.239.238.191:443
185.241.208.218:4444
185.253.117.61:4443
185.28.119.6:4444
188.124.51.141:4443
188.166.224.28:31337
192.210.248.11:4444
193.149.176.112:4321
193.5.65.114:43211
194.62.250.101:49011
195.133.1.120:4321
196.251.115.132:4321
196.251.118.249:4433
196.251.71.228:43211
20.17.96.220:60000
20.234.49.186:4321
20.42.107.78:8443
202.182.124.254:5555
203.159.90.59:4321
203.159.90.59:4444
204.152.192.54:4321
209.250.247.174:4321
212.192.15.213:60000
212.34.145.146:4321
212.56.32.90:43219
213.109.147.51:4444
213.199.53.152:4321
217.28.130.34:10443
217.28.130.37:9443
217.28.130.61:8443
217.28.130.82:9443
23.122.222.92:5555
23.227.196.119:43211
23.227.196.13:43211
23.227.196.17:43211
23.227.196.19:43211
23.227.196.85:43211
23.227.199.37:4321
23.227.199.53:53262
23.227.199.60:43211
23.227.199.61:43211
23.227.199.82:43211
23.227.199.99:43212
23.227.202.247:43211
23.227.203.128:43211
23.227.203.178:43211
23.227.203.190:43211
23.227.203.191:43211
23.227.203.193:43211
23.227.203.198:43211
23.227.203.205:43211
23.227.203.213:43211
23.227.203.228:43211
23.227.203.246:43211
23.227.203.248:43211
23.94.111.229:4444
3.88.14.227:4321
34.22.85.55:4321
34.22.85.55:443
34.22.85.55:4444
34.22.85.55:6443
38.132.122.141:43211
38.132.122.145:43211
38.132.122.161:43211
38.132.122.180:43212
38.132.122.198:43211
38.242.155.163:4444
39.108.79.95:3389
40.124.180.118:4444
41.249.151.35:4444
43.140.221.154:4321
43.154.137.247:8443
43.156.15.56:4321
43.156.59.110:4321
43.156.64.185:4444
43.159.45.212:4444
43.159.45.212:5555
43.229.150.95:4444
43.255.159.28:4321
45.136.29.64:4321
45.136.29.64:4444
45.138.16.95:7547
45.144.221.24:1337
45.194.37.194:9595
45.61.135.83:9443
45.76.159.208:5000
45.88.109.34:123
45.94.47.152:8083
46.21.153.146:43211
46.21.153.148:43211
47.110.244.42:7001
47.122.27.78:54321
47.236.132.98:4444
47.99.196.178:7001
49.13.163.25:4321
49.233.215.17:5000
49.233.215.17:6000
5.129.235.207:4321
5.188.86.168:55364
51.178.207.65:443
60.205.3.34:8443
62.113.59.107:4444
62.141.44.37:8001
64.137.9.118:4341
69.5.189.15:4321
69.5.189.19:443
77.232.40.154:8085
77.73.39.176:4444
8.136.48.237:443
8.136.48.237:5443
8.136.48.237:6443
8.137.85.34:4321
8.138.96.41:50010
82.153.138.122:9091
83.229.17.63:443
84.46.243.167:10443
85.202.193.88:4321
85.234.100.245:4321
86.106.84.62:8080
86.106.84.62:8443
86.106.85.206:43211
86.109.75.149:443
89.41.26.181:43211
89.41.26.187:43211
89.45.4.74:43211
94.177.171.194:4321
94.198.52.210:3043
94.232.249.166:1443

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-90day.csv (# 2025-11-15)

104.145.210.204:4321
115.190.62.191:9999
154.38.187.64:8080
154.49.3.43:8080
162.252.199.16:4321
175.24.73.192:4321
178.16.53.135:4321
178.16.55.204:4321
185.105.88.5:54321
185.132.176.4:4321
185.241.208.218:4321
185.241.208.27:4321
199.217.98.110:4321
220.118.21.243:4321
23.227.203.92:43211
38.242.212.5:4321
4.209.183.220:4321
43.229.150.111:4321
43.229.150.69:4321
45.138.16.162:4321
45.155.53.153:4321
80.78.24.66:4321
85.215.57.133:8080
89.221.203.147:8080
91.214.78.11:4321

# Reference: https://threatfox.abuse.ch/browse/malware/win.adaptix_c2/ (# 2025-11-15)

http://54.46.18.227
104.210.107.111:4444
104.234.174.28:22222
113.44.152.64:10002
115.190.5.235:443
115.190.62.191:443
120.197.127.138:8008
141.98.10.99:4444
152.67.76.61:8443
155.138.162.86:24321
159.223.55.88:41337
165.22.159.5:4321
172.236.188.108:443
180.184.29.135:8088
182.254.171.19:4321
185.154.195.94:1337
185.241.208.218:4433
194.87.10.124:4444
206.189.107.207:4444
34.22.85.55:8091
4.209.183.220:4444
45.155.53.153:4444
47.236.194.231:1433
47.83.254.175:8083
49.235.43.89:4444
77.232.42.107:25789
79.133.46.74:65432
79.133.46.74:8080
8.136.48.237:8091
8.219.171.47:3306
80.253.249.102:4444

# Reference: https://www.seqrite.com/blog/9512-2/ (# duperunner, # dupehike)
# Reference: https://www.virustotal.com/gui/file/3ce5ab897b7f33bc1b9036abc8e7d2812b385fbab404dad686afaf9fb83fe07a/detection
# Reference: https://www.virustotal.com/gui/file/432974205e1ce4c1d2c0e6bf6ebfafd90f6c19451eec0485ac46beaf65247763/detection
# Reference: https://www.virustotal.com/gui/file/48b9f78899b8a3daaeb9cbf7245350a6222cbf0468cd5c2bab954c8dbbce3995/detection

http://46.149.71.230
195.2.70.190:443
46.149.71.230:443

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-90day.csv (# 2026-02-28)

101.42.255.92:6379
103.194.106.229:4321
103.245.231.83:4321
103.85.226.80:4321
107.189.17.247:1080
123.253.111.217:4321
128.199.84.174:49132
141.8.199.207:4321
147.182.187.2:4321
150.109.63.68:64443
154.219.123.95:4321
165.232.126.106:4321
172.104.188.247:9999
172.233.1.83:1234
172.93.218.252:7777
180.76.103.69:4321
185.84.160.189:4321
188.166.244.201:4321
193.149.176.45:4321
194.233.73.173:4321
194.87.55.166:4321
195.178.110.232:5555
2.56.214.177:1080
20.157.116.151:8000
209.74.95.185:4321
217.60.249.120:4321
23.105.252.167:43211
23.227.202.4:44555
27.223.85.234:58001
43.103.2.130:6443
43.134.163.224:4321
43.153.40.135:9200
45.129.230.38:4321
45.155.53.136:4321
45.81.243.52:4444
45.87.43.189:4321
46.17.40.191:4321
46.250.233.154:4321
49.235.43.89:4321
50.116.52.26:4321
62.60.131.49:4322
64.7.199.35:4321
66.154.109.89:8088
68.154.52.76:4444
68.64.178.201:54321
69.5.189.149:5985
69.5.189.243:2374
72.61.97.211:1080
74.48.170.130:4321
8.219.93.226:4321
91.107.63.52:4321
93.113.180.31:4321
93.123.39.215:4321
94.154.172.221:4321
94.177.170.33:4321

# Reference: https://threatfox.abuse.ch/browse/malware/win.adaptix_c2/ (# 2026-03-24)

http://46.19.66.166
1.12.42.37:31092
103.179.66.86:4444
103.212.186.69:4449
103.231.174.35:6443
103.73.161.139:4321
103.85.226.13:4444
104.224.155.130:4444
104.233.162.77:2053
107.149.142.169:4444
107.174.53.198:4444
107.189.16.142:443
109.172.87.216:443
110.40.186.230:12564
116.62.120.88:6443
120.27.206.92:6443
123.207.58.181:30914
13.38.45.245:4444
134.199.185.50:4444
134.199.219.201:4444
138.226.236.52:13212
138.226.237.81:4444
139.199.160.80:31310
139.199.160.80:31539
139.84.231.177:8080
141.8.199.207:4444
144.172.107.162:4321
144.31.221.96:4444
144.31.62.176:9443
146.190.17.255:4321
146.190.17.255:4444
147.182.187.2:443
147.182.187.2:4444
148.135.119.121:4321
148.253.212.135:4444
149.28.242.44:4321
15.229.32.243:1234
151.242.20.7:8080
154.38.163.220:8443
155.212.165.102:4321
156.238.236.249:300
159.198.76.61:443
159.65.253.170:4321
159.75.189.212:8989
162.55.234.175:5902
165.154.225.36:8443
167.160.190.182:4444
167.17.47.121:4321
167.71.195.201:12654
169.40.135.36:8888
172.104.59.142:8443
172.245.242.116:2083
172.245.242.116:443
172.245.242.117:2083
172.245.242.117:443
172.86.127.100:443
173.249.12.196:4321
173.249.12.196:4322
176.65.132.90:4444
178.16.55.205:4444
18.222.51.121:443
182.254.168.212:30586
183.66.27.19:58475
185.141.216.8:4321
185.208.159.67:4322
185.229.225.122:1234
185.242.245.119:43554
187.124.6.129:443
194.36.178.53:4321
194.59.30.181:4444
195.177.94.132:8443
195.250.25.176:4444
195.250.25.176:58101
199.247.18.13:4444
20.94.46.10:4321
20.94.46.10:8088
202.1.31.83:5555
202.191.67.71:4444
202.191.67.71:4446
202.191.67.71:50003
202.61.137.217:4444
206.237.13.242:43211
213.111.156.64:8088
213.177.179.31:4444
216.126.224.115:4444
216.238.89.173:4321
217.76.53.94:31337
23.163.0.24:443
23.227.196.62:42415
23.227.199.67:42215
23.227.202.4:8443
23.94.214.39:4444
27.223.85.234:50443
37.72.168.189:42334
38.127.8.3:443
38.127.8.3:4444
38.127.8.3:8000
38.132.122.134:43211
38.143.109.169:8443
38.46.155.27:4444
38.55.106.173:4434
4.209.183.220:1488
43.134.163.224:443
43.153.40.135:4444
43.156.245.214:9999
45.129.9.25:4444
45.136.13.247:43211
45.138.16.162:4455
45.147.77.210:5901
45.155.69.147:42535
45.158.196.14:4321
45.32.121.84:4321
45.76.48.155:4321
45.76.48.155:443
45.77.34.87:443
45.89.125.181:8443
46.225.160.236:1337
46.225.160.236:5000
46.62.246.163:4321
46.62.246.163:9090
47.115.175.62:4321
47.237.173.81:4444
47.243.155.154:4444
47.77.185.181:4321
47.95.11.93:9443
5.61.40.97:45673
51.44.160.115:4444
52.58.116.122:8443
63.178.163.156:31337
65.87.7.173:666
65.87.7.237:8888
66.63.162.235:54321
68.183.110.36:4321
72.60.141.53:4321
8.136.13.87:7001
8.139.6.149:8888
8.212.172.120:8443
80.71.235.24:8888
83.142.209.11:2222
83.229.123.239:8000
85.234.107.240:8000
85.239.56.9:8010
87.120.191.29:4321
88.218.60.191:4321
89.125.255.29:4444
93.113.180.31:2222
93.183.93.129:59426
94.103.1.161:443
19.einstellen.bz
207-148-122-131.cprapid.com
3.145.75.17.sslip.io
38-54-108-229.nip.io
38.54.108.229.sslip.io
3w.gdclp.com
880578.site
91-215-85-151.cprapid.com
adaptix.netputo.top
altioracorp.cloud
app.kingby.shop
app.kingby.xyz
app.rustture.cc
app.webinfos.top
arbgpt.icu
arbgptx.digital
arbgptx.sbs
archive.sytes.net
asryaga.online
awamiservices.com
biocraft.us
bootstrap.jqu3ry.cfd
c.anzemet.us
ccdtetsgky.accounts.google.omassent8entryroutineapprovesubscribeuseafixmech.xyz
dan.pancaketoken.com
database.publicvm.com
docker.kubegroup.co
dzens.com
emcperformance.nl
erktmzrhpn.accounts.google.omassent8entryroutineapprovesubscribeuseafixmech.xyz
fakekonglo.fun
flocompsrep.com
flyredwings.tech
gatuso.duckdns.org
google-dns.sytes.net
hyeyeong.com
hyper.es
innagine.com
kittycom.xyz
klaviyo-logs-campaigns.com
kuaifan.xyz
my.gmv-he.com
mzxseexczs.omassent8entryroutineapprovesubscribeuseafixmech.xyz
omassent8entryroutineapprovesubscribeuseafixmech.xyz
omeul.com
pancaketoken.com
pancrypto.cyou
pdffileexchange.duckdns.org
play.gmail.omassent8entryroutineapprovesubscribeuseafixmech.xyz
pleasant.help
qnxzzwihawagrarx.globalgforce.com
relaveinvest.com
skdragons.com
sprnetapi.us
static.880578.site
static.dnl.gr
toolboxhk.node.edmc.cn
trustpaycardflow.click
trustpaycards.click
trustpaycardspot.click
trustwpaycards.click
unifi.environmentsk.co.uk
zoom.serveirc.com

# Reference: https://x.com/malwrhunterteam/status/2038886735568838849
# Reference: https://www.virustotal.com/gui/file/12a8b0903c176cb6478b4f0bfcf8a621025c37faf83941125c803ccc3e0913e6/detection
# Reference: https://www.virustotal.com/gui/file/4b467906789b3abaeeaab4483efc9a8b6b6dda044520fdd07526e71cb160b614/detection
# Reference: https://www.virustotal.com/gui/file/abac8cd80711555a39d73e5aeab4919af37de95d057038778b737071dc35bb88/detection
# CLASS_0_HASH-HOST/IP=bd38e692387682b663645d7cf738a27e
# FAVICON_HASH-HOST/IP=e6c869f2a2dfbb66791e16b4e1ae9938

45.153.34.120:4444
kitty-guard.buzz
kittycom.doxxing.online
kittycom.online
zale.wtf

# Reference: https://www.virustotal.com/gui/file/261a8983d690ee71c37ea2433b59d3070665f9f156e33ed07be9b8baaf32eeb2/detection

2.26.116.156:8080
2.27.123.243:8080

# Reference: https://www.zscaler.com/blogs/security-research/tropic-trooper-pivots-adaptixc2-and-custom-beacon-listener
# Reference: https://www.virustotal.com/gui/file/47c7ce0e3816647b23bb180725c7233e505f61c35e7776d47fd448009e887857/detection
# Reference: https://www.virustotal.com/gui/file/79d855390e81c87f8579162d016b58b97d91253ea2e872aa3607ec87cf299dc3/detection

http://158.247.193.100
