# Copyright (c) 2014-2026 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: AlfaC2

# Reference: https://twitter.com/nahamike01/status/1627960015129841664

http://103.56.19.194
http://8.219.185.174
103.56.19.194:443
8.219.185.174:443

# Reference: https://twitter.com/g0njxa/status/1720071259294454119

http://163.172.131.9
http://51.158.75.109
103.146.179.89:8080
103.163.119.151:8080
104.168.133.197:443
109.234.34.16:8080
121.237.45.213:50050
130.61.188.252:8080
130.61.253.246:8088
139.162.115.96:8080
141.164.46.37:8080
143.42.18.74:8080
144.34.250.208:8080
146.70.149.22:8080
146.70.149.23:8080
146.70.53.136:8080
15.235.149.123:8080
154.12.42.177:8080
158.247.217.205:443
162.38.112.155:8080
164.90.178.138:8080
175.178.106.178:8788
185.10.68.111:8080
185.158.248.34:8080
188.40.50.55:8000
20.48.114.39:8080
206.189.36.249:8080
211.23.217.248:8080
212.193.62.78:8080
216.189.149.206:8080
222.95.44.103:50050
4.249.95.230:8080
43.138.37.110:8080
43.138.37.110:9090
45.14.185.146:8080
45.76.80.199:443
45.77.175.119:443
45.88.66.128:8080
45.88.66.159:8080
45.88.66.41:8080
45.88.66.61:8080
45.88.66.78:8080
49.233.58.224:9090
52.70.106.122:8080
54.249.95.230:8080
74.249.80.56:8080
74.57.71.175:8080
83.171.101.183:5051
85.206.172.151:8080
88.119.161.110:8080
94.228.112.147:8080
95.142.46.45:8080

# Reference: https://twitter.com/karol_paciorek/status/1726615986516938942

http://179.60.147.176
179.60.147.176:8080

# Reference: https://twitter.com/Tac_Mangusta/status/1729082425320600025
# Reference: https://app.any.run/tasks/843f239a-3c5e-422d-9717-2f5cb670bcfd/
# Reference: https://www.virustotal.com/gui/file/c97cd63b91e358e5e961d88ae7e54e836cd8072cfd04563742bd3f94f576b648/detection
# Reference: https://www.virustotal.com/gui/file/7e1aa8cea655bac81a5b4300c98419927baf2b1f4b85e7c7214e422d595922c9/detection

213.183.63.99:8080
agence-perinel.fr

# Reference: https://twitter.com/banthisguy9349/status/1735212305946689707

http://130.61.253.246
62.32.74.107:9000
/chaos/httpd
/chaos/systemd-serviceunit.service

# Reference: https://twitter.com/cyber_ra1/status/1783161656593555871

http://123.56.16.123
http://161.97.117.117
113.161.80.96:8080
117.20.108.15:10397
117.20.108.15:10398
117.20.108.15:10399
123.56.16.123:27017
123.56.16.123:33060
123.56.16.123:8001
123.56.16.123:8080
123.56.16.123:81
123.56.16.123:888
154.9.235.104:5985
154.9.235.104:8080
161.97.117.117:222
161.97.117.117:26738
161.97.117.117:27182
161.97.117.117:28016
161.97.117.117:3000
161.97.117.117:4002
161.97.117.117:4003
161.97.117.117:4008
161.97.117.117:4009
161.97.117.117:4010
161.97.117.117:6556
161.97.117.117:7200
161.97.117.117:8000
161.97.117.117:8080
172.9.165.216:8096
193.41.226.148:3000
193.41.226.148:8081
217.15.168.97:8080
46.10.180.67:8040
46.10.180.67:8041
46.10.180.67:8047
46.10.180.67:8057
46.10.180.67:8088
47.113.145.151:8080
47.113.145.151:888
47.113.145.151:8888
47.113.145.151:9090
89.58.16.251:2223
89.58.16.251:2224
89.58.16.251:2225
89.58.16.251:2226
89.58.16.251:57250
89.58.16.251:7443

# Reference: https://x.com/0Dayhta/status/1831758927165600159

209.38.190.93:8080

# Reference: https://search.censys.io/search?q=services.software.uniform_resource_identifier%3D%22cpe%3A2.3%3Aa%3Achaos%3Achaos%3A%5C%2A%3A%5C%2A%3A%5C%2A%3A%5C%2A%3A%5C%2A%3A%5C%2A%3A%5C%2A%3A%5C%2A%22&resource=hosts

http://212.227.211.88
103.56.19.194:8443
110.41.34.51:28080
145.239.90.35:8081
164.92.230.22:8080
167.86.96.96:8088
172.232.50.39:8080
194.158.209.132:4444
2.58.56.77:8080
213.252.245.22:8080
47.236.43.52:6240
8.135.112.178:59989
8.138.123.57:8080
94.131.110.106:8080

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-09-07)

http://159.223.62.95
159.223.75.130:9200
161.97.117.117:26773
207.154.253.206:443
51.120.7.79:8080
94.130.111.106:8080

# Reference: https://x.com/cyberfeeddigest/status/1839948093468340612

193.29.13.203:8080
2.56.126.204:8080

# Reference: https://x.com/cyberfeeddigest/status/1842666437887857017

78.80.190.195:9998

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-10-13)

137.184.67.163:8080
143.198.204.173:8000
143.244.201.89:8080
167.179.109.53:8080
49.51.49.133:8080

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-11-10)

113.106.204.21:8089
171.43.196.20:8088
181.214.58.14:8080

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-90day.csv (# 2025-01-02)

101.126.129.159:8080
107.175.28.48:8443
121.9.235.20:8088
139.196.206.41:8080
14.241.100.39:8080
147.182.183.86:8080
155.133.27.181:8085
185.196.8.218:56711
185.196.8.218:8080
194.87.216.75:8080
209.74.77.200:4443

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-90day.csv (# 2025-01-25)

http://52.87.248.40
81.71.155.224:19123

# Reference: https://x.com/Cyberteam008/status/1889516549129802007
# Reference: https://www.virustotal.com/gui/file/1e074d9dca6ef0edd24afb2d13ca4429def5fc5486cd4170c989ef60efd0bbb0/detection

176.65.141.63:5223

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-90day.csv (# 2025-06-14)

1.82.253.69:54681
101.37.12.180:47486
104.156.255.27:8080
107.150.0.237:8080
108.181.155.15:8080
113.106.204.206:47486
113.106.204.206:54681
113.106.204.39:47486
113.106.204.68:47486
118.184.186.43:47486
118.184.186.43:54681
118.184.187.166:47486
118.184.187.167:54681
118.184.187.174:54681
120.26.48.72:47486
120.26.48.72:54681
121.9.235.32:54681
122.143.2.28:47486
124.71.228.177:9991
138.197.229.229:8080
141.147.108.142:80
158.255.2.21:8088
168.100.10.177:8080
172.105.190.211:8080
178.217.98.23:8080
185.234.65.107:8080
193.5.65.117:8080
217.154.22.37:8080
23.88.62.122:8090
34.141.142.28:8080
34.58.136.79:8080
34.64.111.49:8080
34.79.229.30:8080
38.180.142.165:8080
38.55.138.146:8880
39.106.3.184:47486
39.106.3.184:54681
43.131.244.144:8080
47.108.160.69:54681
47.108.221.225:54681
47.108.249.44:47486
47.109.40.109:47486
47.109.40.109:54681
47.110.144.223:47486
47.76.24.178:8080
47.97.178.157:47486
47.97.178.157:54681
52.221.213.139:8080
57.128.76.137:8081
58.215.146.108:54681
8.134.85.229:47486
8.138.47.191:47486
8.139.6.64:47486
8.140.20.239:54681
8.141.114.161:47486
8.141.114.174:47486
8.141.114.174:54681
8.141.115.230:47486
8.156.73.92:54681
82.180.162.193:8080
84.247.148.70:50000
89.42.88.41:8080
94.154.172.175:8080
95.216.184.3:8080

# Reference: https://threatfox.abuse.ch/browse/malware/win.chaos/ (# 2025-07-13)

http://141.147.108.142
104.250.135.50:61000
121.41.30.139:47486
122.143.2.28:54681
144.172.108.70:8080
147.93.0.162:8080
156.244.56.241:8080
38.207.178.172:8002
45.79.217.119:8080
47.110.132.52:47486
47.111.24.71:47486
47.96.164.62:47486
67.205.163.232:8080
8.134.88.86:47486
8.139.5.62:54681
8.156.73.92:47486
94.74.106.10:8080

# Reference: https://x.com/BlinkzSec/status/1948015815501938851

35.199.30.104:8080
45.84.227.95:8080

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-90day.csv (# 2025-07-26)

113.106.204.135:47486
130.162.225.47:8080
207.180.246.14:8080
47.108.221.225:47486
47.254.121.212:54681
8.139.5.71:47486
8.139.6.64:54681
8.149.141.15:47486

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-90day.csv (# 2025-10-05)

111.48.61.15:47486
114.55.179.139:47486
118.184.187.163:47486
118.184.187.167:47486
118.184.187.173:47486
118.184.187.174:47486
119.96.197.86:47486
120.27.209.132:47486
134.209.157.90:8080
154.44.28.33:8080
162.33.179.177:8080
173.211.70.100:8443
18.167.193.214:47486
18.199.40.209:47486
195.114.193.30:8443
195.32.108.238:8081
198.244.148.183:8085
220.202.18.102:47486
221.229.196.37:47486
221.229.196.43:47486
35.194.117.29:8080
38.47.108.160:8080
38.55.199.160:8080
45.63.20.155:8080
45.84.59.12:8080
47.109.102.38:47486
47.109.102.38:54681
47.109.141.139:47486
47.109.187.144:47486
47.109.187.144:54681
47.111.15.4:47486
5.231.1.70:8080
52.52.101.60:47486
54.238.164.29:47486
58.215.146.105:47486
8.134.181.167:54681
8.134.187.135:54681
8.134.86.115:54681
8.138.222.154:54681
8.139.4.122:47486
8.139.4.122:54681
8.141.112.241:54681
8.149.141.15:54681
87.97.200.61:8085
93.140.171.124:8080
93.140.172.165:8080
93.140.180.146:8080
93.140.212.116:8080
93.140.234.26:8080
93.140.235.5:8080
93.140.24.225:8080
93.140.71.220:8080
93.143.120.85:8080
93.143.14.108:8080
93.143.174.237:8080
93.143.190.76:8080
93.95.227.224:8080

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-90day.csv (# 2025-11-08)

129.159.143.45:8080
157.20.32.210:7000
173.212.216.226:8080
185.173.38.8:8080
185.24.55.37:8080
193.168.197.76:8080
51.68.140.123:8081
93.127.160.122:8080
94.74.164.254:8080