# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://malasada.tech/the-landupdate808-fake-update-variant/

acsmaterial.com
backalleybikerepair.com
careers-advice-online.com
digimind.nl
eco-bio-systems.de
ecohortum.com
ecowas.int
edveha.com
evolverangesolutions.com
fajardo.inter.edu
fup.edu.co
itslife.in
lauren-nelson.com
mocanyc.org
monitor.icef.com
natlife.de
netzwerkreklame.de
razzball.com
septicfl.com
sixpoint.com
sunkissedindecember.com
thecreativemom.com
zoomzle.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-08-29-v10677/1924

tayakay.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-10-07-v10715/2033

pushcg.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-11-18-v10744/2147

eliztalks.com
franklinida.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-11-19-v10745/2148

genhil.com
tickerwell.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-11-20-v10746/2151

safigdata.com
nyciot.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-11-21-v10747/2154

elizgallery.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-11-25-v10750/2164

codereviewerss.com
esaleerugs.com
ilsotto.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-11-26-v10753/2171

nastictac.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-12-05-v10791/2234

chewels.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-12-06-v10792/2238

coeshor.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-12-09-v10793/2248

habfan.com
iognews.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-12-10-v10795/2253

dechromo.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-12-11-v10796/2254

enerjjoy.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-12-12-v10800/2257

djnito.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-12-13-v10805/2263

opgears.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-12-16-v10808/2270

sdrce.com
theinb.com
tibetin.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-12-17-v10809/2275

selmanc.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-12-18-v10810/2278

calbbs.com
dsassoc.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-12-19-v10811/2280

esondent.com
gwcomics.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-12-20-v10812/2282

hdtele.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-12-23-v10813/2287

boneyn.com
satpr.com
sokrpro.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-12-24-v10816/2293

dhusch.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-12-26-v10817/2296

enethost.com
fastard.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-12-27-v10818/2299

discoves.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-12-30-v10819/2306

ambiwa.com
gcafin.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2025-01-03-v10829/2323

usbkits.com

# Reference: https://app.validin.com/detail?ipv4_filter=AS+399629&header_hash_filter=f0007e9e8bcc49e6b5ea&type=hash&find=4cb2c207d5a9bb582aa3ddd06786d1afa0d8bada#tab=host_pairs (# 2025-01-09)

agretex.com
akerusa.com
akmcons.com
bapalal.com
cetainc.com
comtekinc.com
cyberetc.com
divexpo.com
ecrut.com
harmarpets.com
iconcss.com
isogun.com
macorbur.com
mallternet.com
maxcgi.com
mirugby.com
netsolut.com
onlinelas.com
opteme.com
paulsss.com
ppdpharmaco.com
prpages.com
pursyst.com
raysre.com
rc1g3as.top
remaxnoc.com
rimstarintl.com
samaxwell.com
srpkoa.com
sunotels.com
telback.com
unclezekes.com
vononline.com
willchar.com
wqenpene.com
xaides.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2025-01-09-v10834/2338

exodvs.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2025-01-23-v10844/2386

rystrom.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2025-01-24-v10845/2388

sinobz.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2025-01-27-v10846/2393

opticna.com

# Reference: https://x.com/malware_traffic/status/1884476331821326816
# Reference: https://www.malware-traffic-analysis.net/2025/01/28/index.html
# Reference: https://www.virustotal.com/gui/ip-address/216.245.184.27/relations

indbk.com
sesraw.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2025-03-20-v10887/2545

computertecs.com
janhugo.com
vfclan.co
vfclan.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2025-03-21-v10888/2548

kkmic.com
loycos.com
shairwest.com

# Reference: https://threatfox.abuse.ch/browse/tag/Kongtuke/ (# 2025-03-22)

aecint.com
debolts.com
evolytix.com
fnbsuffield.com
glccf.com
hillfire.dns.army
kimjohan.com
lifewis.com
llewen.com
pirahnas.com
saytunka.com
scanpaq.com
selbe.ar
szshenyao.com
tacscc.com
tecnogrup.com
vessweb.com
vglweb.com
ynzal.com
zxcaem.com
airbluefootgear.com/wp-includes/images/xits.php
contactsyracuse.org/wp-admin/js/qrtz.php
gardenworksproject.org/wp-admin/maint/nALIELIz.txt
gardenworksproject.org/wp-admin/maint/QRlqoMji.txt
loopbackanalytics.com/wp-includes/gdsayy.php
peritiemilia.com/wp-includes/wasd_wp.php

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2025-02-14-v10860/2442

eecsys.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2025-02-24-v10865/2473

infinett.com

# Reference: https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2025-04-04-IOCs-forKongTuke-web-inject-leading-to-fake-CAPTHA-page.txt

dixiemgmt.com
eiesystems.com
inteklabs.com
lancasternh.com
lkcharles.com
ronsamuel.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2025-03-24-v10889/2559

pdmfg.com
wccdefense.com

# Reference: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/yet-another-nodejs-backdoor-yanb-a-modern-challenge/

compralibri.com
