# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: finaldraft, guidloader, squidoor, earth alux, vargeit, railload, railsetter, masqloader, rsbinject

# Reference: https://x.com/lontze7/status/1889701406065455276
# Reference: https://www.elastic.co/security-labs/fragile-web-ref7707

13.125.236.162:15701
13.125.236.162:15702
13.125.236.162:15703
13.125.236.162:15709
203.232.112.186:15701
203.232.112.186:15702
203.232.112.186:15703
203.232.112.186:15709
anyconnact.com
autodiscovar.com
aws-clouds.com
azure-clouds.com
checkponit.com
d-links.net
fortineat.com
hobiter.com
ictnsc.com
microsoftcor.com
online-wsus.net
passjackpot.com
radiws.com
radiys.com
vm-clouds.net
vmphere.com
activeapi.passjackpot.com
adapter.radiws.com
adapter.radiys.com
app.radiws.com
app.radiys.com
cloud.autodiscovar.com
cloud.online-wsus.net
digert.ictnsc.com
dns1.online-wsus.net
dns2.online-wsus.net
dns3.online-wsus.net
media.passjackpot.com
pol.vm-clouds.net
poster.checkponit.com
store.azure-clouds.com
support.anyconnact.com
support.fortineat.com
support.vmphere.com
update.hobiter.com

# Reference: https://x.com/ValidinLLC/status/1891565443107733833

crowdstrikb.com
digiscert.com
dosmain.com
globalprotact.com
outlooks365.com
symantaec.com
trendmicroa.com
vsphera.com

# Reference: https://unit42.paloaltonetworks.com/advanced-backdoor-squidoor/

microsoftapimap.com
zimbra-beta.info

# Reference: https://www.trendmicro.com/en_us/research/25/c/the-espionage-toolkit-of-earth-alux.html
# Reference: https://documents.trendmicro.com/assets/txt/Earth-Alux-IOCsMF1CeJD.txt

upload-microsoft.com
google.otp.us.kg

# Reference: https://app.validin.com/detail?find=62d1c45957a44142e6868dd7d5d77431&type=hash&ref_id=13eba809dce#tab=host_pairs (# 2025-04-01)
# Reference: https://app.validin.com/detail?find=47.239.181.114&type=ip4&ref_id=4eefbabd2e2#tab=host_pairs

swiftsparrowtech.com

# Reference: https://app.validin.com/detail?find=62d1c45957a44142e6868dd7d5d77431&type=hash&ref_id=13eba809dce#tab=host_pairs (# 2025-04-01)
# Reference: https://app.validin.com/detail?find=47.83.167.136&type=ip4&ref_id=4eefbabd2e2#tab=host_pairs

rubyrobinretail.com

# Reference: https://app.validin.com/detail?find=62d1c45957a44142e6868dd7d5d77431&type=hash&ref_id=13eba809dce#tab=host_pairs (# 2025-04-01)
# Reference: https://app.validin.com/detail?find=47.239.140.113&type=ip4&ref_id=4eefbabd2e2#tab=host_pairs

azureoceandata.com

# Reference: https://app.validin.com/detail?find=62d1c45957a44142e6868dd7d5d77431&type=hash&ref_id=13eba809dce#tab=host_pairs (# 2025-04-01)
# Reference: https://app.validin.com/detail?find=47.236.69.137&type=ip4&ref_id=4eefbabd2e2#tab=host_pairs

dtac-cloud.com

# Reference: https://app.validin.com/detail?find=3f04b5e449e8c0e5701def6081749a45&type=hash&ref_id=201172d18a2#tab=host_pairs (# 2025-04-01)

dtac-ithelp.com
app.dtac-ithelp.com
shop.dtac-ithelp.com

# Reference: https://app.validin.com/detail?find=naive-admin-vue&type=raw&ref_id=485442c6359#tab=host_pairs (# 2025-04-01)
# Reference: https://app.validin.com/detail?find=8608064e2e140f9d65320ae65ca47ad2&type=hash&ref_id=0662de6ded8#tab=host_pairs (# 2025-04-01)

profitquantor.com
r-ai.online
alice.r-ai.online
alice2.r-ai.online
api.profitquantor.com
api.r-ai.online
user.api.profitquantor.com

# Reference: https://app.validin.com/detail?find=8.213.214.220&type=ip4&ref_id=40113e2e164#tab=host_pairs (# 2025-04-01)

my-oco-inc.online

# Reference: https://app.validin.com/detail?find=8.213.198.215&type=ip4&ref_id=52eebcf8247#tab=host_pairs (# 2025-04-08)
# Reference: https://app.validin.com/detail?find=CatPay&type=raw&ref_id=393c641c88e#tab=host_pairs (# 2025-04-08)

tppays.com
api.tppays.com
d5.tppays.com
merchant.tppays.com
