# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: gholoader

# Reference: https://twitter.com/malware_traffic/status/1574848307519754242
# Reference: https://github.com/brad-duncan/IOCs/blob/main/2022-09-27-TA569-Soc-Gholish-IOCs.txt

dotimewat.com

# Reference: https://lists.emergingthreats.net/pipermail/emerging-sigs/2022-October/030770.html

pastukhova.com
profi-stom.com

# Reference: https://isc.sans.edu/diary/rss/29170
# Reference: https://otx.alienvault.com/pulse/6352a4f01abba547918c8a4d

skambio-porte.com

# Reference: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond
# Reference: https://otx.alienvault.com/pulse/63fcc40dc61f21260d830fdb

ergpractice.com
luxurycompare.com
soendorg.top

# Reference: https://twitter.com/1ZRR4H/status/1637713807345582089
# Reference: https://twitter.com/1ZRR4H/status/1637713810017402880

jqueryj.com
jqueryns.com
jqscr.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2023-03-27-v10278/415

jsqur.com
jqueryh.org

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2023-03-30-v10281/420

xjquery.com

# Reference: https://www.virustotal.com/gui/ip-address/185.251.88.99/relations

devqeury.org
abc.jqueryh.org

# Reference: https://twitter.com/1ZRR4H/status/1646021980854910978

devcodejs.org

# Reference: https://twitter.com/threatcat_ch/status/1646799785423261697
# Reference: https://www.virustotal.com/gui/ip-address/47.90.178.252/relations

aeryqget.org
assistpayout.org
backendjs.org
debquery.org
deeptrickday.org
etaqeryg.org
getquery.org
greenpapers.org
jsviewdev.org
lemonicecold.org
metallife.org
neworderspath.org
quaryget.org
rygesqua.org
squaryge.org
tqeuryge.org
uaqryges.org
waterlinesheet.org
ygequary.org
120.75.backendjs.org
40.120.75.backendjs.org
75.backendjs.org
awmdm.greenpapers.org
client.greenpapers.org
emv1.getquery.org
h.greenpapers.org
ir.devqeury.org
l9j2sm5mxz.jqscr.com
mta-sts.bluegaslamp.org
portal.backendjs.org
topics.jqueryh.org
xkccowcfuqj.jsqur.com

# Reference: https://twitter.com/MBThreatIntel/status/1580283780350504960
# Reference https://www.virustotal.com/gui/ip-address/62.233.50.75/relations

jquery0.com
jquery01.com

# Reference: https://twitter.com/threatcat_ch/status/1660535867365105666
# Reference: https://www.virustotal.com/gui/ip-address/91.203.193.124/relations

cancelledfirestarter.org
dailytickyclock.org
visionofvivaldi.org
emv1.deeptrickday.org
emv1.jqueryj.com
ep-mimecast.dailytickyclock.org
mcid-6bb27bab-3815-40c3-996b-90b2c3bca7a7.ep-mimecast.dailytickyclock.org

# Reference: https://twitter.com/threatcat_ch/status/1668596702696054785
# Reference: https://www.virustotal.com/gui/ip-address/47.91.94.97/relations

libertader.org
linedgreen.org

# Reference: https://www.virustotal.com/gui/ip-address/91.103.253.14/relations

chestedband.org
drilledgas.org
sevenpunches.org
surelytheme.org
windowlight.org
tracker.drilledgas.org
transfer.drilledgas.org

# Reference: https://bazaar.abuse.ch/sample/f5f167423d31cdd7e742d6ae85d6170f26203ec7496d4e098f9e16f40e864c0a/
# Reference: https://www.virustotal.com/gui/ip-address/178.159.37.73/relations

google-analytiks.com
updateadobeflash.website
deepolis.google-analytiks.com
forexcash.google-analytiks.com
forexfr.google-analytiks.com
forexmax.google-analytiks.com
forexru.google-analytiks.com
forexua.google-analytiks.com
mail.google-analytiks.com
maxi.google-analytiks.com
med17.google-analytiks.com
mmc.google-analytiks.com
poluchit.google-analytiks.com

# Reference: https://threatfox.abuse.ch/ioc/1149035/

gstatick.com

# Reference: https://threatfox.abuse.ch/browse/tag/KeitaroTDS/ (# 2023-08-09)

biggreenlimes.org
bluegaslamp.org
deeplakes.org
greedyfines.org
limonpart.org
linedloop.org
slurpslimes.org
zdmserver.greedyfines.org

# Reference: https://twitter.com/0x6rss/status/1698615609234206994
# Reference: https://www.virustotal.com/gui/ip-address/178.159.37.25/relations

http://178.159.37.25
gctatick.com
googlestates.com

# Reference: https://www.virustotal.com/gui/ip-address/178.159.37.73/relations

analytics-google-x91.com
visionproject.website

# Reference: https://www.virustotal.com/gui/ip-address/194.169.175.229/relations

darkmansion.org
draggedline.org
machinetext.org
myowndpp.com
newcres.com
onsepp.com
redsnowynose.org
throatpills.org
biggreenlimes.surelytheme.org
emv1.draggedline.org
mail.jsviewdev.org
mta-sts.myowndpp.com
mta-sts.onsepp.com
sub.throatpills.org
t.throatpills.org
website.newcres.com
www2.throatpills.org

# Reference: https://www.virustotal.com/gui/ip-address/95.214.26.35/relations

climedballon.org
greedyclowns.org
whitedrill.org

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2023-10-30-v10452/1080

bigbricks.org
frightysever.org

# Reference: https://threatfox.abuse.ch/ioc/1197494/
# Reference: https://www.virustotal.com/gui/ip-address/162.55.189.218/relations

telemetry.africa

# Reference: https://www.virustotal.com/gui/ip-address/95.214.26.19/relations
# Reference: https://app.validin.com/axon?find=95.214.26.19&type=ip

confirmapply.org
daddygarages.org
froggysnow.org
limeerror.org
risenpeaches.org
socksboxes.org
treegreeny.org
vibedroom.org

# Reference: https://www.virustotal.com/gui/ip-address/193.37.197.24/relations

avto.throatpills.org
moda.throatpills.org
plant.linedgreen.org
ru.throatpills.org
seo.linedgreen.org
store.throatpills.org

# Reference: https://www.virustotal.com/gui/ip-address/107.191.98.93/relations

emperorplan.org

# Reference: https://www.virustotal.com/gui/ip-address/193.37.197.24/relations
# Reference: https://www.virustotal.com/gui/ip-address/80.66.64.220/relations

coajuneteenth.org
cosfjuneteenth.com
juneteenthcosf.com
juneteenthsf.org
modernneuropathy.org
onejuneteenth.org

# Reference: https://www.virustotal.com/gui/ip-address/193.106.174.174/relations
# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=193.106.174.174

biggerfun.org
catsndogz.org
circuspride.org
frenchpies.org
nowordshere.org

# Reference: https://www.proofpoint.com/us/blog/threat-insight/battleroyal-darkgate-cluster-spreads-email-and-fake-browser-updates
# Reference: https://www.virustotal.com/gui/ip-address/74.208.41.177/relations

kairoscounselingmi.com
nathumvida.org

# Reference: https://www.virustotal.com/gui/ip-address/82.97.241.207/relations

cloudwebhub.pro

# Reference: https://www.virustotal.com/gui/ip-address/45.11.27.62/relations

codecruncher.pro
searchgear.pro
elk3xlxj.circuspride.org
it.whitedrill.org
ku1720.whitedrill.org
server.whitedrill.org

# Reference: https://www.virustotal.com/gui/ip-address/8.208.89.9/relations

shiningmoons.org

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-01-25-v10514/1322

mwasro.com

# Reference: https://www.virustotal.com/gui/ip-address/193.106.175.40/relations

debasesingle.life
eeatgoodx.com
gspiceyl.com
snackfunp.com
16.jsqur.com
1fxdddhkyn.biggerfun.org
212.jsqur.com
4m.jsqur.com
91.jsqur.com
9mvrlhjf.biggerfun.org
account.admin.backendjs.org
apps.jqueryj.com
arehn.jsqur.com
asims-rdck1.jsqur.com
b10.jsqur.com
babbar.jsqur.com
basenetgear.world
beal.jsqur.com
best-funny-quotes.jsqur.com
billtieleman.jsqur.com
carpinteros-aluminio.jsqur.com
cassandre.jsqur.com
castlerea.jsqur.com
cdn.jsqur.com
cfg.circuspride.org
cgxdave.jsqur.com
cmu-cc-vma.jsqur.com
cn.circuspride.org
comtenc.jsqur.com
cpfm.jsqur.com
cprat.jsqur.com
currier.jsqur.com
dannyfilm.jsqur.com
dashtiha.jsqur.com
daws-43-5.jsqur.com
daws-512.jsqur.com
daws91-3.jsqur.com
derby.jsqur.com
descarte.jsqur.com
dkline.jsqur.com
dooly.jsqur.com
download.windowlight.org
dvan.jsqur.com
eggert.jsqur.com
emv1.vibedroom.org
facman.jsqur.com
florida.jsqur.com
forms.admin.backendjs.org
frente-a-camaras.jsqur.com
fserver.jsqur.com
gazeta.jsqur.com
gdsz.jsqur.com
gmailblog.jsqur.com
gorki.jsqur.com
hoytek-gw4.jsqur.com
indiajobscircle.jsqur.com
interlock.jsqur.com
ip90.jsqur.com
ivbdimir.surelytheme.org
ivladimir.surelytheme.org
ivtorlypqfyi.greedyclowns.org
ivtortypqfyi.greedyclowns.org
jeanm.jsqur.com
jkelley.jsqur.com
kb.windowlight.org
khtrnb0wv8.biggerfun.org
liorida.surelytheme.org
longtail.jsqur.com
m88z2iier.biggerfun.org
macgo.jsqur.com
marcusdesigninc.jsqur.com
mdm.backendjs.org
melpar-emh1.jsqur.com
mntc.jsqur.com
mrbotn.jsqur.com
mtf-misawa.jsqur.com
mytabletpcuk.jsqur.com
njnr8mkm.biggerfun.org
norman.jsqur.com
nuvoleparlanti.jsqur.com
office.backendjs.org
oily.jsqur.com
olympics.jsqur.com
pay.circuspride.org
permisdeconduire.jsqur.com
physiology.jsqur.com
powerful.jsqur.com
rota-sts.climedballon.org
routetest.jsqur.com
secure-ite2-origin.jsqur.com
shems.jsqur.com
si.jsqur.com
sn007.jsqur.com
sorteios-e-promocoes.jsqur.com
ssl.circuspride.org
store.debasesingle.life
stream.jsqur.com
survey.backendjs.org
sws.jsqur.com
tamarack.jsqur.com
tnoodlezy.com
u.admin.backendjs.org
uhost.jsqur.com
unix3.jsqur.com
user179.jsqur.com
v.circuspride.org
vigen.jsqur.com
vitkutin.jsqur.com
wallah.jsqur.com
web18332.jsqur.com
web3449.jsqur.com
web3933.jsqur.com
web5422.jsqur.com
web6201.jsqur.com
whitney.jsqur.com
win24.jsqur.com
wp.admin.backendjs.org
x.circuspride.org
xxxl80.jsqur.com

# Reference: https://www.virustotal.com/gui/ip-address/45.15.159.95/relations

361renti.com
hafkus.com
osruv.com
pocbv.com
ronreznick.com

# Reference: https://www.virustotal.com/gui/ip-address/83.69.236.143/relations

asyncfunctionapi.com
creativecore.shop
fromatodor.com
funcallback.com
gitbrancher.com
pportnoy-secureportal.com
varinspector.com

# Reference: https://www.virustotal.com/gui/ip-address/170.130.55.124/relations

egisela.com

# Reference: https://www.virustotal.com/gui/ip-address/87.251.79.15/relations

apiasyncpromise.com
apieventemitter.com
apifetchmethod.com
apiframeworknode.com
apifunctioncall.com
apijsonparserkit.com
apistoragecache.com
asyncawaitapi.com
45.eeatgoodx.com
ep-mimecast.eeatgoodx.com
stage.asyncawaitapi.com
web.asyncawaitapi.com

# Reference: https://www.virustotal.com/gui/file/8db746785b95abb0aae35b95365334064a361a033b62e55703fafa10072fdc0d/detection

lyddemper.com

# Reference: https://www.virustotal.com/gui/ip-address/91.212.166.21/relations

admin-heteml.com
app-falconx.io
apps-falconx.io
auth-owlting.com
cdngetmyname.biz
client-mysau.com
falconx.tech
fastcloudforcecdn.com
idenfity-wpengine.com
idenfity-wpenglne.com
letmespellmoons.com
login-liquidweb.com
login-rackspace.com
marvin-occentus.net
my-kinsta.com
my-kinsta.net
my-nexcecs.net
my-nexecss.com
my-nexecss.net
mykinsta-cloud.com
mynexecss.com
nexen-bnynellom.com
orion-managewp.com
panel-descom-es.com
platform-copper.co
seacraftsgallery.com
secure1-imnotionhosting.com
web-etrade.pro
web-kinsta.com
web-order-london-lmaxdigital.com
wp-umbrelia.com
wpmanager-orion.com
wpumdev.net
wpundev.com
www-kinsta.com
www-kodi.com
www-mysau.com
www-wpx.net

# Reference: https://www.virustotal.com/gui/ip-address/141.8.193.79/relations

apidevst.com

# Reference: https://twitter.com/ValidinLLC/status/1788278762863243483

apidevwa.com

# Reference: https://twitter.com/GroupIB_TI/status/1790230873285242992

elamoto.com
kongtuke.com

# Reference: https://www.virustotal.com/gui/ip-address/213.226.112.82/relations

advancedapiintegrations.com
asyncprogramminghub.com
modularfunctiondev.com

# Reference: https://www.virustotal.com/gui/ip-address/158.160.167.238/relations

cssanimationtools.com
frontenddeveloperhub.com
modernwebframework.com
responsiveuikit.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-05-29-v10605/1672
# Reference: https://www.virustotal.com/gui/file/c8e4df16ee7e3c21644e6785934a54a8dc428fdda77af3a30d97a288de807069/detection

cdnjscloudnetwork.co

# Reference: https://x.com/threatcat_ch/status/1798333648099582316
# Reference: https://www.virustotal.com/gui/ip-address/84.38.182.217/relations

frontendcodingtips.com
interactiveuidevelopment.com
moderncssframeworks.com
progressivewebappsdev.com
webapidevelopment.com
airwatch.webapidevelopment.com
app.webapidevelopment.com
au.webapidevelopment.com
awds.webapidevelopment.com
awmdm.webapidevelopment.com
balmbagent.webapidevelopment.com
data.webapidevelopment.com
devops.apidevwa.com
dhcp.webapidevelopment.com
elastic.webapidevelopment.com
enterpriseenrollment.webapidevelopment.com
learn.webapidevelopment.com
mag.webapidevelopment.com
mam.webapidevelopment.com
mdm-ds.webapidevelopment.com
onjira.webapidevelopment.com
rack.webapidevelopment.com
rcvltemv1.modularfunctiondev.com
s2.webapidevelopment.com
stream.webapidevelopment.com
touch.webapidevelopment.com
transfer.webapidevelopment.com

# Reference: https://x.com/banthisguy9349/status/1799771706330087549
# Reference: https://x.com/ViriBack/status/1799777041900023877
# Reference: https://tracker.viriback.com/index.php?q=keitaro

http://109.248.206.101
http://109.248.206.118
http://109.248.206.138
http://109.248.206.49
http://109.248.206.83
http://159.69.234.10
http://185.172.128.68
http://31.41.244.55

# Reference: https://www.virustotal.com/gui/ip-address/5.188.88.218/relations

speedchaoptimise.com

# Reference: https://www.virustotal.com/gui/ip-address/185.68.93.221/relations

approvewidget.com
speedcashoptimise.com

# Reference: https://www.virustotal.com/gui/ip-address/45.143.94.2/detection

01wsecue3n2n.com
0n1au2hm0b1.com
0n1c1b2s3ccess.com
0n1n54b5m04.com
10g1n2w43554.com
2accon4l0ginclb.com
4clbl0gineas3y.com
5clbl0gineas3sy.com
8accon7l0gclb.com
8clbeas7yl0gicanada.com
a1h1ock8c0nd.com
a1t0h3h8c0nd.com
accesd1-authentification9.com
acct0reset08938.com
acct0reset896075.com
acct0reset95187.com
acct0support038291.com
atw2b1ogsecc1u.com
au2t1hm8bc0nd.com
b6193cj782n9163.com
bioc4remi2be.com
c1b3w2ba2h.com
c6182h728tw184.com
c7ech4ct6nh1in.com
desj1-auth9-securite.com
desjardins-online-auth.com
e2758gt321c6743.com
g9299c83j38.com
j9m6vri8n5c4w5.com
k0m7f4ds3m96v4.com
k8538yt1592a582.com
kcl8clv7ioginow.com
kwclbcinstantlogn.com
l0g1n0m54655.com
l0gaccwbauh.com
m0b1atw3s1ytm.com
m3271vt1358j734.com
m3bion1i3ath.com
m3h45ha1h.com
m8b4f8a3hw2s.com
m8g6s3hs63g6.com
m9l4d3s2j7b4m8.com
mb4m3c2m3c3lb.com
n6297v738yc2381.com
p810h628ydh72.com
personal1accmsg.com
prefs2us1ci.com
private-737473-access.com
q0r4ch1in8yz3ux.com
q735hv8919b912.com
r5m9c4l9m5d3y7.com
r618ut1749wk737.com
r637cs2753df533.com
r8ts62c89190.com
rbc-secureonline2024.com
reship-coliscan01.com
s1yt1cn5d3h3aut.com
s3t1m0n1i3a2h.com
setup1acct1139.com
survey-canada.com
syst1n0tifatws.com
syst2ldentityseccu.com
t295y729ck3442j2.com
t4172h718vc331.com
v2729b821ad1337.com
v417tp8318h502.com
v4f87b9m98.com
verifyacesspagebmo1.com
w0sm3b6h1t.com
w2ba1h3m8b.com
w562h2682gw828.com
w5b-lntr.com
w8b-sec-auuth.com
www1cibcinforequest202406.com
y7120bk472r4185.com

# Reference: https://www.virustotal.com/gui/ip-address/84.38.182.16/relations

canpost-avislivraison.com
canpostresh.com
cdnjulyrevagnt.com
cdnjulyrevnuagnt.com
delivery-update-postecanada-canadapost.com
etransfercaiponline.com
nr3-anth00.com
paydirectnowetrsfr.com
quebecfinances.com
quebecsolution.com
rbconline-app.info
revcanadaagency.ca
scotiabankresetlogin.com
scotiabankresetonline.com
intrc.quebecsolution.com

# Reference: https://www.virustotal.com/gui/ip-address/45.131.41.57/relations
# Reference: https://www.virustotal.com/gui/ip-address/45.132.19.137/relations
# Reference: https://www.virustotal.com/gui/ip-address/80.249.145.207/relations

blacksaltys.com
brickedpack.com
losttwister.com
packedbrick.com
upsadministration.com

# Reference: https://app.validin.com/detail?type=ip&find=78.128.112.217#tab=resolutions

tayhodloeces.com
yotpo-static.com

# Reference: https://app.validin.com/detail?find=5.188.89.16&type=ip4&ref_id=5fa7f6bcf86#tab=resolutions

benefiit2024.site
canadapost-support-exception.com
canadapost-update-postecanada-support.com
cdnrevenue2024.com
etrsfpaydirectgiga.com
interac1.com
loginsupportscotiabank.com
trillium-mm-int.online

# Reference: https://x.com/x3ph1/status/1865186726638915765

bidder-horizontal-wildlife-invoice.trycloudflare.com
bristol-weed-martin-know.trycloudflare.com
musicians-forestry-operation-angels.trycloudflare.com
name-kw-papua-booking.trycloudflare.com
peter-secrets-diana-yukon.trycloudflare.com
zoloft-indianapolis-riders-convinced.trycloudflare.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-11-05-v10735/2113
# Reference: https://app.validin.com/detail?find=194.87.57.210&type=ip4&ref_id=9a8a104ec47#tab=resolutions
# Reference: https://app.validin.com/detail?find=31.130.138.57&type=ip4&ref_id=9a8a104ec47#tab=resolutions

ajaxapiendpoint.cloud
apivuecomponent.com
codingmastermindhub.club
designinteractiveplatform.club
fireindahole.fun
onlinesslcloud.com
webapiintegration.cloud

# Reference: https://app.validin.com/detail?find=45.38.139.97&type=ip4&ref_id=9a8a104ec47#tab=resolutions

teams-microsoft.top
teams-microsotf.net
teams-microstf.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2025-03-20-v10887/2545
# Reference: https://www.virustotal.com/gui/ip-address/166.1.155.235/relations
# Reference: https://www.virustotal.com/gui/file/dcbf08338d8a17a71a598315c83b5cb7857ef8f146f7a82b1f23350c711e3eeb/detection
# Reference: https://www.virustotal.com/gui/file/37694ac476024e7bcd37749013d27989bae43c1b66923f3ff49513994c3b185a/detection

pacifictaxcounsel.com
mail.pacifictaxcounsel.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2025-03-21-v10888/2548
# Reference: https://www.virustotal.com/gui/file/eee482a71a8cb5cc5e5c5c94682da7b32b9990c7b11d8354a3f8e2a3313e30b0/detection
# Reference: https://www.virustotal.com/gui/file/42bf48022e6c2714fab2434443f5ac2d25380477c34ab37a0e51e09f4bdd1e11/detection

wp.pianoplaymusic.com

# Reference: https://threatfox.abuse.ch/browse/tag/Kongtuke/ (# 2025-03-22)

album-anthony-rn-submission.trycloudflare.com
boost-spoken-exhaust-guatemala.trycloudflare.com
finally-restaurant-text-manually.trycloudflare.com
genome-falls-sept-exceed.trycloudflare.com
jaguar-becomes-compare-chapter.trycloudflare.com
lack-behind-came-verification.trycloudflare.com
lcd-add-palace-switching.trycloudflare.com
metro-offset-imposed-behind.trycloudflare.com
occasional-peterson-blast-sussex.trycloudflare.com
operation-statistics-perceived-profiles.trycloudflare.com
pilot-agent-false-taken.trycloudflare.com
rebecca-nylon-invention-ii.trycloudflare.com
rwanda-ventures-soil-trains.trycloudflare.com
santa-reflection-capitol-classifieds.trycloudflare.com
spa-step-hopkins-islands.trycloudflare.com
straight-jewelry-closest-broader.trycloudflare.com
wherever-answered-issn-garcia.trycloudflare.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2025-03-07-v10874/2502

hrewsburysocialclub.org

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2025-03-14-v10881/2526

traininghub.world
support.traininghub.world

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2025-03-17-v10882/2532

login.icvpartners.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2025-03-18-v10883/2535

static.twalls5280.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2025-03-19-v10886/2541
# Reference: https://www.virustotal.com/gui/file/df5e7e3e023ece779529f62256c2ddbb93d2eeae117c31c0e284d71bc9ff02f0/detection
# Reference: https://www.virustotal.com/gui/file/03ba0781113901e381a07d622f4a6803e389ee3ea61df0a5ec67b7f88a5a2da0/detection

my.kconsultinggroup.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2025-03-24-v10889/2559
# Reference: https://www.virustotal.com/gui/file/b367b6bf875dab217c3ea6340657e4b68cab03fcbd3933bc8effbabc32e33e61/detection
# Reference: https://www.virustotal.com/gui/file/53783c9982a1d2aa41ad45195350a1c677c83acc620373c0d36773ee361b2e34/detection
# Reference: https://www.virustotal.com/gui/file/4d2fb1fa5f57dd0c173e064c8667cbb9d5a6de3f996be3560cc4b2470965336f/detection

phpmyadmin.artisticglassstudio.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2025-06-11-v10948/2815

angularapiworld.com
jqueryapihelpers.com

# Reference: https://app.validin.com/detail?find=194.87.74.199&type=ip4&ref_id=74d1c1568ae#tab=resolutions (# 2025-10-12)

claudeprofiling.com
expressapiwizard.com
nodeapiintegrate.com
proxybuilderservice.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2025-07-03-v10963/2870
# Reference: https://www.virustotal.com/gui/file/37956517f1983c07cb0d9c6ec5f3e627161e286b49c60b93721cd1be6d583848/detection
# Reference: https://www.virustotal.com/gui/file/4b9bd59e9f1363c165e885c55daa354e51b0c2d9bf36e630a4e5a85dd112c787/detection
# Reference: https://www.virustotal.com/gui/file/ff7458d5c8c81bacd0df3522949b3e5946aa6cfe4e7befa8e82633e0eb861672/detection

git.xtertexter.com
images.venthalpyapp.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2025-09-11-v11013/3030

realty.yourpgcountyliving.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2025-09-15-v11015/3033

cpanel.trailsyamahamotor.com
secure.happyhatterreviews.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2025-09-18-v11019/3042

external.eliteworkxmarketing.com
schedule.eliteworkxmarketing.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2025-09-17-v11018/3039

alpha.lugerd.com
edge.lugerd.com
