# Copyright (c) 2014-2026 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: TAG-124, kongtuke

# Reference: https://malasada.tech/the-landupdate808-fake-update-variant/

acsmaterial.com
backalleybikerepair.com
careers-advice-online.com
digimind.nl
eco-bio-systems.de
ecohortum.com
ecowas.int
edveha.com
evolverangesolutions.com
fajardo.inter.edu
fup.edu.co
itslife.in
lauren-nelson.com
mocanyc.org
monitor.icef.com
natlife.de
netzwerkreklame.de
razzball.com
septicfl.com
sixpoint.com
sunkissedindecember.com
thecreativemom.com
zoomzle.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-08-29-v10677/1924

tayakay.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-10-07-v10715/2033

pushcg.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-11-18-v10744/2147

eliztalks.com
franklinida.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-11-19-v10745/2148

genhil.com
tickerwell.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-11-20-v10746/2151

safigdata.com
nyciot.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-11-21-v10747/2154

elizgallery.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-11-25-v10750/2164

codereviewerss.com
esaleerugs.com
ilsotto.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-11-26-v10753/2171

nastictac.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-12-05-v10791/2234

chewels.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-12-06-v10792/2238

coeshor.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-12-09-v10793/2248

habfan.com
iognews.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-12-10-v10795/2253

dechromo.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-12-11-v10796/2254

enerjjoy.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-12-12-v10800/2257

djnito.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-12-13-v10805/2263

opgears.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-12-16-v10808/2270

sdrce.com
theinb.com
tibetin.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-12-17-v10809/2275

selmanc.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-12-18-v10810/2278

calbbs.com
dsassoc.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-12-19-v10811/2280

esondent.com
gwcomics.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-12-20-v10812/2282

hdtele.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-12-23-v10813/2287

boneyn.com
satpr.com
sokrpro.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-12-24-v10816/2293

dhusch.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-12-26-v10817/2296

enethost.com
fastard.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-12-27-v10818/2299

discoves.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-12-30-v10819/2306

ambiwa.com
gcafin.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2025-01-03-v10829/2323

usbkits.com

# Reference: https://app.validin.com/detail?ipv4_filter=AS+399629&header_hash_filter=f0007e9e8bcc49e6b5ea&type=hash&find=4cb2c207d5a9bb582aa3ddd06786d1afa0d8bada#tab=host_pairs (# 2025-01-09)

agretex.com
akerusa.com
akmcons.com
bapalal.com
cetainc.com
comtekinc.com
cyberetc.com
divexpo.com
ecrut.com
harmarpets.com
iconcss.com
isogun.com
macorbur.com
mallternet.com
maxcgi.com
mirugby.com
netsolut.com
onlinelas.com
opteme.com
paulsss.com
ppdpharmaco.com
prpages.com
pursyst.com
raysre.com
rc1g3as.top
remaxnoc.com
rimstarintl.com
samaxwell.com
srpkoa.com
sunotels.com
telback.com
unclezekes.com
vononline.com
willchar.com
wqenpene.com
xaides.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2025-01-09-v10834/2338

exodvs.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2025-01-23-v10844/2386

rystrom.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2025-01-24-v10845/2388

sinobz.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2025-01-27-v10846/2393

opticna.com

# Reference: https://x.com/malware_traffic/status/1884476331821326816
# Reference: https://www.malware-traffic-analysis.net/2025/01/28/index.html
# Reference: https://www.virustotal.com/gui/ip-address/216.245.184.27/relations

indbk.com
sesraw.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2025-03-20-v10887/2545

computertecs.com
janhugo.com
vfclan.co
vfclan.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2025-03-21-v10888/2548

kkmic.com
loycos.com
shairwest.com

# Reference: https://threatfox.abuse.ch/browse/tag/Kongtuke/ (# 2025-03-22)

aecint.com
debolts.com
evolytix.com
fnbsuffield.com
glccf.com
hillfire.dns.army
kimjohan.com
lifewis.com
llewen.com
pirahnas.com
saytunka.com
scanpaq.com
selbe.ar
szshenyao.com
tacscc.com
tecnogrup.com
vessweb.com
vglweb.com
ynzal.com
zxcaem.com
airbluefootgear.com/wp-includes/images/xits.php
contactsyracuse.org/wp-admin/js/qrtz.php
gardenworksproject.org/wp-admin/maint/nALIELIz.txt
gardenworksproject.org/wp-admin/maint/QRlqoMji.txt
loopbackanalytics.com/wp-includes/gdsayy.php
peritiemilia.com/wp-includes/wasd_wp.php

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2025-02-14-v10860/2442

eecsys.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2025-02-24-v10865/2473

infinett.com

# Reference: https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2025-04-04-IOCs-forKongTuke-web-inject-leading-to-fake-CAPTHA-page.txt

dixiemgmt.com
eiesystems.com
inteklabs.com
lancasternh.com
lkcharles.com
ronsamuel.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2025-03-24-v10889/2559

pdmfg.com
wccdefense.com

# Reference: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/yet-another-nodejs-backdoor-yanb-a-modern-challenge/

compralibri.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2025-04-24-v10913/2664

mrdltd.com
vickmarine.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2025-04-25-v10914/2668

ronthom.com
teklits.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2025-04-28-v10915/2678

jimriehls.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2025-04-29-v10916/2684

alapige.com
jimriehls.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2025-04-30-v10917/2687

uhaknews.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2025-05-06-v10921/2709

anncrman.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2025-05-07-v10922/2714

aimpes.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2025-05-13-v10926/2729

digiscap.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2025-05-14-v10927/2734

frederichoms.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2025-05-16-v10929/2740

itrtruck.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2025-05-19-v10930/2746

chproduct.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2025-05-30-v10937/2779

anichind.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2025-06-10-v10947/2811

ncmtraders.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2025-06-11-v10948/2815

leftykreh.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2025-06-12-v10949/2818

hillcoweb.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2025-06-16-v10951/2826

cellinifurniture.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2025-06-24-v10956/2844

swedrent.com

# Reference: https://threatfox.abuse.ch/browse/tag/LandUpdate808/ (# 2025-06-29)

abtsi.com
czzz.com
dealmakerwealthsociety.com
dncoding.com
fjcad.com
hydroquebec-client.info
kemrox.com
pemalite.com
piedsmontlaw.com
rshank.com
vpn289280989.v4.softether.net
z-v2-071924.kailib.com

# Reference: https://x.com/skocherhan/status/1944624974318449135

smithenv.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2025-09-11-v11013/3030

mtmra.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2025-09-15-v11015/3033

webcre8.com

# Reference: https://threatfox.abuse.ch/browse/malware/js.kongtuke/ (# 2025-09-18)

http://147.45.45.177
http://188.245.105.73
http://188.245.167.86
144.31.221.122:6060
144.31.221.126:6060
144.31.221.37:6060
144.31.221.75:6060
144.31.221.82:6060
144.31.221.84:6060
144.31.221.88:6060
85.209.129.105:6060
a82523.top
bernnaum.com
bradtae.com
captchaverift.com
choutek.com
cloud-flaer-verif.com
colliel.live
comparisons-builder-loves-ratios.trycloudflare.com
considering-infringement-subject-myself.trycloudflare.com
cute-pudding-05af50.netlify.app
deathmatchuk.com
devindicator.dev
eomaguera.com
ferry-addressed-adams-vice.trycloudflare.com
ffclive.com
florence-hrs-savage-serial.trycloudflare.com
genuine-seahorse-f5e9c4.netlify.app
geology-gilbert-domain-thesaurus.trycloudflare.com
homeeick.com
homemick.live
ichmidt.com
industries-ii-wine-details.trycloudflare.com
joebesser.com
johnoton.live
logical-whose-niagara-durable.trycloudflare.com
math1st.com
mersinet.com
mtmra.com
murphkirk.com
okunevv.com
porsasystem.com
rfwklaw.com
saewh.com
tchmitt.live
tmello.com
unique-kataifi-8d2aac.netlify.app
valentine-platform-wood-examination.trycloudflare.com
vcsinfo.com
wilwinson.com
windowsmsncn.org
z98123.top

# Reference: https://www.virustotal.com/gui/ip-address/141.98.6.28/relations
# Reference: https://www.virustotal.com/gui/ip-address/195.66.27.67/relations
# Reference: https://www.virustotal.com/gui/file/0163bc688504d4cb19ff42eb24ca1a77e01b0f37adb16415a5f2d79ca132bcd3/detection
# Reference: https://www.virustotal.com/gui/file/c1aa2b72365e21cea0d8546dd5e6b7ebb397b4a796944c188f7eff8b04e9b2ad/detection
# Reference: https://www.virustotal.com/gui/file/fd152793620f7d50f18588d0920383073a9379fafd4112704644b5f580617eb0/detection

bryncoed.com
hlherb.com
mlampell.com
pariaian.com
pcdcinc.com
sessomania.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2025-10-28-v11050/3094
# Reference: https://www.virustotal.com/gui/file/9d191b9509efd7fcb00d7a1e7fef34537a5898aec106518608f46733a86eb6a3/detection

rodriggez.com

# Reference: https://app.validin.com/detail?find=3d2200f8de7ec7a1e44c942b5608740b22e4a4cf1884bb3ef1c2f449dbe420fb&type=hash&ref_id=f57dab8291f#tab=host_pairs (# 2025-11-07)

0451js.com
allgetrich.com
angelflowery.com
bitterendpub.com
castleera.com
chungj.com
chunjingyun.com
cigosofa.com
cnttys.com
deshea.com
feeshow.com
fs-jinjiahao.com
fyszy.com
gujindesign.com
henghui123.com
hjjobs.com
izhuanxin.com
jiulianjiaodai.com
jj669.com
joeunled.com
liantuo56.com
lnjobs.com
michiwang.com
nannyou.com
neo-edu.com
njnanyang.com
rimarx.com
rongfeida.com
saeam.com
saolele.com
slsm001.com
soha-studio.com
stcztech.com
syxyey.com
t1tj.com
taizihu.com
tendo-mikoshikai.com
tjantai.com
un2co.com
wiwq1.com
wl1123online.com
xinkangmall.com
xyhosl.com
yingdelawyers.com
yinshua100.com
yintonglian.com
yinuodatiu.com
ynjbp.com
yungangtie.com
zidongsaodiji.com

# Reference: https://www.virustotal.com/gui/ip-address/185.49.68.206/relations

edentista.com

# Reference: https://www.virustotal.com/gui/ip-address/64.190.113.60/relations

virtvan.com

# Reference: https://www.virustotal.com/gui/ip-address/45.61.136.207/relations
# CERT_FINGERPRINT_SHA256-HOST=e7c9226a4d5d5423c58b5b19556958d86e440c8d2e547303539d4eeac47a4dd5

icloucl.net
reechel.com
reviews-icloud.com

# Reference: https://www.virustotal.com/gui/ip-address/193.149.180.42/relations

nakaizu.com

# Reference: https://www.virustotal.com/gui/file/3765fad885151a3b6055104aab0b36b53aca42c1c5c5ed3f1721c721c3085a39/detection

apraadhi.com
golflinksltd.com
omgtelecom.com

# Reference: https://www.virustotal.com/gui/ip-address/64.95.13.162/relations

ukhorizons.com

# Reference: https://www.virustotal.com/gui/ip-address/206.71.149.57/relations

abqsales.com

# Reference: https://x.com/JAMESWT_WT/status/2008967551360123209
# Reference: https://www.malware-traffic-analysis.net/2026/01/06/index.html

dinozozo.com
pippyheydguide.com

# Reference: https://www.virustotal.com/gui/ip-address/64.52.80.151/relations

oconneln.com

# Reference: https://www.virustotal.com/gui/ip-address/45.61.139.16/relations

deeesik.com

# Reference: https://www.virustotal.com/gui/ip-address/64.52.80.75/relations

trebblay.com

# Reference: https://www.virustotal.com/gui/file/fe0e91d1e975a2aee1abd95befa4224960d2d904ad53bf5a4fa30724f9d250ed/detection

banengids.com

# Reference: https://www.virustotal.com/gui/ip-address/216.245.184.175/relations

eoulverse.com
getsoulverse.com
joinsoulverse.com
seoulverse.ai
seoulverse.app
seoulverse.co
seoulverse.io
soluversr.com
sou.lv
soulberse.com
soulcamp.app
soulcamp.io
soulcamp.xyz
soulcerse.com
soulquest.ai
soulquest.ceo
soulquest.love
soulquest.pro
soulseek.love
soulseek.me
soulseek.quest
soulseek.us
soulv3rse.com
soulver.se
soulverae.com
soulveree.com
soulveres.com
soulvers.ing
soulvers3.com
soulversd.com
soulverse.ai
soulverse.art
soulverse.band
soulverse.beer
soulverse.best
soulverse.bid
soulverse.biz
soulverse.blog
soulverse.boo
soulverse.business
soulverse.cafe
soulverse.capital
soulverse.cash
soulverse.cc
soulverse.ceo
soulverse.chat
soulverse.city
soulverse.click
soulverse.clothing
soulverse.cloud
soulverse.co
soulverse.community
soulverse.company
soulverse.cx
soulverse.date
soulverse.dating
soulverse.design
soulverse.dev
soulverse.dog
soulverse.earth
soulverse.email
soulverse.enterprises
soulverse.eu.com
soulverse.fans
soulverse.finance
soulverse.financial
soulverse.forum
soulverse.fyi
soulverse.gg
soulverse.gives
soulverse.group
soulverse.help
soulverse.host
soulverse.inc
soulverse.ing
soulverse.it.com
soulverse.kids
soulverse.kitchen
soulverse.la
soulverse.live
soulverse.llc
soulverse.london
soulverse.love
soulverse.ltd
soulverse.ly
soulverse.me
soulverse.meme
soulverse.men
soulverse.mobi
soulverse.money
soulverse.name
soulverse.net
soulverse.network
soulverse.news
soulverse.ngo
soulverse.nl
soulverse.ong
soulverse.onl
soulverse.ooo
soulverse.org
soulverse.quest
soulverse.services
soulverse.shop
soulverse.site
soulverse.so
soulverse.social
soulverse.software
soulverse.solutions
soulverse.store
soulverse.studio
soulverse.support
soulverse.tech
soulverse.technology
soulverse.tokyo
soulverse.trade
soulverse.trading
soulverse.uk
soulverse.uk.net
soulverse.us.com
soulverse.vc
soulverse.ventures
soulverse.website
soulverse.win
soulverseapp.com
soulversed.com
soulversee.com
soulversely.com
soulverses.com
soulverses.net
soulverses.org
soulversr.com
soulversw.com
soulversx.com
soulverze.com
soulvesre.com
soulvfrse.com
soulvrese.com
soulvrrse.com
soulvwrse.com
souvlerse.com
spiritverse.io
spiritverse.net
suolverse.com
sv.fo
trysoulverse.com
usesoulverse.com
xsoulverse.com

# Reference: https://www.virustotal.com/gui/ip-address/64.95.12.147/relations

monseftq.com
payinty.com

# Reference: https://x.com/skocherhan/status/2018824453862396326

account-security.top
captchaflare.com
clllier.com
custpub.com
econtent.in
eprocessingnetwork.tech
fileshare.mfitbs.com
forrbes.com
gameservice.nttgame.com
gozamba.com
hoathcote.com
ibuyline.com
irsdd.com
mckeczie.com
pfanaerstill.com
rorkery.com
viesexuelle.com

# Reference: https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2026-02-03-IOCs-from-KongTuke-ClickFix-activity.txt

aacobson.com
bechtellr.com
csmultimedia.com
emierich.com
frttsch.com
fsglobe.com
jaskolkki.com
jenmartini.com
leprixnet.com
metavrze.com
morasota.top
reberts.com
remaxbemidji.com
scrroeder.com
solfson.com
tannypro.com
wilknnson.com
winrler.com
wwexp.com
zealmovies.com
payload.bruemald.top

# Reference: https://threatfox.abuse.ch/browse/malware/js.kongtuke/ (# 2026-02-04)

http://144.31.221.103
http://144.31.221.132
http://144.31.221.144
http://144.31.221.60
http://157.180.85.216
http://168.119.155.85
http://199.217.98.217
http://199.217.99.42
http://206.166.251.90
http://216.245.184.56
http://65.38.120.109
http://96.9.125.159
144.31.221.122:8888
144.31.221.127:5555
144.31.221.133:5555
144.31.221.142:8888
144.31.221.146:7777
144.31.221.84:5555
162.252.198.162:7777
168.100.11.73:6655
195.85.114.118:79
195.85.115.209:79
199.217.99.96:6655
206.166.251.184:6655
206.188.196.28:6655
64.7.199.155:5555
69.67.172.194:6655
accomplish-suppose-val-ensure.trycloudflare.com
aeropeics.com
castle-fifth-print-metallic.trycloudflare.com
cerkery.com
dmicn.com
dolmain.com
dsourceva.com
graffetti.com
guiasexo.com
homencck.com
husnikmeat.com
imf1.com
librarian-alabama-iowa-vegetables.trycloudflare.com
mahleinc.com
medhrrst.com
medinflow.com
meeller.com
nflportal.com
petitesalope.com
predovec.com
prixmatech.com
rickscribner.com
rider-february-thorough-decades.trycloudflare.com
stress-substance-mall-corrections.trycloudflare.com
termination-str-north-cool.trycloudflare.com
tylorperry.com
ulaicavr.com
varorg.com
vimsltd.com
winnheiser.com
yorkci.com

# Reference: https://www.virustotal.com/gui/file/87bc0498506de1b30ce5152749a34cbdf4b55f739ba34a0e204e0a51c92ea140/detection

softbylinux.com

# Reference: https://www.virustotal.com/gui/ip-address/193.149.176.105/relations

weibast.com

# Reference: https://www.virustotal.com/gui/ip-address/45.61.136.91/relations
# BODY_SHA1-HOST=4cb2c207d5a9bb582aa3ddd06786d1afa0d8bada

ads-open.com
alex-kmjn.com
alex-kmjn.store
alex-plok.store
alex-qazx.store
alex-wsdr.store
analitika-wb-ozon.store
annfirsrt.com
aplimgtfonu.com
benecian.com
blcksand.com
bot-ferw.com
bouncyboxers.store
boxedbabyhub.store
cardcheckingads.com
catanddogco.store
circuitcats.com
citas-gbmex.com
citi-zoverviews.com
codsnap.com
crazymovieman.com
ctpsih.com
dafarrra.com
dazwilson.com
ea-playtest.com
efef.selfip.com
elevateflavors.store
ensmingers.com
fettuccinifinder.store
flavorhive.store
flexonlineme.com
flroblanka.com
freegongzuo.com
fufutoken.com
fzerox.com
hilllwallack.com
homenmck.com
hotspotter.store
ifsnl.com
illkconstruction.com
info-points.com
io-nhub.com
kapoochi.com
lasagnalaunch.store
lgardenloom.com
lmemm.com
macaronimaster.store
maxwellpower-cn.store
mdcdiaimonds.com
mideriv.com
mieyabi.com
minitax.com
mogo7.com
nafacu.com
netzhit.com
pamperspunchers.store
pebcreek.com
peeffer.com
pennepro.store
pepperlane.store
primocodes.com
proskeuar.com
quugley.com
rossosys.com
rpgpals.com
seasonedwisdom.store
seasoningsensations.store
sismebtp.com
spicerybox.store
ssts-kr.com
steckmining.com
stemssp.com
talentifier.com
tasteboutique.store
tastebudtournaments.store
techstarsgroups.com
tefalle.com
testdroch.store
thirstytribe.store
trexodia.com
uebrasil.com
verdaliia.com
wackiman.com
x1cdic.com
xcitetv.com
ydt-solution.com
zephyrsoft.store
