# Copyright (c) 2014-2026 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: smokedham

# Reference: https://medium.com/trac-labs/who-ordered-the-smokedham-backdoor-delicacies-in-the-wild-87f51e2e5bd2
# BANNER_0_HASH-HOST=0173bce3e88196b60c3015daf93f5ade
# BANNER_0_HASH-HOST=0ed538720824ecb68a7fb67c35f596d0
# BANNER_0_HASH-HOST=10e4e20e68955859b4eef28a47ca37bf
# BANNER_0_HASH-HOST=1b897b2241e500989cf1c986ff951f4a

cdn-server-1.xiren77418.workers.dev
cdn-server-2.wesoc40288.workers.dev
cdn-server-full.taros12579.workers.dev
cdn-web-server1.techserver01.workers.dev
cdn1.cowivat156.workers.dev
cdn1.poyag17470.workers.dev
crimson-unit-2561.kopis56799.workers.dev
dash-server.servertech03.workers.dev
ec2-server-noisy-band-0fe8.focapaj280.workers.dev
server-cd2.bipewi2747.workers.dev
server-cdn.jawigaw383.workers.dev
server-cdn.lafise2419.workers.dev
server-cdn.lecoc56350.workers.dev
server-cdn.sidoke9822.workers.dev
server-cdn.virej10913.workers.dev
server-cdn.xohahey822.workers.dev
server-web-cdn.detocim498.workers.dev
server-web-cdn.kagoli5215.workers.dev
server-web-cdn.nefixeg373.workers.dev
server-web-cdn.pixece7948.workers.dev
server-web-cdn.rojotoc516.workers.dev
server-web-cdn.vosax32455.workers.dev
server-web.sasex59966.workers.dev
soft-base-01.ginigiy117.workers.dev
soft-dns.sejilod748.workers.dev
web-app.larij21770.workers.dev
work-server-1.picalob750.workers.dev

# Reference: https://gist.github.com/drb-ra/179e8e9beca45bc10feba97cf8c5c7b1

app-cdn.celixi6266.workers.dev
cdn-app-server.vewojo9572.workers.dev
cdn-app-web.piniyi9484.workers.dev
ec2-app.lewoha7320.workers.dev
ec2-server.bayaj19162.workers.dev
ec2-server.gegodec527.workers.dev
ec2-server.milago3967.workers.dev
floral-paper-8eb1.pihara4672.workers.dev
keystore-explorer.com
mstore.framfarmers.co.uk
server-web-cdn.dones86497.workers.dev
server-web-cdn.mevame4224.workers.dev
server-web-cdn.ravebo3233.workers.dev
server-web-cdn.yevobod379.workers.dev
server-web-cdn1.gekod80409.workers.dev
web-app.dasik14289.workers.dev

# Reference: https://x.com/SquiblydooBlog/status/1993311260512075967
# Reference: https://app.any.run/tasks/a9391be5-4e71-4a95-9072-477f8afd906f/

bapiyat727.workers.dev
pofelal314.workers.dev
app.pofelal314.workers.dev
ssl.bapiyat727.workers.dev

# Reference: https://x.com/g0njxa/status/2010485906466394343
# Reference: https://x.com/g0njxa/status/2027082406847709524
# Reference: https://www.virustotal.com/gui/file/cbbe98e1b36eb68a7afe534c21055f9cc793c2a6a7ca63256d273020a096f7a7/detection
# Reference: https://www.virustotal.com/gui/file/30427b6732fea64c2cdc0b40c19695902f2bdea5f87dab16b4082bb3cf208557/detection
# BANNER_0_HASH-HOST=09dcb64ff33900abe8a52e527f81ffdd
# BANNER_0_HASH-HOST=272b145c05fa9de8e0d197dddab7d796
# BANNER_0_HASH-HOST=72aafbb72ed15fbfdfbd422cefc88bee
# BANNER_0_HASH-HOST=ec6f4705aac9ddc742662eb4ab2435ff
# FAVICON_HASH-HOST=72a8c7c419ad3849201c65c977dbc4c6

beekeeperstudio-db.com
beekeeperstudio.cc
beekeeperstudio.co
beekeeperstudio.pro
beekeeperstudio.space
beekeeperstudio.tech
computerservicesource.com
database-lists.com
dbeaver-database.app
dbeaver-database.cc
dbeaver-database.cloud
dbeaver-database.co
dbeaver-database.com
dbeaver-database.org
dbeaver-database.pro
dbeaver-database.tech
dbeaver-database.us
harnetsecuriity.com
harnetsecurity.com
heidisql-enterprise.app
heidisql-enterprise.cc
heidisql-enterprise.cloud
heidisql-enterprise.co
heidisql-enterprise.com
heidisql-enterprise.ltd
heidisql-enterprise.org
heidisql-enterprise.pro
heidisql-enterprise.tech
heidisql-enterprise.us
heidisql.space
hornetseculty.com
horpetsecurity.com
nmap.space
rv-tools.eu
rv-tools.info
rvtoo1s.com
rvtoolaca.com
rvtoolaca.online
rvtoolacs.com
rvtoolas.com
rvtoolc.info
rvtooles.com
rvtooles.info
rvtooli.info
rvtoolis.com
rvtoolit.com
rvtoolls.info
rvtools-dev.com
rvtools-skillcamp.com
rvtools.link
rvtoolsac.com
rvtoolsacad.com
rvtoolsacs.com
rvtoolsax.com
rvtoolsed.com
rvtoolses.com
rvtoolsgo.com
rvtoolshq.com
rvtoolsio.com
rvtoolsl.com
rvtoolslab.com
rvtoolsnet.com
rvtoolsnow.com
rvtoolsnt.com
rvtoolso.com
rvtoolspro.com
rvtoolspro.info
rvtoolspro.online
rvtoolss.com
rvtoolsun.com
rvtoolsus.com
rvtoolsusa.com
rvtouls.com
rvvtools.com
softwarep2p.com
vchekac.com
vchekacad.com
vmback.com
vmbacku.com
vmbackups.com
vmsbackup.com
vmware-rvtools.app
vmware-rvtools.cc
vmware-rvtools.cloud
vmware-rvtools.com
vmware-rvtools.ltd
vmware-rvtools.org
vmware-rvtools.pro
vmware-rvtools.tech
vmware-rvtools.us
vmwarevelocity.com
aapanel34768.hostkey.in
app-cdn-software-gza4gebuf3cqd8h6.z03.azurefd.net
beekeeperstudio.softwarep2p.com
dbeaver.softwarep2p.com
download.rvtools-dev.com
download.rvtools-skillcamp.com
heidisql.database-lists.com
nmap.softwarep2p.com
rustore.rvtouls.com
rvtools.softwarep2p.com
rvtools.vmwarevelocity.com
update.rvtouls.com
update.rvvtools.com

# Reference: https://x.com/goldenjackel12/status/2013877434421072187
# Reference: https://www.virustotal.com/gui/file/3ebc0df2b92a39d1fb4491b7aaf6996425214ebe85e6243f443f1db087172f27/detection

groover.workers.dev
etherial.groover.workers.dev
