# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: tollbooth, rudepanda

# Reference: https://x.com/AzakaSekai_/status/1969294757978652947
# Reference: https://x.com/bluish_red_/status/1980668262682882057
# Reference: https://www.elastic.co/security-labs/tollbooth
# Reference: https://github.com/Still34/malware-lab/blob/main/reworkshop/2025-09-20/iocs.csv

aseo99.com
cseo99.com
fseo99.com
c.cseo99.com
c1.cseo99.com
c-test.cseo99.com
f.fseo99.com
f1.fseo99.com
f-test.fseo99.com
api.aseo99.com
mlxya.oss-accelerate.aliyuncs.com
asf-sikkeiyjga.cn-shenzhen.fcapp.run
ask-bdtj-selohjszlw.cn-shenzhen.fcapp.run

# Reference: https://x.com/bluish_red_/status/1980828128315601072
# Reference: https://x.com/securechicken/status/1980715257791193420
# Reference: https://harfanglab.io/insidethelab/rudepanda-owns-iis-servers-like-2003/

aseo88.com
cn.lol
cseo8.com
cseo88.com
etf888.vip
fseo88.com
gov.land
jseo99.com
lseo99.com
org.cfd
wseo8.com
wseo88.com
wseo99.com
xseo8.com
zseo8.com
api.xseo8.com
api-v2.xseo8.com
jump.etf888.vip
c.cseo8.com
f.zseo8.com
