# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: apt-c-01, poison ivy

# Reference: https://twitter.com/RedDrip7/status/1118009381679878144
# Reference: https://www.virustotal.com/gui/domain/webplurk.com/relations
# Reference: https://www.virustotal.com/gui/file/b101035ae8b25263cf7101fbc63df71682cf0963d59b28e28da6e83b35003452/detection
# Reference: https://ti.360.net/uploads/2018/09/20/6f8ad451646c9eda1f75c5d31f39f668.pdf (Chinese)

myaccount.emailsevr.net
126mailserver.serveftp.com
access.webplurk.com
aliago.dyndns.dk
annie165.zyns.com
as1688.webhop.org
babana.wikaba.com
backaaa.beijingdasihei.com
bearingonly.rebatesrule.net
bt0116.servebbs.net
canberk.gecekodu.com
ceepitbj.servepics.com
check.blogdns.com
china.serveblog.net
chinamil.lflink.com
cluster.safe360.dns05.com
cnwww.m-music.net
comehigh.mefound.com
emailser163.serveusers.com
fevupdate.ocry.com
fff.dynamic-dns.net
gaewaa.upgrinfo.com
geiwoaaa.qpoe.com
givemea.ygto.com
givemeaaa.upgrinfo.com
goldlion.mefound.com
gugupd.008.net
guliu2008.9966.org
hy-zhqopin.mynumber.org
hyssjc.securitytactics.com
jason.zyns.com
javainfo.upgrinfo.com
jerry.jkub.com
kav2011.mooo.com
kouwel.zapto.org
l63service.serveuser.com
laizaow.mefound.com
localhosts.ddns.us
mail.sends.sendsmtp.com
mail163.mypop3.net
mailsends.sendsmtp.com
mediatvset.no-ip.org
microsoftword.serveuser.com
moneyaaa.beijingdasihei.com
motices.ourhobby.com
mp3.dnset.com
netlink.vizvaz.com
office.go.dyndns.org
officepatch.dnset.com
operater.solaris.nu
pouhui.diskstation.org
pps.longmusic.com
ps1688.webhop.org
rising.linkpc.net
safe360.dns05.com
sandy.ourhobby.com
service.justdied.com
soagov.sytes.net
soagov.zapto.org
soasoa.sytes.net
ssy.ikwb.com
ssy.mynumber.org
svcsrset.ezua.com
teacat.https443.org
tong.wikaba.com
updateinfo.servegame.org
updates.lflink.com
usa08.serveftp.net
uswebmail163.sendsmtp.com
waterfall.mynumber.org
webupdate.dnsrd.com
winsysupdate.dynamic-dns.net
wmiaprp.ezua.com
webplurk.com
wwwdo.tyur.acmetoy.com
xinhua.redirectme.net
zxcv201789.dynssl.com

# Reference: https://twitter.com/blackorbird/status/1293732897405378560
# Reference: https://www.virustotal.com/gui/file/921ceb666fcfeee6cb031b334f6552bbf9e0364e51bb3972c2ff02a0779a5693/detection

202.182.108.174:80
207.148.126.90:80
app.newfacebk.com
influxdb.kanoak.com
monitoring.kanoak.com
officeupdate.mynetav.com
update.newfacebk.com
winsoftware.onedumb.com

# Reference: https://twitter.com/ThreatBookLabs/status/1613735997363359745

censor.site
certifications.services
clouddevice.site
clouddrive.space

# Reference: https://twitter.com/ThreatBookLabs/status/1641631696742391808

360urlscan.com

# Reference: https://twitter.com/ThreatBookLabs/status/1645986803592347648

cloudattaches-126.com

# Reference: https://threatbook.io/domain/download163ease.com

download163ease.com

# Reference: https://twitter.com/ThreatBookLabs/status/1651978128439517185

accounts126.com

# Reference: https://x.com/blackorbird/status/1862442853445902387
# Reference: https://mp.weixin.qq.com/s/6wVfE9SE3wVuazxVppe3tA
# Reference: https://www.virustotal.com/gui/file/534522b87f1158f28587f82b4df590546a004f17a648cfcff2bdcc5fc2cc3355/detection
# Reference: https://www.virustotal.com/gui/file/d3591c2f1692fd1dd582f7fb377b74d1c8e82b2256d4b8c6cc9f9bc5b2fc39c3/detection

http://128.199.134.3
http://158.247.208.174
128.199.134.3:443
158.247.208.174:443
caac-cn.com
caac-cn.org

# Reference: https://hunt.io/blog/greenspot-apt-targets-163com-fake-downloads-spoofing

143-244-183-240.cprapid.com
64-176-165-42.cprapid.com
6c99b2c4cf5a.expolebanon.com
afte856422126.com
atrew56877.com
avdsart.com
bribieislandhistory.com
buendnis-fuer-kinder.com
center-gai.com
chamber.icu
chinmori.com
cnsa163.com
co-journal163.com
co-journalyeah.net
contracter.org
daotongintelligence163.com
datamasterw.com
difusora890.com
dockerswarm2.cic-webpro.com
eadfg56877.com
eco163.com
eleusina.com
esrebrenica.com
fored126.com
gjfgw163.com
gottardo-fs.com
gscmovies.com
gxbxzszl163.com
gzkfj20240923.com
h2024163.com
hcqtji.com
hopemilltheatre.com
hostmaster.thicongcayxanh.com.vn
howtochoosealawschool.com
hunter.luminousstore.cloud
huntercomunity.pterodactyl.web.id
im1.dewabiz.com
intent.cyou
janheweliusz.com
k2024163.com
krogoo.net
l12254686126.com
l12457784126.com
l2024163.com
l58785163.com
l588188126.com
l5886797126.com
l8630639126.com
ll63.net
locarmi.com
lorenlegarda.com
m2024163.com
mail.eco163.com
mail.ll63.net
mg333.co
museeairespace.com
nefeliishot.com
newonelier.com
nissantuners.com
node.huntercomunity.pterodactyl.web.id
nottinghamplayhouse.com
o88252526126.com
oneliotimes.com
private-site163.com
psagwadar.com
redebrasilatual.com
regomiba.com
sater512368.com
saymoil.com
shandong163.com
shannon-fishery-board.com
ship5688789.com
shiper5688163.com
shop-dustongel.com
solovlxx.com
stamfordshakespeare.com
superset.greeninvietnam.org.vn
tanygraig.com
technicel.vip
technology.cyou
telegrafonline.com
the-real-mscleo.com
thecatlab.space
thisisstfc.com
tsumada.com
tyeeconsulting.com
vernonmuseum.com
worldradihistory.com
ww2gravestoneer.com
zilarmala.com
