# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: SALTWATER, SEASPY, SEASIDE

# Reference: https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally
# Reference: https://www.mandiant.com/resources/blog/unc4841-post-barracuda-zero-day-remediation
# Reference: https://otx.alienvault.com/pulse/64edfc5ab93abb1407070292

101.229.146.218:443
101.229.146.218:8080
103.146.179.101:443
103.146.179.101:8080
103.27.108.62:443
103.27.108.62:8080
103.77.192.13:443
103.77.192.13:8080
103.77.192.88:443
103.77.192.88:8080
103.93.78.142:443
103.93.78.142:8080
104.156.229.226:443
104.156.229.226:8080
104.223.20.222:443
104.223.20.222:8080
107.148.149.156:8080
107.148.219.227:443
107.148.219.227:8080
107.148.219.53:443
107.148.219.54:443
107.148.219.54:8080
107.148.219.55:443
107.148.219.55:8080
107.148.223.196:443
107.148.223.196:8080
107.173.62.158:443
107.173.62.158:8080
137.175.19.25:443
137.175.19.25:8080
137.175.28.251:443
137.175.28.251:8080
137.175.30.36:443
137.175.30.36:8080
137.175.30.86:443
137.175.30.86:8080
137.175.51.147:443
137.175.53.170:443
137.175.53.170:8080
137.175.53.17:443
137.175.53.17:8080
137.175.53.218:443
137.175.53.218:8080
137.175.60.252:443
137.175.60.252:8080
137.175.60.253:443
137.175.60.253:8080
137.175.78.66:443
137.175.78.66:8080
139.84.227.9:443
139.84.227.9:8080
155.94.160.72:443
155.94.160.72:8080
182.239.114.135:443
182.239.114.135:8080
182.239.114.254:443
182.239.114.254:8080
192.74.226.142:443
192.74.226.142:8080
192.74.254.229:443
192.74.254.229:8080
198.2.254.219:443
198.2.254.219:8080
198.2.254.220:443
198.2.254.220:8080
198.2.254.221:443
198.2.254.221:8080
198.2.254.222:443
198.2.254.222:8080
198.2.254.223:443
198.2.254.223:8080
199.247.23.80:443
199.247.23.80:8080
213.156.153.34:443
213.156.153.34:8080
216.238.112.82:443
216.238.112.82:8080
23.224.42.29:8080
23.224.78.130:443
23.224.78.130:8080
23.224.78.131:443
23.224.78.131:8080
23.224.78.132:443
23.224.78.132:8080
23.224.78.133:443
23.224.78.133:8080
23.224.78.134:443
23.224.78.134:8080
37.9.35.217:443
37.9.35.217:8080
38.54.1.82:443
38.54.1.82:8080
38.54.113.205:443
38.54.113.205:8080
38.60.254.165:443
38.60.254.165:8080
45.63.76.67:443
45.63.76.67:8080
52.23.241.105:443
52.23.241.105:8080
64.176.4.234:443
64.176.4.234:8080
64.176.7.59:443
64.176.7.59:8080
bestfindthetruth.com
fessionalwork.com
gesturefavour.com
goldenunder.com
singamofing.com
singnode.com
togetheroffway.com
troublendsef.com

# Reference: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/trustwave-action-response-zero-day-vulnerability-in-barracuda-email-security-gateway-appliance-esg-cve-2023-2868/
# Reference: https://otx.alienvault.com/pulse/648783b6e843ce3fe69a281a

mx01.bestfindthetruth.com
xxl17z.dnslog.cn

# Reference: https://github.com/hagezi/dns-blocklists/issues/7271
# Reference: https://www.silentpush.com/blog/salt-typhoon-2025/

aar.gandhibludtric.com
aria-hidden.com
asparticrooftop.com
caret-right.com
chatscreend.com
chekoodver.com
cloudprocenter.com
clubworkmistake.com
col-lg.com
colourtinctem.com
componfrom.com
e-forwardviewupdata.com
fitbookcatwer.com
fjtest-block.com
followkoon.com
gandhibludtric.com
getdbecausehub.com
hateupopred.com
incisivelyfut.com
junsamyoung.com
lookpumrron.com
morrowadded.com
newhkdaily.com
onlineeylity.com
qatarpenble.com
redbludfootvr.com
requiredvalue.com
ressicepro.com
shalaordereport.com
siderheycook.com
sinceretehope.com
solveblemten.com
toodblackrun.com
unfeelmoonvd.com
verfiedoccurr.com
waystrkeprosh.com
xdmgwctese.com

# Reference: https://dti.domaintools.com/inside-salt-typhoon-chinas-state-corporate-advanced-persistent-threat/

availabilitydesired.us
