# Copyright (c) 2014-2026 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Aliases: apt-c-01, poison ivy # Reference: https://twitter.com/RedDrip7/status/1118009381679878144 # Reference: https://www.virustotal.com/gui/domain/webplurk.com/relations # Reference: https://www.virustotal.com/gui/file/b101035ae8b25263cf7101fbc63df71682cf0963d59b28e28da6e83b35003452/detection # Reference: https://ti.360.net/uploads/2018/09/20/6f8ad451646c9eda1f75c5d31f39f668.pdf (Chinese) myaccount.emailsevr.net 126mailserver.serveftp.com access.webplurk.com aliago.dyndns.dk annie165.zyns.com as1688.webhop.org babana.wikaba.com backaaa.beijingdasihei.com bearingonly.rebatesrule.net bt0116.servebbs.net canberk.gecekodu.com ceepitbj.servepics.com check.blogdns.com china.serveblog.net chinamil.lflink.com cluster.safe360.dns05.com cnwww.m-music.net comehigh.mefound.com emailser163.serveusers.com fevupdate.ocry.com fff.dynamic-dns.net gaewaa.upgrinfo.com geiwoaaa.qpoe.com givemea.ygto.com givemeaaa.upgrinfo.com goldlion.mefound.com gugupd.008.net guliu2008.9966.org hy-zhqopin.mynumber.org hyssjc.securitytactics.com jason.zyns.com javainfo.upgrinfo.com jerry.jkub.com kav2011.mooo.com kouwel.zapto.org l63service.serveuser.com laizaow.mefound.com localhosts.ddns.us mail.sends.sendsmtp.com mail163.mypop3.net mailsends.sendsmtp.com mediatvset.no-ip.org microsoftword.serveuser.com moneyaaa.beijingdasihei.com motices.ourhobby.com mp3.dnset.com netlink.vizvaz.com office.go.dyndns.org officepatch.dnset.com operater.solaris.nu pouhui.diskstation.org pps.longmusic.com ps1688.webhop.org rising.linkpc.net safe360.dns05.com sandy.ourhobby.com service.justdied.com soagov.sytes.net soagov.zapto.org soasoa.sytes.net ssy.ikwb.com ssy.mynumber.org svcsrset.ezua.com teacat.https443.org tong.wikaba.com updateinfo.servegame.org updates.lflink.com usa08.serveftp.net uswebmail163.sendsmtp.com waterfall.mynumber.org webupdate.dnsrd.com winsysupdate.dynamic-dns.net wmiaprp.ezua.com webplurk.com wwwdo.tyur.acmetoy.com xinhua.redirectme.net zxcv201789.dynssl.com # Reference: https://twitter.com/blackorbird/status/1293732897405378560 # Reference: https://www.virustotal.com/gui/file/921ceb666fcfeee6cb031b334f6552bbf9e0364e51bb3972c2ff02a0779a5693/detection 202.182.108.174:80 207.148.126.90:80 app.newfacebk.com influxdb.kanoak.com monitoring.kanoak.com officeupdate.mynetav.com update.newfacebk.com winsoftware.onedumb.com # Reference: https://twitter.com/ThreatBookLabs/status/1613735997363359745 censor.site certifications.services clouddevice.site clouddrive.space # Reference: https://twitter.com/ThreatBookLabs/status/1641631696742391808 360urlscan.com # Reference: https://twitter.com/ThreatBookLabs/status/1645986803592347648 cloudattaches-126.com # Reference: https://threatbook.io/domain/download163ease.com download163ease.com # Reference: https://twitter.com/ThreatBookLabs/status/1651978128439517185 accounts126.com # Reference: https://x.com/blackorbird/status/1862442853445902387 # Reference: https://mp.weixin.qq.com/s/6wVfE9SE3wVuazxVppe3tA # Reference: https://www.virustotal.com/gui/file/534522b87f1158f28587f82b4df590546a004f17a648cfcff2bdcc5fc2cc3355/detection # Reference: https://www.virustotal.com/gui/file/d3591c2f1692fd1dd582f7fb377b74d1c8e82b2256d4b8c6cc9f9bc5b2fc39c3/detection http://128.199.134.3 http://158.247.208.174 128.199.134.3:443 158.247.208.174:443 caac-cn.com caac-cn.org # Reference: https://hunt.io/blog/greenspot-apt-targets-163com-fake-downloads-spoofing 143-244-183-240.cprapid.com 64-176-165-42.cprapid.com 6c99b2c4cf5a.expolebanon.com afte856422126.com atrew56877.com avdsart.com bribieislandhistory.com buendnis-fuer-kinder.com center-gai.com chamber.icu chinmori.com cnsa163.com co-journal163.com co-journalyeah.net contracter.org daotongintelligence163.com datamasterw.com difusora890.com dockerswarm2.cic-webpro.com eadfg56877.com eco163.com eleusina.com esrebrenica.com fored126.com gjfgw163.com gottardo-fs.com gscmovies.com gxbxzszl163.com gzkfj20240923.com h2024163.com hcqtji.com hopemilltheatre.com hostmaster.thicongcayxanh.com.vn howtochoosealawschool.com hunter.luminousstore.cloud huntercomunity.pterodactyl.web.id im1.dewabiz.com intent.cyou janheweliusz.com k2024163.com krogoo.net l12254686126.com l12457784126.com l2024163.com l58785163.com l588188126.com l5886797126.com l8630639126.com ll63.net locarmi.com lorenlegarda.com m2024163.com mail.eco163.com mail.ll63.net mg333.co museeairespace.com nefeliishot.com newonelier.com nissantuners.com node.huntercomunity.pterodactyl.web.id nottinghamplayhouse.com o88252526126.com oneliotimes.com private-site163.com psagwadar.com redebrasilatual.com regomiba.com sater512368.com saymoil.com shandong163.com shannon-fishery-board.com ship5688789.com shiper5688163.com shop-dustongel.com solovlxx.com stamfordshakespeare.com superset.greeninvietnam.org.vn tanygraig.com technicel.vip technology.cyou telegrafonline.com the-real-mscleo.com thecatlab.space thisisstfc.com tsumada.com tyeeconsulting.com vernonmuseum.com worldradihistory.com ww2gravestoneer.com zilarmala.com