# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: apt-c-01, poison ivy

# Reference: https://twitter.com/RedDrip7/status/1118009381679878144
# Reference: https://www.virustotal.com/gui/domain/webplurk.com/relations
# Reference: https://www.virustotal.com/gui/file/b101035ae8b25263cf7101fbc63df71682cf0963d59b28e28da6e83b35003452/detection
# Reference: https://ti.360.net/uploads/2018/09/20/6f8ad451646c9eda1f75c5d31f39f668.pdf (Chinese)

myaccount.emailsevr.net
126mailserver.serveftp.com
access.webplurk.com
aliago.dyndns.dk
annie165.zyns.com
as1688.webhop.org
babana.wikaba.com
backaaa.beijingdasihei.com
bearingonly.rebatesrule.net
bt0116.servebbs.net
canberk.gecekodu.com
ceepitbj.servepics.com
check.blogdns.com
china.serveblog.net
chinamil.lflink.com
cluster.safe360.dns05.com
cnwww.m-music.net
comehigh.mefound.com
emailser163.serveusers.com
fevupdate.ocry.com
fff.dynamic-dns.net
gaewaa.upgrinfo.com
geiwoaaa.qpoe.com
givemea.ygto.com
givemeaaa.upgrinfo.com
goldlion.mefound.com
gugupd.008.net
guliu2008.9966.org
hy-zhqopin.mynumber.org
hyssjc.securitytactics.com
jason.zyns.com
javainfo.upgrinfo.com
jerry.jkub.com
kav2011.mooo.com
kouwel.zapto.org
l63service.serveuser.com
laizaow.mefound.com
localhosts.ddns.us
mail.sends.sendsmtp.com
mail163.mypop3.net
mailsends.sendsmtp.com
mediatvset.no-ip.org
microsoftword.serveuser.com
moneyaaa.beijingdasihei.com
motices.ourhobby.com
mp3.dnset.com
netlink.vizvaz.com
office.go.dyndns.org
officepatch.dnset.com
operater.solaris.nu
pouhui.diskstation.org
pps.longmusic.com
ps1688.webhop.org
rising.linkpc.net
safe360.dns05.com
sandy.ourhobby.com
service.justdied.com
soagov.sytes.net
soagov.zapto.org
soasoa.sytes.net
ssy.ikwb.com
ssy.mynumber.org
svcsrset.ezua.com
teacat.https443.org
tong.wikaba.com
updateinfo.servegame.org
updates.lflink.com
usa08.serveftp.net
uswebmail163.sendsmtp.com
waterfall.mynumber.org
webupdate.dnsrd.com
winsysupdate.dynamic-dns.net
wmiaprp.ezua.com
webplurk.com
wwwdo.tyur.acmetoy.com
xinhua.redirectme.net
zxcv201789.dynssl.com

# Reference: https://twitter.com/blackorbird/status/1293732897405378560
# Reference: https://www.virustotal.com/gui/file/921ceb666fcfeee6cb031b334f6552bbf9e0364e51bb3972c2ff02a0779a5693/detection

202.182.108.174:80
207.148.126.90:80
app.newfacebk.com
influxdb.kanoak.com
monitoring.kanoak.com
officeupdate.mynetav.com
update.newfacebk.com
winsoftware.onedumb.com

# Reference: https://twitter.com/ThreatBookLabs/status/1613735997363359745

censor.site
certifications.services
clouddevice.site
clouddrive.space

# Reference: https://twitter.com/ThreatBookLabs/status/1641631696742391808

360urlscan.com

# Reference: https://twitter.com/ThreatBookLabs/status/1645986803592347648

cloudattaches-126.com

# Reference: https://threatbook.io/domain/download163ease.com

download163ease.com

# Reference: https://twitter.com/ThreatBookLabs/status/1651978128439517185

accounts126.com