# Copyright (c) 2014-2026 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: CL-STA-0048, abcdoor

# Reference: https://otx.alienvault.com/pulse/642d624ccd3a7cca31c9e252
# Reference: https://www.virustotal.com/gui/ip-address/43.154.239.14/relations
# Reference: https://www.virustotal.com/gui/file/ca47e4505cc84c087d20cadc78aabc01ff6adb44503d86224eb2bd8015016feb/detection
# Reference: https://www.virustotal.com/gui/file/c8e6da627a59a00f043fed05556b738a86fb0f69029748cff206b96a32644f03/detection
# Reference: https://www.virustotal.com/gui/file/bbaa917065d2ca0ba5151b17598789c0125b91c6d7e96ea9b157309e9bf9e2a4/detection
# Reference: https://www.virustotal.com/gui/file/5b5bf1eae9fdd580e2cd491710fbb2504e2f732b17859081eb29801ba61910d7/detection
# Reference: https://www.virustotal.com/gui/file/4d87ad44fb99c42fd5ae0cdba4efcf887574f533a8576d020a24e1ab98809263/detection

154.197.14.38:1523
43.154.189.105:7093
43.154.239.14:7093
43.154.55.253:7093
43.155.98.18:7093
43.249.30.41:1523
43.249.30.41:1524
haiwai2.xyz
liangjiang33.top
liangjiang3344.top
liangjiang44.top
telegramsi.site
club.liangjiang44.top

# Reference: https://cert.360.cn/warning/detail?id=6528fd63ea0822e915605dc6
# Reference: https://otx.alienvault.com/pulse/652d51197fbe59ec2dd072a8

ccgbub296.qty592.com
dianpiao4-1320808414.cos.ap-nanjing.myqcloud.com
dianpiao5-1320808414.cos.ap-nanjing.myqcloud.com
fapao-1320364328.cos.ap-guangzhou.myqcloud.com

# Reference: https://x.com/malwrhunterteam/status/1817829163186733082
# Reference: https://www.virustotal.com/gui/file/7decebabc2d6d61421f8ee3eb86930aa4748887469d76d153db59af63452991e/detection
# Reference: https://www.virustotal.com/gui/file/911a322297f8fcd094434e0715e276e85adb150454cd36588841cbd77fb7c89d/detection

154.92.19.81:6666
154.92.19.81:8888
39.109.114.74:10009
39.109.114.74:10010

# Reference: https://x.com/JAMESWT_MHT/status/1869343624061989127
# Reference: https://www.virustotal.com/gui/file/7b2d2c13f652b5172c9930aa164163caeda8820935cccd9983d924aa90d294d0/detection

27.50.63.8:10443
27.50.63.8:4433
anydesk17.s3.ap-east-1.amazonaws.com

# Reference: https://www.forescout.com/blog/healthcare-malware-hunt-part-1-silver-fox-apt-targets-philips-dicom-viewers/

8.217.60.40:8917
vien3h.oss-cn-beijing.aliyuncs.com

# Reference: https://x.com/skocherhan/status/1926556842492150221
# Reference: https://www.virustotal.com/gui/file/1f946a4714e8b05d449b4cb75ad0c711c630260075e67dd2adad307b49f9f4c6/detection

43.248.173.209:10471
43.248.173.209:10472
43.248.173.209:18852
k0e.xyz
k0l.xyz

# Reference: https://www.fortinet.com/blog/threat-research/threat-group-targets-companies-in-taiwan

00-1321729461.cos.ap-guangzhou.myqcloud.com
6-1321729461.cos.ap-guangzhou.myqcloud.com
twzfte-1340224852.cos.ap-guangzhou.myqcloud.com
cq1tw.top
twcz.pro
twczb.com
twnc.ink
twnic.icu
twnic.ink
twnic.ltd
twnic.xin
twsa.top
twsw.cc
twsw.club
twsw.info
twsw.ink
twsw.ltd
twsw.pro
twsww.vip
twsww.xin
twswz.top
twswzz.xin
twtgtw.net
twzfw.vip
z2tw.xin

# Reference: https://x.com/Cyber_O51NT/status/1947500223061791178
# Reference: https://mp.weixin.qq.com/s?__biz=MzU2OTcxNjE4Mw==&mid=2247486072&idx=1&sn=ce36707ae3974cc872b4432a8edf2dee&poc_token=HMo1f2ijBV0u5OvP3CmpxsqaacBtvRszX0VCBbPP
# Reference: https://www.virustotal.com/gui/file/061588b2a2b1c2044fe99d99bac0529d99d708802ead6da37aae29b590921bfe/detection

45.13.161.179:8880
ailletll.top

# Reference: https://hunt.io/blog/multilingual-zip-phishing-campaigns-asia-financial-government

11c979baeb8bddc12e79ad4def0964e94.bulinouui.sbs
199cb150cec25af3132ddd4e47b37248.bulinouui.sbs
27160fcce1e199401dde5e01ce829006.ttcskhdl.lol
3381536ffe13739277b0a87c08a66596.bulinouui.sbs
5289c03d6d33ac4cf474de436f6bbf47.bulinouui.sbs
53d9da1f7632f687dde3b0ec4df00710.bulinouui.sbs
6358bdf15f655e7e305eacaf385cd12.bulinouui.sbs
bulinouui.sbs
cq1tw.icu
gaelh.cn
gjqygs.cn
jpjpz1.cc
jpjpz1.top
jpjpz1.vip
qiqi1.xin
twmm.shop
twswzz.icu
vip.gaelh.cn
wojkejys.lat
xinwenwamg.net
z2tw.vip
zcqiyess.vip
zxp0010w.vip

# Reference: https://www.cloudsek.com/blog/silver-fox-targeting-india-using-tax-themed-phishing-lures

2025swmm.cn
dingtalki.cn
ggwk.cc
gov-a.club
gov-a.fit
gov-a.work
gov-c.club
govk.club
gvo-b.club
hhiioo.cn
hhiioo.work
hhimm.work
itdd.club
kkyui.club
swjc2025bjkb.cn
xzghjec.com
yuxuanow.top
b.yuxuanow.top

# Reference: https://x.com/skocherhan/status/2020910341933130197
# Reference: https://www.virustotal.com/gui/file/099da66d8499758ec8fc082f04830d0d89173878c9325202ee74998068fe4f52/detection

202.79.171.236:5050
jd16881988.com

# Reference: https://x.com/anylink20240604/status/2022650902520479988
# Reference: https://bbs.kafan.cn/thread-2288675-1-1.html

8.210.25.225:5050
uuuucome.com

# Reference: https://x.com/skocherhan/status/2030164508153426283
# Reference: https://www.virustotal.com/gui/file/6243e3e29e2178361437e59cca8c1f19d9ecf25b44ea31f7b2159871c317572a/detection

108.187.7.232:6666
108.187.7.232:8888
gghhbb.com
888-1393918816.cos.ap-tokyo.myqcloud.com

# Reference: https://www.linkedin.com/posts/mauricefielenbach_threatintelligence-malwareanalysis-infosec-activity-7436840429180018691-YWcm
# Reference: https://www.virustotal.com/gui/file/fa5d3a9eebf9310148e7b980fefa7bc3f3a8e8ee7a8d0bd21a057c54c5a47560/detection
# Reference: https://www.virustotal.com/gui/file/5841ad433ab199bb784a4d33fd629101d22de6e44dce0606c08b92f8b4709380/detection

61.111.250.139:9899
bifa668.com
www-surfshark.com

# Reference: https://www.virustotal.com/gui/file/7170d7a2281bec9ca149590449417c6ed32ffd47120942c1e71011ec62c2f443/detection

95.40.160.77:5676
cdklskjd.cn

# Reference: https://x.com/Dixit_404/status/2033943350106317065
# Reference: https://www.virustotal.com/gui/file/609baa77a4d38837289f367cd7125d29f36a5401e41df64150ed3dafafd4774c/detection

http://134.122.128.135
156.247.40.59:5050

# Reference: https://asec.ahnlab.com/ko/92924/
# Reference: https://www.virustotal.com/gui/file/7bbfd3ac7ab766c996f80fd414118705ee5e8e822c26513bb3e6920c25efa94d/detection

119.28.70.225:443
192.238.129.47:18852

# Reference: https://hexastrike.com/resources/blog/threat-intelligence/trust-the-tunnel-get-the-trojan-silver-fox-delivers-atlascross-rat-via-weaponized-vpn-installers/

app-zoom.com
eyy-eyy.com
kefubao-pc.com
quickq-quickq.com
signal-signal.com
telegrtam.com.cn
trezor-trezor.com
ultraviewer-cn.com
wwtalk-app.com
www-teams.com

# Reference: https://github.com/hagezi/dns-blocklists/issues/9513

3236dsfdfgt.icu
aionkingdom.online
anydesktaiwan.com
da32a73a-988f-4dc9-b4b6-64957d4d5d0c.djxjcidksndkdkdk.com
dan.sxkj999.vip
djxjcidksndkdkdk.com
domt1.com
febgvh5.gyfunds.cc
fh.domt1.com
fnflpkc.co.cc
gyfunds.cc
inside4rom.com
jiosi.net
kainlian.com.cn
mi.y0303m.top
mtn.pubgdma.vip
pay.gyfunds.cc
pubgdma.vip
s-ed1.cloud.gcore.lu
sen.s-ed1.cloud.gcore.lu
sxkj999.vip
wbaosc.com
xiaoshihou10.top
xiaoshihou11.top
xiaoshihou12.top
xiaoshihou14.top
xiaoshihou15.top
xiaoshihou16.top
xiaoshihou17.top
xiaoshihou18.top
xiaoshihou19.top
xiaoshihou20.top
xiaoshihou21.top
xiaoshihou22.top
xiaoshihou23.top
xiaoshihou25.top
xiaoshihou26.top
xiaoshihou27.top
xiaoshihou29.top
xiaoshihou30.top
xiaoshihou31.top
xiaoshihou32.top
xiaoshihou33.top
xiaoshihou34.top
xiaoshihou35.top
xiaoshihou36.top
xiaoshihou37.top
xiaoshihou4.top
xiaoshihou5.top
xiaoshihou6.top
xiaoshihou7.top
xiaoshihou8.top
xiaoshihou9.top
y0303m.top
youdaoaa.com
youdaoab.com
youdaoae.com
youdaoaf.com
youdaoag.com
youdaob.com
youdaoh.com
youdaok.com
youdaor.com
youdaov.com

# Reference: https://github.com/hagezi/dns-blocklists/issues/9515

10put.site
a-wps.cc
bjyigeng.com
bt-telegram.com.cn
cccoeiasca.com
china-wps.com
cn-wps.cc
cnn-wps.com.cn
cunjijiyu.com
d-google.com.cn
downlld.top
dow.downlld.top
ec2-18-162-54-96.ap-east-1.compute.amazonaws.com
f-wps.cc
facaishunli1.oss-cn-hongkong.aliyuncs.com
keeper.10put.site
kuaifan.name
sogou-th.com.cn
syhaochen.xyz
telegrram.hl.cn
todesk.ac.cn
todeski.com
whaoqking.top
wps-net.com.cn
wps-wps-cn.com
wpscnf.com
wuu.whaoqking.top
wwp-wps.com.cn

# Reference: https://github.com/hagezi/dns-blocklists/issues/9518

360sdgg.com
9010.360sdgg.com
amvcoins.vip
betooo.vip
czxfdz.com
domainct.com
eaxwwyr.cn
fdfhddfss.top
fghs.shlowcarbon.com
fkfjrvfa.cn
fzdoor.vip
host-hunter.com
indiagov.shop
indiagov.eu.cc
jinmai.vip
juanseguros.com
ksudeu.nanguanglu.com
megamovielord.com
mohaazon.com
morecoworking.com
nanguanglu.com
nao.nnnwin.vip
nnnwin.vip
primetechstocks.com
rdhrse.qpon
sdyteq.shop
sgegdvip.vip
sgeshex.vip
shlowcarbon.com
swy.juanseguros.com
wwfygid.biz.id
xqwmwru.top
xueshirencai.com
yigushengjin.com
zptsgryw.cn

# Reference: https://github.com/hagezi/dns-blocklists/issues/9531

drwps.com
jinshan-wps.com.cn
office-wps-zh.hl.cn
ofice-wps.com.cn
pt-wps.com.cn
softs.xznkjzx.cn
wps-download.im
wps-kpi.com
wps-office-zh.hl.cn
wps-office.com
xznkjzx.cn

# Reference: https://github.com/hagezi/dns-blocklists/issues/9535

ai-sogou.com.cn
lj-sogou.com.cn
mysogou.com
pc-sogou.com.cn
pinyin-sogou.cn
pro-sougou.com.cn
sogoushurf.com
sogousoft.com

# Reference: https://github.com/hagezi/dns-blocklists/issues/9546

pensilwarna.com
telegram19.com
telegram21.com
telegram22.com
whatsappb.com
whatsappf.com
whatsappg.com
whatsappi.com
whatsappl.com
whatsappm.com
whatsappo.com
whatsappp.com
whatsappq.com
whatsappv.com
whatsappz.com

# Reference: https://github.com/hagezi/dns-blocklists/issues/9565

bp-sogou.com.cn
qishmusic.com.cn
soougou.com.cn
win-sogou.com
x-sogou.com

# Reference: https://github.com/hagezi/dns-blocklists/issues/9569

85in.com
ai-wps.org
cytest.x241858.cc
dgrkrt.s3.ap-southeast-1.amazonaws.com
ect0a7n4ric.x241597.cc
glmjfejgdoox.pw
h7pshijq0c8.x241466.cc
h7pshijq0c8.x241511.cc
h7pshijq0c8.x241518.cc
h7pshijq0c8.x241526.cc
h7pshijq0c8.x241552.cc
h7pshijq0c8.x241563.cc
h7pshijq0c8.x241568.cc
h7pshijq0c8.x241578.cc
h7pshijq0c8.x241586.cc
h7pshijq0c8.x241595.cc
h7pshijq0c8.x241626.cc
h7pshijq0c8.x241643.cc
h7pshijq0c8.x241653.cc
h7pshijq0c8.x241679.cc
h7pshijq0c8.x241683.cc
h7pshijq0c8.x241710.cc
h7pshijq0c8.x241713.cc
h7pshijq0c8.x241716.cc
h7pshijq0c8.x241732.cc
h7pshijq0c8.x241745.cc
h7pshijq0c8.x241763.cc
h7pshijq0c8.x241794.cc
h7pshijq0c8.x241807.cc
h7pshijq0c8.x241813.cc
h7pshijq0c8.x241825.cc
h7pshijq0c8.x241862.cc
i288nnbgf1s.x241646.cc
idolkoushien.com
ju84p5ihj1.x241558.cc
ko8jdgy3t9.x241523.cc
kuaichen.com.cn
l23z04vul8a.x241524.cc
mlydtwnhlibu.pw
oa73zefvdkh.x241517.cc
oa73zefvdkh.x241523.cc
oa73zefvdkh.x241567.cc
oa73zefvdkh.x241569.cc
oa73zefvdkh.x241579.cc
oa73zefvdkh.x241595.cc
oa73zefvdkh.x241613.cc
oa73zefvdkh.x241627.cc
oa73zefvdkh.x241638.cc
oa73zefvdkh.x241660.cc
oa73zefvdkh.x241668.cc
oa73zefvdkh.x241670.cc
oa73zefvdkh.x241678.cc
oa73zefvdkh.x241683.cc
oa73zefvdkh.x241715.cc
oa73zefvdkh.x241719.cc
oa73zefvdkh.x241732.cc
oa73zefvdkh.x241759.cc
oa73zefvdkh.x241765.cc
oa73zefvdkh.x241771.cc
oa73zefvdkh.x241785.cc
oa73zefvdkh.x241787.cc
oa73zefvdkh.x241794.cc
oa73zefvdkh.x241795.cc
oa73zefvdkh.x241796.cc
oa73zefvdkh.x241797.cc
oa73zefvdkh.x241802.cc
oa73zefvdkh.x241815.cc
oa73zefvdkh.x241827.cc
oa73zefvdkh.x241885.cc
rhb2dm7693d.x241494.cc
rhb2dm7693d.x241515.cc
rhb2dm7693d.x241543.cc
rhb2dm7693d.x241608.cc
rhb2dm7693d.x241696.cc
rhb2dm7693d.x241709.cc
rhb2dm7693d.x241759.cc
rhb2dm7693d.x241765.cc
rhb2dm7693d.x241810.cc
rhb2dm7693d.x241840.cc
tseunxkeop.cc
vmbdq9ngs4r.x241646.cc
x241466.cc
x241494.cc
x241511.cc
x241515.cc
x241517.cc
x241518.cc
x241523.cc
x241524.cc
x241526.cc
x241543.cc
x241552.cc
x241558.cc
x241563.cc
x241567.cc
x241568.cc
x241569.cc
x241578.cc
x241579.cc
x241586.cc
x241595.cc
x241597.cc
x241608.cc
x241613.cc
x241626.cc
x241627.cc
x241638.cc
x241643.cc
x241646.cc
x241653.cc
x241660.cc
x241668.cc
x241670.cc
x241678.cc
x241679.cc
x241683.cc
x241696.cc
x241709.cc
x241710.cc
x241713.cc
x241715.cc
x241716.cc
x241719.cc
x241732.cc
x241745.cc
x241759.cc
x241763.cc
x241765.cc
x241771.cc
x241785.cc
x241787.cc
x241794.cc
x241795.cc
x241796.cc
x241797.cc
x241802.cc
x241807.cc
x241810.cc
x241813.cc
x241815.cc
x241825.cc
x241827.cc
x241840.cc
x241858.cc
x241862.cc
x241885.cc
yhrtn71fhhr.x241646.cc

# Reference: https://github.com/hagezi/dns-blocklists/issues/9567

auth-wps.com
f-sougou.com
login-wps.com
portal-wps.com
safe-wps.com
secure-wps.com
shuruf-sougou.com
update-wps.com
web-wps.com
wins-sogou.com
wpsupdate.com

# Reference: https://github.com/hagezi/dns-blocklists/issues/9581

glqxiazai.com
google-cn-chrom.com.cn

# Reference: https://github.com/hagezi/dns-blocklists/issues/9593

360aqllqwindows.cyou
360browser2.com
360ccn.com
360cncn.com
360cpc.com
360pc1.com
360pc2.com
360xiazai.cyou
anydeskaa.com
anydeskii.com
appleais.com
bitbrowserrcn.com
bitbrowserrpc.com
bite-browser.com
bite-browseri.com
deeplgw.cyou
faagazd.com
googleyzq1.com
hellogpt2.com
hellogptcn.com
hellogptpc.com
hellowordpc.com
helloworldf.com
helloworldgw.cyou
helloworldh.com
helloworldj.com
ldmnqpc.com
ldmnqq.com
linerpc.com
lineupc.com
meiqiay.com
mu.mugen888.com
mugen888.com
oraycc.com
ph2025.net
pidjik.net
pub-0e7592b7e88847edb6442b3a32511f2c.r2.dev
pub-0ef83a88d41a4e948752884e11481ba0.r2.dev
pub-5e05a7e3ace44640b25567ef2b1636d4.r2.dev
pub-85249662661641baa2df518d4e2f7d67.r2.dev
pub-9beb8f144f294913b46eac91811cd34b.r2.dev
pub-c3f2ab1ea4954676a2d3b4f999d7aab2.r2.dev
pub-f84bc7b2890c45ab8427f7b6bbfa447a.r2.dev
qishuicc.com
qqemaili.com
qqemaill.com
qqmail1.com
qqmaili.com
qsyygw.cyou
qsyygwxz.cyou
sgbrowser.com
sgbrowser1.com
shunlissll.com
signalrr.com
signaltt.com
sougou-browser.com
sougoubrowser1.com
speedinpc.com
telegrama-apk.com
tg6.ph2025.net
todeskt.com
xiazaiabcd5.cyou
yn.faagazd.com
youdaoq.com
youdaou.com
zaplnhyuuu.cn

# Reference: https://github.com/hagezi/dns-blocklists/issues/9601

116.bei9.xyz
ahh.dexinqa.com
bei9.xyz
dexinqa.com
doebn.com
dowiehksjvuen.cn
dvnofknrf.cn
gy8fe1.oss-cn-beijing.aliyuncs.com
hfeqomclkjxct.cn
idol-sonic.com
ry2ihs.oss-cn-beijing.aliyuncs.com
xiaoshihou39.top
xiazaizhadia57.cyou

# Reference: https://x.com/Nav_the_Sham/status/2045530562480193981
# Reference: https://www.virustotal.com/gui/ip-address/103.115.56.66/relations

happypawsapparel.com
labricotbleu.com
missallanahstarr.com
whxzhlcgtdu.top
xiaodto.xyz
xzmfyuemtzp.top
ly.missallanahstarr.com
m7.happypawsapparel.com

# Reference: https://x.com/k3yp0d/status/1955264469728199005
# Reference: https://app.any.run/tasks/824d5d9b-cf78-4059-9fc0-47cc1077a846
# Reference: https://app.any.run/tasks/158d8312-dc5d-4a35-8501-91149b721eee
# Reference: https://securelist.com/silver-fox-tax-notification-campaign/119575/

45.118.133.203:5000
3mkorealtd.com
doublemobile.com
fetish-friends.com
haijing88.com
ilptour.com
jmbyxx.com
kcii2.com
mcagov.cc
petitechanson.com
protaskpartners.cc
roldco.com
sudsmama.com
tingshuzu8.com
woopami.com
xiekuabao99.com
abc.fetish-friends.com
abc.3mkorealtd.com
abc.sudsmama.com
abc.woopami.com
abc.ilptour.com
abc.petitechanson.com
abc.doublemobile.com
vnc.kcii2.com
abc.haijing88.com
