# Copyright (c) 2014-2022 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://twitter.com/LukasStefanko/status/1116700836032331778
# Reference: https://koodous.com/apks/71038bed9175e2edfc1b24347e76a192b96845831410a481ace7e601ed65b19e
# Reference: https://www.virustotal.com/gui/file/71038bed9175e2edfc1b24347e76a192b96845831410a481ace7e601ed65b19e/detection

appboxlive.host/wakaji/start.html

# Reference: https://www.welivesecurity.com/2019/05/23/fake-cryptocurrency-apps-google-play-bitcoin/

coinwalletinc.com

# Reference: https://www.symantec.com/blogs/threat-intelligence/unofficial-telegram-app-malicious-sites

/so/Android1S.php
/so/Android2D.php
/so/Android2M.php
/so/Android4A.php
/so/AndroidAF.php
/so/AndroidAL.php
/so/AndroidDL.php
/so/AndroidLS.php
/so/AndroidPA.php
/so/AndroidPC.php
/so/AndroidSH.php

# Reference: https://www.welivesecurity.com/2019/07/19/faceapp-spotlight-scams-emerge/

spinwincash478.pro

# Reference: https://github.com/advanced-threat-research/IOCs/blob/master/2018/2018-06-28-asiahitgroup-gang-again-sneaks-billing-fraud-apps-onto-google-play/asiahitgroup-gang-again-sneaks-billing-fraud-apps-onto-google-play.csv

vilandsoft.com

# Reference: https://twitter.com/ReBensk/status/1264931130530312194

tnisheng.xyz

# Reference: https://twitter.com/DrStache_/status/1264949410162769920

http://154.209.241.184
http://154.209.241.185
http://154.209.241.186
http://154.209.241.187
http://154.209.241.188

# Reference: https://www.virustotal.com/gui/file/a7bffddcd815055c8e49df6a779503dcad16e6b351a64fcaf24961862b7014f0/detection

brezzamobile.online

# Reference: https://www.virustotal.com/gui/file/012404ebe25adaadd7e9b4b0d1ce6ffce46c62456f97710829c676fb789019a9/detection

btc-unli.tk

# Reference: https://www.virustotal.com/gui/file/774d58de7fc732a3eaac274e6dc454012260d8d111989834ac62e7f90c8dc467/detection

octarine.soxx.us

# Reference: https://twitter.com/ninoseki/status/1353128207923388416
# Reference: https://www.virustotal.com/gui/file/49634208f5fb8bcfc541da923ebc73d7670c74c525a93b147e28d535f4a07bf8/detection

103.85.25.165:7777
165.3.93.6:7777
r10zhzzfvj.feishu.cn

# Reference: https://twitter.com/_bllvck/status/1366439474733924353
# Reference: https://www.virustotal.com/gui/file/d3487ab25a0e2c24996032458ff869eb3743eed39cf7c13e5c1a88084310c718/detection

polkadot-support.com

# Reference: https://www.virustotal.com/gui/file/d2d35805f157b0fe4df0cf5747cab08ba335b9cdc82453ab1a9f6271e8a484fc/detection

paladits.bget.ru

# Reference: https://twitter.com/malwrhunterteam/status/1379883017976614918
# Reference: https://www.virustotal.com/gui/file/c420052c96eff142e3836bd6cbe1ce61d86c23ac7a9b58a4dc81ffef7c98ab34/detection

mobipaisarecharge.com
/Ajax-request/get_mobile_info.php

# Reference: https://research.checkpoint.com/2021/new-wormable-android-malware-spreads-by-creating-auto-replies-to-messages-in-whatsapp/
# Reference: https://otx.alienvault.com/pulse/606e2b839d8204cdd76a5476

netflixwatch.site

# Reference: https://www.virustotal.com/gui/domain/amazingvideos.mobi/relations
# Reference: https://www.virustotal.com/gui/domain/greatestapps.mobi/detection
# Reference: https://www.virustotal.com/gui/file/fa40744c0e49f185b0604f44b7747b1fe5824b58223376d0b9a51451b905d1e5/detection

amazingvideos.mobi
greatestapps.mobi
7.tdslsd.ru
tdslsd.ru

# Reference: https://www.virustotal.com/gui/file/08797ac7926944304b8fae5647a1495aae9b69bb76ee9e052295111beab5042a/detection

zestlark.000webhostapp.com

# Reference: https://twitter.com/Cengiz86035319/status/1391502248962834446

aske-crudo.com

# Reference: https://www.virustotal.com/gui/file/db91424bff23f9668398c3c0ae0fab05d6cd73a18676559c78c0f6c7e1b5ea90/detection

wezzx.ru

# Reference: https://www.welivesecurity.com/2021/07/20/url-shortener-services-android-malware-banking-sms-trojans/
# Reference: https://otx.alienvault.com/pulse/60f7eaafe05663ddea26b1b5

eaconhop.online
emanalyst.biz
fceptthis.biz
fjobiwouldli.biz
honeiwillre.biz
mmunitedaw.info
offeranda.biz
oftongueid.online
omeoneha.online
ommunite.top
ransociatelyf.info
rycovernmen.club
schemics.club
sityinition.top
ssedonthep.biz

# Reference: https://twitter.com/ni_fi_70/status/922461098737045505
# Reference: https://www.welivesecurity.com/2017/10/23/fake-cryptocurrency-apps-google-harvesting-credentials/
# Reference: https://www.virustotal.com/gui/file/c5112e3a95bfa226bc2d524964364c61e0db9fe2824c20ca99521ab15367d678/detection
# Reference: https://www.virustotal.com/gui/file/306a4fd41ce67784db399eced6531ac629bd9fe05d3347665bb935f1100e37f2/detection

pooniex.com
poloniėx.com
xn--polonix-y8a.com

# Reference: https://www.virustotal.com/gui/file/156c98f1babd9de7f76a81fd7bcc81b03cb1415081a726dbf7707226b16f6db2/detection

zzwx.ru
d1lxhc4jvstzrp.cloudfront.net

# Reference: https://www.virustotal.com/gui/file/04b74f3579b081b5af13299b3327b80c0e3f45daca556487b088d11716960c72/detection

charter724.info

# Reference: https://www.virustotal.com/gui/file/96dfea7f0050a0d453ffb61d5824ff820f75fd0e8c25a9f5b894812483432759/detection

ucharter.ir

# Reference: https://www.virustotal.com/gui/file/4d78c7980c938d5bf4b0dd4aeecc008dad3d9b9e14f3fe207b704301a2c0cbed/detection

charter2162.ir

# Reference: https://www.virustotal.com/gui/file/f9f86fd4c2979b1f41aeece06958aa6b7ddba130a66dbf7c78a3906c449d7dd0/detection

clipestoon.ir

# Reference: https://www.virustotal.com/gui/file/401b00dc8a2aa2e13e24859d1f89e244ed6c7f1d48a7d80f9d9200e0ba1b3ea8/detection

sepehre360.com

# Reference: https://www.virustotal.com/gui/file/f6574662f783b6a0f09561bfe8b0540508897e5383327168c4b778a2a9466a2a/detection

mehrseir.ir

# Reference: https://twitter.com/dubstard/status/1493875063971581956

android-beta.com

# Reference: https://www.virustotal.com/gui/ip-address/137.175.56.119/relations
# Reference: https://www.virustotal.com/gui/file/f7d412f93ed5f34de40b3a8e7653c34430e931ec2f615599e16dac607ad81985/detection

dfnvkej.xyz
njfohn.vip
2cmodh.dfnvkej.xyz
3kodin.dfnvkej.xyz
3kodin.njfohn.vip
6vjod.dfnvkej.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1507434232511139847
# Reference: https://www.virustotal.com/gui/ip-address/103.193.174.205/relations
# Reference: https://www.virustotal.com/gui/file/6876e159a8e91091535c18cf59e517f3405145efd757d564b7dcf284cae990d5/detection

imtokcn.org
imtokrn.net
imtokrn.pro
mb-imtoken.com
tokencenter.info
tokenlon.im
tongke.co
tongke.top

# Reference: https://www.welivesecurity.com/2022/03/24/crypto-malware-patched-wallets-targeting-android-ios-devices/
# Reference: https://otx.alienvault.com/pulse/6244300fee718397c862a21e
# Reference: https://www.virustotal.com/gui/ip-address/45.116.163.65/relations

180.215.126.33:51148
bitpiecn.com.cn
bitpiewallet.com.cn
bitpiezh.cn
cn-imtoken.com
cryptojx.store
imdt.cc
imtoken.cn.com
imtoken.porn
imtoken.sx
imtokens.money
jaxwalet.com
lmtoken.org.cn
master-consultas.com
meta-mask.org.cn
metamaskey.com
metamaskio.vip
metamasks.me
one-key.org.cn
shayu.la
t0kenpocket.cn
tipi21341.com
tkdt.cc
token-app.cc
token2.club
tokenp0cket.com
tptokenm.live
trust-wallet.com.cn
trustgame.cn
trustwellat.cc
walletrust.cn
xzxqsf.com
zh-imtoken.com
admin.metamaskio.vip
admin.token2.club
api.metamasks.me
api.tipi21341.com
appapi.imtoken.porn
bh.imtoken.sx
bp.tkdt.cc
crp.jaxwalet.com
ds-super-admin.imtokens.money
ht.imtoken.cn.com
imtokenss.token-app.cc
jaxx.libertycryptowallet.ltd
jaxx.podzone.org
libertycryptowallet.ltd
metamask.tptokenm.live
mm.tkdt.cc
ok.tkdt.cc
spspring.herokuapp.com
two.shayu.la
update.imdt.cc
update.xzxqsf.com
wallet.cryptojx.store
walletappforbit.web.app

# Reference: https://www.virustotal.com/gui/domain/irkgsm.ru/relations
# Reference: https://www.virustotal.com/gui/file/0397aa501c17f3d3e3d899a8324d2f38de4e72279e0664a60755ba5204d936a4/detection

irkgsm.ru

# Reference: https://twitter.com/malwrhunterteam/status/1520143923360014337
# Reference: https://www.virustotal.com/gui/ip-address/27.124.7.67/relations
# Reference: https://www.virustotal.com/gui/ip-address/45.63.108.144/relations
# Reference: https://www.virustotal.com/gui/file/b06c0e5560d89ee63a2fade2de08433b47dc5673131a98f75784eb2670d2da94/detection

imtoken.fm
tokem.cx
token-im.life
token-imc.cc
token-imq.co
token-imv.co
ap.token-imv.co
api.imtoken.fm
api.token-imc.cc
