# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://github.com/sophoslabs/IoCs/blob/master/Android-HiddAd-T
# Reference: https://sophos.wordpress.com/en-us/?p=55524
# Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/adware-disguised-as-game-tv-remote-control-apps-infect-9-million-google-play-users/
# Reference: https://documents.trendmicro.com/assets/AdwareFoundonGooglePlay_Appendix.pdf

cdn.partycross.com
dialog.usatek.eu
dialog-4a78.kxcdn.com
goldapp-bcf4.kxcdn.com
mny-3f29.kxcdn.com
remoteapp-3d8f.kxcdn.com
remotesettings-3f29.kxcdn.com

# Reference: https://twitter.com/malwrhunterteam/status/1292827259812839430

tweaktv.cc/apk/

# Reference: https://www.virustotal.com/gui/domain/club-beest.com/relations
# Reference: https://www.virustotal.com/gui/file/c2563aa18482585e052cabab1ad9ac957cf0a9ee6f037cf04c6609f5af2de05f/detection

club-beest.com

# Reference: https://www.virustotal.com/gui/domain/wcond.site/relations

wcond.site

# Reference: https://www.virustotal.com/gui/file/37c0bc62ff1ff958eeb241930d7e9f52bd64dbc9bd59103da44c4b35c8419e0a/detection
# Reference: https://www.virustotal.com/gui/file/67891ba4d298dd2bde9ba4b84f5800d37686054edb027e6e829b09fa7da547b1/detection

craigsvoice.soxx.us
fanoiu.soxx.us
terranz.ath.cx

# Reference: https://www.virustotal.com/gui/domain/s.fewconf.info/relations
# Reference: https://www.virustotal.com/gui/file/e733764435c3b9d14cf6f481aa286ae874534d40acdb037af72252df8e59fe2e/detection

s.fewconf.info

# Reference: https://www.virustotal.com/gui/domain/w.gtrconf.info/detection
# Reference: https://www.virustotal.com/gui/file/02b2b182a180f7ba79e8dd607b651722d1f72df781519c9ed367707bad1101a5/detection

w.gtrconf.info

# Reference: https://www.virustotal.com/gui/file/48794f40c760d03a726bf532d66e71dbe1218170c8a5892fae38081666a68424/detection

ommunite.top
onelegends.com
willitepartisti.club

# Reference: https://www.virustotal.com/gui/file/17e3dae34bae5fa0f2182f4f27a8629dfe5291b2e8e1b7f28073b23e92e8296e/detection

backup-message.live

# Reference: https://www.virustotal.com/gui/file/c3419ce1c638a403e407c454f6e38e8eb3a6e9c8f6808a4585bdad28f0076ea6/detection

top.realydomain.info

# Reference: https://www.virustotal.com/gui/file/4de4907b492fe4d601272f9300dcac426f4aaef178940eea84f3d9cd5e12c2b0/detection

blabla.mobengine.xyz
best.realydomain.info

# Reference: https://www.virustotal.com/gui/file/3c384ec456146804c605bb1a33d9d0bf5ad9d98167c49c71984a1d31892a2c68/detection

api.mobengine.xyz
cdn.mobengine.xyz

# Reference: https://www.virustotal.com/gui/file/9c3f05c27383f7dbe4236286edfaa3b5cc513227de19f1d9b926a147d465c57a/detection

custom-cdn.mobengine.xyz

# Reference: https://www.virustotal.com/gui/file/483328e4b7e5630162d5fe6aea9057091429d3a77f2483703690d55d74d74d7c/detection

http://23.111.83.188
api.oursupersk.com
cdn.oursupersk.com
qqq.prostolok.com

# Reference: https://www.virustotal.com/gui/ip-address/23.111.83.188/relations

jetbudjet.in
jetengine.be
mobengine.xyz
mobiletop.cc
mobiletop.icu
mobiletop.mobi
mobiletop.pro
mysupersk.com
oursupersk.com
sdkengine.pro
api.jetbudjet.in
api.jetengine.be
api.mobengine.xyz
api.mobiletop.cc
api.mobiletop.icu
api.mobiletop.mobi
api.mysupersk.com
api.oursupersk.com
api.sdkengine.pro
cdn.mobiletop.cc
events.jetengine.be
events.mobiletop.cc
events.mobiletop.pro
klb.oursupersk.com
logs.mobengine.xyz
logs.mobiletop.cc
logs.mobiletop.pro
logs.oursupersk.com
lun.mobiletop.pro
mli.mysupersk.com
mobengine.xyz
pi.mobengine.xyz

# Reference: https://www.virustotal.com/gui/file/153b51fbb2274106d21ce30e187cb5299c4a568480e5b1d7e9a5ee6589daa8b2/detection

bigboi.app
