# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://news.sophos.com/en-us/2018/12/06/android-clickfraud-fake-iphone/

mobbt.com
act.mobbt.com
ads.mobbt.com
sdk.mobbt.com
exevents.nativeone.co

# Reference: https://www.virustotal.com/gui/file/ec54dbb4c55b92df2113fb07ef1486a39bb5c752272230bb774018573f537132/detection

bearclod.com

# Reference: https://github.com/advanced-threat-research/IOCs/blob/master/2013/2013-04-09-one-click-fraud-variant-on-google-play-in-japan-steals-user-data/one-click-fraud-variant-on-google-play-in-japan-steals-user-data.csv

/?neosp_nontop_eropne01

# Reference: https://github.com/advanced-threat-research/IOCs/blob/master/2016/2016-04-29-fake-android-update-delivers-sms-click-fraud-europe/fake-android-update-delivers-sms-click-fraud-europe.csv

6-androdid.ru
alfabrong.eu
bugstracking.xyz
bugtracking.biz
francia-apk.ru
freeupgrade6.ru
innotion.pw
postway12.ru
slidetracking.ru
traff16.ru
traffic2015.ru
update-free-andr-6.ru

# Reference: https://github.com/advanced-threat-research/IOCs/blob/master/2016/2016-05-04-android-malware-clicker-dgen-found-google-play/android-malware-clicker-dgen-found-google-play.csv

update-sys-android.com

# Reference: https://github.com/advanced-threat-research/IOCs/blob/master/2017/2017-09-12-android-click-fraud-app-repurposed-ddos-botnet/android-click-fraud-app-repurposed-ddos-botnet.csv

ybosrcqo.us

# Reference: https://news.drweb.com/show/?lng=en&i=13464&c=14
# Reference: https://www.virustotal.com/gui/file/8809ea2387e140002654da141745baf615964452c6f2e4fee6fa9c7be1be745f/detection
# Reference: https://www.virustotal.com/gui/file/8a87f4ddb0b22c5f350029a1fb999ca058165eed05fa9dc79ab9dad9a6190e69/detection

161.117.8.243:8998
http://52.221.78.239

# Reference: https://research.checkpoint.com/2020/android-app-fraud-haken-clicker-and-joker-premium-dialer/

13.250.34.16:80
13.56.233.20:80
52.77.249.152:80

# Reference: https://security.googleblog.com/2020/01/pha-family-highlights-bread-and-friends.html

sabai5555.com
/transaction/post_click

# Reference: https://research.checkpoint.com/2020/google-play-store-played-again-tekya-clicker-hides-in-24-childrens-games-and-32-utility-apps/

api.banzinc.xyz
api.chauxincaidomainnua.icu
api.felinae.icu
api.kaluga.xyz
api.leopardus.xyz
api.lulquid.xyz
api.mantaalfredi.icu
api.maygaiproduct.icu
api.megapelagios.site
api.molatecta.icu
api.namekitchen9.xyz
api.nhudomainuong.xyz
api.pantanal.xyz
api.royalchowstudio.xyz
api.somniosus.xyz
api.sundaclouded.host
api.whitewhalestudio.host
app.slardar.icu
waws-prod-dm1-033.cloudapp.net

# Reference: https://www.virustotal.com/gui/file/189e980b1d1a429cfbc0b2d78a265ae9833ba2a9a744c193cbdd309870ec238d/detection

2e70dwl6z-7cgfugryn.ru
65wir8v9w-hz0yev62id.ru
b3jawfqky-c8kuscp3i.ru
l7vx0ks0nbf-p21w20tju3.ru
x2ibvdpbc49-0fzmpry32.ru
/apk_main.php?get_hash=

# Reference: https://www.virustotal.com/gui/file/ea44f01feeabd1eb1393af791d832c976c741c7374503f34f3fade15fa5454dc/detection

d1lxhc4jvstzrp.cloudfront.net

# Reference: https://www.virustotal.com/gui/file/d1e5d625e10c8cef8414e96bfac0edc9900a64af318c4ed2a099629c6eb18c16/detection

http://43.252.37.141/mainld/?m=

# Reference: https://www.virustotal.com/gui/file/93263869039c20a7b5c100d6499923c424891d9956302cd74c9ca6951817d9c4/detection

hdxx.xyz

# Reference: https://www.virustotal.com/gui/domain/jnd.txizd.cn/relations

jnd.txizd.cn

# Reference: https://www.virustotal.com/gui/domain/hezwl.cn/relations

hezwl.cn

# Reference: https://www.virustotal.com/gui/domain/servhost.xyz/relations
# Reference: https://www.virustotal.com/gui/file/8233e24363796a3f558be6e8851e4f558d0f97f37e1c3a8a2828b8aa79e0e065/detection

http://162.241.228.114
servhost.xyz
