# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://now.avg.com/pc-malware-that-silently-installs-apps-on-your-android-device

222.186.60.89:1001

# Reference: https://vms.drweb.com/virus/?i=17750684&lng=en
# Reference: https://news.drweb.com/show/?lng=en&i=13108&c=14

androidcloud.org

# Reference: https://research.checkpoint.com/preamo-a-clicker-campaign-found-on-google-play/
# Reference: https://www.virustotal.com/gui/domain/mnexuscdn.com/relations

mnexuscdn.com

# Reference: https://www.zscaler.com/blogs/research/third-party-android-store-sms-trojan

app.in-spicy.com
insidecontentsp.com
incontsmart.com
play4funclub.com
/public/notification/is-active
/app_sms_request_get_number.php
/apps/moboporn/data/device_admin.php

# Reference: https://twitter.com/051R15/status/984704059109093382
# Reference: https://www.virustotal.com/gui/file/932ad38cf5048e20641b27619b72a632b546cffb8f35515ea5200ea194b8fdb2/detection

103.249.31.87:11880
hold.jcgloball.org

# Reference: https://twitter.com/sniko_/status/1136981531870867456

cryptonator.us

# Reference: https://www.symantec.com/security_response/writeup.jsp?docid=2012-072411-4350-99&tabid=2

xxxdroidxxx.net

# Reference: https://twitter.com/LukasStefanko/status/1136995445572550661

bibox365.us

# Reference: https://twitter.com/LukasStefanko/status/1138768486514266112

admob-games.online
admob-games.xyz
liniatech.com

# Reference: https://twitter.com/LukasStefanko/status/1139064061809893376

app.freegifts.top

# Reference: https://cerbero-blog.com/?p=1633 (# AndroRAT)
# Reference: https://www.virustotal.com/gui/file/dc9a0322ca263d733f91182f1e655a11cba28dc766031ce0665b6005900450d7/detection

shoppingapp.no-ip.biz

# Reference: https://cerbero-blog.com/?p=1633 (# OmniRAT)
# Reference: https://www.virustotal.com/gui/file/9e1bee43a501132da732d1287126632438b91a9fcbf37afda7b8597055960877/detection

strippermona2.no-ip.info

# Reference: https://twitter.com/nullcookies/status/1177342951766278144

googleplaystore.net

# Reference: https://github.com/advanced-threat-research/IOCs/blob/master/2014/2014-11-26-sms-spam-with-mobile-malware/sms-spam-with-mobile-malware.csv

url7.me

# Reference: https://www.virustotal.com/gui/ip-address/185.89.102.7/relations

185.89.102.7

# Reference: https://securelist.com/still-stealing/83343/

extensionsapiversion.space
guest-stat.com

# Reference: http://contagiominidump.blogspot.com/2012/12/trojanrussmssystemsecurity-toll-fraud.html
# Reference: https://www.virustotal.com/en/file/664725869278f478e5a50a5e359dc6d5cf4f2a7019d0c122e2fa1e318f19636b/analysis/
# Reference: https://www.mysonicwall.com/sonicalert/searchresults.aspx?ev=article&id=516
# Reference: http://securelist.com/blog/incidents/59384/new-threat-trojan-sms-androidos-stealer-a/#page_top

load-center.ru

# Reference: https://twitter.com/051R15/status/1068411354216722432

211.188.179.86:8686

# Reference: https://twitter.com/ninoseki/status/1176732200873578496
# Reference: https://www.virustotal.com/gui/file/9cfea36afbc687f967a4509fb9a7f07b4439bf85b319dc3c937a262a142858cc/detection
# Reference: https://pastebin.com/c8JQLkf1

154.197.51.135:84
45.204.2.128:82
45.204.2.128:83
45.204.2.149:83
45.204.2.158:83
http://154.197.51.131
http://154.197.51.134
http://154.197.51.135
http://154.197.51.136
http://154.197.51.137
http://45.204.2.128
http://45.204.2.149
http://45.204.2.158
http://61.218.17.208
http://61.218.17.209
http://61.218.17.210
http://61.218.17.218
http://61.219.193.249
http://61.219.193.252
http://61.219.255.43
http://61.230.136.233
http://61.230.140.192

# Reference: https://github.com/advanced-threat-research/IOCs/blob/master/2016/2016-05-31-android-spyware-targets-security-job-seekers-in-saudi-arabia/android-spyware-targets-security-job-seekers-in-saudi-arabia.csv
# Reference: https://www.virustotal.com/gui/file/7cbf61fbb31c26530cafb46282f5c90bc10fe5c724442b8d1a0b87a8125204cb/detection
# Reference: https://www.virustotal.com/gui/file/4aef8d9a3c4cc1e66a6f2c6355ecc38d87d9c81bb2368f4ca07b2a02d2e4923b/detection

/Hac%20Mobaile/
/Hack%20Mobaile/ADDNewSMS.php
/Hack%20Mobaile/ADDIMSI.php
/Hack%20Mobaile/ADDVCF.php
/Hack%20Mobaile/ADDHISTORYINTERNET.php
/Hack%20Mobaile/ADDSMS.php
/Hack%20Mobaile/ADDNewSMS.php

# Reference: https://www.virustotal.com/gui/file/cd729d7035c69ab0ffa1aa52fff1c70fea60340c6ee74003ed4d9fd5fd87ad5e/detection

midoken18.ddns.net

# Reference: https://www.virustotal.com/gui/file/3ab6cd063e8ba3a2ed7e804a5ab1770add5d6aa1d56e9d4c71b2c0e0b2b86aeb/detection

185.217.1.190:2121
thefreebestfantasticmisticplace.com

# Reference: https://www.virustotal.com/gui/file/d91b40a09c989ea9e630e9b3eb80addb8f6c193c48e2dccc989a33d546ed8eaa/detection

text-dll-mo.linkpc.net

# Reference: https://www.virustotal.com/gui/file/ac22327dcd3336f41216ab282c97ab9204bd3312bc112027c58e8befc52167c6/detection

kanich.duckdns.org

# Reference: https://www.virustotal.com/gui/file/e36c616ad524813059a48fa1654be3d28c27b6a1a01bda1dcb680f0251d147c1/detection

pikachu077.duckdns.org

# Reference: https://www.virustotal.com/gui/file/ad3ba8393f6f3a05dce5c3476f149732dce6794685847520755209a140f2c0a7/detection

ghostdoor-36929.portmap.io

# Reference: https://www.virustotal.com/gui/file/256c4d26410ea29f9a71b10792d3cc1533783f80ed9058025663bbf9fef19142/detection

193.161.193.99:34288
sivem-34288.portmap.io

# Reference: https://www.virustotal.com/gui/file/3ba08b95030eb44ced91bd90dd585ec48365935808f3ba1304221106781db7c6/detection

193.161.193.99:36447
aprsgk-36447.portmap.host

# Reference: https://www.virustotal.com/gui/file/6280e944104fb8745091b3973127f26034192426977523bde6f2fd9ead31f216/detection

193.161.193.99:28873

# Reference: https://www.virustotal.com/gui/file/3d1645625ee2bb1cadf901c03eeafbc772ebde1fe2e69c37c3c6038ed3b4bca9/detection

193.161.193.99:40247
kyleer.duckdns.org

# Reference: https://www.virustotal.com/gui/file/c1d8dc289cae8e506dae878bec93cf08eddc0a408ec112fbe518f841a7959980/detection

193.161.193.99:63683

# Reference: https://www.virustotal.com/gui/file/d2d222d8249b7b37f4e15bef5fe13c0791ac903f4615b2368b4ca20ce26ec7d5/detection

193.161.193.99:53191
narpatbose-53191.portmap.host

# Reference: https://www.virustotal.com/gui/file/a2a33e1e8b1e01a6ca93db88a5afefb4e6b8801481a5b976aee5151f8da404c9/detection

193.161.193.99:42178
darkdick.duckdns.org

# Reference: https://www.virustotal.com/gui/file/2ae8555419e5dd0167a06ec307f54fc587cd40a06c388c0cbbbdc7b2cfb1464f/detection

193.161.193.99:25589
Neboys-25589.portmap.io

# Reference: https://www.virustotal.com/gui/file/8a1459cfd167d53fa3d599a3e6b88d72edb5ed86374ce75cfc439026f948d176/detection

ajmal-40797.portmap.io

# Reference: https://www.virustotal.com/gui/file/757b2018d1b9c7e658f39e376bdc47799f7774888ac26b12a5dc60e0bca414d1/detection

193.161.193.99:46682
redexrocks-46682.portmap.io

# Reference: https://www.virustotal.com/gui/file/989d038aa3a2ff948037470af11ae6df8e0d3806c0a5ae063638ed4653c9d453/detection

ceca-46670.portmap.io

# Reference: https://www.virustotal.com/gui/file/ec71a8f4fd33c7852f3ada6dbef4176364d27e7a3d5c7645a4e3618054d59d95/detection

193.161.193.99:40119
hadisikeraq-40119.portmap.host

# Reference: https://www.virustotal.com/gui/file/8c72bb3d375de1409b7e6a2f59a9f7b6742ab00a1d9f44c08896ac91fd625ceb/detection

193.161.193.99:1337
hackaniyan123-28446.portmap.host

# Reference: https://www.virustotal.com/gui/file/1d11d8522383ceb2dd31847066e6d5b38711c19728a2b061f34de4fe00f7931d/detection

193.161.193.99:44899
allaya-44899.portmap.host

# Reference: https://www.virustotal.com/gui/file/4927c90df692cc0b6daab6dc789ed87d05e8308120aefed5b3864aa2ef7ea9c4/detection

parkerrhino22-35670.portmap.host

# Reference: https://www.virustotal.com/gui/file/37213724622b7ddd26cb62da058d7d29b17d0157d90ccbc81b1f9c51fb453b76/detection

soma1q-46620.portmap.io

# Reference: https://www.virustotal.com/gui/file/fee56ec8f0eb682db76281aa208a76dda29d3c3c8bef8c89e41932c5581cb8fc/detection

193.161.193.99:37138

# Reference: https://www.virustotal.com/gui/file/5ac0ad807be80133b655b386eb77f7b7fac312fa74f584d8cdad35daf1776881/detection

193.161.193.99:56605

# Reference: https://www.virustotal.com/gui/file/1ddeffc5d315e5263c3c9bd5883822435be0bd4bf9ab9b9b87214143705be220/detection

193.161.193.99:36343

# Reference: https://www.virustotal.com/gui/file/e7cf7c54d3a8b6e2edfae7c8bbf8427150418db691d60c1db1d8bb971a6cd333/detection

manuse-52828.portmap.host

# Reference: https://www.virustotal.com/gui/file/2e2268001cd304fc904ece47266862cdf653adde32f694d109f7891fd27a7a9a/detection

yasin69-58773.portmap.host

# Reference: https://www.virustotal.com/gui/file/2b4d4f0f5eb58743f55f97261971539be68045cd94a64a8026b8516bcbcd2beb/detection

bewman-27570.portmap.host

# Reference: https://www.virustotal.com/gui/file/23c5c73e76472eff51d09d62d972165900bfd8e97b5b95a3fbe877defb5f83f6/detection

LAPTOP-8OHQN8H-33163.portmap.io

# Reference: https://www.virustotal.com/gui/file/8e9e743c552776b4f4f65d268862acd55d3b1eb5399cf88d14e45cb7e70d9cd2/detection

nobodydoes-62739.portmap.host

# Reference: https://www.virustotal.com/gui/file/96a8ed7272a62d1a5950a3ed1090283073a0ff987939da4d5e20489d5a139043/detection

193.161.193.99:48545

# Reference: https://www.virustotal.com/gui/file/d3de3d49947abb7860d9fca288fa610a0b25cef0761220a03243e4a5039dfb25/detection

193.161.193.99:23740
king090371-23740.portmap.io

# Reference: https://www.virustotal.com/gui/file/6a4612a258f0ae6cb3bbef56227ce32d504e33187bee75250591ee51d42c24f1/detection

60770a3c1e5cb79771c84d26219b315f.duckdns.org

# Reference: https://www.virustotal.com/gui/file/6bc63ed3d63acb96faaa2d9de2c225ccf77827b0f7c0c87417eda394efd5d407/detection

193.161.193.99:54044
fbz-54044.portmap.io

# Reference: https://www.virustotal.com/gui/file/3e34699904e5cd553b0c786e961dfa3b47307b9485d04c4a21833f52f682dedb/detection

blabla-64010.portmap.io

# Reference: https://www.virustotal.com/gui/file/6d3371a6fb582f2fb69d8fe14eb9e953ccd0bb93ad24d669b97e2fd52463d00b/detection

193.161.193.99:58489

# Reference: https://www.virustotal.com/gui/file/bff674e0d2cb44aa0ae2d7124a08ccedda5f09843953c2fb04e51d635185e06d/detection

193.161.193.99:58489
yagomilenio.ddns.net

# Reference: https://www.virustotal.com/gui/file/cf74e0454c815739ab9b4e3add541042675ee2f3c9287c22811d33e0bad2ef06/detection

193.161.193.99:28750
Hackerprofesional-28750.portmap.io

# Reference: https://www.virustotal.com/gui/file/5ea0b093514ca513755877d1407f97a667510480a6931ec2553b8268c7fa3c6e/detection

193.161.193.99:30479

# Reference: https://www.virustotal.com/gui/file/ae3fdadda6c13dc895fa48862b519751a03d0107a7a8b456460f550f483d7f6b/detection

193.161.193.99:61770

# Reference: https://www.virustotal.com/gui/file/1cbcf97ea3658dd477105dd5bf75f2dc545fd48898220752e6e515e751d4e874/detection

gimiexpert.duckdns.org

# Reference: https://www.virustotal.com/gui/file/88e4c82169a018046ed711e5d199cfffa1ac2bc974237f7ff30013a0f3c6d202/detection

193.161.193.99:61891
LAPTOP221421-61891.portmap.io

# Reference: https://www.virustotal.com/gui/file/e6d6c2f48603c6be4937908d841e3b3af2cd21876e05987d688523ba1deedd3e/detection

3.19.3.150:16866

# Reference: https://www.virustotal.com/gui/file/e221cfff004c9423b27e921684e629dc5d98279227eb2a5253364ebda0b233be/detection

3.14.212.173:13392
3.19.3.150:13392

# Reference: https://www.virustotal.com/gui/file/c438f42bf63828943c537b48203c40448b46d1ba0987a02696481dfcf1a20167/detection

3.19.3.150:12128

# Reference: https://www.virustotal.com/gui/file/87e415521d0b2f63ac96e4689072c377c4c26fd8265c1e7e67f70e53433cbc38/detection

3.19.3.150:16153

# Reference: https://www.virustotal.com/gui/file/dd33f5656995cc1a5f50d0064c9efd82aefe3ecaa357190a6402ee3a6663610a/detection

3.19.3.150:14457

# Reference: https://www.virustotal.com/gui/file/21856a6bd24af73aea9aee0d656ef2208c2ebbb6011c457549988a241394657b/detection

3.19.3.150:14921

# Reference: https://www.virustotal.com/gui/file/a970f8de2ae9dbed6b4e982f65e7706a03ee510693d869dce2eb30a37a97d6b2/detection

3.19.3.150:16189

# Reference: https://www.virustotal.com/gui/file/cd38c945796f0ec0fcece3126875a96ad4324d76028348412fc9a78a79c722c1/detection

3.19.3.150:13234

# Reference: https://www.virustotal.com/gui/file/b74dacb1e380dae54434fb4d6206b501e0f3ab6016c7453f3c6ef1ff3382ea17/detection

3.19.3.150:14892

# Reference: https://www.virustotal.com/gui/file/34ccd61d454162e8a6fa8599586ce8248e53aab9e38a291ca336fda66053fad9/detection

androidapp.myq-see.com

# Reference: https://www.virustotal.com/gui/file/91f12329d74e5ca5b055256d999d92294caf8d194db145a8063a398990812165/detection

185.101.92.3:4339
asson.myq-see.com

# Reference: https://www.virustotal.com/gui/file/92f6b8f14527f7e755b535d8442f4a8cf562f92584ab5e50eb126fc9c527f303/detection

193.161.193.99:34279

# Reference: https://www.virustotal.com/gui/file/4d4b02db0f7df2d43f7ecd98580faa5d58b3f0e43e0fe3bde4e22ea2954686c6/detection

54.81.215.72:12301

# Reference: https://www.virustotal.com/gui/file/7c86f4236e7b32467e2cd2fd797a1f794ed0c00703871bb55d78b6ba98567711/detection

141.255.150.115:3210
141.255.154.248:3210

# Reference: https://www.virustotal.com/gui/file/cc9186e56a28e2e069c0e02000882f1e725b8631a0da04c79117f4dc46ccc78c/detection

console-wifi.ddns.net

# Reference: https://www.virustotal.com/gui/file/db87c6455b568eb63e25b22688affd3e15eb4683a656061ba5a50ac26b8af702/detection

197.32.108.10:2222
91.109.176.6:2222
ahmed444mah.myftp.biz

# Reference: https://www.virustotal.com/gui/file/1939024a2e094348b5068a569e5968a09e7d612351b0f9ff7e4bbcd32aee24d7/detection

qna.hopto.org

# Reference: https://www.virustotal.com/gui/file/3a7e844f3e2709ac9aa352183f55347e9729c95c51e44f72f6073d12893783b9/detection

danielgomesb.hopto.org

# Reference: https://www.virustotal.com/gui/file/ce3d7392c08178a064432f952302c10bda264b09c7f7e6477a9e668072cdd506/detection

177.40.160.231:1337
179.176.142.193:1337

# Reference: https://www.virustotal.com/gui/file/ac99d6ecf20ede3c1064a5790ea66d4080776c7369dc7f878c3dcd658dc7d5ee/detection

179.178.9.126:1337

# Reference: https://www.virustotal.com/gui/file/7607ecae59fdb498d0e6691f0b3049eeb03cbc7c456a46e415ccfc3f672b09a4/detection
# Reference: https://www.virustotal.com/gui/file/3635d1220ce1ac04cfa2cd99e7878f33b98d4c9841ec3d5731b9ff1a67d0e034/detection

mobihok.net

# Reference: https://mobile.twitter.com/LukasStefanko/status/1032884776825434112

http://59.105.6.230

# Reference: https://twitter.com/LukasStefanko/status/1039435272017117185

teensexmovies21.tk

# Reference: https://twitter.com/LukasStefanko/status/1114065804943867904

jakajakreminota.work
/metabbiroma2/terro.php

# Reference: https://twitter.com/virqdroid/status/1117771719412989952

flashnew111.top
letsfuckit111.top
pastbische1.top

# Reference: https://twitter.com/LukasStefanko/status/1123875894488072193
# Reference: https://www.virustotal.com/gui/domain/stimpado.com/details

stimpado.com
/sam01/set.php

# Reference: https://www.virustotal.com/gui/file/ab90578cdb6641c32ce3242d4c9f03b4b2a17e061afe9e1d58d9fd73c483769c/detection

http://185.198.57.24

# Reference: https://www.virustotal.com/gui/domain/u363571.test93w.ru/details

u363571.test93w.ru

# Reference: https://www.virustotal.com/gui/domain/u36317.test93w.ru/relations

u36317.test93w.ru
/private/set_data.php

# Reference: https://twitter.com/JayTHL/status/1214205248945999873

chase-banksonline.com

# Reference: https://twitter.com/ni_fi_70/status/1227964755589189632
# Reference: https://www.virustotal.com/gui/ip-address/200.6.39.216/relations
# Reference: https://www.virustotal.com/gui/file/58bd88693864b0375032d3507fe359e79d1ee179e51c5a7d1b2b8e17c8102a17/detection

200.6.39.216:80
app-bbva.online
/controls/bbva_es/control.php?message=
/controls/milenium/control.php?message=

# Reference: https://www.virustotal.com/gui/ip-address/169.197.110.86/relations

169.197.110.86:80

# Reference: https://www.virustotal.com/gui/file/1ff1122748bb717fdae81acaca176a8c8d1fd7babbd04451d67ad5d72d33a83c/detection

141.255.153.71:1177
testesild68.ddns.net

# Reference: https://www.virustotal.com/gui/file/e8b7ecb0266db61e222e89e295f610baeb550117097ae277e5d4e27e05a28376/detection
# Reference: https://www.virustotal.com/gui/domain/app.smartnewsource.com/relations

app.smartnewsource.com

# Reference: https://www.virustotal.com/gui/file/97a8aded5dba613bdac4cccd17a4d06e7f10d297798dcc0d52f398c1357739f2/detection

168.235.111.253:1818
cooldreamers.ddns.net

# Reference: https://www.virustotal.com/gui/file/ce7dc9c5333068f9923dc5bb37f2ba8255f3f13b5433dc1d5938a16643c51817/detection

168.235.111.253:1604

# Reference: https://www.virustotal.com/gui/file/2844249359ce1e7a8e8b6e11c7497b8888ff6a4fc6d644c96dfa1c76def35f5c/detection

168.235.111.253:1617
didi03.duckdns.org

# Reference: https://www.virustotal.com/gui/file/9b1a1ccedfb4439d7f30468953fb30d3e353041ed61897be805fb81e3137798f/detection

102.69.0.221:5214
194.35.115.37:5214

# Reference: https://www.virustotal.com/gui/file/d53c5908beea8b54a1190c90049a2c15b833df44e5a1000f62255aa01893871d/detection

45.74.46.199:8484

# Reference: https://twitter.com/malwaretracekr/status/1236656514800054274
# Reference: https://www.virustotal.com/gui/file/69f2b139bc5c5480b85ef67171816972c6eb3a1152b6cc8900e98c75c98b097d/detection

cjthemsk.cn

# Reference: https://securelist.com/cookiethief/96332/

yoboxtool.com
yomobi.net
youzicheng.net

# Reference: https://twitter.com/LukasStefanko/status/1240913992383684610

codebeta.in

# Reference: https://www.virustotal.com/gui/file/8a87cfe676d177061c0b3cbb9bdde4cabee0f1af369bbf8e2d9088294ba9d3b1/detection

coronasafetymask.tk

# Reference: https://twitter.com/LukasStefanko/status/1243317183419219969

freepornhub.host

# Reference: https://twitter.com/malwrhunterteam/status/1243533202507075584

dl.ac19.am

# Reference: https://www.virustotal.com/gui/file/22b900664bf56c376079c088decffebe04e13f3a1440da4c79562bc949733484/detection

91.218.65.24:5214

# Reference: https://twitter.com/virqdroid/status/1243847928814489602 (# ProjectSpy)
# Reference: https://www.virustotal.com/gui/file/e394e53e53cd9047d6cff184ac333ef7698a34b777ae3aac82c2c669ef661dfe/detection
# Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/
# Reference: https://otx.alienvault.com/pulse/5e9b393310636e8d50492c5b

cashnow.ee
spy.cashnow.ee
xyz.cashnow.ee
/Corona_Virus.apk

# Reference: https://twitter.com/malwrhunterteam/status/1239477012827381760

/avist.apk

# Reference: https://www.virustotal.com/gui/file/78e3efb6b9eca61de2ae53064702d7879d8f2430c7793fe20a5fef999d12691a/detection

141.255.156.231:1177
191.177.187.33:1177
ccman32.duckdns.org

# Reference: https://www.virustotal.com/gui/file/78e3efb6b9eca61de2ae53064702d7879d8f2430c7793fe20a5fef999d12691a/detection

141.255.151.102:1177

# Reference: https://www.virustotal.com/gui/ip-address/141.255.156.231/relations

iphone-skyrock.ddnsking.com

# Reference: https://twitter.com/malwrhunterteam/status/1243991887998001153

/Ac19-V1.2.0.apk

# Reference: https://www.virustotal.com/gui/file/06bb1f4da96df4857c94e73794fc9b0c283b6cecb974d2eb9c89fe0f4afab6bb/detection

141.255.152.138:2222

# Reference: https://www.virustotal.com/gui/file/92647585c0aab0009197ba287a871f752c6a49e095f648afa1ffc4a6a657ae34/detection

41.104.196.248:2222

# Reference: https://twitter.com/ReBensk/status/1245315100572962816
# Reference: https://www.virustotal.com/gui/file/fe8fcd646e3faa8f7d0191a25d91a93d1e207159dcb059522295d70b107ca9eb/detection

http://18.221.227.34
frz.nflfan.org

# Reference: https://twitter.com/malwrhunterteam/status/1247213866452426752

play2win.buzz

# Reference: https://www.virustotal.com/gui/file/c87e72acabf6a90425162d3c30a9dbe2a0e334dc97e20a83bbc85270eecf6279/detection
# Reference: https://www.virustotal.com/gui/file/047bed96d8c23720e9afc7b933ed563bd984540fc4aacd3246918adbcce7e874/detection

fsocietylammer.ddns.net

# Reference: https://twitter.com/malwrhunterteam/status/1251565949356052481

5g-20gb-internet.com

# Reference: https://twitter.com/ReBensk/status/1251860425974730754

lgoogleplaystore.com

# Reference: https://www.virustotal.com/gui/file/f33d51d754860f92c3d775e4876579c4b245823ba3c5622691e5a69afe83053c/detection

pinterest.com/abigailn674/
pinterest.com/amicenorton4874/
pinterest.com/ashlynfrancis7577/
pinterest.com/emeraldquinn4090/
pinterest.com/felicitynewman8858/
pinterest.com/gh6855786/
pinterest.com/kelliemarshall9518/
pinterest.com/norahspencer9/
pinterest.com/posylloyd4136/
pinterest.com/shonabutler10541/
pinterest.com/singletonabigail/

# Reference: https://twitter.com/malwrhunterteam/status/1255526720486223872
# Reference: https://twitter.com/NtSetDefault/status/1255536589083684872

apphome01.xyz

# Reference: https://twitter.com/malwaretracekr/status/1255788631953817600

happysex4477.info

# Reference: https://twitter.com/ESETresearch/status/1255866379972030466
# Reference: https://twitter.com/seafaringturtle/status/1261427374924500992
# Reference: https://twitter.com/malwrhunterteam/status/1261383510708891649

korzystna.biz/praca.apk
morefuntfkjaskjfk123.cx
techndevs.us

# Reference: https://a.virscan.org/language/en/089b3e6ba3b60181f96708892321e2b7

xoez.xinzj1.com

# Reference: https://www.virustotal.com/gui/file/3ad5c57f7435e5f1de7d59cb8bc14f69dfe095be5fbdff9a489c864dc9298776/detection

91.193.75.247:4000

# Reference: https://twitter.com/malwrhunterteam/status/1257722625989791745
# Reference: https://www.virustotal.com/gui/file/1d0e0a24d502688ec9d291bf978da60f3b3f152eaa317b24686a041f3e22d007/detection

googleapps.xyz
/zeeinoppqe.php

# Reference: https://twitter.com/malwrhunterteam/status/1258309542208843776
# Reference: https://www.virustotal.com/gui/domain/obmenvsemfiles.com/relations

obmenvsemfiles.com

# Reference: https://www.virustotal.com/gui/file/4885a456b1792305b418a14f37782ff5d7c0a2d15ec42021c63704c7744c2688/detection

78.120.144.206:3458
commealamaison1.zapto.org

# Reference: https://twitter.com/malwrhunterteam/status/1259167146237743104
# Reference: https://twitter.com/seafaringturtle/status/1259209684529152003

adnab.ir
rozup.ir/download/3039645/

# Reference: https://www.virustotal.com/gui/domain/bbb123.ddns.net/relations
# Reference: https://www.virustotal.com/gui/file/153e52d552fdd1b4533d3eb9aa8f59bda645e8a4409b28a336c0cab1d26bd876/detection
# Reference: https://www.virustotal.com/gui/file/1f2eb62e57e29d27d83d88bfbac654bdbd6772ee7bab981b6930806c550e4b7c/detection
# Reference: https://www.virustotal.com/gui/file/e321d63c061503d341ba9076a6fa5b85383f7e6ac9f0bf5b4ccbfe68a6f808b3/detection

159.0.64.216:2222
159.0.90.166:2222
178.87.136.11:2222
178.87.138.222:2222
178.87.157.88:2222
178.87.212.96:2222
2.88.187.83:2222
2.88.190.5:2222
51.223.107.14:2222
51.223.117.108:2222
51.223.124.255:2222
51.223.127.88:2222
51.223.152.150:2222
51.223.159.160:2222
51.223.78.70:2222
51.223.92.246:2222
51.223.98.156:2222
79.173.195.249:2222
92.253.65.44:2222
93.182.171.21:2222
94.49.131.95:2222
94.49.138.66:2222
94.49.143.58:2222
94.49.156.68:2222
94.49.175.31:2222
94.49.191.93:2222
94.99.92.43:2222
95.219.144.182:2222
95.219.152.127:2222
95.219.187.144:2222
95.219.230.215:2222
95.219.255.163:2222

# Reference: https://twitter.com/LukasStefanko/status/1260122734920679425
# Reference: https://www.welivesecurity.com/2020/05/11/breaking-news-app-promises-news-brings-ddos-attacks/

i-updater.com

# Reference: https://twitter.com/ReBensk/status/1260875242286706688

matakerbau.com

# Reference: https://twitter.com/malwrhunterteam/status/1260899590691323904
# Reference: https://www.virustotal.com/gui/ip-address/222.239.248.195/relations

http://222.239.248.195

# Reference: https://twitter.com/seafaringturtle/status/1262466331254890498

com-hp-vd.firebaseio.com

# Reference: https://twitter.com/malwrhunterteam/status/1263140797173706752

vinogradzaoknom.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1263166792974962688

fightgid.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1263804506258599937
# Reference: https://www.virustotal.com/gui/file/b35fc3a41e692a2473608ae5dc9f3f5ce5d4c7fa603cbdf8a5ec930a0e2cf16c/detection

45.138.209.192:20420

# Reference: https://twitter.com/malwrhunterteam/status/1264954714690588673

avito-package.info

# Reference: https://twitter.com/malwrhunterteam/status/1265530814781145089

47.92.30.96:8832

# Reference: https://twitter.com/malwrhunterteam/status/1270043420103507968

scribd.cu.ma

# Reference: https://twitter.com/malwrhunterteam/status/1270435949454004224

st-chat.com

# Reference: https://twitter.com/malwrhunterteam/status/1271062243418034176
# Reference: https://www.virustotal.com/gui/ip-address/175.118.126.113/relations
# Reference: https://www.virustotal.com/gui/file/28163681e6d016cdeea423d8f2dd5f4e54099c30e57dafd4cca5ebab524e2f5f/detection

http://175.118.126.113
/Home/Json?messagePermission=

# Reference: https://twitter.com/malwrhunterteam/status/1272970342772989952
# Reference: https://twitter.com/LukasStefanko/status/1273210170269671424

http://93.157.83.20
panel.celularmatrix.com.br

# Reference: https://twitter.com/ReBensk/status/1273659924632010758

djjubeemedia.appboxes.co/Apks/

# Reference: https://www.virustotal.com/gui/file/b3511ce22c8b57971904b46de918b1af1b62f7eb19fe8a63954798c0037de3a0/detection

http://207.148.126.117

# Reference: https://blacklist.cyberthreatcoalition.org/vetted/url.txt

http://51.75.160.57
49584989898.online
akhbarrecords.com
hottestxxxvideo.com
inps-it.top
mascalorofertas.xyz
valesydescuentos.info

# Reference: https://twitter.com/ReBensk/status/1280078871803674624
# Reference: https://www.virustotal.com/gui/domain/uujian.cn/relations

uujian.cn

# Reference: https://twitter.com/ReBensk/status/1280844473078026241

covid19.teamcoded.com.ng

# Reference: https://twitter.com/ReBensk/status/1281889729005453313

http://109.92.125.166

# Reference: https://twitter.com/malwrhunterteam/status/1282710517635743745

5.252.193.237:8070
5.252.193.237:9999

# Reference: # Reference: https://twitter.com/malwrhunterteam/status/1284198177034428418
# Reference: https://twitter.com/bl4ckh0l3z/status/1284390433976725506

178.63.125.18:8000
share-file.icu

# Reference: https://twitter.com/malwrhunterteam/status/1285301246807638017
# Reference: https://www.virustotal.com/gui/file/88204c7461d27f21abbf673edd5650415c03844ecee002e1cf847416f0133420/detection
# Reference: https://twitter.com/bl4ckh0l3z/status/1285507325927788544

ohmygodronnie3.com

# Reference: https://twitter.com/ReBensk/status/1285908028223561729

360diag.net

# Reference: https://twitter.com/malwrhunterteam/status/1287069155838046210

paczkomaty.app

# Reference: https://twitter.com/bl4ckh0l3z/status/1288448878589730817
# Reference: https://www.virustotal.com/gui/ip-address/103.97.131.70/relations
# Reference: https://www.virustotal.com/gui/file/fa474f03e9f35f5c103d4d322167473948dc919bee677984351fdcad1892cb73/detection

http://103.97.131.70
http://222.239.248.195

# Reference: https://twitter.com/malwrhunterteam/status/1296529802153865219

cybercoprahul.in

# Reference: https://www.virustotal.com/gui/file/bad5220d83565aaec65c1f1e25bd37ba7d328b0982bae6517f7f9b35611cd758/detection

23.234.27.209:9999
admin.hailupai.cn
wx.hailupai.cn

# Reference: https://www.virustotal.com/gui/file/cfc62b2f27c61dd8437ea192a7a50c5a10721311145c85ce547fc5d2f483f06b/detection
# Reference: https://www.virustotal.com/gui/domain/mobilelinks.xyz/detection

mobilelinks.xyz

# Reference: https://www.virustotal.com/gui/file/f1af7ff49a488bfdcbe0a2411b6f124fa6a542f910d56412d2bf9286e7f962c9/detection

218.200.227.123:90

# Reference: https://www.virustotal.com/gui/file/b2af532b092e0c392ece33b5821baf838d287f27a524a6ae424ea21d18092413/detection

yiwemi6726-52399.portmap.host

# Reference: https://www.virustotal.com/gui/file/6ff9acebac2acc7fe24a0a860e6b672d21bb82d69b6ff5327169cf49e5c1f654/detection

193.161.193.99:21835
rajatTiwari-21835.portmap.host

# Reference: https://www.virustotal.com/gui/file/f6b7fdb13d0d6986944e0b0855ff43fb851f6195b9781c9934b27dcd8dbfe9e4/detection

193.161.193.99:55389
venompr-55389.portmap.host

# Reference: https://twitter.com/fr3dhk/status/1301225880677564417

dangerouslife.xyz

# Reference: https://www.zdnet.com/article/google-removes-android-app-that-was-used-to-spy-on-belarusian-protesters/
# Reference: https://www.virustotal.com/gui/ip-address/85.143.221.173/relations
# Reference: https://www.virustotal.com/gui/ip-address/89.223.89.47/relations

dgbet-india.roimaster.site
dgbet3.roimaster.site
hackappcrmkz1.roimaster.site
hackappnewcrmuzbekistan.roimaster.site
hackindiancrm.roimaster.site
indiancrm-external.roimaster.site
nextialive.roimaster.site
spain-crm.roimaster.site

# Reference: https://twitter.com/ReBensk/status/1303358677261398016
# Reference: https://twitter.com/s_metanka/status/1303659373714173952
# Reference: https://www.virustotal.com/gui/file/78cfa0b48134dcee4fd45984fa8d598db5ba7d993e264bb096b43b5cb89fedda/detection

android-update.net
superwat.biz

# Reference: https://twitter.com/malwrhunterteam/status/1304300269736538113

tos-assigned-build.sfo2.digitaloceanspaces.com

# Reference: https://www.virustotal.com/gui/file/3f983be43bc4281410aef4d54d2a864a3f61a1d6c1939f1fee8e76aff450b33b/detection

seila.ddns.net

# Reference: https://twitter.com/bl4ckh0l3z/status/1311256229205942272

1928.ga
1928.gq
1oba.com
hamster2018.com
telegrcn.org
tgdownload.ml

# Reference: https://twitter.com/malwrhunterteam/status/1311737978880917505
# Reference: https://twitter.com/bl4ckh0l3z/status/1311988718073516033
# Reference: https://www.virustotal.com/gui/file/405634d0f44819eec4f64f9cdf2ab01af95089c54c85ef29e4628e187c2abc49/detection
# Reference: https://www.virustotal.com/gui/file/c7c2c052246b675b6953124f71fff4cac998772375f4125dd9aeb8a6d173452e/detection

51.77.79.81:8080
51.89.6.176:8080
kimwatin.info
mizotron.info

# Reference: https://www.virustotal.com/gui/file/7111f89fbb47dbe7b006aaae34ca42a1e7216508fd1ddfda0bba2a8b2735d935/detection

infolive786.com

# Reference: https://www.virustotal.com/gui/file/15a678df42e30da217b21688438c86152803c591b3c8288f2c29afa2cc9249bd/detection

mp3-pesni.ru

# Reference: https://twitter.com/malwrhunterteam/status/1324761615376502788

limitazioni-sblocca.com

# Reference: https://twitter.com/malwrhunterteam/status/1325871682180042755

alltrustedwallet.com

# Reference: https://twitter.com/andpalmier/status/1325794360248700929
# Reference: https://twitter.com/bl4ckh0l3z/status/1326462622615658496

notifiche-ricevi.net
nuova-di-base.com

# Reference: https://twitter.com/bl4ckh0l3z/status/1326462785941889026
# Reference: https://twitter.com/bl4ckh0l3z/status/1326462835803758593
# Reference: https://www.virustotal.com/gui/file/db46610f07d77d875468bd385d5069671e9110eb9eade1e4519e1435d5d3d558/detection
# Reference: https://www.virustotal.com/gui/file/e3195b40a61c404fa9dd4356c30d5e9ce328235924f69fb3ba9a2708c4ca8907/detection
# Reference: https://www.virustotal.com/gui/file/6d6700288005004abe4bc0251e75dcd6135ff075d5348350ffdbfe2dd45b7a1c/detection

101.99.95.242:80
appbancasicura.duckdns.org
zed-rat-2020.duckdns.org

# Reference: https://twitter.com/antopontrelli/status/1329759118257688576
# Reference: https://twitter.com/D3LabIT/status/1344203484447567873
# Reference: https://www.virustotal.com/gui/ip-address/185.212.47.248/relations
# Reference: https://www.virustotal.com/gui/ip-address/91.90.121.119/relations

google.servlce.store
gooogle.services
goooogle.services
play.google.servlce.store
play.gooogle.services
play.goooogle.services

# Reference: https://twitter.com/malwrhunterteam/status/1331892682344574977

google.servjces.com
play.google.servjces.com

# Reference: https://twitter.com/ReBensk/status/1352201093728518149

play.google.store.apps.details.settings.pw

# Reference: https://twitter.com/malwrhunterteam/status/1332350945095802881
# Reference: https://www.virustotal.com/gui/ip-address/8.210.217.79/relations

coin-bene.com
coinbene-app.com

# Reference: https://www.virustotal.com/gui/file/4625695fa4419516f6b33eb312fa4a444f5ae2e481d4ea331c0c50a9b7642c6f/detection
# Reference: https://www.virustotal.com/gui/file/bf31cd4271ac2387f90e9c6d565b2154b870c5e4c34b5d7fbaf901e7f2dc48a2/detection

cy.mobzii.com
xxxcy.mobzii.com
/_revot/stats.php

# Reference: https://twitter.com/malwrhunterteam/status/1340910922626416643
# Reference: https://twitter.com/bl4ckh0l3z/status/1340960422485213184
# Reference: https://www.virustotal.com/gui/file/5e0311fb1d8dda6b5da28fa3348f108ffa403f3a3cf5a28fc38b12f3cab680a0/detection

fexxridmvcnfref.com
npeoqhujcogciij.ru

# Reference: https://www.virustotal.com/gui/file/bdbcd25134495e91c33b5eb4b40d46037e0370b44fe246507a14a8d5584264cf/detection

14.215.171.169:9009

# Reference: https://www.virustotal.com/gui/file/645f1760e9349c4ca6c00bf80fa694136521ae708b5a08221c09d0b3fac76e75/detection
# Reference: https://www.virustotal.com/gui/file/557d63adcbb03d07e7eff9958b2d9adda30de1ba957e6a68e5c74e90d3ae0de3/detection

124.232.163.63:8648
61.160.242.35:6061

# Reference: https://www.virustotal.com/gui/file/65d1b71469f75a726779b869f6ea49536e13adfa952353aadea351e67c814db8/detection

52.22.89.169:8080

# Reference: https://twitter.com/malwrhunterteam/status/1344020517297270784

stevesplex.com/stuff/

# Reference: https://www.virustotal.com/gui/file/5a05018a93e3136fe44a26c3af720649abc53d8c098fb5816243fd22042be45f/detection

193.161.193.99:30376

# Reference: https://www.virustotal.com/gui/file/45ff19a4717c556ebcb83ecff4fb09bc00bf13911f861c3a9d83e0c5462eca6b/detection
# Reference: https://www.virustotal.com/gui/file/c0d6aa4233c70e4f13d01ba858b30e27b439aaf20587de11c3705344f63aac8d/detection

uaioey.ga

# Reference: https://www.virustotal.com/gui/file/15361e4574dc8acc0600fe644c3dd38b1f2e0a786546c83de18bde0944dc7c15/detection

yb889.aka47.pro

# Reference: https://twitter.com/malwrhunterteam/status/1346035452894179331
# Reference: https://twitter.com/bl4ckh0l3z/status/1348324827510267909
# Reference: https://www.virustotal.com/gui/domain/karloskey.ml/relations
# Reference: https://www.virustotal.com/gui/file/5253ded3b530bbcde7f9bd8493c9d76a045670308faf15ad28b1e8c635ff9432/detection
# Reference: https://www.virustotal.com/gui/file/92e4013646e60da4c4debd6b975277acf2784352024be43ea5918abdffb0d623/detection

http://37.120.146.4
karloskey.ml
pasargaad.xyz
/DargaSaz/

# Reference: https://twitter.com/malwrhunterteam/status/1349342821623459840
# Reference: https://twitter.com/malwrhunterteam/status/1350419534868578304
# Reference: https://twitter.com/bl4ckh0l3z/status/1350492882633895938
# Reference: https://www.virustotal.com/gui/file/a5657d914de9840f20bbc14b431b614dbeca5040148a569489a761a29cfbef46/detection
# Reference: https://www.virustotal.com/gui/file/53ece16de2047212ba1daba6d5dd27c7e63c7b2bcbf34b89ddce1347f590ff0a/detection

bamharmrah.site
bamimelli.xyz
my-bmi-ir.work
nablism.xyz
/melli/otp.php

# Reference: https://twitter.com/malwrhunterteam/status/1350042936772354048
# Reference: https://twitter.com/bl4ckh0l3z/status/1350044213963071489
# Reference: https://www.virustotal.com/gui/file/2ee8326a4fa63effda4e9bcb519fe6e9896ea08c2f5e139af66475b214c125de/detection

server25.intellecthost.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1350098297504092162
# Reference: https://twitter.com/bl4ckh0l3z/status/1350138367812354056
# Reference: https://www.virustotal.com/gui/file/8e56fb851e4bbda3005e72c4312f64a89ca1e53892b2060c452615ad3fd6b698/detection

173.249.14.126:12286

# Reference: https://twitter.com/malwrhunterteam/status/1349342821623459840
# Reference: https://twitter.com/bl4ckh0l3z/status/1350119628316545024
# Reference: https://www.virustotal.com/gui/file/a5657d914de9840f20bbc14b431b614dbeca5040148a569489a761a29cfbef46/detection

sindiers.info
/Rat/otp.php

# Reference: https://twitter.com/malwrhunterteam/status/1350190229219663874
# Reference: https://www.virustotal.com/gui/file/e73d5f50e8859996be98a5440a0cd0b71170ac4b0c8f6a52347562dfbf337eb9/detection

mental786-38988.portmap.io

# Reference: https://twitter.com/malwrhunterteam/status/1350356095831855104
# Reference: https://www.virustotal.com/gui/file/16cbbc5b747ee165de4b66fb2fc47498799bea57c2dbdb7ef09c6dc26954cec4/detection

hanabaf.ga

# Reference: https://twitter.com/malwrhunterteam/status/1350413209577136132
# Reference: https://twitter.com/bl4ckh0l3z/status/1350414598780956672
# Reference: https://www.virustotal.com/gui/file/96b13f9bdb689c2951a3bcd4451a4fd6e14f4db272806441d72dcc7a14d2f02f/detection

dav.jianguoyun.com/dav/
xguglsb.cn

# Reference: https://twitter.com/malwrhunterteam/status/1351063890155745284
# Reference: https://twitter.com/bl4ckh0l3z/status/1351157463534325760
# Reference: https://www.virustotal.com/gui/file/688f1b72f746935d31d379e46d2dd75146a5683a0baa986c3ee614305eb2c69c/detection

149.28.21.203:443

# Reference: https://twitter.com/malwrhunterteam/status/1351228393585586176
# Reference: https://www.virustotal.com/gui/file/cd3ff8de92a2f03894421864be6df55bf1014dc34a28704b684a480e349255b2/detection

http://88.99.200.114
/mrfucker.php
/mrfucker.txt
/mrtony.txt

# Reference: https://twitter.com/malwrhunterteam/status/1354129247967830016
# Reference: https://www.virustotal.com/gui/file/e07d1edcf7c5b1cf3c5138f33050f38416b5f0b6b114bfdea81d60b4d2a073f9/detection

3.14.182.203:13490
3.22.30.40:13490

# Reference: https://twitter.com/malwrhunterteam/status/1356665909541224451
# Reference: https://www.virustotal.com/gui/file/820428ab9a6a0be05eb9d11f8e8fb42dd37e86f622c80c0b70d35919a65d2a22/detection
# Reference: https://www.virustotal.com/gui/file/bf6f5a2730ced754907e277b590959d9c734681a07a466112c392e92d008fea3/detection

81.17.24.204:55690

# Reference: https://twitter.com/malwrhunterteam/status/1359203738808893450
# Reference: https://www.virustotal.com/gui/file/a6571e7d63b10a2d323cba7f9d603a977e1c66f635ae7e40027a7a4b0a96383f/detection

shaparack-iir.ga

# Reference: https://www.virustotal.com/gui/file/f0480fb4bfed37051439ce9c4b01e28ce3f90bc1ecbbb9f1631c41efe5b1bfd9/detection

fastprowb.com

# Reference: https://www.virustotal.com/gui/file/5b0374f517f3678ad74264599d1eb2b3a1f6110ae28127f9cc33eddd0b26509c/detection

jclqq163.w3.luyouxia.net
/dxzs.esp?type=

# Reference: https://twitter.com/malwrhunterteam/status/1364702685841285121
# Reference: https://twitter.com/bl4ckh0l3z/status/1365681343456239622
# Reference: https://www.virustotal.com/gui/file/e9d05a6ad86cac143322341c81d06d87ea9d21556039f319c86ca7da9726391c/detection

lockpldown.com
mydataflow10.mysql.database.azure.com

# Reference: https://twitter.com/malwrhunterteam/status/1365311635099971592

seol23d.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1365613904487976963

http://192.210.218.49

# Reference: https://twitter.com/malwrhunterteam/status/1370441952668352514
# Reference: https://www.virustotal.com/gui/file/f6d01a05f0675260e42dc0c5ceb8c0b5f728a32246a5d10845f8eedb36021864/detection

payment-maker.cf

# Reference: https://twitter.com/malwaremansys/status/1370939433415892992
# Reference: https://www.virustotal.com/gui/file/676a28f51ac925df456197039e951093f636bd4738dd299f1b66d35ade93a1d6/detection

api578.m4a1.pro

# Reference: https://www.virustotal.com/gui/file/edf454265c38141891e5ff0f7e327fb4a12fcdbf529cfa645654b328b15e074c/detection

artists.m4a1.pro

# Reference: https://www.virustotal.com/gui/file/4492c80a40723cd9c8bd69579616013a221685afaf714cb2941cbb34d9240be5/detection

yb999.m4a1.pro

# Reference: https://www.virustotal.com/gui/file/61bdd3c3497102bdc95e744c3e493ca108c2bc587fe5e5f25bec314984158700/detection
# Reference: https://www.virustotal.com/gui/file/84bdfc2eda4b02e48406fcdb701444604d9cdd1afcfb42e7259d211d0e7f69a2/detection

biggo.m4a1.pro

# Reference: https://www.virustotal.com/gui/file/34a53c45dfbd9beb165abad4201096d1be992f6e2fc2c157c59872bcd645f5bb/detection
# Reference: https://www.virustotal.com/gui/file/0aaa5f8208e24f831a9ea64e04d991704f4ac3cc042dc53098450906a4ec1788/detection
# Reference: https://www.virustotal.com/gui/file/277fa7b2fef8f7c4c9d8054d74e334b7e74cb5d25763727245b6110ee0fe0211/detection

api791.m4a1.pro

# Reference: https://www.virustotal.com/gui/file/82d9d7401bb578fe3c9ae3c9435dd09bd6789203233473ccc8576992beb33823/detection
# Reference: https://www.virustotal.com/gui/file/4d4ab62c13cef56f6e6e6ccc850a7e975c1b6e7e8913f634c8a853a9e8c406d1/detection

api839.m4a1.pro

# Reference: https://www.virustotal.com/gui/file/fbcdda6b9f1931457dcd164f11d401ab006a5d9f90b83833ffd76a38e977b8a5/detection

ld7805.m4a1.pro

# Reference: https://twitter.com/malwrhunterteam/status/1373310678153502731
# Reference: https://www.virustotal.com/gui/file/f80aa992162765f08bcaa1f98d43d922863a67760443c2fdd1e84897ffcaadfa/detection

my-voda.ga

# Reference: https://twitter.com/malwrhunterteam/status/1378267275422265347
# Reference: https://www.virustotal.com/gui/file/d33b31079f362c3d32a149adf5df2f16fb19866909b0d5205b6fefc094cefd26/detection

filehosting.link
/v3osery/check.php?type=
/v3osery/save.php?type=

# Reference: https://www.virustotal.com/gui/file/d7c4329ba202fc4f1ad3bd7b0bf1f49e65ba27a9933732fec3156f0cd6dd7831/detection

v-vcibotnslqutg.tk

# Reference: https://www.virustotal.com/gui/file/8b29580c7bd830b0ea594fdd3f9015b12c67b956d1faa7ad69d758e4d8100658/detection

vittato-psemjry.gq

# Reference: https://twitter.com/malwrhunterteam/status/1381636678897524739

goldtalk.kr

# Reference: https://www.virustotal.com/gui/file/08dcb7492a69bde334066018d9a13297654945a7b06fcf9a563a41b96676b5a7/detection

moblik.net

# Reference: https://twitter.com/malwrhunterteam/status/1384084288107282442
# Reference: https://twitter.com/bl4ckh0l3z/status/1384170719609692164
# Reference: https://www.virustotal.com/gui/file/3e9cd65907f0e3c346c976e71b5325a0f28ba3f2591c74a0c1d76bd60ee7a8eb/detection

apkfedexmobile.com
expressdhlexp.000webhostapp.com

# Reference: https://twitter.com/LukasStefanko/status/1384173821112905734
# Reference: https://twitter.com/BushidoToken/status/1384441868637937664

lookpink.xyz

# Reference: https://www.virustotal.com/gui/file/05db076f20bacc67659fc1d2612540aa79bbe0d8aca800a8185926f848ebeb50/detection
# Reference: https://www.virustotal.com/gui/file/0d5fcf1a076b5d40504147c9b838cbad77aed803407017d27f2501786d161212/detection

cdn-google.com
/ryabeiodi.php

# Reference: https://www.virustotal.com/gui/file/927c131aafe93c1788a4fc2931716ac12d59a473be23e8827b870b1109a94905/detection

assimilative-toothp.000webhostapp.com

# Reference: https://twitter.com/illegalFawn/status/1390683169138085888
# Reference: https://twitter.com/bl4ckh0l3z/status/1391441230060564493
# Reference: https://www.virustotal.com/gui/file/dff91d7ee8a7258010090a509f6dd4dbb75fd316d4d39ebccb69b55a3e0f6ad2/detection

aggiornappmobile.com
qwertykeys.altervista.org

# Reference: https://www.virustotal.com/gui/file/dc0fa24dd8e614e6fa5df6255def5103ce81d9351fcc4092542d9a141de31124/detection

mm-nes.com

# Reference: https://www.virustotal.com/gui/file/c1179cee58d84da913ff0967dc40da949ad644eeb7647aa65418f9a45f1c25d7/detection

ss-okk.com

# Reference: https://www.virustotal.com/gui/file/483e1e46355d934a27bfa80fe1ccd0bc1cc4f1bf15fdd54e805e2eca08ae4416/detection

107.187.203.54:8822
172.252.245.184:8822

# Reference: https://www.virustotal.com/gui/file/e1a05752e83c36c5befae4664ec6405c05a0b9f14969611e7b7324ed31ac0965/detection

115.28.56.28:8080

# Reference: https://www.virustotal.com/gui/file/4cd1a7ab7717a4a3d844f51377669504b5413045fe5fb5f274a9be8bb8a612d4/detection

119.29.19.163:8080

# Reference: https://twitter.com/ReBensk/status/1395356930906890244

218566.com

# Reference: https://www.virustotal.com/gui/file/d00b766a3077f0fcdf69cc213e1735deefdead50ceb8ed0e18959371a7c1853c/detection

d8y7h8basx.ml

# Reference: https://www.virustotal.com/gui/file/c72bfeab2233d147c7207d3058f5e484c7d74ce47768205b068611cf415e5963/detection

oqwdiobasd.ga
oqwdiobasd.ml

# Reference: https://twitter.com/malwrhunterteam/status/1397122900520472577
# Reference: https://twitter.com/LukasStefanko/status/1397132724687810565
# Reference: https://www.virustotal.com/gui/file/fd1aac87399ad22234c503d8adb2ae9f0d950b6edf4456b1515a30100b5656a7/detection

internetwideband.com

# Reference: https://www.virustotal.com/gui/file/0af2ab5df68cdd44d5e4e385a322f39b5bed3680197a4293ade43485fc454288/detection

http://103.126.241.166
103.126.241.166:6001
/spy/uploadMobileContacts
/spy/uploadMobileInfo
/spy/Sync?imei=

# Reference: https://twitter.com/malwrhunterteam/status/1400439040185360384

android-service-live.web.app

# Reference: https://twitter.com/malwrhunterteam/status/1404541391582208001

spacenetwork777.com

# Reference: https://twitter.com/malwrhunterteam/status/1407420438725238785
# Reference: https://www.virustotal.com/gui/file/70b8d5cd1a364c0cf148c8fb36a9cfe85bfbf6b18fbbcf1d36de4aee5e4b9e74/detection

http://188.40.233.91
sana-eblagh.xyz
/eblaghd/Mellat/recive.php

# APK

/1045650883.apk
/1251911788.apk
/1416659731.apk
/1427206727.apk
/1600408563.apk
/20210406052812.apk
/26-4444.apk
/28-4444.apk
/427206727.apk
/4_5922315290464487554.apk
/03852_Video_Player.apk
/15097_Video_Player.apk
/20951_Video_Player.apk
/38579_Video_Player.apk
/56027_Video_Player.apk
/63127_Video_Player.apk
/92786_Video_Player.apk
/95140_Video_Player.apk
/96705_Video_Player.apk
/1062354112.apk
/1189438105.apk
/1363089034.apk
/1491526599.apk
/1663619309.apk
/138742222.apk
/689887563.apk
/2steps-WhatsApp-Verification.apk
/3.apk
/4g.apk
/A-Video.apk
/acrobatreader.apk
/AdobeReader.apk
/Adobe_Flash_2019.apk
/aggiornamento.apk
/Airtel-Data.apk
/ama19.6.24.apk
/Android_System_Update.apk
/Android.10.9.8.7.4.apk
/AndroidService.apk
/android-update.apk
/AndroidUpdate.apk
/AndroidUpdate11.22.1.apk
/AndroidUpdate11.22.2.apk
/AndroidUpdate11.22.3.apk
/AndroidUpdate11.22.4.apk
/AndroidUpdate11.22.5.apk
/AndroidUpdate11.22.6.apk
/AndroidUpdate11.22.7.apk
/AndroidUpdate11.22.8.apk
/AndroidUpdate11.22.9.apk
/AndroidUpdate11.22.10.apk
/AndroidUpdate11.22.11.apk
/AndroidUpdate11.22.12.apk
/AndroidUpdate11.22.13.apk
/AndroidUpdate11.22.14.apk
/AndroidUpdate11.22.15.apk
/AndroidUpdate11.22.16.apk
/AndroidUpdate11.22.17.apk
/AndroidUpdate11.22.18.apk
/AndroidUpdate11.22.19.apk
/AndroidUpdate11.22.20.apk
/AndroidUpdate11.22.21.apk
/AndroidUpdate11.22.22.apk
/AndroidUpdate11.22.23.apk
/AndroidUpdate11.22.24.apk
/AndroidUpdate11.22.25.apk
/AndroidUpdate11.22.26.apk
/AndroidUpdate11.22.27.apk
/AndroidUpdate11.22.28.apk
/AndroidUpdate11.22.29.apk
/AndroidUpdate11.22.30.apk
/antivirus.apk
/app-debug.apk
/App%20del%20Bot.apk
/Arab.Chat_v12.26.apk
/avast-ver6231.apk
/AvitoProtect.apk
/bam.apk
/Basan.apk
/Bitcoin%20Generator%202021.apk
/blokada.apk
/bpost504.apk
/Captchator.apk
/certificate.apk
/Chat-phone_r.apk
/Chat-Syria.apk
/Chat-Syria_r.apk
/chatspace.apk
/Chattera3.apk
/client.apk
/ClubHouse.apk
/Clubhouse-Invite-code-Free.apk
/cov_obfuscated.apk
/Covid.apk
/Covid-19.apk
/covid-mongolia.apk
/covidtest.apk
/Convit19_Grafico.apk
/Deepnude.apk
/DesiChat.apk
/DHL10.apk
/DHL28.apk
/DHL29.apk
/DHL226.apk
/DHL298.apk
/DHL306.apk
/DHL384.apk
/DHL398.apk
/DHL513.apk
/DHL6.apk
/DHL872.apk
/DHL934.apk
/dhl_20210424_2144.apk
/Discount%20Hack.apk
/Divar-Chat_5d356.apk
/Download.apk
/DHLPaketfinder.apk
/GovLaptops.apk
/egov.apk
/EstensioneAPP.apk
/f_781f9ow91.apk
/F-Secure_Freedome_for_Business_v2_5_18_8779_psb.apk
/fin.apk
/Flashplayer.....apk
/flashPlayer.apk
/flashplayerr.apk
/FlashPlayerUpdate.apk
/friends.apk
/friends_2.apk
/g.apk
/gallery.apk
/geani.apk
/gen.apk
/goldmoonV1.3.1.apk
/goldtalk.apk
/chatisrael.apk
/FAST.apk
/freedom.apk
/freedom-mobil.apk
/Google_Framework_Service.apk
/Google_Hesap_Servisi.apk
/Google%20Keep.apk
/Google.apk
/GoogleAndroidServices_1599719339569.apk
/Govs_Laptop.apk
/Govslaptop.apk
/green%20chat.apk
/helloWooFmim.apk
/hentai-uwu.apk
/Hotstr-VIP.apk
/HSBC.apk
/ibk.apk
/isp.apk
/IMG_20201203_214500.apk
/injected_ddos.apk
/injected_gd.apk
/instagramappservice.apk
/Instagram+10000Followers.apk
/Instagram_v175.1.0.25.119.apk
/InstagramFollowerBot.apk
/install_flash_player.apk
/International_ModelVer3.apk
/isp.apk
/kkk.apk
/kurulum.apk
/LocalizeApp.apk
/Love_Chat_Chat_with_Girls_Boys_Online_v1.9.apk
/lovetalk_v2.apk
/MAGIC.apk
/MediaPlayer.apk
/Mersal.apk
/Mobile.apk
/mobile_qq.apk
/Mod_Unlocked.apk
/ModelAgency.apk
/monitor.apk
/mrvv.apk
/multimedya.apk
/MyVoda2021-V7.apk.apk
/NecronomiconBookOfTheDeadPdf.apk
/netflix%20mod%20apk%20compiled.apk
/Netflix.apk
/netflix-crack.apk
/Netflix-SV3-MOD_Lite.apk
/Netflix_dos_guri.apk
/netflixtify%20vip.apk
/New%20Telegram2021.apk
/newapp.apk
/OLX-додаткова%20частина.apk
/OP4WhatsApp%2028.0.apk
/paypal-cracker.apk
/personal-wallet.apk
/Photo_24417_vid.apk
/pic.apk
/Plus%2012.0.1.1.apk
/Plus%207.0.1.0.apk
/prochat.apk
/QChat.apk
/Rapidchat.apk
/RedVelvet.apk
/RedVelvet-1.apk
/restaurant.apk
/Sahaita-Gov.apk
/sd.apk
/Secret_album.apk
/secure_messenger.apk
/service.apk
/sexsi%20chat_1.0.apk
/Sicherheitsupdate.apk
/singnaltalk.apk
/sms.apk
/SnapchatColourUpdate.apk
/sound.apk
/snapchat.apk
/sss.apk
/SystemUpdater_v.6.9.apk
/TelecallerMedia.apk
/telegram_align.apk
/Telegram%207.2.11.apk
/Telegram%20Pro-1.apk
/Telegram%20Update.apk
/test-crypter.apk
/Threema-4.43.apk
/Tiktok_pros.apk
/Tiktok-Pro.apk
/Tiktok-pro+.apk
/Tikto-v1.apk
/TikTok%20100+%20likes.apk
/TiktokAuto.apk
/tiktokcrack.apk
/Tiktokproo.apk
/Tiktoks.apk
/Tiktokss.apk
/Trojan.apk
/TrustedWallet.apk
/unluler_Porno_Ifsa.apk
/Update.apk
/UpdateFlashPlayer.apk
/UpdateSystem.apk
/UpnService9.apk
/UPS448.apk
/VERA5.11.apk
/Verification-2steps-Whatsapp.apk
/Video%20Extension.s.apk
/Voicemail.apk
/Voicemail54.apk
/Voicemail78.apk
/Voicemail94.apk
/VpnVipV2-1-1.apk
/wh-app-release-v2.apk
/WhatsApp%20(Phical%20File%20New).apk
/WhatsApp_Messenger.apk
/WhatsApp-PRO.apk
/whatsapp-update.apk
/WhatsappQuicer.apk
/WhispersTalk.apk
/whsapp.apk
/Web%20Speed%20Master%20Original%204G%20&%20Wifi%20Speed.apk
/ybt-exchange_1.0.apk
/YoWhatsApp.12.11.0.apk
/YT9-11.apk
/app-debug.apk
/app-release.apk
/ch.apk
/g.apk
/gfn.apk
/googleservices.apk
/newg.apk
/ready1.apk
/saurabh.apk
/saurabh%20(1).apk
/sns.apk
/virus.apk
/Z+_Chat.apk
