# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://securelist.com/attack-on-zygote-a-new-twist-in-the-evolution-of-mobile-threats/74032/

bridgeph2.zgxuanhao.com
bridgeph2.zgxuanhao.com
bridgeph3.zgxuanhao.com
bridgeph3.zgxuanhao.com
bridgeph4.zgxuanhao.com
bridgeph2.viewvogue.com
bridgeph3.viewvogue.com
bridgeph3.viewvogue.com
bridgeph4.viewvogue.com
bridgecr1.tailebaby.com
bridgecr2.tailebaby.com
bridgecr3.tailebaby.com
bridgecr4.tailebaby.com
bridgecr1.hanltlaw.com
bridgecr2.hanltlaw.com
bridgecr3.hanltlaw.com
bridgecr4.hanltlaw.com

# Reference: https://www.virustotal.com/gui/file/7487d1365ad9c93e0d3a19755ce976d6a50f24f45f08ddae96a549ec8102e865/detection
# Reference: https://research.checkpoint.com/2020/enter-wapdropper-subscribe-users-to-premium-services-by-telecom-companies/
# Reference: https://www.virustotal.com/gui/domain/cooktracking.com/detection
# Reference: https://www.virustotal.com/gui/domain/facebook1mob.com/detection

http://13.229.16.115
ks7br7.3q03on.com
cooktracking.com
facebook1mob.com

# Reference: https://www.virustotal.com/gui/file/1d50b1e05dc2a357316738a731786f2095776eca8c8031be68f7191ff65174ad/detection

13.228.232.113:8081
13.229.16.115:8081
18.140.39.211:8081
koapkmobi.com
okyesmobi.com

# Reference: https://www.virustotal.com/gui/file/b9eda09f2954755082f62e2d7c443552abbedd27a0f35d5054a896b6b20f9c1d/detection
# Reference: https://www.virustotal.com/gui/file/7487d1365ad9c93e0d3a19755ce976d6a50f24f45f08ddae96a549ec8102e865/detection

http://104.200.19.80
http://104.237.159.24
http://45.79.108.241
http://66.175.218.92
/admin201506/uploadApkFile/

# Reference: https://www.virustotal.com/gui/file/7487d1365ad9c93e0d3a19755ce976d6a50f24f45f08ddae96a549ec8102e865/detection

ykbh.k818ax.com

# Reference: https://www.virustotal.com/gui/file/4d7b0bf5fc807c595cf2d6f66616cd7666c9df1705c86245ab1d39cdd9292ca2/detection
# Reference: https://www.virustotal.com/gui/file/6ab4ec24b302262a2080ceeb4dc3ccbfd126da5f74fa00d0c4d6987cd89f387e/detection

104.31.71.166:8082
112.124.34.197:8083
112.124.34.197:8086
szmm889.com

# Reference: https://www.virustotal.com/gui/file/73e767a236bfaa30555f7bd87cee34fffd8655a3f8143e19930d13f0d66e3399/detection

http://39.108.217.60
http://39.108.61.29
117.135.144.63:8081
121.40.109.196:8088
139.129.132.111:8001
/channel/paymentHandle.action?requestId=

# Reference: https://twitter.com/bl4ckh0l3z/status/1381230619573772291
# Reference: https://www.virustotal.com/gui/file/48df7e81fdf467ead04c190ff14b80b57715e6cec228190ddf2ebad5b165e5fa/detection

sdk.caymancloud.org
sdk.tarrdigrade.net

# Reference: https://www.virustotal.com/gui/file/356bfe27e9aef54f73491085fac97e0ee57b884238349cc2ec9d50687aeb96a5/detection

http://118.89.213.101
http://119.29.74.131
