# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://www.welivesecurity.com/2019/10/24/tracking-down-developer-android-adware/ (# AdDisplay)

35.198.197.119:8080

# Reference: https://twitter.com/sh1shk0va/status/1204022927596937217

fbgg.xyz
bmm.fbgg.xyz

# Reference: https://securelist.com/mobile-subscriptions/91211/

okyesmobi.com

# Reference: https://twitter.com/sh1shk0va/status/1205511108582354944

data.djmixer2018.com

# Reference: https://www.virustotal.com/gui/file/9442af04b50af35a768984fc66c9302d4f840cc3183e0fd55c1e2dda4fab28ce/detection

216.144.236.34:80

# Reference: https://www.virustotal.com/gui/file/f02de53011911ce236fd4aa12356da4a47e0632cedd48bd150d2b99ed79890c8/detection
# Reference: https://www.virustotal.com/gui/domain/freevideo.publicvm.com/relations

freevideo.publicvm.com

# Reference: https://www.virustotal.com/gui/file/af197de4ef661e2c0f416b64d2681afe77d9236c9d0cab447d89daadeb9e281c/detection

admob.linkpc.net

# Reference: https://twitter.com/malwrhunterteam/status/1243800098053767168
# Reference: https://www.virustotal.com/gui/file/0b336a74a85635956783e20b2546df1629b82777eacac25c42de6232aff46623/detection

easyphonetrack.com
/spy_phone/test_connection.php

# Reference: https://www.virustotal.com/gui/file/e1288cb54727e673ffbd90ef4fcda2079d9f8a3d7b22b54b4e4726864462987c/detection
# Reference: https://www.virustotal.com/gui/file/47ea88989bc1b1e90ea66d535c8c412994dd6eddaee82a4b69d3cd0922d7b219/detection
# Reference: https://www.virustotal.com/gui/file/4bd5d41f9008f2e83a4b20f1104b726d43396eda52466ac3a066f90e432fa509/detection
# Reference: https://www.virustotal.com/gui/ip-address/103.230.236.33/relations
# Reference: https://www.virustotal.com/gui/file/adee9a56c951603db3f529c60c9b3f33bb3ebb36de0e14357b68bbfc1cb73dca/detection

103.230.236.33:7002
103.230.236.33:7003
108.177.126.188:5228
115.231.99.251:5224
117.121.49.79:7001
118.89.97.82:8000
121.46.20.44:7006
121.46.30.54:7000
124.160.158.19:5224
153.37.235.46:5287
183.131.1.79:5224
183.232.25.180:7000
183.232.25.185:7002
203.205.146.122:14000
210.14.153.100:7001
43.247.88.117:7009
47.99.133.113:8726
[a-z]{1}\.appjiagu\.com
/ad-service/ad/mark
/jiagu/mark/msg
/jiagu/mark/upgrade
/jiagu/msgs
/jiagu/t/infos

# Reference: https://www.virustotal.com/gui/domain/okyesmobi.com/relations

okyesmobi.com

# Reference: https://twitter.com/ReBensk/status/1253577450732175361
# Reference: https://www.virustotal.com/gui/file/5a713ab48f267ee3d0aff6e9391b8fad90b46d35a1ffe805714084f1db819fa9/detection

corona389.com
covid389.com
indo389.com
nomor389.com
rmhggk.com
sgp389.com
togel389.com
togel389.net
togel389.xyz

# Reference: https://documents.trendmicro.com/assets/Appendix_AdwareCampaignIdentifiedFrom182GameandCameraAppsonGooglePlayandThird-PartyStoresLike9Apps.pdf
# Reference: https://www.virustotal.com/gui/domain/atc.anncute.com/relations

atc.anncute.com

# Reference: https://twitter.com/ReBensk/status/1263078801866539009

cerberusapp.com

# Reference: https://twitter.com/ReBensk/status/1264966323005726721

dx20.siweidaoxiang.com

# Reference: https://securelist.com/in-app-advertising-in-android/97065/
# Reference: https://otx.alienvault.com/pulse/5ed008e401d1cb8a6361b42e

ti.domainforlite.com
uu.domainforlite.com

# Reference: https://twitter.com/malwrhunterteam/status/1271078722364485635

viptrack.pro

# Reference: https://twitter.com/malwrhunterteam/status/1267493474359742465

cocospy.com

# Reference: https://www.virustotal.com/gui/file/075b63d6402f73369885719b88eea0ee09782f5c6c973a7687498bfd797c5b59/detection

appsgeyser.com

# Reference: https://www.virustotal.com/gui/domain/mobileslocator.info/relations

mobileslocator.info

# Reference: https://twitter.com/malwrhunterteam/status/1280939994622955520
# Reference: https://twitter.com/midnight_comms/status/1280942919390769152
# Reference: https://twitter.com/midnight_comms/status/1280943751985352705
# Reference: https://twitter.com/malwrhunterteam/status/1281587594825019395

andmon.ru
anmon.ru
amon.su
android-monitor.ru
android-monitor1.ru
android-police.ru
droimon20.ru
monitor-android.ru

# Reference: https://www.virustotal.com/gui/domain/co1linesu.ru/relations

co1linesu.ru

# Reference: https://twitter.com/malwrhunterteam/status/1285976285777473537
# Reference: https://www.virustotal.com/gui/file/d1be492e47d62d6254871179c1d93752dbbcdc7b95470ace2870876068d9ea0e/detection

spy-datacenter.com

# Reference: https://twitter.com/malwrhunterteam/status/1294266667078430722

mintrack.vip

# Reference: https://twitter.com/malwrhunterteam/status/1287795588659060742

neatspy.vip

# Reference: https://twitter.com/malwrhunterteam/status/1288876216741756930

trackier.vip

# Reference: https://www.virustotal.com/gui/domain/ad-sdk.com/relations

ad-sdk.com

# Reference: https://www.virustotal.com/gui/file/15605ced1dad556841c2b03dae16485dc6b5458b3483e05377300a1ab242b03e/detection

appsonee.ru

# Reference: https://twitter.com/malwrhunterteam/status/1297075039913889793

p2r.eu
rofon.pl

# Reference: https://www.virustotal.com/gui/file/79e6f6f4f3b97f63bcafb96ad48b240a347d4686cf26d45769b0ed42c72ba8c8/detection

24la.top
9iqcc.com
fgwz.la

# Reference: https://www.virustotal.com/gui/file/10249c439bcc5aa3188740b6ce9340b4b5fd5d9046b330519894ae2b65228c18/detection

downloadandroidappapkmobile.net

# Reference: https://www.virustotal.com/gui/ip-address/140.205.143.143/relations

http://140.205.143.143

# Reference: https://twitter.com/bl4ckh0l3z/status/1301888619423162369
# Reference: https://twitter.com/bl4ckh0l3z/status/1301889393641259012
# Reference: https://www.virustotal.com/gui/file/090a9f47705fe00b60a7659ce926462943be2608e616359410fa0a3306646da4/detection

d1wp6m56sqw74a.cloudfront.net

# Reference: https://www.virustotal.com/gui/file/7022a2c3651de24a5462e4f1449e4e1d0f9590bdaf502777d68203235b08885d/detection

fb7961un.bget.ru

# Reference: https://twitter.com/NtSetDefault/status/1273407133476950016

gostat.3g.cn
goupdate.3g.cn

# Reference: https://twitter.com/malwrhunterteam/status/1305919390110625803

fix5.info

# Reference: https://twitter.com/bl4ckh0l3z/status/1318143667333484549
# Reference: https://www.virustotal.com/gui/file/a72f4b1b7555fd6b2c07211ff04618f9dc474640bc641b76753a98b4f08c849d/detection

all-tracker.appspot.com

# Reference: https://www.virustotal.com/gui/ip-address/112.65.70.244/relations
# Reference: https://www.virustotal.com/gui/file/20cf193b0834f8f8d96123b3632bc399ae7d6926bb08ddeef7890b1a3f1e3555/detection
# Reference: https://www.virustotal.com/gui/file/ca9ab26f28cdb22aebac03ec98b2d685c2da94b6e9c7279ffa460c1fbac13879/detection

c.sayhi.360.cn
ebjvu.cn
ez4q2.cn

# Reference: https://www.virustotal.com/gui/file/065a303228aedaa959590458411e3903320fc43b580ef59dbda6b010d29eead1/behavior/VirusTotal%20Droidy

android.bugly.qq.com
config.saffffedk.com

# Reference: https://www.virustotal.com/gui/domain/tansacethatron.info/relations

tansacethatron.info

# Reference: https://www.virustotal.com/gui/file/4844428109fd49b487a1a58ffcf77e767c6f17abd2af7b47167fd9d9572d41a9/detection

14.215.171.169:9009
/gamesdk/advert.jsp
/gamesdk/doroot.jsp

# Reference: https://www.virustotal.com/gui/file/c9b20fae8c56cea06085412724334084794a3acc7d4d00a7ed86fd078412956e/detection

g3app.com

# Reference: https://www.virustotal.com/gui/domain/app.wapx.cn/relations

app.wapx.cn

# Reference: https://twitter.com/bl4ckh0l3z/status/1345425686488612865
# Reference: https://www.virustotal.com/gui/domain/mobikwik.com/detection
# Reference: https://www.virustotal.com/gui/file/54233ca488ce498956cd6dbbb3d5d6492ebb1fc6477b14b34b53b16a04b1d7c4/detection

jio.com
rapi.mobikwik.com

# Reference: https://www.virustotal.com/gui/domain/iface.zzwy168.com/relations
# Reference: https://www.virustotal.com/gui/domain/line.zzwy168.com/relations
# Reference: https://www.virustotal.com/gui/domain/sp.zzwy168.com/relations
# Refereence: https://www.virustotal.com/gui/domain/sp1.zzwy168.com/relations

iface.zzwy168.com
line.zzwy168.com
sp.zzwy168.com
sp1.zzwy168.com

# Reference: https://www.virustotal.com/gui/domain/yz.wixsd.com/relations

yz.wixsd.com

# Reference: https://www.virustotal.com/gui/file/30ef7844bc89a00470dd98c52ec356db62533315d458d98bb858e1fa89885245/detection
# Reference: https://www.virustotal.com/gui/ip-address/119.29.29.29/relations
# Reference: https://www.virustotal.com/gui/domain/plugin-check.egret.com/relations

http://119.29.29.29
110.43.33.145:8080
plugin-check.egret.com

# Reference: https://www.virustotal.com/gui/file/1c8abde1aef379f903b780d6160e3d57d8bb6821e07888d272a509d84e42b7de/detection

182.92.235.109:1234
47.75.37.155:1234

# Reference: https://www.virustotal.com/gui/domain/shrturl.site/relations

shrturl.site

# Reference: https://www.virustotal.com/gui/file/4a17ecb2a2d03a28708943eb01c151d09a991a98a308b640367d8068553fe2dc/detection

picknstake.com

# Reference: https://www.virustotal.com/gui/domain/veryfastapk.com/relations

veryfastapk.com

# Reference: https://www.virustotal.com/gui/domain/mob-stats.com/relations

mob-stats.com

# Reference: https://www.virustotal.com/gui/domain/mobile-tds.com/detection

mobile-tds.com

# Reference: https://www.virustotal.com/gui/domain/flupak.ru/relations

flupak.ru

# Reference: https://www.virustotal.com/gui/domain/applog.uc.cn/relations

applog.uc.cn

# Reference: https://www.virustotal.com/gui/file/2a574107b01743db1a9e32a1d1ffa70f5cecb42fe396a19773b380d8c0da4f74/detection

114.55.93.104:9004
139.129.132.111:8001

# Reference: https://www.virustotal.com/gui/file/71de1ec3ff93e0d95c86c81ce89be1aa1fb58d6d7b936ddfc30ea2ccfa265858/detection
# Reference: https://www.virustotal.com/gui/file/d5873242111d9a3e821dc50f221460221636bd0500500074f2b66a488f514ee5/detection

115.159.131.193:10001
115.159.131.193:10002
115.159.131.193:10201

# Reference: https://www.virustotal.com/gui/domain/uiltyfores.fun/relations

uiltyfores.fun

# Reference: https://www.virustotal.com/gui/domain/exp.host/relations

exp.host

# Reference: https://www.virustotal.com/gui/file/311b661a411433ae27efe4d9cec87a5699d70fc54ed4d897113947a394c3fecd/detection

139.59.72.138:8080
chatk.goldenbirdcoin.com

# Reference: https://www.virustotal.com/gui/file/b0b90abff8a2eb5ba7c6d2c346fabc0f8f6a0034b6189a87f723e11fcd554511/detection

162.243.164.124:8080
chatj.goldenbirdcoin.com

# Reference: https://www.virustotal.com/gui/file/dc1a889aca76abdb76134ceaee0ca567845f1eef186b1ccdeb436b083f47c021/detection

attresswhethe.fun
professonsd.top

# Reference: https://www.virustotal.com/gui/domain/adsdklead.com/relations

adsdklead.com

# Reference: https://www.virustotal.com/gui/file/ded96f94ab45bdb1e1a7380372bde2d76f81a91113aebe50ee45ec955cca3d16/detection

ftpstudio8apps.hopto.org

# Reference: https://www.virustotal.com/gui/domain/android.revmob.com/relations

android.revmob.com

# Reference: https://www.virustotal.com/gui/file/3669988a6eb8e3985b9aa59e9fedaa22b3c9416977d8f34ee86bf774661de714/detection

zy.bql66.xyz
/User/666666/0/jc/

# Reference: https://www.virustotal.com/gui/file/da174f79c250c28ff9d6ce02511e6b7baa3ee0e13bd905c8ed8c37553c66bcd2/detection

8.210.88.13:8080

# Reference: https://www.virustotal.com/gui/file/88a8a8e837d67b334e6631dec233395489e82c00ef216145583841abf37637fd/detection

prodlift.info
prodlift.net
prodliftnet.info
techpoint.mobi

# Reference: https://www.virustotal.com/gui/file/aa301b6e04ab2d5d134dfd92b22fe865fbb47423c2e5ab49b7b63cd61273ce86/detection

danez.free.fr
danez02600.ddnsking.com

# Reference: https://www.virustotal.com/gui/file/649b0e3c4286391144c1d4247fdf38d7b7f5be0d6edfc046cb72d39164561c8a/detection

enhanced.myftp.biz
minhawebtv.online

# Reference: https://www.virustotal.com/gui/file/8b3a18dabdf432db0147ee49d89f3b316903f4a87f2e6080e1da551912cbae0a/detection

blackplay.ddns.net
blackplay.space

# Reference: https://www.virustotal.com/gui/file/368aef4f2fc2a3131f014236a959047fe5abc1967918e57e6c786828c1184513/detection
# Reference: https://www.virustotal.com/gui/file/ca4c7a514509d84ed4c4ab3ef6c06454339799900256b6953ef4cd42ec3c2f9f/detection

leadboltads.net
leadboltapps.net
leadboltmobile.net

# Reference: https://www.virustotal.com/gui/file/96a3abe08b0c0c88d7a23af94fb5c2fd29b88b575604c986be8d13e10369b640/detection
# Reference: https://www.virustotal.com/gui/file/0d457b8bb5741ca4b34d08dadcd44db273a0175d5d630217a8c466ba1bf80a52/detection
# Reference: https://www.virustotal.com/gui/file/1b21355476eb07f8ab5bb79afeea3703a84b8b1d59cc1f18f4c6c92b46b6ec1a/detection
# Reference: https://www.virustotal.com/gui/file/fa2539665db15e0d6cb519c253aec57f097c66d97f8bd6b62e83f72cbf0e390c/detection

103.219.29.34:8081
223.202.132.66:1883
23.234.27.209:8181
23.234.27.218:8081
23.234.27.218:8181

# Reference: https://twitter.com/malwrhunterteam/status/1384027287134167041
# Reference: https://www.virustotal.com/gui/file/fdac05660885c0875e6f807fb9e6a11afb6bde14e2cd5fd24f603c28b2cc3c1a/detection

tchsrvce.com

# Reference: https://www.virustotal.com/gui/domain/stephenpjones.com/relations

stephenpjones.com

# Reference: https://www.virustotal.com/gui/domain/stat.appioapp.com/relations

stat.appioapp.com

# Reference: https://www.virustotal.com/gui/domain/m.96u.com/relations

m.96u.com

# Reference: https://www.virustotal.com/gui/file/8d54bbb91ea8f86d5de6de0644af7ac0c18ebef49bfa285a8a80c57e1a958c78/detection

admarvel.link
cdn.admarvel.link

# Reference: https://www.virustotal.com/gui/file/764ccf8e1a0b9296e779d305c4cbd670956796a25822775e0bd3558bc82de1f0/detection

appodeal.link
ad.appodeal.link

# Reference: https://www.virustotal.com/gui/domain/yingshi.ml/relations

yingshi.ml

# Reference: https://www.virustotal.com/gui/domain/glom.mobi/detection

glom.mobi

# Reference: https://www.virustotal.com/gui/file/a30961526fee6e09fd5d9b5a478fd2557971c5fea33134bb27c53c98cec0dff3/detection

yourpornapp.com

# Reference: https://www.virustotal.com/gui/file/774ff792b70d646053c4312ad015365e81c185764fe099892f0359cb545db676/detection

222.126.246.252:8080
shenzhen.us

# Reference: https://www.virustotal.com/gui/file/3bb0dba9195fdd6d9447c43e37f553dce06ea4bad8e04c31a4b5667aec9038f9/detection

218.200.227.123:90
/wapServer/checksmsinitreturn

# Reference: https://www.virustotal.com/gui/file/7e652c183cba8cad55f47bf5489c92cd50d4e3158f424010246af6ce6889197f/detection
# Reference: https://www.virustotal.com/gui/file/a817a38d6f4b98b2ba5afffcc01fa05af1857a61e9b1e2a56703d53dbb1f1f2e/detection

http://176.122.170.110

# Reference: https://www.virustotal.com/gui/file/a29a85ac1fa6d3fe0584c7af52559d9c8bef2006097863ceb451c64f1af3652a/detection

167.114.207.224:8383
176.31.240.87:8005
176.31.240.87:8025
176.31.240.87:8035
89.45.10.155:7777

# Reference: https://www.virustotal.com/gui/file/c60cb1ddf2946dc80d0964823c860955ebe32774043a37ebeec62d0ab4e6e3e7/detection

47.91.170.222:4346

# Reference: https://www.virustotal.com/gui/ip-address/182.254.116.117/relations

http://182.254.116.117

# Reference: https://www.virustotal.com/gui/ip-address/180.150.191.127/relations
# Reference: https://www.virustotal.com/gui/file/bab38eb899758207a4745ec5bbd93af3e2f9407cd10d0f2822177e9e90c4cb54/detection

http://180.150.191.127

# Reference: https://www.virustotal.com/gui/ip-address/180.150.189.181/relations
# Reference: https://www.virustotal.com/gui/file/96b6ad9f1fb48787063fe2399e6e3d7e609365fc346d60fd2a4dc31413e7ef19/detection

180.150.189.181:88
