# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://twitter.com/LukasStefanko/status/1116700836032331778
# Reference: https://koodous.com/apks/71038bed9175e2edfc1b24347e76a192b96845831410a481ace7e601ed65b19e
# Reference: https://www.virustotal.com/gui/file/71038bed9175e2edfc1b24347e76a192b96845831410a481ace7e601ed65b19e/detection

appboxlive.host/wakaji/start.html

# Reference: https://www.welivesecurity.com/2019/05/23/fake-cryptocurrency-apps-google-play-bitcoin/

coinwalletinc.com

# Reference: https://www.symantec.com/blogs/threat-intelligence/unofficial-telegram-app-malicious-sites

/so/Android1S.php
/so/Android2D.php
/so/Android2M.php
/so/Android4A.php
/so/AndroidAF.php
/so/AndroidAL.php
/so/AndroidDL.php
/so/AndroidLS.php
/so/AndroidPA.php
/so/AndroidPC.php
/so/AndroidSH.php

# Reference: https://www.welivesecurity.com/2019/07/19/faceapp-spotlight-scams-emerge/

spinwincash478.pro

# Reference: https://github.com/advanced-threat-research/IOCs/blob/master/2018/2018-06-28-asiahitgroup-gang-again-sneaks-billing-fraud-apps-onto-google-play/asiahitgroup-gang-again-sneaks-billing-fraud-apps-onto-google-play.csv

vilandsoft.com

# Reference: https://twitter.com/ReBensk/status/1264931130530312194

tnisheng.xyz

# Reference: https://twitter.com/DrStache_/status/1264949410162769920

http://154.209.241.184
http://154.209.241.185
http://154.209.241.186
http://154.209.241.187
http://154.209.241.188

# Reference: https://www.virustotal.com/gui/file/a7bffddcd815055c8e49df6a779503dcad16e6b351a64fcaf24961862b7014f0/detection

brezzamobile.online

# Reference: https://www.virustotal.com/gui/file/012404ebe25adaadd7e9b4b0d1ce6ffce46c62456f97710829c676fb789019a9/detection

btc-unli.tk

# Reference: https://www.virustotal.com/gui/file/774d58de7fc732a3eaac274e6dc454012260d8d111989834ac62e7f90c8dc467/detection

octarine.soxx.us

# Reference: https://twitter.com/ninoseki/status/1353128207923388416
# Reference: https://www.virustotal.com/gui/file/49634208f5fb8bcfc541da923ebc73d7670c74c525a93b147e28d535f4a07bf8/detection

103.85.25.165:7777
165.3.93.6:7777
r10zhzzfvj.feishu.cn

# Reference: https://twitter.com/_bllvck/status/1366439474733924353
# Reference: https://www.virustotal.com/gui/file/d3487ab25a0e2c24996032458ff869eb3743eed39cf7c13e5c1a88084310c718/detection

polkadot-support.com

# Reference: https://www.virustotal.com/gui/file/d2d35805f157b0fe4df0cf5747cab08ba335b9cdc82453ab1a9f6271e8a484fc/detection

paladits.bget.ru

# Reference: https://twitter.com/malwrhunterteam/status/1379883017976614918
# Reference: https://www.virustotal.com/gui/file/c420052c96eff142e3836bd6cbe1ce61d86c23ac7a9b58a4dc81ffef7c98ab34/detection

mobipaisarecharge.com
/Ajax-request/get_mobile_info.php

# Reference: https://research.checkpoint.com/2021/new-wormable-android-malware-spreads-by-creating-auto-replies-to-messages-in-whatsapp/
# Reference: https://otx.alienvault.com/pulse/606e2b839d8204cdd76a5476

netflixwatch.site

# Reference: https://www.virustotal.com/gui/domain/amazingvideos.mobi/relations
# Reference: https://www.virustotal.com/gui/domain/greatestapps.mobi/detection
# Reference: https://www.virustotal.com/gui/file/fa40744c0e49f185b0604f44b7747b1fe5824b58223376d0b9a51451b905d1e5/detection

amazingvideos.mobi
greatestapps.mobi
7.tdslsd.ru
tdslsd.ru

# Reference: https://www.virustotal.com/gui/file/08797ac7926944304b8fae5647a1495aae9b69bb76ee9e052295111beab5042a/detection

zestlark.000webhostapp.com

# Reference: https://twitter.com/Cengiz86035319/status/1391502248962834446

aske-crudo.com

# Reference: https://www.virustotal.com/gui/file/db91424bff23f9668398c3c0ae0fab05d6cd73a18676559c78c0f6c7e1b5ea90/detection

wezzx.ru

# Reference: https://www.welivesecurity.com/2021/07/20/url-shortener-services-android-malware-banking-sms-trojans/
# Reference: https://otx.alienvault.com/pulse/60f7eaafe05663ddea26b1b5

eaconhop.online
emanalyst.biz
fceptthis.biz
fjobiwouldli.biz
honeiwillre.biz
mmunitedaw.info
offeranda.biz
oftongueid.online
omeoneha.online
ommunite.top
ransociatelyf.info
rycovernmen.club
schemics.club
sityinition.top
ssedonthep.biz

# Reference: https://twitter.com/ni_fi_70/status/922461098737045505
# Reference: https://www.welivesecurity.com/2017/10/23/fake-cryptocurrency-apps-google-harvesting-credentials/
# Reference: https://www.virustotal.com/gui/file/c5112e3a95bfa226bc2d524964364c61e0db9fe2824c20ca99521ab15367d678/detection
# Reference: https://www.virustotal.com/gui/file/306a4fd41ce67784db399eced6531ac629bd9fe05d3347665bb935f1100e37f2/detection

pooniex.com
poloniėx.com
xn--polonix-y8a.com

# Reference: https://www.virustotal.com/gui/file/156c98f1babd9de7f76a81fd7bcc81b03cb1415081a726dbf7707226b16f6db2/detection

zzwx.ru
d1lxhc4jvstzrp.cloudfront.net

# Reference: https://www.virustotal.com/gui/file/04b74f3579b081b5af13299b3327b80c0e3f45daca556487b088d11716960c72/detection

charter724.info

# Reference: https://www.virustotal.com/gui/file/96dfea7f0050a0d453ffb61d5824ff820f75fd0e8c25a9f5b894812483432759/detection

ucharter.ir

# Reference: https://www.virustotal.com/gui/file/4d78c7980c938d5bf4b0dd4aeecc008dad3d9b9e14f3fe207b704301a2c0cbed/detection

charter2162.ir

# Reference: https://www.virustotal.com/gui/file/f9f86fd4c2979b1f41aeece06958aa6b7ddba130a66dbf7c78a3906c449d7dd0/detection

clipestoon.ir

# Reference: https://www.virustotal.com/gui/file/401b00dc8a2aa2e13e24859d1f89e244ed6c7f1d48a7d80f9d9200e0ba1b3ea8/detection

sepehre360.com

# Reference: https://www.virustotal.com/gui/file/f6574662f783b6a0f09561bfe8b0540508897e5383327168c4b778a2a9466a2a/detection

mehrseir.ir

# Reference: https://twitter.com/dubstard/status/1493875063971581956

android-beta.com

# Reference: https://www.virustotal.com/gui/ip-address/137.175.56.119/relations
# Reference: https://www.virustotal.com/gui/file/f7d412f93ed5f34de40b3a8e7653c34430e931ec2f615599e16dac607ad81985/detection

dfnvkej.xyz
njfohn.vip
2cmodh.dfnvkej.xyz
3kodin.dfnvkej.xyz
3kodin.njfohn.vip
6vjod.dfnvkej.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1507434232511139847
# Reference: https://www.virustotal.com/gui/ip-address/103.193.174.205/relations
# Reference: https://www.virustotal.com/gui/file/6876e159a8e91091535c18cf59e517f3405145efd757d564b7dcf284cae990d5/detection

imtokcn.org
imtokrn.net
imtokrn.pro
mb-imtoken.com
tokencenter.info
tokenlon.im
tongke.co
tongke.top

# Reference: https://www.welivesecurity.com/2022/03/24/crypto-malware-patched-wallets-targeting-android-ios-devices/
# Reference: https://otx.alienvault.com/pulse/6244300fee718397c862a21e
# Reference: https://www.virustotal.com/gui/ip-address/45.116.163.65/relations

180.215.126.33:51148
2022mask.com
app-coinbase.co
ariodjs.xyz
bitepie.club
bitoken.com.cn
bitpiecn.com.cn
bitpiewallet.com.cn
bitpiezh.cn
bitpio.com
cctptokenm.live
cn-imtoken.com
cryptojx.store
im-token.one
im-tokens.info
imbbq.co
imdt.cc
imtken.cn
imtoken.cn.com
imtoken.net.im
imtoken.porn
imtoken.sx
imtoken.tg
imtokenep.com
imtokens.money
imttoken.org
jabirs-xso-xxx-wallet.com
jaxwalet.com
jaxx.podzone.org
jaxx.su
jaxx.tf
jaxxwalletinc.live
jdzpfw.com
lmtoken.org.cn
lntokems.club
master-consultas.com
matemasks.date
meta-mask.org.cn
metamadk.com
metamask-wallet.xyz
metamask.hk
metamaskey.com
metamaskio.vip
metamasks.me
metemas.me
metemasks.live
mtokens.im
one-key.org.cn
onekeys.dev
onekeys.mobi
saaditrezxie.store
shayu.la
t0kenpocket.cn
tipi21341.com
tkdt.cc
token-app.cc
token-lon.me
token2.club
tokenp0cket.com
tokenpockets.buzz
tokenpockets.org
tokenweb.online
tptokenm.live
trust-wallet.com.cn
trustgame.cn
trustwellat.cc
walletrust.cn
xdhbj.com
xzxqsf.com
zh-imtoken.com
admin.metamaskio.vip
admin.token2.club
api.metamasks.me
api.tipi21341.com
appapi.imtoken.porn
bh.imtoken.sx
bp.tkdt.cc
crp.jaxwalet.com
ds-super-admin.imtokens.money
ht.imtoken.cn.com
imtokenss.token-app.cc
jaxx.libertycryptowallet.ltd
jaxx.podzone.org
libertycryptowallet.ltd
metamask.tptokenm.live
mm.tkdt.cc
ok.tkdt.cc
spspring.herokuapp.com
two.shayu.la
update.imdt.cc
update.xzxqsf.com
wallet.cryptojx.store
walletappforbit.web.app

# Reference: https://www.virustotal.com/gui/domain/irkgsm.ru/relations
# Reference: https://www.virustotal.com/gui/file/0397aa501c17f3d3e3d899a8324d2f38de4e72279e0664a60755ba5204d936a4/detection

irkgsm.ru

# Reference: https://twitter.com/malwrhunterteam/status/1520143923360014337
# Reference: https://www.virustotal.com/gui/ip-address/27.124.7.67/relations
# Reference: https://www.virustotal.com/gui/ip-address/45.63.108.144/relations
# Reference: https://www.virustotal.com/gui/file/b06c0e5560d89ee63a2fade2de08433b47dc5673131a98f75784eb2670d2da94/detection

imtoken.fm
tokem.cx
token-im.life
token-imc.cc
token-imq.co
token-imv.co
ap.token-imv.co
api.imtoken.fm
api.token-imc.cc

# Reference: https://twitter.com/BaoshengbinCumt/status/1521336416491667456

imt0ken.red
imtoken.imt0ken.red
/imtoken-intl-v2.apk

# Reference: https://twitter.com/malwrhunterteam/status/1521562439564861440
# Reference: https://www.virustotal.com/gui/ip-address/193.84.248.9/relations
# Reference: https://www.virustotal.com/gui/file/54b64d0808b795ffb48ef565b4a3a70ce7fedb2049be2010764e9466adc48ca6/detection

imtokam.online
imtoken.bz
intoken.bet
down.imtoken.bz
/imToken.apk

# Reference: https://twitter.com/BushidoToken/status/1522281784070791168
# Reference: https://otx.alienvault.com/pulse/627418f0445e08b473fe0ceb/

belinebit.com
bimexbit.com
bitbitox.com
bitboxy.com
bitglobalone.com
bitlytrade.org
btcgiran.com
coincapbit.com
dollar-crypto.com
dotxbitz.com
dotxswap.com
frontbitex.com
hoperbit.com
incoinbit.com
kaperbit.com
keeperexbit.com
lopexbit.com
marexbit.com
markexbit.com
quxbit.com
swapubit.com
walletexbit.com
walletmybit.com
woxobit.com
yayexbit.com

# Reference: https://twitter.com/malwrhunterteam/status/1522488493083086848
# Reference: https://twitter.com/malwrhunterteam/status/1522488977088995328
# Reference: https://www.virustotal.com/gui/file/7eb2da308838683ab2e1cad270bbb68cdc3966f7add077e21f8aaf9324c9f5d9/detection

coindase.xyz
vip98881.xyz
admin.coindase.xyz
ht.coindase.xyz
kf.coindase.xyz
api.vip98881.xyz
kf.vip98881.xyz
sanduan.vip98881.xyz
sd.vip98881.xyz
web.vip98881.xyz
wk.vip98881.xyz
xiazai.vip98881.xyz
xz.vip98881.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1526175132066234369
# Reference: https://www.virustotal.com/gui/file/b313bb1674a7ae62f6a13701c57394baa1efef1d955af6ba03692b01278422f4/detection

metsmas.com

# Reference: https://twitter.com/malwrhunterteam/status/1532652509717843968
# Reference: https://www.virustotal.com/gui/file/54e12d56f32bfe0e384677be2020db2723fd16d7a56758ef30c6c26716ac581c/detection

bujamuwg.xyz
coinoned.xyz
jvkutqar.xyz

# Reference: https://twitter.com/midnight_comms/status/1535448497813585921
# Reference: https://www.virustotal.com/gui/ip-address/182.16.49.3/relations

tokenpocklet.pro
tokenpockvet.pro
tokenpockzet.pro
tokenpoocbket.pro
tokenpoochket.pro
tokenpoocnket.pro
tokenpoocsket.pro
tokenpoocxket.pro
trustwahllet.com
trustwavllet.com

# Reference: https://twitter.com/malwrhunterteam/status/1547664764247019520
# Reference: https://twitter.com/midnight_comms/status/1547667415583969283
# Reference: https://www.virustotal.com/gui/ip-address/8.45.52.228/relations
# Reference: https://www.virustotal.com/gui/file/ca23a8e34b8fed2ae5548ce64f5d084f073f796009e14f15d61185275759c355/detection

ebay6.net
ebay7.net
ebay8.net
ebay9.net
happyplay666.com
ebayoss.oss-accelerate.aliyuncs.com

# Reference: https://twitter.com/Iamdeadlyz/status/1554469649508892682
# Reference: https://twitter.com/Iamdeadlyz/status/1554480019925516289
# Reference: https://www.virustotal.com/gui/ip-address/20.187.88.188/relations
# Reference: https://www.virustotal.com/gui/file/1b3ed3acbe5e18c90cc65a532e8ef5d7a4ddb738d9763494dabe1a58c2ca3654/detection

trusrt-wallet.io
trusrtwallet.app
trusrtwallet.co
trusrtwallet.in
trusrtwallet.io
trusrtwallet.vip
trusrtwallets.co
trusrtwallets.com
trusrtwallets.io
trusrtwallets.net
trusrtwallets.org
trusstwallet.site
trustwallet.life
trustwallets.io
turstwallet.live
taitanwallet.com
admin.taitanwallet.com

# Reference: https://vms.drweb.com/virus/?i=25394583&lng=en
# Reference: https://www.virustotal.com/gui/file/fa322ed16b1c9654c112eba4f99992c8fae1492d813bc93736462db52b5a5075/detection
# Reference: https://www.virustotal.com/gui/file/d9bdedb6e43f0fb54400b1953bc1211b202dcedc31d04230e54183b495b98063/detection

http://106.184.5.78
http://112.124.58.101
http://47.254.145.86
139.162.104.130:10000
47.252.50.191:10000
47.89.190.227:10000
91.195.240.94:10000
statistics.flurrydata.com

# Reference: https://twitter.com/Iamdeadlyz/status/1567811614682009600
# Reference: https://www.virustotal.com/gui/file/eef5e2525fb6671b9f8bc03a1643e0a7a06afcf85411c95a811ee3119a12cb47/detection

fnybcdd.cn
metaameesk.com
shakna118.com
p.fnybcdd.cn
w6.shakna118.com
w7.shakna118.com

# Reference: https://www.virustotal.com/gui/file/00170e3673b73a58e79f6e7659735325566344266cc3b837e6b6143184d19b90/detection

modobom.services

# Reference: https://twitter.com/malwrhunterteam/status/1578867099627573248
# Reference: https://www.virustotal.com/gui/ip-address/112.213.120.69/relations
# Reference: https://www.virustotal.com/gui/file/6126c347efb6d056b818c22e5d227142203287221a315d75e527d730b9346837/detection

moonpark1.shop
moonpark2.shop
xinyidaijieru.info
xinyidaijieru.shop
xionpic.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1579576061905756160

islamia.app

# Reference: https://www.virustotal.com/gui/file/1873215b0e1c28e92bef12d8e01d7f3f3ae22a7e045801772add42151699a2d7/detection

86.124.233.101:22005

# Reference: https://twitter.com/silentpush/status/1592202761961373696
# Reference: https://www.virustotal.com/gui/ip-address/3.36.198.106/relations

downgo.xyz
gh1vvvnaj94y.xyz
iex.buzz
iex168.com
iex58.com
iex88.com
iexnec.top
iexsze.xyz
iexvxd.live
iexykd.com
iexzfu.live
sulstar.com
admin.iex168.com
admin.iex88.com
admin.iexnec.top
admin.iexsze.xyz
admin.iexvxd.live
admin.iexykd.com
admin.sulstar.com
agent.iex168.com
agent.iex58.com
agent.iex88.com
agent.iexnec.top
agent.iexsze.xyz
agent.iexvxd.live
agent.iexykd.com
agent.iexzfu.live
agent.sulstar.com
download.downgo.xyz

# Reference: https://twitter.com/ecarlesi/status/1599833514081501205
# Reference: https://twitter.com/ecarlesi/status/1600776299592945664
# Reference: https://www.virustotal.com/gui/ip-address/3.33.172.47/relations

0422.cz
1051.cz
1066.cz
150297.com
16567.me
1828.cz
18896.me
2123.at
23614.se
2402.cz
2590.ca
28105.me
2820.credit
3092.cz
3607.cz
36289.st
36295.se
3864.cz
3915.voto
4095.cz
4096.at
4230.cz
4354.cz
4457.at
4506.cz
5031.cz
51299.cz
52659.se
5428.at
55065.se
55308.se
5726.voto
5795.at
5835.at
59122.st
5940.cz
6028.voto
62778.se
63083.mx
64901.se
66572.me
6840.cz
6872.cz
68911.me
7038.ca
7068.cz
70947.se
71688.me
73397.st
76647.cz
7808.cz
78720.me
79288.cz
79624.se
7967.software
8044.at
8106.cz
8150.at
8228.voto
8248.io
8341.cz
8393.at
8408.at
8487.voto
84873.se
85421.cx
8611.at
8620.at
86212.st
8763.cz
8783.credit
8819.cz
8929.at
8955.cz
9004.cz
90273.se
9031.at
9148.at
9317.credit
9768.cz
9841.voto
9904.at
abcd1.careers
abcd9.careers
pfre5.finance
pjlo.cz
sdfr8.finance
tygr3.finance
uytd3.software
yhts3.finance
ytfr6.software
zder6.software

# Reference: https://twitter.com/ecarlesi/status/1601845957502582784
# Reference: https://www.virustotal.com/gui/ip-address/75.2.10.190/relations

0565.at
1019.cz
1031.cz
1057.voto
1172.cz
1174.cz
1215.voto
1218.football
1298.football
13186.mx
1373.cz
1460.cz
15072.at
1537.credit
15426.me
1570.voto
1660.voto
16735.se
1702.cz
1728.voto
17509.at
1774.football
1780.football
17870.se
18326.mx
187095.com
190388.com
11433.cx
17233.net
17915.cx
18722.cx
1873.credit
1912.voto
1962.voto
2029.voto
2056.credit
2079.at
20958.se
2101.cz
21386.se
21604.se
2172.voto
2194.at
2340.cz
2425.software
2432.credit
24280.net
25176.cx
25326.se
25412.mx
2580.at
2650.cz
26748.at
2739.voto
2750.football
25250.cx
2571.at
272504.com
27558.mx
2761.voto
28172.se
2883.voto
2890.voto
2911.voto
2933.cz
29374.at
3038.cz
30442.se
3066.cz
3140.software
31593.me
3171.credit
27851.net
2908.credit
3172.credit
32275.se
32704.at
3275.credit
334386.com
334792.com
35407.at
3626.voto
3677.football
3708.voto
3743.voto
3752.cz
3489.cx
35314.me
3561.credit
36278.cx
37584.se
37605.se
376101.com
3770.credit
3779.credit
38027.me
38591.se
38643.se
3877.credit
39074.at
3918.credit
392949.com
3931.football
394729.com
3884.credit
3971.credit
397805.com
4036.credit
4037.cz
4068.voto
4076.cz
4090.nl
4129.credit
4303.cz
4378.football
4380.cz
4399.credit
4405.cz
4450.cz
45334.se
4330.credit
45395.se
4546.credit
46099.net
4669.voto
4676.at
46869.at
4877.cz
4945.cz
4991.cz
4674.credit
47108.cx
4895.cx
5010.credit
5018.cz
50432.se
5049.cz
5061.cz
5078.voto
5056.credit
5129.credit
5195.credit
5195.voto
5257.football
5288.credit
5346.credit
538231.com
548056.com
52674.nl
52719.net
52787.cx
5348.credit
54764.net
5485.voto
5488.football
55097.at
5518.cz
5520.credit
5542.cz
5638.credit
56536.se
5672.credit
5674.credit
57024.at
5715.credit
57175.at
57480.at
5768.voto
5669.credit
5776.credit
5783.voto
58322.at
58458.at
5875.voto
5881.football
59258.se
59284.at
58061.net
5823.credit
5911.at
5950.at
59684.se
59818.mx
60121.se
6014.credit
6030.credit
60226.cx
6056.credit
6061.credit
6063.voto
60748.mx
6080.football
6090.credit
6094.cz
610786.com
613578.com
61497.se
6170.credit
61942.one
6216.football
6242.at
62880.at
628974.com
63342.at
6423.credit
6449.cz
62526.cx
63801.net
64540.se
6470.cz
6472.credit
64932.me
6508.credit
651601.com
6539.credit
65507.se
6574.credit
66029.at
6608.football
6645.cz
66546.se
6657.voto
6670.cz
66859.at
6705.cz
67251.in
6811.football
6829.credit
68377.mx
68384.se
68565.at
6864.credit
6865.cz
6671.voto
68680.at
686947.com
6882.voto
68902.net
69046.at
69079.at
69359.me
69503.at
69578.mx
6976.football
6987.voto
7031.cz
7045.cz
70581.at
706978.com
7076.voto
708512.com
7093.cz
7098.voto
7100.cz
7127.nl
7139.voto
7150.cz
71702.me
7180.voto
72038.me
7205.software
721310.com
7217.football
7239.software
72563.nl
7282.football
7307.voto
69826.cx
70196.net
7055.cz
7220.at
73103.voto
73168.mx
73393.se
7360.voto
738334.com
7402.football
7501.cz
7506.cz
7512.cz
7551.cz
75519.mx
7580.cz
76057.at
76079.mx
7514.credit
76651.mx
7693.football
7732.voto
7733.cz
7806.credit
76971.net
78426.me
7908.cz
7912.credit
79125.mx
79187.at
7924.voto
79355.at
79447.se
7983.voto
8029.voto
79402.cx
79761.cx
80317.cx
8038.credit
8052.cz
8056.cz
8099.cz
81042.at
8106.voto
8117.cz
81316.mx
8138.cz
8177.cz
8245.voto
8070.credit
8159.credit
82497.at
8287.credit
8300.cz
8304.cz
8326.cz
83482.at
8353.voto
83697.at
8440.cz
8445.voto
8492.cz
8515.voto
8538.credit
8548.credit
82948.net
8415.credit
85606.mx
857939.com
8587.football
85894.at
859701.com
86185.se
8705.cz
8717.voto
87624.se
8684.at
87047.cx
87394.net
87755.se
8802.cz
8807.voto
88337.cx
8834.cz
8850.cz
87941.net
88267.net
8874.credit
8901.cz
89322.at
8943.credit
8961.voto
89839.voto
8987.football
89784.net
8988.credit
8991.voto
90359.at
9091.cz
912610.com
9162.voto
90645.net
9089.at
92210.cx
9223.football
9303.at
93453.at
93609.se
9377.cz
93853.mx
9403.voto
9409.cz
94330.at
9440.cz
94407.se
9479.voto
9502.voto
95173.at
95258.se
9570.voto
9585.voto
9591.football
96174.mx
92755.cx
9506.at
9532.credit
96199.se
96341.me
9642.cz
9653.credit
967955.com
9686.cz
97209.net
9770.credit
97921.se
98062.mx
98558.at
9976.cz
9981.credit
abqch.cz
bxr.se
byyws.cz
dertr.cz
dtyh2.finance
ertfd.cz
fescq.cz
fpim.cz
ghpk5.finance
gtyh2.makeup
hfrew.cz
hzk.se
iuytg.cz
juhys.cz
juyhf.cz
klder.cz
kpid.software
ktpd.cz
ktpns.cz
ktyp.cz
kuhj2.finance
mmoo34.me
nchj.cz
opego88.vip
ozh.se
pfewq.cz
pgew3.software
pgtr9.report
pjfr5.finance
pkder.cz
pkfr3.software
pkfr5.finance
pkfr6.software
pkfx3.software
pkse8.software
pkuh3.software
plhq9.software
ptyst.cz
puyer.cz
qsdtg.cz
rtfe6.finance
rthu5.finance
sngoe88.vip
sxfr6.software
tfrg5.finance
totqc.cz
trde5.finance
tuhg2.finance
tuhg3.studio
tylp.cz
tzy.se
ujhr7.finance
ukfrt.cz
uydrt.cz
uyjfg.cz
uypk.cz
vcku.cz
xdert.cz
yder5.careers
yfm.se
yfxz2.software
yhdes.cz
yphsd.cz
yptd6.credit
ypzd8.credit
zatf7.software
zcgp.cz
zdfg3.software
zdse7.careers
zdtf5.finance
zdwe1.software
zdwqa.cz
zfrew.cz
zfwog.cz
zidj.cz
zmuj.cz
zsdrt.cz
zsed1.finance
zser2.finance
zsye8.software
zzy.se

# Reference: https://twitter.com/ecarlesi/status/1602502214731325446
# Reference: https://www.virustotal.com/gui/ip-address/35.71.131.1/relations
# Reference: https://www.virustotal.com/gui/ip-address/52.223.50.163/relations

0669.at
1536.credit
1659.earth
1890.credit
1917.credit
1942.work
2022-12-13
2579.work
2595.earth
2885.earth
3039.credit
312925.com
3182.work
3334.credit
3701.earth
3837.credit
4158.credit
4909.earth
4937.credit
6130.earth
6132.earth
6345.earth
6448.earth
6469.credit
6771.work
6849.earth
6921.credit
6945.earth
7436.work
862017.com
8913.work
8985.credit
9487.earth
9520.credit
sftg5.software

# Reference: https://twitter.com/LukasStefanko/status/1600039301215035393
# Reference: https://www.virustotal.com/gui/file/02cfa159f85e15bd24808859d6cbf1b8e8d21352e7290ba5477744f711bb752b/detection

firebaseconnections.com

# Reference: https://twitter.com/malwrhunterteam/status/1600260295112335360

trustwallet-nft.web.app
/ewfwef834r8f8we8f8we8r484234f.html

# Reference: https://twitter.com/malwrhunterteam/status/1602217665183059968
# Reference: https://www.virustotal.com/gui/ip-address/156.236.71.16/relations
# Reference: https://www.virustotal.com/gui/file/bd2e1836fa14734f65634711e85036b885fab18a3073a8dac3f95f0284a317bf/detection

http://156.236.71.16
truskeiwawer.com
truskiedf.com
trustweta.com
trustwetae.com

# Reference: https://twitter.com/ecarlesi/status/1602507518793629696
# Reference: https://www.virustotal.com/gui/ip-address/45.136.118.189/relations

1286.cash
7562.cash
puhr3.software
sftr8.software
tygr9.finance
zdew5.finance

# Reference: https://twitter.com/malwrhunterteam/status/1603315557385781249
# Reference: https://www.virustotal.com/gui/file/d6559a5ee4361c812d8f88e3de78b421a5e165cfac139cce92bd5cf8f2f63a2d/detection

backthai.net

# Reference: https://www.virustotal.com/gui/file/6c48e1ce4183ece7cb649d125317910cbe5f05ebac5b811c2e0c167e446f16d1/detection

expertvipmall.com

# Reference: https://twitter.com/malwrhunterteam/status/1603393311473008649
# Reference: https://www.virustotal.com/gui/file/7e77a9ed50fbe65e9e5f680c8313549d7a57f6844ac1cc316636ceadec806119/detection

grooming-time.com

# Reference: https://twitter.com/KesaGataMe0/status/1615239904728088576
# Reference: https://www.virustotal.com/gui/ip-address/206.238.115.110/relations
# Reference: https://www.virustotal.com/gui/ip-address/206.238.123.38/relations
# Reference: https://www.virustotal.com/gui/ip-address/207.148.25.11/relations

binanace.net
metamaske.pro
metamasky.com
metamaskt.io
metamesk.info
trustwallect.com
trustwallett.rest

# Reference: https://www.virustotal.com/gui/file/00008e83ec52647211a39ead81fc40a1655212002eb76923f10c60703ec63bd7/detection

sppromo.ru
ww82.sppromo.ru

# Reference: https://www.virustotal.com/gui/file/2a81097ea1fd636a65c84a05f49d88b43c9826fcfc87c84b3b5c21249ce6c1d5/detection

martianwallet.app

# Reference: https://www.virustotal.com/gui/file/02b7ebee345d4c6d1147d6b06d53f6c0e2556443bd37a0e504a2358b20673c37/detection

147.185.221.223:14020
movie-pocket.at.playit.gg

# Reference: https://www.virustotal.com/gui/file/46badfbf22dc28fb0550959616b78fc7702e9b97fa30c9691a9af8f7f7dde399/detection
# Reference: https://www.virustotal.com/gui/file/8411c21c6586f9d96182610c6102cf098840bbc3c4aeb645b0335ea857cd2232/detection
# Reference: https://www.virustotal.com/gui/file/d7dec088189c84ae16b18e9afe46f574e220daba640fb7f5e482e64652d9233c/detection

sharechatofficial.000webhostapp.com

# Reference: https://www.welivesecurity.com/2023/03/16/not-so-private-messaging-trojanized-whatsapp-telegram-cryptocurrency-wallets/

buchananapp.com
coinfacai.com
cqbblmy.com
hao-telegram.com
microsoftmiddlename.tk
oktask88.com
pic447.com
pic6005588.com
t-telegrm.com
telegcn.com
telegram-c.com
telegram.farm
telegram.gs
telegram.land
telegramnm.org
telegramxs.com
telegramzn.com
telegrmam.org
telegrms.com
telegron.org
telegrrom.com
telezzh.com
tevegram.com
upload.buchananapp.com
whotsapp.net
x-telegram.app
api.oktask88.com
b.pic447.com
department.microsoftmiddlename.tk
j.pic6005588.com
jk.cqbblmy.com
token.jdy.me

# Reference: https://www.virustotal.com/gui/file/bd4ea561b932adc106cb835bfcb8640a59a2fc9e17598768ffed3c6f4fa3c59f/detection

206.189.80.59:22645

# Reference: https://twitter.com/0xDanielLopez/status/1645040749589692416
# Reference: https://www.virustotal.com/gui/file/465e7ed3279c2d4964a6e1d5b3c0c9bca94e27824fee5bc849656c37694aad57/detection
# Reference: https://www.virustotal.com/gui/file/3cd3d26c3477a26d0c2ed3da24b15a7055e9ce6e026cc7f5a4964df51b99bcb4/detection

metamask6.pro
metamcsk.com

# Reference: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/fake-security-app-found-abuses-japanese-payment-system/
# Reference: https://www.virustotal.com/gui/file/5d29dd12faaafd40300752c584ee3c072d6fc9a7a98a357a145701aaa85950dd/detection

ruboq.com

# Reference: https://twitter.com/malwaretracekr/status/1650024334780698625
# Reference: https://www.virustotal.com/gui/ip-address/115.91.26.153/relations
# Reference: https://www.virustotal.com/gui/file/f9ba21363bdd5c7a1624da5a4f51721323249085e6c31c41e8bb73e411dadc29/detection
# Reference: https://www.virustotal.com/gui/file/289eb00c326c39b57fd9c72ca2ddc8d2723c763c44ccf2b03e9c41eb577a28d8/detection

103.214.68.12:6693 
122.147.252.23:6693
asdvdfdfd.site
dasdqcsaca.store
dfgfhgfhfhg.online
mashcgsd.bio
mashcgsd.us
mashcgsd.xyz
nhisis.xyz
nssnissshch.bio
nssnissshch.gay
nssnissshch.ink
nssnissshch.life
nssnissshch.shop
nssnissshch.wiki
nssnissshch.world
nssnissshch.xyz
xcvdfgdfgdfg.site
yeelip.com
axms.yeelip.com
xms.yeelip.com

# Reference: https://www.virustotal.com/gui/file/bbef5975a0483220cfec379c44a487ed4146e0af9205f00dbc0eb53de8a63533/detection

122.10.90.12:36986

# Reference: https://twitter.com/g0njxa/status/1652672867702587392

jotaaway1.es

# Reference: https://twitter.com/malwrhunterteam/status/1661858200092651526
# Reference: https://www.virustotal.com/gui/file/6b80bbaec6504377de4723908b67760f7262107ff12ea6606553b2ba68679b64/detection

ueprefd.xyz
download.ueprefd.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1678865836449181700
# Reference: https://www.virustotal.com/gui/file/96f8c91090be18751661b1ad9f0e4f227eec568ffab130bb92ea5113f80c1a1d/detection

topcallgirl2.com

# Reference: https://twitter.com/malwrhunterteam/status/1683841326528462850
# Reference: https://www.virustotal.com/gui/file/883fe4e845841b51108a48c78220ee159743ba0ab5728d6aacdcc772e57f2720/detection

http://58.229.206.107

# Reference: https://twitter.com/malwrhunterteam/status/1685920242105495552
# Reference: https://www.virustotal.com/gui/file/b50a1d6791e149c8437ef45a46978a3261b5f50765f22fec10574e57116951dc/detection

mallmaster.top
site111.mallmaster.top

# Reference: https://twitter.com/malwrhunterteam/status/1687037935684669440
# Reference: https://www.virustotal.com/gui/file/f59e48f3b785fa2278e29d69591014cf59befe958223d6f3c196d61c42bfb174/detection

itoken-apk.org

# Reference: https://twitter.com/malwrhunterteam/status/1686851580111237121
# Reference: https://www.virustotal.com/gui/file/23592c781bd5cc9236fcb5b6d9c0804e084d9d9c894479a06da76c090421da35/detection

tokenpocket-dl.co

# Reference: https://www.virustotal.com/gui/file/f4413fde08a42f4ba3a20ab3abe4bf716c4c2dfaedfc63baa1e668777fa17f59/detection

amasolo.com

# Reference: https://www.virustotal.com/gui/file/c260dc27c6d40fe2a34f5bb917fdd0a04d7061fe47975130edb324b17cb47638/detection

alpha-wallet.info

# Reference: https://twitter.com/noexceptcpp/status/1701027496022433973
# Reference: https://securelist.com/trojanized-telegram-mod-attacking-chinese-users/110482/
# Reference: https://www.virustotal.com/gui/ip-address/103.148.186.32/relations

http://96.30.198.123
103.148.186.32:58888
34.102.136.180:58888
telegrnm.org
sg.telegrnm.org

# Reference: https://twitter.com/0x6rss/status/1701880250697658816
# Reference: https://www.virustotal.com/gui/file/ead28c0a510b3b62dfdcadf1aed4b78c5c8d3aad703c84cc46e8028dde153811/detection
# Reference: https://www.virustotal.com/gui/file/720cd99fa39399febd2c9e5d76b102187e596b882eced6fad08f65793d6beccd/detection

123.56.41.76:8899
availa.click
eu.availa.click
jump.availa.click
sa.availa.click
sg.availa.click
sg1.availa.click
us.availa.click
uss.availa.click

# Reference: https://twitter.com/karol_paciorek/status/1703697327058268188
# Reference: https://www.virustotal.com/gui/file/000c42bee6d10b30ffa9f2fd7d296d9c1b3c233a0d806457dcc028932bab05d8/detection

http://47.241.47.12
ac1.dcloud.net.cn
ac2.dcloud.net.cn
s1.dcloud.net.cn
s2.dcloud.net.cn

# Reference: https://www.virustotal.com/gui/ip-address/185.135.73.19/relations
# Reference: https://www.virustotal.com/gui/file/86e767054034e2d41ea5d19129512c0d911fbbd6522e97ffffc25117ad9e0e6f/detection

123app.cc
345app.cc
456app.cc

# Reference: https://www.virustotal.com/gui/file/00fd4a63c468982631bbdb84b2d862aa704165a9a140729c14eb1185a9df4475/detection

00android.com
oftu2t65dztf.pflexads.com

# Reference: https://www.malwarebytes.com/blog/threat-intelligence/2023/10/hong-kong-residents-targeted-in-malvertising-campaigns-for-whatsapp-telegram
# Reference: https://otx.alienvault.com/pulse/653aab5c3d41e1bf01f7513f
# Reference: https://www.virustotal.com/gui/file/36d11b18d3345ff743f7b003d10a0820c8c1661dd7dc279434e436de798c3a4b/detection

f8ddcc.com
vvg2rt.top
119srv.lawrencework.com
uaa.vvg2rt.top
wss.f8ddcc.com
kolunite.oss-ap-southeast-7.aliyuncs.com

# Reference: https://blog.cloudflare.com/malicious-redalert-rocket-alerts-application-targets-israeli-phone-calls-sms-and-user-information/
# Reference: https://otx.alienvault.com/pulse/652e97f29e476b423d10aeae
# Reference: https://www.virustotal.com/gui/file/5087a896360f5d99fbf4eb859c824d19eb6fa358387bf6c2c5e836f7927921c5/detection

http://23.254.228.135
redalert.me
redalerts.me

# Reference: https://securelist.com/spyware-whatsapp-mod/110984/

3ssem.com
android-soft-store.com
application-marketing.com
goldnwhats.app
omarwhats.app
watsabplusgold.com
whats-mate.com
whats-mate.net
whats-media.com
whats-mydns.com
whats-mydns.net
whats-vpn.com
whats-vpn.net
whatsagold.app
whatsgold.app
whatsupdates.com

# Reference: https://www.welivesecurity.com/en/eset-research/beware-predatory-fintech-loan-sharks-use-android-apps-reach-new-depths/
# Reference: https://otx.alienvault.com/pulse/657085f982e8bd03f9491513

ag.ahymvoxxg.com
ahymvoxxg.com
amorcash.com
api.yumicash.com
apitai.coccash.com
bhvbhgvh.space
cashwow.club
coccash.com
cy.amorcash.com
easycredit-app.com
eg.easycredit-app.com
guayabacash.com
hwpamjvk.whcashph.com
iu.iuuaufbt.com
iuuaufbt.com
kk.softheartlend2.com
la6gd.cashwow.club
mpx.mpxoptim.com
mpxoptim.com
oy.oyeqctus.com
pss.aakredit.in
qt.qtzhreop.com
qtzhreop.com
rest.bhvbhgvh.space
softheartlend2.com
whcashph.com
yumicash.com

# Reference: https://twitter.com/banthisguy9349/status/1733450703853474102
# Reference: https://www.virustotal.com/gui/ip-address/66.29.132.194/relations

apk1.shop
apk4like.online
apk4love.xyz
apk4mobile.com
follow4apk.com
getmodapk.site
nowtoapps.com

# Reference: https://www.malwarebytes.com/blog/threat-intelligence/2023/12/malvertisers-zoom-in-on-cryptocurrencies-and-initial-access
# Reference: https://otx.alienvault.com/pulse/65817e4c05cbf5d0fa336908

2311foreign.xyz
info-zoomapp.com
promoapp-zoom.com
scheta.site
windows-rars.shop
winkos.net
youstorys.com
zoom-us.tech
zoommaster.life
zoomnewsonly.site
api.huntingpanel.link
huntingpanel.link
z00nn.one-platform-to-connect.group
one-platform-to-connect.group
aksdquwrqr.onelink.me
arnold.onelink.me
desktop-client.onelink.me
mmozl.onelink.me
notetrest.onelink.me
ntcrgfmmc3.onelink.me
putin-777.onelink.me
169-zoona32.onelink.me
slovo-pacana.onelink.me
zoomus.onelink.me
zoromonm.onelink.me

# Reference: https://twitter.com/ybspro_official/status/1735180819323662398

imtokenx.cc

# Reference: https://twitter.com/ybspro_official/status/1734449588852175224

imtokenx.life

# Reference: https://www.virustotal.com/gui/ip-address/142.171.142.102/relations

imtokean.info
imtokenm.info
imtokenn.top
imtokenu.cc
imtokken.top
imtokken.vip
imtooken.pro
imttoken.xyz
mathwallets.link
mathwallets.top
dl.imtokean.info
dl.imtokenm.info
dl.imtokenn.top
dl.imtokenu.cc
dl.imtokken.top
dl.imtooken.pro
dl.imttoken.xyz

# Reference: https://www.virustotal.com/gui/domain/imtoken-td.org/relations

imtoken-td.org

# Reference: https://www.virustotal.com/gui/ip-address/103.149.92.3/relations

imtokens.top
cn.imtokens.top
pay.imtokens.top
py.imtokens.top
trc.imtokens.top

# Reference: https://www.virustotal.com/gui/ip-address/199.59.243.225/relations

imtoken.gives
imtoken.golf
imtoken.pics
imtoken-ap.plus
imtoken-dt.org
imtoken-iu.org
imtoken-up.org
imtoken-ya.top
imtoken-yd.top

# Reference: https://twitter.com/malwrhunterteam/status/1752675266852196600
# Reference: https://www.virustotal.com/gui/ip-address/103.94.235.26/relations
# Reference: https://www.virustotal.com/gui/ip-address/45.150.55.10/relations
# Reference: https://www.virustotal.com/gui/ip-address/50.117.71.245/relations
# Reference: https://www.virustotal.com/gui/file/d2bc5752af31dd0078b4d4077d26df95014d261dd4ac1fe40cd8a089891bd653/detection

78dugo.vip
ae82.icu
aitou66.top
aizhua8.top
ak68.icu
anba666.top
ancien.vip
anfu888.top
anju666.top
ankua88.top
anmei88.top
anpao66.top
anshou6.top
ap51.icu
auto82.top
av33.icu
ba29.icu
ba66666.top
bamao88.top
banun66.top
bapei8.vip
bed6666.top
benxi8.vip
bf21.icu
bijie66.top
bo92.icu
brfwz8.vip
bt88.icu
build66.top
by82.icu
caban8.vip
cadie8.vip
camian.vip
catie88.top
catu888.top
ccno888.top
ce82.icu
cefen8.vip
cezuan.vip
cezui8.vip
cqkyst6.top
cuilvd.vip
cy021.icu
cyber88.top
dashei8.top
dekai88.top
derong8.top
deruan8.top
dete88.vip
dx8888.vip
dzc14.top
eemmfm.vip
exit888.top
file88.vip
ftaqwl.space
gbs62.top
gddx16.vip
gexian8.top
gz8888.vip
haiche8.top
hege888.top
heliao8.top
henao88.top
hnxync.vip
homepa.vip
hun6666.top
jackd.online
jiu900.icu
jkweb252.top
jkweb255.top
kangal.vip
kcf56.top
kljgs.icu
launch8.top
loans8.vip
mi88888.top
miss888.top
mnz81.top
moved88.top
mws-ch.vip
name8v.vip
nkbvvy.vip
nulltx.vip
pack88.vip
pifen88.top
psc37.top
qa8888.vip
qiche9.top
qpz86.top
qxsvgq.vip
rekan88.top
runvip.vip
rykdqh.vip
scfqfp.vip
sdbz666.top
sdcxgs.icu
sks64.top
soccer8.top
source6.top
szlion.vip
tempsstr.top
three66.top
toimken.im
tqp88.top
trust88.top
uhuycz.vip
vmy37.top
vvrrfr.vip
wcd26.top
wspwsn.vip
wvbftb.vip
wxq59.top
xiangx8.top
xidesh.vip
ybx48.top
yfsvqg.vip
yzuvzg.vip
za8888.vip
zgmcw8.vip
ztk74.top
api.jkweb255.top

# Reference: https://www.virustotal.com/gui/file/e16e08a148ea96861c3b16d9183de25847c0b9641301acf6df8a3bf2bbed57ec/detection

prime-official-app.com

# APK

/KDCA.apk
/TrustWallet.apk
