# Copyright (c) 2014-2022 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://twitter.com/LukasStefanko/status/1116700836032331778
# Reference: https://koodous.com/apks/71038bed9175e2edfc1b24347e76a192b96845831410a481ace7e601ed65b19e
# Reference: https://www.virustotal.com/gui/file/71038bed9175e2edfc1b24347e76a192b96845831410a481ace7e601ed65b19e/detection

appboxlive.host/wakaji/start.html

# Reference: https://www.welivesecurity.com/2019/05/23/fake-cryptocurrency-apps-google-play-bitcoin/

coinwalletinc.com

# Reference: https://www.symantec.com/blogs/threat-intelligence/unofficial-telegram-app-malicious-sites

/so/Android1S.php
/so/Android2D.php
/so/Android2M.php
/so/Android4A.php
/so/AndroidAF.php
/so/AndroidAL.php
/so/AndroidDL.php
/so/AndroidLS.php
/so/AndroidPA.php
/so/AndroidPC.php
/so/AndroidSH.php

# Reference: https://www.welivesecurity.com/2019/07/19/faceapp-spotlight-scams-emerge/

spinwincash478.pro

# Reference: https://github.com/advanced-threat-research/IOCs/blob/master/2018/2018-06-28-asiahitgroup-gang-again-sneaks-billing-fraud-apps-onto-google-play/asiahitgroup-gang-again-sneaks-billing-fraud-apps-onto-google-play.csv

vilandsoft.com

# Reference: https://twitter.com/ReBensk/status/1264931130530312194

tnisheng.xyz

# Reference: https://twitter.com/DrStache_/status/1264949410162769920

http://154.209.241.184
http://154.209.241.185
http://154.209.241.186
http://154.209.241.187
http://154.209.241.188

# Reference: https://www.virustotal.com/gui/file/a7bffddcd815055c8e49df6a779503dcad16e6b351a64fcaf24961862b7014f0/detection

brezzamobile.online

# Reference: https://www.virustotal.com/gui/file/012404ebe25adaadd7e9b4b0d1ce6ffce46c62456f97710829c676fb789019a9/detection

btc-unli.tk

# Reference: https://www.virustotal.com/gui/file/774d58de7fc732a3eaac274e6dc454012260d8d111989834ac62e7f90c8dc467/detection

octarine.soxx.us

# Reference: https://twitter.com/ninoseki/status/1353128207923388416
# Reference: https://www.virustotal.com/gui/file/49634208f5fb8bcfc541da923ebc73d7670c74c525a93b147e28d535f4a07bf8/detection

103.85.25.165:7777
165.3.93.6:7777
r10zhzzfvj.feishu.cn

# Reference: https://twitter.com/_bllvck/status/1366439474733924353
# Reference: https://www.virustotal.com/gui/file/d3487ab25a0e2c24996032458ff869eb3743eed39cf7c13e5c1a88084310c718/detection

polkadot-support.com

# Reference: https://www.virustotal.com/gui/file/d2d35805f157b0fe4df0cf5747cab08ba335b9cdc82453ab1a9f6271e8a484fc/detection

paladits.bget.ru

# Reference: https://twitter.com/malwrhunterteam/status/1379883017976614918
# Reference: https://www.virustotal.com/gui/file/c420052c96eff142e3836bd6cbe1ce61d86c23ac7a9b58a4dc81ffef7c98ab34/detection

mobipaisarecharge.com
/Ajax-request/get_mobile_info.php

# Reference: https://research.checkpoint.com/2021/new-wormable-android-malware-spreads-by-creating-auto-replies-to-messages-in-whatsapp/
# Reference: https://otx.alienvault.com/pulse/606e2b839d8204cdd76a5476

netflixwatch.site

# Reference: https://www.virustotal.com/gui/domain/amazingvideos.mobi/relations
# Reference: https://www.virustotal.com/gui/domain/greatestapps.mobi/detection
# Reference: https://www.virustotal.com/gui/file/fa40744c0e49f185b0604f44b7747b1fe5824b58223376d0b9a51451b905d1e5/detection

amazingvideos.mobi
greatestapps.mobi
7.tdslsd.ru
tdslsd.ru

# Reference: https://www.virustotal.com/gui/file/08797ac7926944304b8fae5647a1495aae9b69bb76ee9e052295111beab5042a/detection

zestlark.000webhostapp.com

# Reference: https://twitter.com/Cengiz86035319/status/1391502248962834446

aske-crudo.com

# Reference: https://www.virustotal.com/gui/file/db91424bff23f9668398c3c0ae0fab05d6cd73a18676559c78c0f6c7e1b5ea90/detection

wezzx.ru

# Reference: https://www.welivesecurity.com/2021/07/20/url-shortener-services-android-malware-banking-sms-trojans/
# Reference: https://otx.alienvault.com/pulse/60f7eaafe05663ddea26b1b5

eaconhop.online
emanalyst.biz
fceptthis.biz
fjobiwouldli.biz
honeiwillre.biz
mmunitedaw.info
offeranda.biz
oftongueid.online
omeoneha.online
ommunite.top
ransociatelyf.info
rycovernmen.club
schemics.club
sityinition.top
ssedonthep.biz

# Reference: https://twitter.com/ni_fi_70/status/922461098737045505
# Reference: https://www.welivesecurity.com/2017/10/23/fake-cryptocurrency-apps-google-harvesting-credentials/
# Reference: https://www.virustotal.com/gui/file/c5112e3a95bfa226bc2d524964364c61e0db9fe2824c20ca99521ab15367d678/detection
# Reference: https://www.virustotal.com/gui/file/306a4fd41ce67784db399eced6531ac629bd9fe05d3347665bb935f1100e37f2/detection

pooniex.com
poloniėx.com
xn--polonix-y8a.com

# Reference: https://www.virustotal.com/gui/file/156c98f1babd9de7f76a81fd7bcc81b03cb1415081a726dbf7707226b16f6db2/detection

zzwx.ru
d1lxhc4jvstzrp.cloudfront.net

# Reference: https://www.virustotal.com/gui/file/04b74f3579b081b5af13299b3327b80c0e3f45daca556487b088d11716960c72/detection

charter724.info

# Reference: https://www.virustotal.com/gui/file/96dfea7f0050a0d453ffb61d5824ff820f75fd0e8c25a9f5b894812483432759/detection

ucharter.ir

# Reference: https://www.virustotal.com/gui/file/4d78c7980c938d5bf4b0dd4aeecc008dad3d9b9e14f3fe207b704301a2c0cbed/detection

charter2162.ir

# Reference: https://www.virustotal.com/gui/file/f9f86fd4c2979b1f41aeece06958aa6b7ddba130a66dbf7c78a3906c449d7dd0/detection

clipestoon.ir

# Reference: https://www.virustotal.com/gui/file/401b00dc8a2aa2e13e24859d1f89e244ed6c7f1d48a7d80f9d9200e0ba1b3ea8/detection

sepehre360.com

# Reference: https://www.virustotal.com/gui/file/f6574662f783b6a0f09561bfe8b0540508897e5383327168c4b778a2a9466a2a/detection

mehrseir.ir

# Reference: https://twitter.com/dubstard/status/1493875063971581956

android-beta.com

# Reference: https://www.virustotal.com/gui/ip-address/137.175.56.119/relations
# Reference: https://www.virustotal.com/gui/file/f7d412f93ed5f34de40b3a8e7653c34430e931ec2f615599e16dac607ad81985/detection

dfnvkej.xyz
njfohn.vip
2cmodh.dfnvkej.xyz
3kodin.dfnvkej.xyz
3kodin.njfohn.vip
6vjod.dfnvkej.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1507434232511139847
# Reference: https://www.virustotal.com/gui/ip-address/103.193.174.205/relations
# Reference: https://www.virustotal.com/gui/file/6876e159a8e91091535c18cf59e517f3405145efd757d564b7dcf284cae990d5/detection

imtokcn.org
imtokrn.net
imtokrn.pro
mb-imtoken.com
tokencenter.info
tokenlon.im
tongke.co
tongke.top

# Reference: https://www.welivesecurity.com/2022/03/24/crypto-malware-patched-wallets-targeting-android-ios-devices/
# Reference: https://otx.alienvault.com/pulse/6244300fee718397c862a21e
# Reference: https://www.virustotal.com/gui/ip-address/45.116.163.65/relations

180.215.126.33:51148
2022mask.com
app-coinbase.co
ariodjs.xyz
bitepie.club
bitoken.com.cn
bitpiecn.com.cn
bitpiewallet.com.cn
bitpiezh.cn
bitpio.com
cctptokenm.live
cn-imtoken.com
cryptojx.store
im-token.one
im-tokens.info
imbbq.co
imdt.cc
imtken.cn
imtoken.cn.com
imtoken.net.im
imtoken.porn
imtoken.sx
imtoken.tg
imtokenep.com
imtokens.money
imttoken.org
jabirs-xso-xxx-wallet.com
jaxwalet.com
jaxx.podzone.org
jaxx.su
jaxx.tf
jaxxwalletinc.live
jdzpfw.com
lmtoken.org.cn
lntokems.club
master-consultas.com
matemasks.date
meta-mask.org.cn
metamadk.com
metamask-wallet.xyz
metamask.hk
metamaskey.com
metamaskio.vip
metamasks.me
metemas.me
metemasks.live
mtokens.im
one-key.org.cn
onekeys.dev
onekeys.mobi
saaditrezxie.store
shayu.la
t0kenpocket.cn
tipi21341.com
tkdt.cc
token-app.cc
token-lon.me
token2.club
tokenp0cket.com
tokenpockets.buzz
tokenpockets.org
tokenweb.online
tptokenm.live
trust-wallet.com.cn
trustgame.cn
trustwellat.cc
walletrust.cn
xdhbj.com
xzxqsf.com
zh-imtoken.com
admin.metamaskio.vip
admin.token2.club
api.metamasks.me
api.tipi21341.com
appapi.imtoken.porn
bh.imtoken.sx
bp.tkdt.cc
crp.jaxwalet.com
ds-super-admin.imtokens.money
ht.imtoken.cn.com
imtokenss.token-app.cc
jaxx.libertycryptowallet.ltd
jaxx.podzone.org
libertycryptowallet.ltd
metamask.tptokenm.live
mm.tkdt.cc
ok.tkdt.cc
spspring.herokuapp.com
two.shayu.la
update.imdt.cc
update.xzxqsf.com
wallet.cryptojx.store
walletappforbit.web.app

# Reference: https://www.virustotal.com/gui/domain/irkgsm.ru/relations
# Reference: https://www.virustotal.com/gui/file/0397aa501c17f3d3e3d899a8324d2f38de4e72279e0664a60755ba5204d936a4/detection

irkgsm.ru

# Reference: https://twitter.com/malwrhunterteam/status/1520143923360014337
# Reference: https://www.virustotal.com/gui/ip-address/27.124.7.67/relations
# Reference: https://www.virustotal.com/gui/ip-address/45.63.108.144/relations
# Reference: https://www.virustotal.com/gui/file/b06c0e5560d89ee63a2fade2de08433b47dc5673131a98f75784eb2670d2da94/detection

imtoken.fm
tokem.cx
token-im.life
token-imc.cc
token-imq.co
token-imv.co
ap.token-imv.co
api.imtoken.fm
api.token-imc.cc

# Reference: https://twitter.com/BaoshengbinCumt/status/1521336416491667456

imt0ken.red
imtoken.imt0ken.red
/imtoken-intl-v2.apk

# Reference: https://twitter.com/malwrhunterteam/status/1521562439564861440
# Reference: https://www.virustotal.com/gui/ip-address/193.84.248.9/relations
# Reference: https://www.virustotal.com/gui/file/54b64d0808b795ffb48ef565b4a3a70ce7fedb2049be2010764e9466adc48ca6/detection

imtokam.online
imtoken.bz
intoken.bet
down.imtoken.bz
/imToken.apk

# Reference: https://twitter.com/BushidoToken/status/1522281784070791168
# Reference: https://otx.alienvault.com/pulse/627418f0445e08b473fe0ceb/

belinebit.com
bimexbit.com
bitbitox.com
bitboxy.com
bitglobalone.com
bitlytrade.org
btcgiran.com
coincapbit.com
dollar-crypto.com
dotxbitz.com
dotxswap.com
frontbitex.com
hoperbit.com
incoinbit.com
kaperbit.com
keeperexbit.com
lopexbit.com
marexbit.com
markexbit.com
quxbit.com
swapubit.com
walletexbit.com
walletmybit.com
woxobit.com
yayexbit.com

# Reference: https://twitter.com/malwrhunterteam/status/1522488493083086848
# Reference: https://twitter.com/malwrhunterteam/status/1522488977088995328
# Reference: https://www.virustotal.com/gui/file/7eb2da308838683ab2e1cad270bbb68cdc3966f7add077e21f8aaf9324c9f5d9/detection

coindase.xyz
vip98881.xyz
admin.coindase.xyz
ht.coindase.xyz
kf.coindase.xyz
api.vip98881.xyz
kf.vip98881.xyz
sanduan.vip98881.xyz
sd.vip98881.xyz
web.vip98881.xyz
wk.vip98881.xyz
xiazai.vip98881.xyz
xz.vip98881.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1526175132066234369
# Reference: https://www.virustotal.com/gui/file/b313bb1674a7ae62f6a13701c57394baa1efef1d955af6ba03692b01278422f4/detection

metsmas.com

# Reference: https://twitter.com/malwrhunterteam/status/1532652509717843968
# Reference: https://www.virustotal.com/gui/file/54e12d56f32bfe0e384677be2020db2723fd16d7a56758ef30c6c26716ac581c/detection

bujamuwg.xyz
coinoned.xyz
jvkutqar.xyz

# Reference: https://twitter.com/midnight_comms/status/1535448497813585921
# Reference: https://www.virustotal.com/gui/ip-address/182.16.49.3/relations

tokenpocklet.pro
tokenpockvet.pro
tokenpockzet.pro
tokenpoocbket.pro
tokenpoochket.pro
tokenpoocnket.pro
tokenpoocsket.pro
tokenpoocxket.pro
trustwahllet.com
trustwavllet.com

# Reference: https://twitter.com/malwrhunterteam/status/1547664764247019520
# Reference: https://twitter.com/midnight_comms/status/1547667415583969283
# Reference: https://www.virustotal.com/gui/ip-address/8.45.52.228/relations
# Reference: https://www.virustotal.com/gui/file/ca23a8e34b8fed2ae5548ce64f5d084f073f796009e14f15d61185275759c355/detection

ebay6.net
ebay7.net
ebay8.net
ebay9.net
happyplay666.com
ebayoss.oss-accelerate.aliyuncs.com

# Reference: https://twitter.com/Iamdeadlyz/status/1554469649508892682
# Reference: https://twitter.com/Iamdeadlyz/status/1554480019925516289
# Reference: https://www.virustotal.com/gui/ip-address/20.187.88.188/relations
# Reference: https://www.virustotal.com/gui/file/1b3ed3acbe5e18c90cc65a532e8ef5d7a4ddb738d9763494dabe1a58c2ca3654/detection

trusrt-wallet.io
trusrtwallet.app
trusrtwallet.co
trusrtwallet.in
trusrtwallet.io
trusrtwallet.vip
trusrtwallets.co
trusrtwallets.com
trusrtwallets.io
trusrtwallets.net
trusrtwallets.org
trusstwallet.site
trustwallet.life
trustwallets.io
turstwallet.live
taitanwallet.com
admin.taitanwallet.com

# Reference: https://vms.drweb.com/virus/?i=25394583&lng=en
# Reference: https://www.virustotal.com/gui/file/fa322ed16b1c9654c112eba4f99992c8fae1492d813bc93736462db52b5a5075/detection
# Reference: https://www.virustotal.com/gui/file/d9bdedb6e43f0fb54400b1953bc1211b202dcedc31d04230e54183b495b98063/detection

http://106.184.5.78
http://112.124.58.101
http://47.254.145.86
139.162.104.130:10000
47.252.50.191:10000
47.89.190.227:10000
91.195.240.94:10000
statistics.flurrydata.com

# Reference: https://twitter.com/Iamdeadlyz/status/1567811614682009600
# Reference: https://www.virustotal.com/gui/file/eef5e2525fb6671b9f8bc03a1643e0a7a06afcf85411c95a811ee3119a12cb47/detection

fnybcdd.cn
metaameesk.com
shakna118.com
p.fnybcdd.cn
w6.shakna118.com
w7.shakna118.com

# Reference: https://www.virustotal.com/gui/file/00170e3673b73a58e79f6e7659735325566344266cc3b837e6b6143184d19b90/detection

modobom.services

# Reference: https://twitter.com/malwrhunterteam/status/1578867099627573248
# Reference: https://www.virustotal.com/gui/ip-address/112.213.120.69/relations
# Reference: https://www.virustotal.com/gui/file/6126c347efb6d056b818c22e5d227142203287221a315d75e527d730b9346837/detection

moonpark1.shop
moonpark2.shop
xinyidaijieru.info
xinyidaijieru.shop
xionpic.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1579576061905756160

islamia.app

# Reference: https://www.virustotal.com/gui/file/1873215b0e1c28e92bef12d8e01d7f3f3ae22a7e045801772add42151699a2d7/detection

86.124.233.101:22005

# Reference: https://twitter.com/silentpush/status/1592202761961373696
# Reference: https://www.virustotal.com/gui/ip-address/3.36.198.106/relations

downgo.xyz
gh1vvvnaj94y.xyz
iex.buzz
iex168.com
iex58.com
iex88.com
iexnec.top
iexsze.xyz
iexvxd.live
iexykd.com
iexzfu.live
sulstar.com
admin.iex168.com
admin.iex88.com
admin.iexnec.top
admin.iexsze.xyz
admin.iexvxd.live
admin.iexykd.com
admin.sulstar.com
agent.iex168.com
agent.iex58.com
agent.iex88.com
agent.iexnec.top
agent.iexsze.xyz
agent.iexvxd.live
agent.iexykd.com
agent.iexzfu.live
agent.sulstar.com
download.downgo.xyz

# Reference: https://twitter.com/ecarlesi/status/1599833514081501205
# Reference: https://twitter.com/ecarlesi/status/1600776299592945664
# Reference: https://www.virustotal.com/gui/ip-address/3.33.172.47/relations

0422.cz
1051.cz
1066.cz
150297.com
16567.me
1828.cz
18896.me
2123.at
23614.se
2402.cz
2590.ca
28105.me
2820.credit
3092.cz
3607.cz
36289.st
36295.se
3864.cz
3915.voto
4095.cz
4096.at
4230.cz
4354.cz
4457.at
4506.cz
5031.cz
51299.cz
52659.se
5428.at
55065.se
55308.se
5726.voto
5795.at
5835.at
59122.st
5940.cz
6028.voto
62778.se
63083.mx
64901.se
66572.me
6840.cz
6872.cz
68911.me
7038.ca
7068.cz
70947.se
71688.me
73397.st
76647.cz
7808.cz
78720.me
79288.cz
79624.se
7967.software
8044.at
8106.cz
8150.at
8228.voto
8248.io
8341.cz
8393.at
8408.at
8487.voto
84873.se
85421.cx
8611.at
8620.at
86212.st
8763.cz
8783.credit
8819.cz
8929.at
8955.cz
9004.cz
90273.se
9031.at
9148.at
9317.credit
9768.cz
9841.voto
9904.a
abcd1.careers
abcd9.careers
pfre5.finance
pjlo.cz
sdfr8.finance
tygr3.finance
uytd3.software
yhts3.finance
ytfr6.software
zder6.software

# Reference: https://twitter.com/ecarlesi/status/1601845957502582784
# Reference: https://www.virustotal.com/gui/ip-address/75.2.10.190/relations

0565.at
1019.cz
1031.cz
1057.voto
1172.cz
1174.cz
1215.voto
1218.football
1298.football
13186.mx
1373.cz
1460.cz
15072.at
1537.credit
15426.me
1570.voto
1660.voto
16735.se
1702.cz
1728.voto
17509.at
1774.football
1780.football
17870.se
18326.mx
187095.com
190388.com
11433.cx
17233.net
17915.cx
18722.cx
1873.credit
1912.voto
1962.voto
2029.voto
2056.credit
2079.at
20958.se
2101.cz
21386.se
21604.se
2172.voto
2194.at
2340.cz
2425.software
2432.credit
24280.net
25176.cx
25326.se
25412.mx
2580.at
2650.cz
26748.at
2739.voto
2750.football
25250.cx
2571.at
272504.com
27558.mx
2761.voto
28172.se
2883.voto
2890.voto
2911.voto
2933.cz
29374.at
3038.cz
30442.se
3066.cz
3140.software
31593.me
3171.credit
27851.net
2908.credit
3172.credit
32275.se
32704.at
3275.credit
334386.com
334792.com
35407.at
3626.voto
3677.football
3708.voto
3743.voto
3752.cz
3489.cx
35314.me
3561.credit
36278.cx
37584.se
37605.se
376101.com
3770.credit
3779.credit
38027.me
38591.se
38643.se
3877.credit
39074.at
3918.credit
392949.com
3931.football
394729.com
3884.credit
3971.credit
397805.com
4036.credit
4037.cz
4068.voto
4076.cz
4090.nl
4129.credit
4303.cz
4378.football
4380.cz
4399.credit
4405.cz
4450.cz
45334.se
4330.credit
45395.se
4546.credit
46099.net
4669.voto
4676.at
46869.at
4877.cz
4945.cz
4991.cz
4674.credit
47108.cx
4895.cx
5010.credit
5018.cz
50432.se
5049.cz
5061.cz
5078.voto
5056.credit
5129.credit
5195.credit
5195.voto
5257.football
5288.credit
5346.credit
538231.com
548056.com
52674.nl
52719.net
52787.cx
5348.credit
54764.net
5485.voto
5488.football
55097.at
5518.cz
5520.credit
5542.cz
5638.credit
56536.se
5672.credit
5674.credit
57024.at
5715.credit
57175.at
57480.at
5768.voto
5669.credit
5776.credit
5783.voto
58322.at
58458.at
5875.voto
5881.football
59258.se
59284.at
58061.net
5823.credit
5911.at
5950.at
59684.se
59818.mx
60121.se
6014.credit
6030.credit
60226.cx
6056.credit
6061.credit
6063.voto
60748.mx
6080.football
6090.credit
6094.cz
610786.com
613578.com
61497.se
6170.credit
61942.one
6216.football
6242.at
62880.at
628974.com
63342.at
6423.credit
6449.cz
62526.cx
63801.net
64540.se
6470.cz
6472.credit
64932.me
6508.credit
651601.com
6539.credit
65507.se
6574.credit
66029.at
6608.football
6645.cz
66546.se
6657.voto
6670.cz
66859.at
6705.cz
67251.in
6811.football
6829.credit
68377.mx
68384.se
68565.at
6864.credit
6865.cz
6671.voto
68680.at
686947.com
6882.voto
68902.net
69046.at
69079.at
69359.me
69503.at
69578.mx
6976.football
6987.voto
7031.cz
7045.cz
70581.at
706978.com
7076.voto
708512.com
7093.cz
7098.voto
7100.cz
7127.nl
7139.voto
7150.cz
71702.me
7180.voto
72038.me
7205.software
721310.com
7217.football
7239.software
72563.nl
7282.football
7307.voto
69826.cx
70196.net
7055.cz
7220.at
73103.voto
73168.mx
73393.se
7360.voto
738334.com
7402.football
7501.cz
7506.cz
7512.cz
7551.cz
75519.mx
7580.cz
76057.at
76079.mx
7514.credit
76651.mx
7693.football
7732.voto
7733.cz
7806.credit
76971.net
78426.me
7908.cz
7912.credit
79125.mx
79187.at
7924.voto
79355.at
79447.se
7983.voto
8029.voto
79402.cx
79761.cx
80317.cx
8038.credit
8052.cz
8056.cz
8099.cz
81042.at
8106.voto
8117.cz
81316.mx
8138.cz
8177.cz
8245.voto
8070.credit
8159.credit
82497.at
8287.credit
8300.cz
8304.cz
8326.cz
83482.at
8353.voto
83697.at
8440.cz
8445.voto
8492.cz
8515.voto
8538.credit
8548.credit
82948.net
8415.credit
85606.mx
857939.com
8587.football
85894.at
859701.com
86185.se
8705.cz
8717.voto
87624.se
8684.at
87047.cx
87394.net
87755.se
8802.cz
8807.voto
88337.cx
8834.cz
8850.cz
87941.net
88267.net
8874.credit
8901.cz
89322.at
8943.credit
8961.voto
89839.voto
8987.football
89784.net
8988.credit
8991.voto
90359.at
9091.cz
912610.com
9162.voto
90645.net
9089.at
92210.cx
9223.football
9303.at
93453.at
93609.se
9377.cz
93853.mx
9403.voto
9409.cz
94330.at
9440.cz
94407.se
9479.voto
9502.voto
95173.at
95258.se
9570.voto
9585.voto
9591.football
96174.mx
92755.cx
9506.at
9532.credit
96199.se
96341.me
9642.cz
9653.credit
967955.com
9686.cz
97209.net
9770.credit
97921.se
98062.mx
98558.at
9976.cz
9981.credit
abqch.cz
bxr.se
byyws.cz
dertr.cz
dtyh2.finance
ertfd.cz
fescq.cz
fpim.cz
ghpk5.finance
gtyh2.makeup
hfrew.cz
hzk.se
iuytg.cz
juhys.cz
juyhf.cz
klder.cz
kpid.software
ktpd.cz
ktpns.cz
ktyp.cz
kuhj2.finance
mmoo34.me
nchj.cz
opego88.vip
ozh.se
pfewq.cz
pgew3.software
pgtr9.report
pjfr5.finance
pkder.cz
pkfr3.software
pkfr5.finance
pkfr6.software
pkfx3.software
pkse8.software
pkuh3.software
plhq9.software
ptyst.cz
puyer.cz
qsdtg.cz
rtfe6.finance
rthu5.finance
sngoe88.vip
sxfr6.software
tfrg5.finance
totqc.cz
trde5.finance
tuhg2.finance
tuhg3.studio
tylp.cz
tzy.se
ujhr7.finance
ukfrt.cz
uydrt.cz
uyjfg.cz
uypk.cz
vcku.cz
xdert.cz
yder5.careers
yfm.se
yfxz2.software
yhdes.cz
yphsd.cz
yptd6.credit
ypzd8.credit
zatf7.software
zcgp.cz
zdfg3.software
zdse7.careers
zdtf5.finance
zdwe1.software
zdwqa.cz
zfrew.cz
zfwog.cz
zidj.cz
zmuj.cz
zsdrt.cz
zsed1.finance
zser2.finance
zsye8.software
zzy.se

# Reference: https://twitter.com/ecarlesi/status/1602502214731325446
# Reference: https://www.virustotal.com/gui/ip-address/35.71.131.1/relations
# Reference: https://www.virustotal.com/gui/ip-address/52.223.50.163/relations

0669.at
1536.credit
1659.earth
1890.credit
1917.credit
1942.work
2022-12-13
2579.work
2595.earth
2885.earth
3039.credit
312925.com
3182.work
3334.credit
3701.earth
3837.credit
4158.credit
4909.earth
4937.credit
6130.earth
6132.earth
6345.earth
6448.earth
6469.credit
6771.work
6849.earth
6921.credit
6945.earth
7436.work
862017.com
8913.work
8985.credit
9487.earth
9520.credit
sftg5.software

# Reference: https://twitter.com/LukasStefanko/status/1600039301215035393
# Reference: https://www.virustotal.com/gui/file/02cfa159f85e15bd24808859d6cbf1b8e8d21352e7290ba5477744f711bb752b/detection

firebaseconnections.com

# Reference: https://twitter.com/malwrhunterteam/status/1600260295112335360

trustwallet-nft.web.app
/ewfwef834r8f8we8f8we8r484234f.html

# Reference: https://twitter.com/malwrhunterteam/status/1602217665183059968
# Reference: https://www.virustotal.com/gui/ip-address/156.236.71.16/relations
# Reference: https://www.virustotal.com/gui/file/bd2e1836fa14734f65634711e85036b885fab18a3073a8dac3f95f0284a317bf/detection

http://156.236.71.16
truskeiwawer.com
truskiedf.com
trustweta.com
trustwetae.com

# Reference: https://twitter.com/ecarlesi/status/1602507518793629696
# Reference: https://www.virustotal.com/gui/ip-address/45.136.118.189/relations

1286.cash
7562.cash
puhr3.software
sftr8.software
tygr9.finance
zdew5.finance

# Reference: https://twitter.com/malwrhunterteam/status/1603315557385781249
# Reference: https://www.virustotal.com/gui/file/d6559a5ee4361c812d8f88e3de78b421a5e165cfac139cce92bd5cf8f2f63a2d/detection

backthai.net

# Reference: https://www.virustotal.com/gui/file/6c48e1ce4183ece7cb649d125317910cbe5f05ebac5b811c2e0c167e446f16d1/detection

expertvipmall.com

# Reference: https://twitter.com/malwrhunterteam/status/1603393311473008649
# Reference: https://www.virustotal.com/gui/file/7e77a9ed50fbe65e9e5f680c8313549d7a57f6844ac1cc316636ceadec806119/detection

grooming-time.com

# APK

/TrustWallet.apk
