# Copyright (c) 2014-2022 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://twitter.com/LukasStefanko/status/1116700836032331778
# Reference: https://koodous.com/apks/71038bed9175e2edfc1b24347e76a192b96845831410a481ace7e601ed65b19e
# Reference: https://www.virustotal.com/gui/file/71038bed9175e2edfc1b24347e76a192b96845831410a481ace7e601ed65b19e/detection

appboxlive.host/wakaji/start.html

# Reference: https://www.welivesecurity.com/2019/05/23/fake-cryptocurrency-apps-google-play-bitcoin/

coinwalletinc.com

# Reference: https://www.symantec.com/blogs/threat-intelligence/unofficial-telegram-app-malicious-sites

/so/Android1S.php
/so/Android2D.php
/so/Android2M.php
/so/Android4A.php
/so/AndroidAF.php
/so/AndroidAL.php
/so/AndroidDL.php
/so/AndroidLS.php
/so/AndroidPA.php
/so/AndroidPC.php
/so/AndroidSH.php

# Reference: https://www.welivesecurity.com/2019/07/19/faceapp-spotlight-scams-emerge/

spinwincash478.pro

# Reference: https://github.com/advanced-threat-research/IOCs/blob/master/2018/2018-06-28-asiahitgroup-gang-again-sneaks-billing-fraud-apps-onto-google-play/asiahitgroup-gang-again-sneaks-billing-fraud-apps-onto-google-play.csv

vilandsoft.com

# Reference: https://twitter.com/ReBensk/status/1264931130530312194

tnisheng.xyz

# Reference: https://twitter.com/DrStache_/status/1264949410162769920

http://154.209.241.184
http://154.209.241.185
http://154.209.241.186
http://154.209.241.187
http://154.209.241.188

# Reference: https://www.virustotal.com/gui/file/a7bffddcd815055c8e49df6a779503dcad16e6b351a64fcaf24961862b7014f0/detection

brezzamobile.online

# Reference: https://www.virustotal.com/gui/file/012404ebe25adaadd7e9b4b0d1ce6ffce46c62456f97710829c676fb789019a9/detection

btc-unli.tk

# Reference: https://www.virustotal.com/gui/file/774d58de7fc732a3eaac274e6dc454012260d8d111989834ac62e7f90c8dc467/detection

octarine.soxx.us

# Reference: https://twitter.com/ninoseki/status/1353128207923388416
# Reference: https://www.virustotal.com/gui/file/49634208f5fb8bcfc541da923ebc73d7670c74c525a93b147e28d535f4a07bf8/detection

103.85.25.165:7777
165.3.93.6:7777
r10zhzzfvj.feishu.cn

# Reference: https://twitter.com/_bllvck/status/1366439474733924353
# Reference: https://www.virustotal.com/gui/file/d3487ab25a0e2c24996032458ff869eb3743eed39cf7c13e5c1a88084310c718/detection

polkadot-support.com

# Reference: https://www.virustotal.com/gui/file/d2d35805f157b0fe4df0cf5747cab08ba335b9cdc82453ab1a9f6271e8a484fc/detection

paladits.bget.ru

# Reference: https://twitter.com/malwrhunterteam/status/1379883017976614918
# Reference: https://www.virustotal.com/gui/file/c420052c96eff142e3836bd6cbe1ce61d86c23ac7a9b58a4dc81ffef7c98ab34/detection

mobipaisarecharge.com
/Ajax-request/get_mobile_info.php

# Reference: https://research.checkpoint.com/2021/new-wormable-android-malware-spreads-by-creating-auto-replies-to-messages-in-whatsapp/
# Reference: https://otx.alienvault.com/pulse/606e2b839d8204cdd76a5476

netflixwatch.site

# Reference: https://www.virustotal.com/gui/domain/amazingvideos.mobi/relations
# Reference: https://www.virustotal.com/gui/domain/greatestapps.mobi/detection
# Reference: https://www.virustotal.com/gui/file/fa40744c0e49f185b0604f44b7747b1fe5824b58223376d0b9a51451b905d1e5/detection

amazingvideos.mobi
greatestapps.mobi
7.tdslsd.ru
tdslsd.ru

# Reference: https://www.virustotal.com/gui/file/08797ac7926944304b8fae5647a1495aae9b69bb76ee9e052295111beab5042a/detection

zestlark.000webhostapp.com

# Reference: https://twitter.com/Cengiz86035319/status/1391502248962834446

aske-crudo.com

# Reference: https://www.virustotal.com/gui/file/db91424bff23f9668398c3c0ae0fab05d6cd73a18676559c78c0f6c7e1b5ea90/detection

wezzx.ru

# Reference: https://www.welivesecurity.com/2021/07/20/url-shortener-services-android-malware-banking-sms-trojans/
# Reference: https://otx.alienvault.com/pulse/60f7eaafe05663ddea26b1b5

eaconhop.online
emanalyst.biz
fceptthis.biz
fjobiwouldli.biz
honeiwillre.biz
mmunitedaw.info
offeranda.biz
oftongueid.online
omeoneha.online
ommunite.top
ransociatelyf.info
rycovernmen.club
schemics.club
sityinition.top
ssedonthep.biz

# Reference: https://twitter.com/ni_fi_70/status/922461098737045505
# Reference: https://www.welivesecurity.com/2017/10/23/fake-cryptocurrency-apps-google-harvesting-credentials/
# Reference: https://www.virustotal.com/gui/file/c5112e3a95bfa226bc2d524964364c61e0db9fe2824c20ca99521ab15367d678/detection
# Reference: https://www.virustotal.com/gui/file/306a4fd41ce67784db399eced6531ac629bd9fe05d3347665bb935f1100e37f2/detection

pooniex.com
poloniėx.com
xn--polonix-y8a.com

# Reference: https://www.virustotal.com/gui/file/156c98f1babd9de7f76a81fd7bcc81b03cb1415081a726dbf7707226b16f6db2/detection

zzwx.ru
d1lxhc4jvstzrp.cloudfront.net

# Reference: https://www.virustotal.com/gui/file/04b74f3579b081b5af13299b3327b80c0e3f45daca556487b088d11716960c72/detection

charter724.info

# Reference: https://www.virustotal.com/gui/file/96dfea7f0050a0d453ffb61d5824ff820f75fd0e8c25a9f5b894812483432759/detection

ucharter.ir

# Reference: https://www.virustotal.com/gui/file/4d78c7980c938d5bf4b0dd4aeecc008dad3d9b9e14f3fe207b704301a2c0cbed/detection

charter2162.ir

# Reference: https://www.virustotal.com/gui/file/f9f86fd4c2979b1f41aeece06958aa6b7ddba130a66dbf7c78a3906c449d7dd0/detection

clipestoon.ir

# Reference: https://www.virustotal.com/gui/file/401b00dc8a2aa2e13e24859d1f89e244ed6c7f1d48a7d80f9d9200e0ba1b3ea8/detection

sepehre360.com

# Reference: https://www.virustotal.com/gui/file/f6574662f783b6a0f09561bfe8b0540508897e5383327168c4b778a2a9466a2a/detection

mehrseir.ir

# Reference: https://twitter.com/dubstard/status/1493875063971581956

android-beta.com

# Reference: https://www.virustotal.com/gui/ip-address/137.175.56.119/relations
# Reference: https://www.virustotal.com/gui/file/f7d412f93ed5f34de40b3a8e7653c34430e931ec2f615599e16dac607ad81985/detection

dfnvkej.xyz
njfohn.vip
2cmodh.dfnvkej.xyz
3kodin.dfnvkej.xyz
3kodin.njfohn.vip
6vjod.dfnvkej.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1507434232511139847
# Reference: https://www.virustotal.com/gui/ip-address/103.193.174.205/relations
# Reference: https://www.virustotal.com/gui/file/6876e159a8e91091535c18cf59e517f3405145efd757d564b7dcf284cae990d5/detection

imtokcn.org
imtokrn.net
imtokrn.pro
mb-imtoken.com
tokencenter.info
tokenlon.im
tongke.co
tongke.top

# Reference: https://www.welivesecurity.com/2022/03/24/crypto-malware-patched-wallets-targeting-android-ios-devices/
# Reference: https://otx.alienvault.com/pulse/6244300fee718397c862a21e
# Reference: https://www.virustotal.com/gui/ip-address/45.116.163.65/relations

180.215.126.33:51148
2022mask.com
app-coinbase.co
ariodjs.xyz
bitepie.club
bitoken.com.cn
bitpiecn.com.cn
bitpiewallet.com.cn
bitpiezh.cn
bitpio.com
cctptokenm.live
cn-imtoken.com
cryptojx.store
im-token.one
im-tokens.info
imbbq.co
imdt.cc
imtken.cn
imtoken.cn.com
imtoken.net.im
imtoken.porn
imtoken.sx
imtoken.tg
imtokenep.com
imtokens.money
imttoken.org
jabirs-xso-xxx-wallet.com
jaxwalet.com
jaxx.podzone.org
jaxx.su
jaxx.tf
jaxxwalletinc.live
jdzpfw.com
lmtoken.org.cn
lntokems.club
master-consultas.com
matemasks.date
meta-mask.org.cn
metamadk.com
metamask-wallet.xyz
metamask.hk
metamaskey.com
metamaskio.vip
metamasks.me
metemas.me
metemasks.live
mtokens.im
one-key.org.cn
onekeys.dev
onekeys.mobi
saaditrezxie.store
shayu.la
t0kenpocket.cn
tipi21341.com
tkdt.cc
token-app.cc
token-lon.me
token2.club
tokenp0cket.com
tokenpockets.buzz
tokenpockets.org
tokenweb.online
tptokenm.live
trust-wallet.com.cn
trustgame.cn
trustwellat.cc
walletrust.cn
xdhbj.com
xzxqsf.com
zh-imtoken.com
admin.metamaskio.vip
admin.token2.club
api.metamasks.me
api.tipi21341.com
appapi.imtoken.porn
bh.imtoken.sx
bp.tkdt.cc
crp.jaxwalet.com
ds-super-admin.imtokens.money
ht.imtoken.cn.com
imtokenss.token-app.cc
jaxx.libertycryptowallet.ltd
jaxx.podzone.org
libertycryptowallet.ltd
metamask.tptokenm.live
mm.tkdt.cc
ok.tkdt.cc
spspring.herokuapp.com
two.shayu.la
update.imdt.cc
update.xzxqsf.com
wallet.cryptojx.store
walletappforbit.web.app

# Reference: https://www.virustotal.com/gui/domain/irkgsm.ru/relations
# Reference: https://www.virustotal.com/gui/file/0397aa501c17f3d3e3d899a8324d2f38de4e72279e0664a60755ba5204d936a4/detection

irkgsm.ru

# Reference: https://twitter.com/malwrhunterteam/status/1520143923360014337
# Reference: https://www.virustotal.com/gui/ip-address/27.124.7.67/relations
# Reference: https://www.virustotal.com/gui/ip-address/45.63.108.144/relations
# Reference: https://www.virustotal.com/gui/file/b06c0e5560d89ee63a2fade2de08433b47dc5673131a98f75784eb2670d2da94/detection

imtoken.fm
tokem.cx
token-im.life
token-imc.cc
token-imq.co
token-imv.co
ap.token-imv.co
api.imtoken.fm
api.token-imc.cc

# Reference: https://twitter.com/BaoshengbinCumt/status/1521336416491667456

imt0ken.red
imtoken.imt0ken.red
/imtoken-intl-v2.apk

# Reference: https://twitter.com/malwrhunterteam/status/1521562439564861440
# Reference: https://www.virustotal.com/gui/ip-address/193.84.248.9/relations
# Reference: https://www.virustotal.com/gui/file/54b64d0808b795ffb48ef565b4a3a70ce7fedb2049be2010764e9466adc48ca6/detection

imtokam.online
imtoken.bz
intoken.bet
down.imtoken.bz
/imToken.apk

# Reference: https://twitter.com/BushidoToken/status/1522281784070791168
# Reference: https://otx.alienvault.com/pulse/627418f0445e08b473fe0ceb/

belinebit.com
bimexbit.com
bitbitox.com
bitboxy.com
bitglobalone.com
bitlytrade.org
btcgiran.com
coincapbit.com
dollar-crypto.com
dotxbitz.com
dotxswap.com
frontbitex.com
hoperbit.com
incoinbit.com
kaperbit.com
keeperexbit.com
lopexbit.com
marexbit.com
markexbit.com
quxbit.com
swapubit.com
walletexbit.com
walletmybit.com
woxobit.com
yayexbit.com

# Reference: https://twitter.com/malwrhunterteam/status/1522488493083086848
# Reference: https://twitter.com/malwrhunterteam/status/1522488977088995328
# Reference: https://www.virustotal.com/gui/file/7eb2da308838683ab2e1cad270bbb68cdc3966f7add077e21f8aaf9324c9f5d9/detection

coindase.xyz
vip98881.xyz
admin.coindase.xyz
ht.coindase.xyz
kf.coindase.xyz
api.vip98881.xyz
kf.vip98881.xyz
sanduan.vip98881.xyz
sd.vip98881.xyz
web.vip98881.xyz
wk.vip98881.xyz
xiazai.vip98881.xyz
xz.vip98881.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1526175132066234369
# Reference: https://www.virustotal.com/gui/file/b313bb1674a7ae62f6a13701c57394baa1efef1d955af6ba03692b01278422f4/detection

metsmas.com

# Reference: https://twitter.com/malwrhunterteam/status/1532652509717843968
# Reference: https://www.virustotal.com/gui/file/54e12d56f32bfe0e384677be2020db2723fd16d7a56758ef30c6c26716ac581c/detection

bujamuwg.xyz
coinoned.xyz
jvkutqar.xyz

# Reference: https://twitter.com/midnight_comms/status/1535448497813585921
# Reference: https://www.virustotal.com/gui/ip-address/182.16.49.3/relations

tokenpocklet.pro
tokenpockvet.pro
tokenpockzet.pro
tokenpoocbket.pro
tokenpoochket.pro
tokenpoocnket.pro
tokenpoocsket.pro
tokenpoocxket.pro
trustwahllet.com
trustwavllet.com
