# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://info.phishlabs.com/blog/new-variant-bankbot-banking-trojan-aubis

ussensivitius.gq
webcam4bdsm.tk
domainprobr.tk
eltinjapp.cf

# Reference: https://twitter.com/jorgemieres/status/1129069254395990016
# Reference: https://pastebin.com/8v7TEu3D

asdfqw.xyz
fastwebworks2010.org
protec-guvenlik-4.top

# Reference: https://twitter.com/JAMESWT_MHT/status/1221865730054008833

kozzet.ru

# Reference: https://www.virustotal.com/gui/ip-address/162.244.32.142/relations

162.244.32.142:443
162.244.32.142:80

# Reference: https://twitter.com/sh1shk0va/status/1229720531680796677 (Black Rose Lucy)
# Reference: https://www.virustotal.com/gui/file/72c84191fe66c690f5101cf307293c003f82d80f1d00ee010e3067bb0c668d75/detection

gapsoinasj.in
ja0h12p14k.in
jqeoq0r1hgf03ds.in
q9120qwpsa.in

# Reference: https://twitter.com/ReBensk/status/1243500015613554688

protectphone.pw

# Reference: https://twitter.com/malwrhunterteam/status/1248220464473923584

gov-bnminfo.com

# Reference: https://twitter.com/malwrhunterteam/status/1248226241527844865

http://45.63.98.87
213.176.36.43:4207

# Reference: https://twitter.com/malwrhunterteam/status/1250386648598228992
# Reference: https://www.virustotal.com/gui/file/a55a9e204ca0f1015a34f76967ab1e93d7e6ff4ab5abb4816b7438c8db41c8e7/detection
# Reference: https://seguranca-informatica.pt/marco-2020-analise-reversa-da-app-android-entregue-com-o-phishing-do-novo-banco
# Reference: https://www.virustotal.com/gui/ip-address/51.83.252.64/detection
# Reference: https://twitter.com/ESETresearch/status/1252252094066819072

http://186.235.91.100
abanca-sms.com
bankinter.online
bcp-cadastro.com
bcp-millennium.com
cadastro-bcp.com
cadastronb.com
caixaes.site
cgd-cadastro.com
cgd-cadastro.site
es-atualiza.com
estado-sms.com
millennium-bcp.online
nb-cadastro.com
net24apk.website
santa-espanha.com
sms-nb.site
totta2020.com
/controls/nb/control.php
/controls/nb/sms.php
/extras/bpi_link.txt
/extras/nb_link_lyly.txt

# Reference: https://twitter.com/malwrhunterteam/status/1250798529850880000
# Reference: https://twitter.com/midnight_comms/status/1250811148204675072

http://176.121.14.127
vodafone5gapps.com

# Reference: https://twitter.com/malwrhunterteam/status/1252269448267997185
# Reference: https://www.virustotal.com/gui/file/111cfd455f836794e40c6b088ab8e73f8e673a79c18e559adcffa89630a51042/detection

http://218.187.103.198
27.255.64.95:8080

# Reference: https://twitter.com/malwrhunterteam/status/1252287608274722817 (# Android variation)
# Reference: https://www.virustotal.com/gui/file/10cf5bdab95219661759bc58d572379953233ec44b30bf2f83a89f6058610f09/detection
# Reference: https://twitter.com/ninoseki/status/1253272702573395972 (# iOS variation)
# Reference: https://www.virustotal.com/gui/file/748b9f36e5a738665d082b347b5b1f4448d06a70906a32b52b77acd5aa70052e/detection

23.251.45.232:8080

# Reference: https://twitter.com/malwrhunterteam/status/1252323010662588421

poczta-interia.com

# Reference: https://twitter.com/malwrhunterteam/status/1252325976308166660

evdehayatvarfree20gb.com

# Reference: https://twitter.com/malwrhunterteam/status/1253016217268498437
# Reference: https://twitter.com/LukasStefanko/status/1253265204646903809

25s.site
obmenvsemfiles.com

# Reference: https://twitter.com/malwrhunterteam/status/1259886844961005568

bocongan113.com

# Reference: https://twitter.com/malwrhunterteam/status/1259906137891241985

bocongan113vn.com

# Reference: https://twitter.com/malwrhunterteam/status/1259909960311463936

8400113.com

# Reference: https://twitter.com/seafaringturtle/status/1259908100703821825

103.57.111.11:4163

# Reference: https://twitter.com/ReBensk/status/1260184449414647811

photobank-shar2020.website

# Reference: https://twitter.com/malwrhunterteam/status/1261545686325174273
# Reference: https://twitter.com/seafaringturtle/status/1263163367818215424
# Reference: https://www.virustotal.com/gui/file/8d742a1b50492fc35a54119f305daa054f666bf0ec08f7a668aa657af28a6563/detection

216.118.243.114:3500
216.118.243.114:57157
216.118.243.115:57157
216.118.243.116:57157
216.118.243.117:57157
216.118.243.118:57157

# Reference: https://twitter.com/malwrhunterteam/status/1266069349917503495

sosyaldestek-tr.com

# Reference: https://twitter.com/malwrhunterteam/status/1266073872614526982

dbierzkod.pl
odbierzkod.pl

# Reference: https://twitter.com/ReBensk/status/1269306854233997316

krazyfoxx9.xyz

# Reference: https://twitter.com/ReBensk/status/1270725741273964548
# Reference: https://www.virustotal.com/gui/ip-address/8.208.90.169/relations

covid-19argentina.top
darkfantasy.top
drzapato.online
drzapato.xyz
fastupdate.top
fastupdatemanager.top
greenandgrey.top
lovemeany.online
telecentrocovid19.top

# Reference: https://twitter.com/ReBensk/status/1272566330873479170

nansy782seetoyou38.website

# Reference: https://twitter.com/ReBensk/status/1272565628604502018

flashplayerupdate.top

# Reference: https://twitter.com/NtSetDefault/status/1275103442172891138

http://154.206.173.205
139.5.200.26:3500
139.5.200.27:3500
139.5.200.28:3500
139.5.200.29:3500

# Reference: https://twitter.com/malwrhunterteam/status/1349349426486153218
# Reference: https://twitter.com/bl4ckh0l3z/status/1350100010797559808
# Reference: https://www.virustotal.com/gui/file/6d29817636bd1eb314dfe5170765ef59f21c44054fb60049ade96e8becacc15d/detection

http://119.42.149.122
http://119.42.149.123
http://119.42.149.124
http://119.42.149.125
http://119.42.149.126
http://154.83.102.138
119.42.149.122:3500
119.42.149.123:3500
119.42.149.124:3500
119.42.149.125:3500
119.42.149.126:3500

# Reference: https://www.virustotal.com/gui/ip-address/213.176.36.42/relations

http://213.176.36.42

# Reference: https://www.virustotal.com/gui/file/786a73ac6036cf091939ccfa945e14e53524875ce8911f1c8d98d441fac2fd19/detection

213.176.36.42:4207
bank-negaramy.com

# Reference: https://www.virustotal.com/gui/file/a240e8586dd9d5cf199cb96deef63356dd24ae9274d750a076fd5ac4bed3f402/detection

213.176.36.42:4205
gov-bnminfo.com

# Reference: https://www.virustotal.com/gui/file/388bdb3f1f2e514e29646fe3a36bf20b7d0c47c0f0375f0aa2af262df6401845/detection

213.176.36.42:4201

# Reference: https://www.virustotal.com/gui/file/796bcb1df6fe45592137e0ddfb4dd1aa8fa264b396e43b58111543c9af89e564/detection

bnm-gov-info.com

# Reference: https://www.virustotal.com/gui/file/91807792a8c025f5b4c96a4d62f65ab335f695e9a7bbc6484c598a6ad3463684/detection

213.176.36.42:4202
negaramy-bank.com

# Reference: https://www.virustotal.com/gui/file/d3724868bb2966d0bffd235a995b6ac926a66b0756ca13679f3075d976da28e2/detection

213.176.36.42:4203
negarabank-my.com

# Reference: https://www.virustotal.com/gui/file/9ecca511661e72be443fc179cc71a1ecfcc8af48c6a8c87ef3883cb4724377b7/detection

213.176.36.42:4206
siasatan-gov-bnm.com

# Reference: https://www.virustotal.com/gui/file/c07cde11fb494e666a36ac7bb9cc593b877fb5267d04174c2295e586fdaada57/detection

bnm-govinfo.com

# Reference: https://www.virustotal.com/gui/file/0734c1af9909ce1c55bfe7d71f0c80c18792680880f4e35d849d038ce15962c7/detection

213.176.60.234:3403

# Reference: https://www.virustotal.com/gui/file/486234a479def6497524d3b501e3dfa9ae2f5e1815bd9b09219e98b8e95d62b2/detection

bnmgovinfo.com
smkgovinfo.com

# Reference: https://www.virustotal.com/gui/file/0460ecbe48b8b9d657fd1a8f7e8bbae779eddf312388f46359b21a9d97616170/detection

gov-cbminfo.com

# Reference: https://blacklist.cyberthreatcoalition.org/vetted/url.txt

cdek-payments.com
satterfieldbanks.com

# Reference: https://twitter.com/B0rys_Grishenko/status/1277515350658224128
# Reference: https://www.virustotal.com/gui/file/5ca38b7d208fbc5f665b4e0af7de5a1ac6cbc796375368934bffbef68732fc77/detection

sklepplay24.com

# Reference: https://twitter.com/ReBensk/status/1277615119594409987

http://154.206.173.194

# Reference: https://twitter.com/ReBensk/status/1277616463457792000
# Reference: https://www.virustotal.com/gui/file/c69af883dc42792500eecb12dc1f0641f1b9f4b4c340365c0491985ce6a89448/detection

193.112.126.184:39090

# Reference: https://twitter.com/ESETresearch/status/1277930672477343760

arabamuayenesi.com
usom-gov-tr.ml

# Reference: https://twitter.com/malwrhunterteam/status/1280220519460208641

http://102.129.249.232

# Reference: https://twitter.com/malwrhunterteam/status/1280502011981676546

chromekill.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1280572099686531072

looparkadaslik.xyz

# Reference: https://www.virustotal.com/gui/file/1998850290d2d17e5537610fdd074fce3027e0999a06bc7f2d9c2ee9170773eb/detection
# Reference: https://www.virustotal.com/gui/file/a8cae4f6c6c0121522baff7610a6fd09495426a90d816b8334acae903e8f6985/detection
# Reference: https://www.virustotal.com/gui/file/525198da8ae0c46f7707b9040eb4cf28794ab53df29f5f4ae5ec9830b4ea7eaa/detection
# Reference: https://www.joesandbox.com/analysis/199559/0/html

172.104.120.109:23040
172.104.135.129:3040
172.104.181.99:23040
/phoneinfo/xb_bin
/phoneinfo/xb_bin_one

# Reference: https://twitter.com/LukasStefanko/status/1280624418876686336
# Reference: https://twitter.com/NtSetDefault/status/1280648662499155968

antonioguterres.app
billclinton.app
bobiger.app
charlleskoch.institute
dougmcmillon.app
georgewbush.dev
jimyongkim.app
martinlutherkingjr.app
micheltemer.app
nelsonmandela.dev
pedroalvarescabral.dev
ragfactory.red
rupertmurdoch.red

# Reference: https://twitter.com/malwrhunterteam/status/1280846189433413634
# Reference: https://twitter.com/JCyberSec_/status/1303618860449509377
# Reference: https://www.virustotal.com/gui/ip-address/5.252.179.35/relations

bufirte.xyz
contatorfull.best
contmobi.club
contmobi.online
contmobi.work
cubirta.club
cubirta.xyz
dietasricas.xyz
gameapps.link
loltopgor.monster
mastercuponsdays.com
masteroffersdays.com
norditcph.xyz
ofertasgrandes.best
offersdirects.com
parse654.xyz
parse655.xyz
passtravel.best
poptoper2.monster
shopingoffers.xyz
topbestoffers.best
topbestoffers.monster
topbestoffers.xyz
topnomber.monster
toroftos.xyz
yourbestoffers.best

# Reference: https://twitter.com/malwrhunterteam/status/1281269010231853056

http://154.206.173.205

# Reference: https://twitter.com/malwrhunterteam/status/1283040684614852609

http://154.206.147.115

# Reference: https://www.virustotal.com/gui/file/fc0b880ddd9bda92dfb776d32a1958635be8933fa138dd35044cb5e76f470860/detection

emobileservices.club

# Reference: https://twitter.com/malwrhunterteam/status/1288838413345607680

foranymefc.site

# Reference: https://twitter.com/0bfusCat/status/1089817931435905025

izmirsiberahmet.online

# Reference: https://twitter.com/0bfusCat/status/1088413094722879488
# Reference: https://www.virustotal.com/gui/ip-address/47.74.70.68/relations

aperdosali.top
atbfinance.top
atbfinanza.top
atbfinanziario.top
comedirtad.top
ctechnick.top
dopeblock.top
materongoc.top
oldcrystal.top
sickslick.top
sleepmate.top

# Reference: https://twitter.com/sh1shk0va/status/1290267524592934918
# Reference: https://www.virustotal.com/gui/file/548ea89dcfe3fed1e6766d1c9ef36407b6d3a852fd359635e5fe9de99732eb0b/detection

vigolimone.website

# Reference: https://twitter.com/malwrhunterteam/status/1290635046169260032

cooperativa-mobile.ml

# Reference: https://twitter.com/malwrhunterteam/status/1290964433402044416

llmymdq.site

# Reference: https://twitter.com/malwrhunterteam/status/1293831060611096579
# Reference: https://www.virustotal.com/gui/file/63a07c43fc8ab595a45eb17329f8b310c8db72efef3b16a4ea081251f2e40b05/detection

154.92.17.105:1506
154.92.17.105:1509

# Reference: https://twitter.com/malwrhunterteam/status/1297078797553074176
# Reference: https://twitter.com/B0rys_Grishenko/status/1297277745362358273
# Reference: https://www.virustotal.com/gui/file/92648f5945ce65aa9ee46afe1a07e9300d4724255118d4c37bf58b8bafdbedeb/detection

http://217.8.117.104

# Reference: https://twitter.com/malwrhunterteam/status/1298677192667402248
# Reference: https://www.virustotal.com/gui/file/b336120b0dcb02d15b63f623ec1ef55659aed23f9d1355f80f2b5d1000963eac/detection

http://154.218.21.181

# Reference: https://twitter.com/malwrhunterteam/status/1301135258025431041

tiende.ru

# Reference: https://www.virustotal.com/gui/file/c073bf806c4ff8a4cacd515681cac215ee8e7b214f4cb1ad7303912aba2eb67f/detection

http://112.213.127.89

# Reference: https://twitter.com/malwaretracekr/status/1305403739117776902

http://220.129.70.58

# Reference: https://www.virustotal.com/gui/file/2502b3b57aa43a63aecb4ad6bae9e739742e78091436c27b3949b55c3387a0f4/detection

185.246.64.188:8001

# Reference: https://twitter.com/bl4ckh0l3z/status/1308789853354692608

senteam.ru

# Reference: https://twitter.com/ReBensk/status/1311154202643660801

paypal-sign.myddns.me
support-paypal.myddns.me

# Reference: https://twitter.com/malwrhunterteam/status/1311307895443787778

http://155.138.163.183

# Reference: https://twitter.com/malwrhunterteam/status/1316057431370326017

http://156.235.187.217
 
# Reference: https://twitter.com/ReBensk/status/1311536162499162112

http://157.185.179.73

# Reference: https://twitter.com/malwrhunterteam/status/1311710159715082241

http://144.202.11.123

# Reference: https://www.virustotal.com/gui/file/5642f08b04be9460fcdb973042e4841ccbd732cd5ffc0107d9750e5f9afc4449/detection
# Reference: https://www.virustotal.com/gui/file/fffa5c2a67db847f43217aa5551c75f5aa1f8f9d82bed032d6eb2a9df1f781e3/detection
# Reference: https://www.virustotal.com/gui/file/ab52aa605dde9edf4437388c5df75552ecc196b07c196f6435e7fcf7875e1745/detection

45.138.209.18:8080

# Reference: https://www.virustotal.com/gui/file/1ebe007267a27b653ab572fc4e0a6cccb9b914981d2f90b19d84b75a1bfad55d/detection

45.138.209.34:8080

# Reference: https://www.virustotal.com/gui/file/6046d1b0961301b4b2f26857c5c10e296f03ef942a1b9028631736aa0d8f1205/detection

45.138.209.37:8080

# Reference: https://www.virustotal.com/gui/file/3a3e58f6ee3b0ebc6f3373deddc32255457b710d7ae2200b823536a321a5e001/detection
# Reference: https://www.virustotal.com/gui/file/4bcb08348feda24f4f162784772d20d7808957bd052afbf4e5995ebe0ded0f5c/detection
# Reference: https://www.virustotal.com/gui/file/d601ff978865fa44311b55420c6cbb61a2a65a9631f797895c1b6406e0b9e731/detection
# Reference: https://www.virustotal.com/gui/file/74a12057215be8b65c46a8614a97fcca61012a28b1dc416fd9a9f700ef4f3485/detection

45.138.209.23:7788

# Reference: https://www.virustotal.com/gui/file/d2fd885065dacd134d54f9f07a6a95e2b3371a387102b7094cac812d7da97e25/detection

45.154.14.63:7788

# Reference: https://twitter.com/malwrhunterteam/status/1370021678915350542
# Reference: https://www.virustotal.com/gui/file/08eced64db2e5a0d8de2b57f8a1fee9f724a59be95dfb9f4935ad8d204d45bae/detection

45.154.14.95:7788

# Reference: https://www.virustotal.com/gui/file/fcfb19c41114a5bf5195d8d6316ac1738aec58b38984076ed0c63f2b48f6997f/detection
# Reference: https://www.virustotal.com/gui/file/eefe5825eb631b1ab81f2646cec7cdb21673066dd4c409e89d257b50260df324/detection

141.255.151.19:5214
141.255.157.49:5214
asdtt23488.hopto.org

# Reference: https://twitter.com/malwrhunterteam/status/1313355326670942208
# Reference: https://twitter.com/bl4ckh0l3z/status/1313374708688134144
# Reference: https://www.virustotal.com/gui/file/74b194615ce6ac50435e211470c3b2948c244a94b5b75ff2d8825bcb5a26b79c/detection

fusaed.com
qctetc.com
uxsahd.com

# Reference: https://twitter.com/malwrhunterteam/status/1313522877443043332

flash-player-indir.com

# Reference: https://twitter.com/malwrhunterteam/status/1313800408746393603

mollyptuwo.online

# Reference: https://twitter.com/malwrhunterteam/status/1316059882987061248

heapafoo.ru

# Reference: https://twitter.com/malwrhunterteam/status/1316708831678935042

http://92.63.106.163

# Reference: https://twitter.com/malwrhunterteam/status/1316782508764266496
# Reference: https://www.virustotal.com/gui/file/30557d0306ca5502de037538857c8448edc09f9f318807506cc2e285fcb40893/detection

http://154.85.186.46

# Reference: https://twitter.com/Cengiz86035319/status/1317019371764580355
# Reference: https://www.virustotal.com/gui/file/2703c955b8470f8022f4ed74c9e5ca52eabfba37b900bdc47486ee9e6af1b6e1/detection

http://35.202.212.117

# Reference: https://twitter.com/malwrhunterteam/status/1317059994907455488
# Reference: https://www.virustotal.com/gui/ip-address/91.134.159.176/relations
# Reference: https://www.virustotal.com/gui/ip-address/94.23.180.186/relations
# Reference: https://www.virustotal.com/gui/file/58a6117c374159928685e79dd55766eca1c9ac4cbe264acdd0fb1f1815427835/detection
# Reference: https://www.virustotal.com/gui/file/4c2114824eaf97c3c0ded5dea516db8dc7435a00c04aa2ac6706877908a42585/detection

ebsex.ru
exsos.ru
gomon48.ru
kexsex.ru
kosex.ru
sexet.ru
sexkex.ru
sexoko.ru
sexpis.ru
sexsos.ru
sextuk.ru
sexura.ru
sexvam.ru
sexvokrug.ru
sexvsem.ru
sosep.ru
soses.ru
sosev.ru
soske.ru
soskex.ru
sosto.ru
sosvot.ru
totsos.ru
zosos.ru

# Reference: https://twitter.com/malwrhunterteam/status/1317403643700719616

гусар.online
xn--80af4bcj.online

# Reference: https://twitter.com/malwrhunterteam/status/1318276866449510400

nuevospainflplayer.info

# Reference: https://twitter.com/malwrhunterteam/status/1319918657804357632
# Reference: https://twitter.com/bl4ckh0l3z/status/1320690035327410177
# Reference: https://www.virustotal.com/gui/file/08d74a860befbad4e3e4fc80c6b9d4b46be3c723cb1056d596f3e33dc77343a6/detection
# Reference: https://www.virustotal.com/gui/file/4c2378ead460da2282b37c58e8cf911bca55bad57baac485c8e2f9e9ad2b9313/detection

shopee-coins.com
shopee.cc-cashwallet.com
f-spy.com
a.f-spy.com
b.f-spy.com
c.f-spy.com
d.f-spy.com
f.f-spy.com
g.f-spy.com

# Reference: https://twitter.com/malwrhunterteam/status/1319952092119896065
# Reference: https://www.virustotal.com/gui/ip-address/98.126.156.85/relations
# Reference: https://www.virustotal.com/gui/file/3f7340fc7ec7028dcec2e1d9c766b72d70e5656eb17e7982e434ebe644d27878/detection

160.124.255.97:2018
1136984.com
840113.com
84113113.com

# Reference: https://twitter.com/Boyv3r/status/1320076344034791424

ebatabletiniz.com

# Reference: https://twitter.com/ReBensk/status/1322064414175092740
# Reference: https://www.virustotal.com/gui/file/c096d30ee0a0df796ca023e421aa4580a9adb5f2893bc2657577fa0e0b691e97/detection
# Reference: https://www.virustotal.com/gui/file/3e860c4ede3c07ee29ad269635e2ae6cd6790b2c74bf5ffa201e8cb4dd52b736/detection
# Reference: https://www.virustotal.com/gui/ip-address/185.193.91.74/relations

acrisias.xyz
akdorr.xyz
alphesiboeus.xyz
amyntor.xyz
anchises.xyz
antipatros.xyz
arutruck.xyz
atcor.xyz
athenades.xyz
azzaur.xyz
barud6347.xyz
busgud.xyz
calcurr.xyz
cissesd.xyz
cleathes.xyz
corydallos.xyz
crodolvith.xyz
dakquth.xyz
diokles.xyz
epaenetus.xyz
euchenor.xyz
eudoxsus.xyz
euryleon.xyz
eurysthios.xyz
eutuches.xyz
gaddurud.xyz
gruavran.xyz
grulgojer.xyz
gruraborr.xyz
hermotimos.xyz
iamusasf.xyz
iboddeth.xyz
icarius.xyz
khaascon.xyz
krakott.xyz
krazalzutt.xyz
kruzangozz.xyz
leonidasmy.xyz
leontis.xyz
lorozz.xyz
lydusasd.xyz
medonhfg.xyz
montudsan.xyz
nauvamutt.xyz
nedalqex.xyz
nezrozz.xyz
nikasiosayur.xyz
nisosfhg.xyz
omunomn.xyz
oniasasd.xyz
phanias.xyz
phileasg.xyz
praxislol.xyz
praxisyui.xyz
priamadg.xyz
priamgfg.xyz
qavukozz.xyz
rokrirr.xyz
rozrux.xyz
segerux.xyz
sinisssa.xyz
stukkuar.xyz
tectondas.xyz
telemacho.xyz
theageshgf.xyz
tigegax.xyz
timasion.xyz
tithonius.xyz
vulkuar.xyz
xiphilinus.xyz
xuthusyu.xyz

# Reference: https://www.virustotal.com/gui/ip-address/185.193.91.5/relations
# Reference: https://www.virustotal.com/gui/ip-address/192.64.119.224/relations
# Reference: https://www.virustotal.com/gui/ip-address/63.250.44.166/relations

1zmt5e0yjt.xyz
anita1898kurovsk1.xyz
babalaykaandcomp.xyz
dakquth.xyz
davnad.xyz
droid2021.xyz
gorajorr.xyz
gruraborr.xyz
heartways.xyz
iboddeth.xyz
khaascon.xyz
krazalzutt.xyz
mandalorec2021.xyz
masteronil.xyz
obiwan2021.xyz
princeleya021.xyz
tsubaka2021.xyz
warior7766.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1323157065284681728
# Reference: https://twitter.com/bl4ckh0l3z/status/1323180531891101696
# Reference: https://www.virustotal.com/gui/file/affd5f9084641dee0355dc09b60db37a162538be44727884eb45e929bd4b2f60/detection

103.85.72.156:8080
blinefm.com
2020.blinefm.com

# Reference: https://twitter.com/malwrhunterteam/status/1323284195515531265

agoralux.com.br

# Reference: https://twitter.com/malwrhunterteam/status/1323674314521141249
# Reference: https://www.virustotal.com/gui/file/7e7be8412de67b5aead030c0f03dc19285b2f4597dda554b7748e72544c45d21/detection

espflplayerdescargar.live

# Reference: https://twitter.com/malwrhunterteam/status/1326163604459180037

blinefm.com

# Reference: https://twitter.com/malwrhunterteam/status/1262783846690492418

filmspolandxxx.com

# Reference: https://twitter.com/malwrhunterteam/status/1327354542086889472
# Reference: https://www.virustotal.com/gui/file/20a7aeeadfeb548d2d6df10ed7e4d7e84caa326313f917385d7fb7736af48bd4/detection

189.6.120.28:5050

# Reference: https://twitter.com/malwrhunterteam/status/1328392462088462336
# Reference: https://twitter.com/B0rys_Grishenko/status/1328402107892981761
# Reference: https://www.virustotal.com/gui/ip-address/47.254.176.26/relations
# Reference: https://www.virustotal.com/gui/file/ea6cae544c3822e8ff4cfa86bd9285f9c1363388603d3120dacbeecda291649c/detection

3030sisisinononono.info
332dskakkwkkksk22dada.info
5050sisisinononono.info
bancosantander-segura.com
dsfiudsfdnsjds.top

# Reference: https://twitter.com/malwrhunterteam/status/1329709356116570113
# Reference: https://twitter.com/bl4ckh0l3z/status/1329713263060377608

888ccb.com
ushdka.com

# Reference: https://twitter.com/bl4ckh0l3z/status/1329776743339712518
# Reference: https://www.virustotal.com/gui/ip-address/185.156.172.69/relations

soofoodoo.club

# Reference: https://labs.k7computing.com/?p=21246
# Reference: https://www.virustotal.com/gui/ip-address/114.55.79.183/relations
# Reference: https://www.virustotal.com/gui/domain/i9600.com/relations
# Reference: https://www.virustotal.com/gui/file/280dcc68e8b10a9834252aa3bfe2eb48781da56719915c896bfba7d3e0f8c000/detection

114.55.79.183:10011
i9600.com
aff.i9600.com
control.i9600.com
kd-apk.i9600.com
service.i9600.com
zhf.i9600.com
mei669.com
oms.mei669.com

# Reference: https://twitter.com/malwrhunterteam/status/1332644727808724996
# Reference: https://www.virustotal.com/gui/file/a2fd23a258d8a39c8b096183cdd028f958fa004135cc9df2c0d8910da88e3e46/detection
# Reference: https://www.virustotal.com/gui/file/64b48ee8a113fd171fca60d8bbc495b9af3663d65a08cece12114a4d4e8b64c4/detection
# Reference: https://www.virustotal.com/gui/file/311f3ac5c075be4b1e34d50d08ff6bf8724facf018f31490f349d3c68a8815ed/detection
# Reference: https://www.virustotal.com/gui/file/7df4b0a98d44a8db431340f50c9fec4c22e7b93b6d96f09cf97695d335818dd6/detection
# Reference: https://www.virustotal.com/gui/file/ab3db21229eee4b716824ca831f9ddbb837a4b2abb6abc12101e02e84159cb88/detection

146.185.241.6:7878

# Reference: https://twitter.com/bl4ckh0l3z/status/1333009513037893632

148.66.8.98:1935
148.66.8.99:1935
148.66.8.100:1935
148.66.8.101:1935
148.66.8.98:57162
148.66.8.99:57162
148.66.8.100:57162
148.66.8.101:57162

# Reference: https://twitter.com/bl4ckh0l3z/status/1281565691037003782/photo/3

154.206.45.22:21823

# Reference: https://twitter.com/malwrhunterteam/status/1333507473504948226
# Reference: https://twitter.com/bl4ckh0l3z/status/1334147416854056960
# Reference: https://www.virustotal.com/gui/file/e5bf969569c8e4d4ad93f5f6a6b8004bebc58187238a3f0085209004e6be12f6/detection

103.145.191.61:8978
http://103.145.191.61

# Reference: https://twitter.com/malwrhunterteam/status/1334222729558548490
# Reference: https://twitter.com/bl4ckh0l3z/status/1334480342854590465
# Reference: https://www.virustotal.com/gui/file/501ca1c4ce3a6c1d03655d35109b7d16e4dc111142ffa0c3f1cec95b7a604e6f/detection

116.193.152.176:7788
http://45.138.209.52

# Reference: https://twitter.com/malwrhunterteam/status/1336983774354173952

61.227.124.151:30

# Reference: https://twitter.com/malwrhunterteam/status/1337502083608670215
# Reference: https://twitter.com/bl4ckh0l3z/status/1338168054644150273
# Reference: https://www.virustotal.com/gui/file/787f671b98b0393dc6dc703ea0f04d1d79bb6cb45ecae2173c948de61f575e53/detection

103.40.163.156:9090
blinefml.com

# Reference: https://twitter.com/malwrhunterteam/status/1338912835523534848
# Reference: https://twitter.com/bl4ckh0l3z/status/1339305454149758978

isjxkac.com
ksjajsxccb.com

# Reference: https://twitter.com/malwrhunterteam/status/1339667434450653185

http://191.101.234.104

# Reference: https://twitter.com/malwrhunterteam/status/1341710227780104192

http://111.249.159.138

# Reference: https://twitter.com/malwrhunterteam/status/1342098542224142336
# Reference: https://www.virustotal.com/gui/file/bfaed122e095077d937d878ee80cdec7c9d295ddf701361b1a2e5013e3f42c93/detection

112.213.127.149:8978
http://112.213.127.149

# Reference: https://twitter.com/malwrhunterteam/status/1343662715437510656
# Reference: https://www.virustotal.com/gui/file/652d93eff67cb6ca7f50d8b1fd89652e6878c9e7173cb211baf64d7ce5756b1b/detection

103.147.13.139:8978
http://103.147.13.139

# Reference: https://www.virustotal.com/gui/file/87c9d15e7bb4ca798947adecee7ec162206e5975680375c4f4d5f044926a5e17/detection

bb.fbb0oy.net

# Reference: https://twitter.com/malwrhunterteam/status/1346515280919408647
# Reference: https://twitter.com/bl4ckh0l3z/status/1348294330537168902
# Reference: https://www.virustotal.com/gui/file/f25e7e0de3a02fcef6749ed4ba69df20e07a6982db626903cdadac9432847038/detection
# Reference: https://www.virustotal.com/gui/file/9952ff78d120eae1637b66862d3967d06126f0b1d2c0967270207702e086cc75/detection

http://45.138.209.52
103.145.106.214:7788
45.154.14.19:7788

# Reference: https://s3.amazonaws.com/snort-org/www/rules/community/community-rules.tar.gz
# Reference: https://snort-org-site.s3.amazonaws.com/production/release_files/files/000/012/156/original/snort3-community-rules.tar.gz
# Reference: https://www.virustotal.com/gui/domain/smsgrabber.url.ph/relations

smsgrabber.url.ph

# Reference: https://twitter.com/malwrhunterteam/status/1351221272710176770
# Reference: https://www.virustotal.com/gui/file/d927fddc84d4f06c2879487756c89c89bf99848e4bec39e5aad0da6a0c53f1a9/detection

pornohdcenter.com

# Reference: https://twitter.com/malwrhunterteam/status/1351894856281579522
# Reference: https://www.virustotal.com/gui/file/5265ebe2a3e33f003b111f4f7cd4c760800e5ff55f2dd43dea8f22fda3337f81/detection

196.69.61.56:707
ndseven.hopto.org

# Reference: https://twitter.com/ReBensk/status/1352201093728518149
# Reference: https://www.virustotal.com/gui/file/cb74cd54650ba5c39a4c9e609b3a371cc7289d81dcdd849d1c5032f6a5fc5c27/detection

settings.pw
/huawei.apk
/huawei9998.apk
/xhuawei.apk

# Reference: https://twitter.com/malwrhunterteam/status/1353042982505742341
# Reference: https://www.virustotal.com/gui/file/7b769c23c607caaa1022307071e803bcfe1394c82aed11499cb65fedb5e19f17/detection

cervezaelhechicero.cl/DHLUSA/
/DHLUSA/DHLTrackShippment.html
/DHLSpain/DHLGlobalES.html

# Reference: https://twitter.com/malwrhunterteam/status/1352672839208476678
# Reference: https://twitter.com/malwrhunterteam/status/1352673988212912130
# Reference: https://twitter.com/malwrhunterteam/status/1352876505630695424
# Reference: https://www.virustotal.com/gui/ip-address/193.38.55.56/relations
# Reference: https://www.virustotal.com/gui/ip-address/194.58.108.142/detection
# Reference: https://www.virustotal.com/gui/ip-address/47.254.171.138/relations

dhl-api.club
dhl-api.icu
dhl-api.online
dhl-api.space
dhl-api.store
dhl-api.website
dhl-api.work
dhl-api.xyz
dhl-apk.com
dhl-apli.icu
dhl-apli.online
dhl-apli.site
dhl-apli.space
dhl-apli.store
dhl-apli.website
dhl-apli.work
dhl-apli.xyz
dhl-app.info
dhl-app.ru
dhl-app.space
dhl-app.website
dhl-cdn.pw
dhl-cdn.site
dhl-cdn.space
dhl-cdn.store
dhl-cdn.website
dhl-ebalo.casa
dhl-ebalo.club
dhl-ebalo.cyou
dhl-ebalo.fun
dhl-ebalo.icu
dhl-ebalo.online
dhl-ebalo.site
dhl-ebalo.space
dhl-ebalo.store
dhl-ebalo.surf
dhl-ebalo.website
dhl-ebalo.work
dhl-ebalo.xyz
dhl-ebat.icu
dhl-ebat.online
dhl-ebat.site
dhl-ebat.space
dhl-ebat.store
dhl-ebat.surf
dhl-ebat.xyz
dhl-kurva.casa
dhl-kurva.club
dhl-kurva.cyou
dhl-kurva.fun
dhl-kurva.icu
dhl-kurva.online
dhl-kurva.site
dhl-kurva.space
dhl-kurva.store
dhl-kurva.website
dhl-kurva.work
dhl-kurva.xyz
dhl-pidor.casa
dhl-pidor.club
dhl-pidor.cyou
dhl-pidor.icu
dhl-pidor.monster
dhl-pidor.online
dhl-pidor.site
dhl-pidor.space
dhl-pidor.store
dhl-pidor.surf
dhl-pidor.website
dhl-pidor.work
dhl-pidor.xyz
dhl-serv.cyou
dhl-serv.site
dhl-serv.space
dhl-serv.store
dhl-serv.website
dhl-serv.xyz
dhl-suka.casa
dhl-suka.club
dhl-suka.cyou
dhl-suka.fun
dhl-suka.icu
dhl-suka.online
dhl-suka.site
dhl-suka.space
dhl-suka.store
dhl-suka.website
dhl-suka.work
dhl-suka.xyz
dhlapk.com
dhlapp.info
dhlapp.space
dhlapp.website
/dhl-1.apk
/dhl-2.apk
/dhl-3.apk
/dhl-4.apk
/dhl-5.apk
/dhl-6.apk
/dhl-7.apk
/dhl-8.apk
/dhl-9.apk

# Reference: https://twitter.com/malwrhunterteam/status/1376476624703602698

/mrw-1.apk
/mrw-2.apk
/mrw-3.apk
/mrw-4.apk
/mrw-5.apk
/mrw-6.apk
/mrw-7.apk
/mrw-8.apk
/mrw-9.apk

# Reference: https://twitter.com/malwrhunterteam/status/1353773189864816642
# Reference: https://twitter.com/bl4ckh0l3z/status/1353794801901195271
# Reference: https://www.virustotal.com/gui/file/10658430a56a31ab8f295b3bb2860a1fc2fd95b09664d523b168de5d9bd71c2f/detection

ratapi11223344786.azurewebsites.net

# Reference: https://twitter.com/RickyLafleur1/status/1214587889700478976
# Reference: https://www.virustotal.com/gui/file/a6547415ef61bc66531978ef28913938f74dacb887bbd4ec5fc3a4ee978c4376/detection

http://185.185.71.90
whats-app.gq

# Reference: https://twitter.com/AgidCert/status/1353763168909225987
# Reference: https://twitter.com/ni_fi_70/status/1354352455123918848
# Reference: https://twitter.com/sS55752750/status/1354418390551711746
# Reference: https://twitter.com/sS55752750/status/1354420546809847820
# Reference: https://cert-agid.gov.it/news/individuato-sito-che-veicola-in-italia-un-apk-malevolo/
# Reference: https://www.virustotal.com/gui/file/9ae593c5611fa04fc0b7cf85f356b0ac92dcbe51fc5f481425ec7d6743368447/detection

cosmosframework.xyz
cosmospayments.online
montanatony.xyz
smoothbots.online
starbots.xyz
supportoapp.com
/js/app.19d5011b.js

# Reference: https://twitter.com/bl4ckh0l3z/status/1354755976755372035
# Reference: https://www.virustotal.com/gui/file/233835b9ff122185f2ff32b4841d38f6768508767f5cc5a021bc307489140a1a/detection
# Reference: https://www.virustotal.com/gui/file/1a0b29851c66a4750e132302fb3bbe180b0822069a916125feb18ce35b9ec319/detection

45.142.213.31:38920
45.142.213.31:38921
45.142.213.31:38922
45.142.213.31:38923
45.142.213.31:38924
45.142.213.31:38925
45.142.213.31:38926
45.142.213.31:38927
45.142.213.31:38928
45.142.213.31:38929
45.142.213.31:38930
45.142.213.31:38931
45.142.213.31:38932
45.142.213.31:38933
45.142.213.31:38934
45.142.213.31:38935
vpsp.ru
/A0.php?Android=
/A0.php?BankBotLog=
/A0.php?ShowPass

# Reference: https://twitter.com/ReBensk/status/1355752152740753413
# Reference: https://www.virustotal.com/gui/file/90301cc8484dab405e53a0a1ee07ff4117016412663d1df0154e6500ff1bbffd/detection

tosanfrancisco.life

# Reference: https://www.virustotal.com/gui/file/3ed04f22534c0d72641f96f59613005d72f50f7206f5e5d41a6284642df961e8/detection
# Reference: https://www.virustotal.com/gui/file/afc660b822bd032489407cc195b8ea544cde82335e17bca0fbd170e6fa4b2f52/detection
# Reference: https://www.virustotal.com/gui/file/a0075b79f75cbd0005beabbe9397a6cc79ce2521faf80771fb73bada49d898d8/detection

2.61.243.211:3210
2.61.243.211:5214
kolsayan.system-ns.net

# Reference: https://www.virustotal.com/gui/file/221926ac32a0a3da6a880320edacf5a5a8485214e5ca71bd7219fe25357f4f0e/detection

mixan4uk.system-ns.net

# Reference: https://www.virustotal.com/gui/file/b86fd4c42a30a1fbb6af287f23f7b50b72acf3308f43b4f31880563d8999b209/detection

41.233.168.80:1025
mugiwara.system-ns.net

# Reference: https://www.virustotal.com/gui/file/2cc928515b78a082307f3d813ba5e113fc0b36dff7c0f4f22534e6f1d64a2545/detection

boothead99.system-ns.net

# Reference: https://twitter.com/malwrhunterteam/status/1361753980053970950
# Reference: https://www.virustotal.com/gui/file/74adb6bd25a9714501c5e165de1875b17a69fd42d853435f0907ea7abee44fca/detection

freeplayer.site

# Reference: https://twitter.com/malwrhunterteam/status/1362067913159630851
# Reference: https://www.virustotal.com/gui/file/56ba4301cb77686a2f050bb20bf5443ce817aa582f63d4f8c76877bc230f328f/detection

bankspray.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1362853473272881155
# Reference: https://www.virustotal.com/gui/file/ff169cffd911225c22760b6e228a5857bd5e85a379b13a506c35be9639d23aa2/detection

dreamseed.info

# Reference: https://twitter.com/pmmkowalczyk/status/1367210739681943552

buguilou.com
contornosdesign.pt
spave.com.pk
weboyal.com
ylem222.com

# Reference: https://twitter.com/danlopgom/status/1367820701789532163
# Reference: https://www.virustotal.com/gui/file/85e2227bac98f2a283470798f9f15d63dc3e8f5d98c71385514603f181aefd83/detection

correos.website
correos.startupinside.net

# Reference: https://twitter.com/malwrhunterteam/status/1370443450487869441
# Reference: https://www.virustotal.com/gui/file/dd679ed92ab85e7b3f6d6b8996f681ba07b8e5afd7cf38a33b4edac38f392f4d/detection

http://154.203.226.182

# Reference: https://twitter.com/malwrhunterteam/status/1374820280636424201
# Reference: https://www.virustotal.com/gui/file/546f93d93d47c422b3193864c872a64f87fabd1dab845eecbf68195c41d35207/detection

http://154.23.55.21

# Reference: https://www.virustotal.com/gui/file/8292218f8d2630c5a03593cebb4899c7e06d4f8afedb9aa3c432b450d9e33b4a/detection

oiwa27enioaa2oinz.top

# Reference: https://www.virustotal.com/gui/file/aaf8de7f4c51e8196d677eb175f67bc614356f3acd01bc6da821fc74d863bf9a/detection

jyrsrydjrtsf0912.top

# Reference: https://www.virustotal.com/gui/ip-address/34.65.156.127/relations

awqwywewfs56843.top
gaweawgeaweg232.top
ghslitvomurjfurepj.top
ghslitvomurjfurfsdhdafhijkvepj.top
ghslitvomurjfurfsdhjkvepj.top
make9019jaion.top
se44syesegs4e3.top

# Reference: https://www.virustotal.com/gui/ip-address/35.199.117.241/relations

ghslitvomurjfurepj.top
lukabukazykasas.top
peskoleonido9201.top

# Reference: https://twitter.com/malwrhunterteam/status/1377022272926519306
# Reference: https://twitter.com/malwrhunterteam/status/1377377262404657154
# Reference: https://twitter.com/malwrhunterteam/status/1380255616376184835
# Reference: https://www.virustotal.com/gui/ip-address/198.187.29.144/relations
# Reference: https://www.virustotal.com/gui/ip-address/68.65.120.237/relations
# Reference: https://www.virustotal.com/gui/file/ae9208fd8c3e5170c3cb32df36c9f8596c4acd2fdebb7f98decd13583f26f0b5/detection
# Reference: https://www.virustotal.com/gui/file/5e816b8f4c0df1d6f1bd409988658f40416de7d7333b6776a64ce66fb41fcadb/detection

antivirusmc.xyz
apkchrome.xyz
browserchrome.xyz
chrome2apk.xyz
chrome3apk.xyz
chrome4apk.xyz
chromea1k.xyz
chromeapk.xyz
chromeapk5.xyz
chromeapk6.xyz
chromeapk7.xyz
chromeapk8.xyz
chromeapkupdate.xyz
chromebrowser.xyz
chromeeapkk.xyz
chromeupdateantivirus.xyz
chromeupdateapk.xyz
updatechromeapk.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1377563398775447555
# Reference: https://twitter.com/LukasStefanko/status/1377574453220114432
# Reference: https://twitter.com/NtSetDefault/status/1377654475507302401
# Reference: https://www.virustotal.com/gui/file/be3d8500df167b9aaf21c5f76df61c466808b8fdf60e4a7da8d6057d476282b6/detection

134.209.66.184:5000
atualservicenovo.hopto.org
modulo-gatewayzzz-com-br.umbler.net

# Reference: https://twitter.com/malwrhunterteam/status/1379513330633691153
# Reference: https://twitter.com/bl4ckh0l3z/status/1379715519553622019
# Reference: https://www.virustotal.com/gui/file/2e403d7dfbf9641dd9d54cab50b06bbc8a09aeeafa5a4b824a79750befbefe74/detection

api.88888.pm
rtmp.5555577777.cn
tiktok.tf

# Reference: https://twitter.com/malwrhunterteam/status/1382676216893804547
# Reference: https://www.virustotal.com/gui/file/9e0383ce956c1a31c44367d6886dc36d7e036771b6351082567a9e434cc1018d/detection

http://139.177.192.54

# Reference: https://twitter.com/malwrhunterteam/status/1382712585557016581
# Reference: https://www.virustotal.com/gui/file/7a392dea26a6482842a1b14b3d5fb3e0a138eba7cd8c18146758bb4c2021c3e4/detection

http://139.177.193.252

# Reference: https://twitter.com/malwrhunterteam/status/1384025728128229381
# Reference: https://twitter.com/malwrhunterteam/status/1480914416887599115
# Reference: https://twitter.com/malwrhunterteam/status/1532716068598386692
# Reference: https://twitter.com/midnight_comms/status/1532717468732379136
# Reference: https://www.virustotal.com/gui/file/eeec5a484623068336306c6dfa696981b87048ac9e37bdc14e21beca8ef6eecd/detection
# Reference: https://www.virustotal.com/gui/file/be1ea062a9496d469fc6b6579644db325d278f97ec5091777ce90b519789645b/detection
# Reference: https://www.virustotal.com/gui/file/7d29fef5cd3dc1a0271b97288f2a51e082628877091865e81ea0d13214ff50ef/detection
# Reference: https://www.virustotal.com/gui/file/8aac771bf14279eb41574fd191cf9c344f8b20ad52ac3b7a1941eca75e549935/detection

http://103.81.169.137
http://154.194.3.236
http://51.79.168.103
http://51.79.168.123
103.81.169.137:6001
154.194.3.236:6001
51.79.168.103:9001
51.79.168.123:8001
magicpro.xyz
/spy/OneNeedHintAlertDone?imei=
/spy/Sync?imei=
/spy/SyncConfig?imei=
/spy/SyncDone?imei=
/spy/addMobileAccount
/spy/addMobileApp
/spy/deleteMobileApp
/spy/downloadMobileApps
/spy/getOneModifyContact?imei=
/spy/getOneModifySms?imei=
/spy/getOneNeedHintAlert?imei=
/spy/syncMobileCallLogs
/spy/updateModifySmsResult?imei=
/spy/uploadBinary
/spy/uploadFormInfo
/spy/uploadMobileApps
/spy/uploadMobileCallLogs
/spy/uploadMobileContacts
/spy/uploadMobileGps
/spy/uploadMobileInfo
/spy/uploadMobileSmss

# Reference: https://www.virustotal.com/gui/file/0af2ab5df68cdd44d5e4e385a322f39b5bed3680197a4293ade43485fc454288/detection

http://103.126.241.166
103.126.241.166:6001

# Reference: https://twitter.com/malwrhunterteam/status/1631397387116638211
# Reference: https://www.virustotal.com/gui/file/843050142cb7b50908541d73815f1a4fbb2881db650042c3ad4008c3c67ff8c5/detection

183.111.122.124:6002
authpermission.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/e2d8d55584ac0ae5b81e93037d5fe28a5ab63dd205f5a9037cb4b035ae4a4908/detection

183.111.122.123:6002

# Reference: https://www.virustotal.com/gui/file/02307f548db01d30fd3c0cdac26b06631b26e7097bb15844bd773d7d99733f55/detection

http://45.114.125.201

# Reference: https://www.virustotal.com/gui/ip-address/142.91.115.180/relations
# Reference: https://www.virustotal.com/gui/domain/m.anyhall.com/relations
# Reference: https://www.virustotal.com/gui/file/28073e582a4374651de45479b4ba509d028cad636352ec99fb49a9e474b688d5/detection

142.91.115.180:8855
m.anyhall.com

# Reference: https://twitter.com/malwrhunterteam/status/1385925206477361154
# Reference: https://www.virustotal.com/gui/file/cb534251500fc47ac910f82ee40ddfd5657b60727af2d5178d85e19948b3d576/detection

hd-freepornvideos.club

# Reference: https://www.virustotal.com/gui/file/4b098f9f68d5f21a7ea9e23d1a3c730714abb4246f929074f7980493d0c37d09/detection

kassandra.fun
sonaspection.ru

# Reference: https://twitter.com/malwrhunterteam/status/1389255478266548224
# Reference: https://www.virustotal.com/gui/file/e911c7b36dd45be7c5e2443fe048e89c93bf057a769bf274830bd057363187be/detection

http://167.99.177.19

# Reference: https://www.virustotal.com/gui/file/b42c476a09d95582247f1e0fdae17670c6b96f5192e310b0e40121ef79755a43/detection

156.234.25.53:7788

# Reference: https://www.virustotal.com/gui/file/dfdf94f829ee1cd42da43553bad0bbea90141ed655076f73af4b02a6e9369bf2/detection

156.234.25.181:7788

# Reference: https://www.virustotal.com/gui/file/ac858a30302591b82e2417c5d60484ca4a9065974425506a03cdfc4d4b41a8a7/detection

156.234.25.249:7788

# Reference: https://twitter.com/malwrhunterteam/status/1391818475195219971
# Reference: https://www.virustotal.com/gui/file/df096b2fd6b09f2cabc7d5eedb0497058831c08d1f746f91df43bfe1d2d561b9/detection

103.40.163.75:9090
koreabam21.com

# Reference: https://twitter.com/malwrhunterteam/status/1397510362598084610
# Reference: https://twitter.com/malwrhunterteam/status/1438455316564303872
# Reference: https://www.virustotal.com/gui/file/1ab363d46c6e511bcce08c0c4dc702ceaf602ac8eef2a6663b47a4c60cb179d5/detection
# Reference: https://www.virustotal.com/gui/file/2e708e464074aed4242fb8cc3d93a16ff5ed724c33da6e45e002c3c8c30fa053/detection
# Reference: https://www.virustotal.com/gui/file/3fbcf74876ae8d6845d93be6fd747a7cc38afda00bb650443d3d52281535888b/detection

172.104.133.201:20027
ankatras.xyz
covid19-ca.link
godforgiveuss.live
sock.godforgiveuss.live
socktest.ankatras.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1417549231221616643
# Reference: https://www.virustotal.com/gui/file/39fd11ec4890da87f22b05825a1d8de1423cb2caf31aef72376ba611433ef59a/detection

139.177.182.88:20027
hhhhrkanandda.xyz
unknknknnkknkknnk.xyz
sock.hhhhrkanandda.xyz
sock.unknknknnkknkknnk.xyz

# Reference: https://twitter.com/k3yp0d/status/1446446384882782224

172.104.226.138:20027
pembesir.xyz
sock.pembesir.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1450183476842536967
# Reference: https://www.virustotal.com/gui/file/6a0aa9262bff716cbaf0be6a019fb6a1b87990311f445bb97df1240fff1248a2

139.162.233.149:20027
essesessssssss.top
sock.essesessssssss.top

# Reference: https://twitter.com/unidentified0xc/status/1425161173465538562
# Reference: https://www.virustotal.com/gui/file/e1a2efc352e34661eddae757bc6d1856c64a6e0202ea8a427a3f237c4c440162/detection

nmnmnmfsamsfan.xyz
usvpn.xyz
sock.nmnmnmfsamsfan.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1394401728372559872

contratacionesbarcelo.com

# Reference: https://www.virustotal.com/gui/file/cc5c5128939aa43d6ebb661e846ed0e18fcbad4273595244a03fee42607c51dd/detection

http://103.249.104.120
103.249.104.120:9090

# Reference: https://twitter.com/malwrhunterteam/status/1399444793747456006
# Reference: https://www.virustotal.com/gui/file/c3c3550938850cb8571e7ea69158559fd859f81e5640a2706284148ceee4ae97/detection

http://154.208.162.197

# Reference: https://twitter.com/malwrhunterteam/status/1402637471683330050
# Reference: https://www.virustotal.com/gui/file/14f4cd43cc995800f3feea4c7ebaa0e6f550ca84c18dbd103290b90d3405425b/detection

http://185.220.103.7
185.220.103.7:443 
185.220.103.7:7777

# Reference: https://www.virustotal.com/gui/file/ce9e9c7e45d8abee3dce73c1cf7389b9eeafbf0d8eb32aaf10c5cb4c7301745f/detection

156.234.25.93:7788

# Reference: https://www.virustotal.com/gui/file/88a311f0f359e231b36c4f71a17242540e4476e6047b8b96e38d12473c50d316/detection

156.234.25.58:7788

# Reference: https://twitter.com/malwrhunterteam/status/1403302055352188930
# Reference: https://www.virustotal.com/gui/file/a12d3f74deff9a214fb7c686f20c4ff8adcca6a9f9d283eed02d84c07a93ee0d/detection

secyrecontrolremontepanel.xyz

# Reference: https://twitter.com/unidentified0xc/status/1415819610616631299
# Reference: https://www.virustotal.com/gui/file/3c3d31f4febde81d2e1714bb71916acf646cbca0b4ba1e27d2e45f46389bd6e0/detection
# Reference: https://www.virustotal.com/gui/file/ae87e417e0da723d202d4030bf514b29f9115c629f1a64cddb77d2b244425a90/detection

googlesystem.cf

# Reference: https://twitter.com/f3d__/status/1252164411881598977

nuova-gestione-app.guru

# Reference: https://www.virustotal.com/gui/file/831346106da21d6edd95d62d22065a705e1c8c3edd29a31fb4ca7431d50d5cb1/detection

4-u.wtf
fitnessstyle.xyz
sportsstyle.club

# Reference: https://twitter.com/malwrhunterteam/status/1418674419296243714
# Reference: https://www.virustotal.com/gui/ip-address/66.29.137.15/relations
# Reference: https://www.virustotal.com/gui/file/2969bb031811769e2567e09c3bcd6c7d2d874b141df95f48077ea7cc311054ad/detection

apkchromee.xyz
browserchrome.club
chromeapk.site

# Reference: https://twitter.com/JAMESWT_MHT/status/1420310582553718784

pornhd1080.one

# Reference: https://twitter.com/Gritzman_/status/1328335209004150786
# Reference: https://twitter.com/ni_fi_70/status/1328345659188064258
# Reference: https://www.virustotal.com/gui/file/002d97585e2ea7b8c76a60bc576edc0d418b4b0847a011ff2c75615ab359eec6/detection

servicemail.space

# Reference: https://twitter.com/ni_fi_70/status/1308753894051401729

i-heroes-fb.nextersglobal.com

# Reference: https://twitter.com/ni_fi_70/status/1291269207133491200

imklocloforvert.com

# Reference: https://twitter.com/ni_fi_70/status/1072410706782380032

bitsolution.info

# Reference: https://twitter.com/ni_fi_70/status/1019466719474212864
# Reference: https://www.virustotal.com/gui/file/bf4027f3938897fde77a91c52d888d146f4a394a58294d349e992674b62cf09d/detection

ok091880.online

# Reference: https://twitter.com/ni_fi_70/status/1008598804164173824
# Reference: https://www.virustotal.com/gui/file/4a88d7a89e8025916e5e98cd0249fb58feee79abe3a34b63a1de28076a0b6f20/detection

p182229.top

# Reference: https://twitter.com/ni_fi_70/status/986527550498377729
# Reference: https://www.virustotal.com/gui/file/cace7765a5df91602634ff1f19fa7e23f2964d237b24fdab7c736cfeb26febc7/detection

sicher1730.top

# Reference: https://twitter.com/ni_fi_70/status/941592229960970240
# Reference: https://www.virustotal.com/gui/file/066dac5aeb7508eaaf2e30d3be117571df8c9a73fff23a3d3065c64d0dad6b15/detection

sicher911323.gdn

# Reference: https://www.virustotal.com/gui/file/8280f8182aa1ac8d861fd848521181d103003671cb167d1e3661f0eb3bae6081/detection

evernews.gdn

# Reference: https://www.virustotal.com/gui/file/cace7765a5df91602634ff1f19fa7e23f2964d237b24fdab7c736cfeb26febc7/detection

gdgfatrzwsa.top

# Reference: https://www.virustotal.com/gui/file/4a88d7a89e8025916e5e98cd0249fb58feee79abe3a34b63a1de28076a0b6f20/detection

185.243.243.242:7878

# Reference: https://twitter.com/ni_fi_70/status/783974646869884928

019863.pw

# Reference: https://twitter.com/ni_fi_70/status/781422928478994432
# Reference: https://www.virustotal.com/gui/file/8eaa248e569ac11588825695de17bcf6ca7506b3458c0584ef43480991784de0/detection

1234567898122.tk
xxx.1234567898122.tk

# Reference: https://twitter.com/ni_fi_70/status/770890719833812992
# Reference: https://www.virustotal.com/gui/file/f78aeb9ae5968c9c700f09b97f566796160a033111b080e3a6f9d126b69e4d1c/detection

santamariagorettimestre.it
sicherheit-app.biz

# Reference: https://twitter.com/JAMESWT_MHT/status/1420976920423014402

http://39.109.117.11
xarm.top

# Reference: https://twitter.com/malwrhunterteam/status/1423539502287577089
# Reference: https://twitter.com/_icebre4ker_/status/1423579192466280448
# Reference: https://securityintelligence.com/posts/brazking-android-malware-upgraded-targeting-brazilian-banks/
# Reference: https://www.virustotal.com/gui/file/d5bd93943a5433a4da132a8eab5dd14c0b5c320a40b1209812bc2c957fe6d090/detection
# Reference: https://www.virustotal.com/gui/file/8f0c8fb724bc8a8cdc66bd25172af840382db505315d17cf3b8e9d01de2f3ff9/detection
# Reference: https://www.virustotal.com/gui/file/11f0a591fbab78790bae2ab8d5c706b2f685b878aadd11b12036517938ad78b6/detection
# Reference: https://www.virustotal.com/gui/file/7774d7d0cb3635886f030cb55b51627fd02b25fcaf00c2d1d8d7c5533351f16a/detection
# Reference: https://www.virustotal.com/gui/file/a00f8137fa6a89c5de8674a23e39bf2933fd76d8639f8ecef7948158bb61a907/detection
# Reference: https://www.virustotal.com/gui/file/9cdffc731d56a20d44923e098423dc9a8a2add3a2a19833daae107a3e2ed2eda/detection

18.231.193.200:7175
54.71.124.199:7171
54.71.124.199:7173
54.71.124.199:8010
54.71.124.199:8011
54.71.124.199:8012
93.188.161.202:7175
clienteacc.online
mobile-droid.com
bemcomido.clienteacc.online
hfolqxn.clienteacc.online
iftduys.clienteacc.online
kor.clienteacc.online
mobile.clienteacc.online
ochabkd.clienteacc.online
oznxawi.clienteacc.online
vgejakw.clienteacc.online
wossupw.clienteacc.online
zastec.clienteacc.online
zkor.clienteacc.online
zwcnxgh.clienteacc.online

# Reference: https://twitter.com/malwrhunterteam/status/1423624779991601152
# Reference: https://www.virustotal.com/gui/file/6ffc8a414bd2d9ff920b2df84ee09927b41ad583775f8471879b457a0cb5e213/detection

onlyfansalisa.one

# Reference: https://twitter.com/malwrhunterteam/status/1423907902545346564

xvideos1080hd.club

# Reference: https://twitter.com/ReBensk/status/1429482221618929668
# Reference: https://www.virustotal.com/gui/file/4d915f18eea64ef2ce199c8dc34ec3e165c34faf6f692532ee50c33872f711d5/detection

cvectorart.club

# Reference: https://twitter.com/ReBensk/status/1438448553186119689

nuevosecua.duckdns.org

# Reference: https://twitter.com/ReBensk/status/1438455283362123780
# Reference: https://www.virustotal.com/gui/file/2d83480371cf081092bfa89628552abb461175333349122ead306bdc8ab9cf0b/detection

pag.mobi
dian.pag.mobi

# Reference: https://twitter.com/ReBensk/status/1438027183490940931
# Reference: https://twitter.com/malwrhunterteam/status/1438814957290852352
# Reference: https://www.virustotal.com/gui/file/ed7ef6718a6b6e7abf3bd96c72929ee9f1e9a4bfcd97429154141c7702093f36/detection

http://114.47.93.211
http://61.227.52.208

# Reference: https://twitter.com/ReBensk/status/1444958740902416390
# Reference: https://www.virustotal.com/gui/ip-address/153.92.220.42/relations

covid-alert.live
covid-help.online
covid19-alert.online
covid19-stat.online

# Reference: https://twitter.com/malwrhunterteam/status/1445760971062976512

ttneiva.com

# Reference: https://twitter.com/malwrhunterteam/status/1446084392045142019
# Reference: https://twitter.com/_icebre4ker_/status/1446091010329792519
# Reference: https://www.virustotal.com/gui/file/b4dc9230a103f57f7eba786c310a8070cd583dc3321486b08172ebbb7ac154c3/detection

onlineregisterquery.com

# Reference: https://www.virustotal.com/gui/file/db6246bd102fdfa9614a9fa5968362c5de8a3bb1cd23b5740392210d20a7d22a/detection

185.215.113.42:3000

# Reference: https://twitter.com/malwrhunterteam/status/1458757293043068933
# Reference: https://twitter.com/midnight_comms/status/1458982901907746818
# Reference: https://www.virustotal.com/gui/file/4d6c73272adb081f436048ac4f5b995458321d5dfd862da6a56ea0156ccc33ac/detection

ruslov-project.com
sant-ander-seguridad.com
/sms-santander/
/sms-santander/sendsms.php

# Reference: https://twitter.com/ReBensk/status/1459870129580220417
# Reference: https://www.virustotal.com/gui/file/e3a4d122d8850c09b89145db1b06acf33c714cd2f6a711eeef064ad6c473e4a5/detection

mydearapk.xyz
bg-1109-1.mydearapk.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1458754114645602304
# Reference: https://twitter.com/midnight_comms/status/1460265717790564355
# Reference: https://www.virustotal.com/gui/file/578c2f159d3a68ce9b7d9500eeaac99c71ce18d6e78524b30b505c80f57a945b/detection

http://114.43.207.242
http://202.79.165.35

# Reference: https://www.virustotal.com/gui/file/244dfd4beb1691c3810852f5dc74808584a9f4b174543a21f2f50abb16846807/detection

154.31.1.147:3500
154.31.1.147:57165

# Reference: https://twitter.com/malwrhunterteam/status/1461329787268575240

http://156.235.197.219

# Reference: https://twitter.com/malwrhunterteam/status/1455238660090208260
# Reference: https://www.virustotal.com/gui/file/f0bf3b4249910751edafcb0c8466b46130a0caf7662e7fb5dec0fee4f60eb86b/detection

http://164.88.248.31
134.172.19.66:9000

# Reference: https://www.virustotal.com/gui/file/f76177a0094c1fb604dd8b8c356cd0278e5acc725c4b6fe36645c2d8eed6a240/detection
# Reference: https://www.virustotal.com/gui/file/1f26fbc4d6b1da772fbe1287908b27296fafbc7866cc8f87487eb508327b1f59/detection

http://185.130.104.172

# Reference: https://twitter.com/ReBensk/status/1464584885071278080

ccservices.online

# Reference: https://twitter.com/malwrhunterteam/status/1464591393356230661
# Reference: https://www.virustotal.com/gui/file/d9953afa201d881a468242b54040fc72e5440f663313a924b043a5654c165bb4

sttania.com

# Reference: https://www.virustotal.com/gui/file/2227e156d2b92cd5d6f7b3e5a03391051074bfd25a03d7e2a957e4fd7c9ac97a/detection

sexvo.ru

# Reference: https://www.virustotal.com/gui/file/221e7abb84ed558c1c54cfb88e0f92528ce04dd8aa0b961c660b585874a61f37/detection
# Reference: https://www.virustotal.com/gui/file/a5f0111af1aed630a205b2a8cb26832b6767bd9eaae0491da1b3f03ff7c59c36/detection

8rub444.ru
8serv4.ru

# Reference: https://www.virustotal.com/gui/ip-address/213.32.35.48/relations
# Reference: https://www.virustotal.com/gui/file/3d919552a86c7b3dcda9cb26546c2bc3502adb33de4a47b70992e8c247aa2381/detection
# Reference: https://www.virustotal.com/gui/file/5568b2827c0044e07e4361aa4630133f40bba414c9039c59b2bed5142e7eedff/detection
# Reference: https://www.virustotal.com/gui/file/bed661111f11bb5e19dd14bd0ead5a62b1234410243d6377bb1e49b2413cbe1b/detection

izi444.site
ser4888.ru

# Reference: https://www.virustotal.com/gui/file/a38b6bf6b87af137778a0f590e72d856cd185ebe764825ff59f55cd1b57e72a8/detection

sexsu.ru
wsexe.ru

# Reference: https://www.virustotal.com/gui/file/ba2ed0c55aebc4ac1e3c3163c5291dcee405eacb4c2254da8fca7f6b1ba0fead/detection

taborx.ru

# Reference: https://www.virustotal.com/gui/ip-address/213.32.35.{49,1,51}/relations

8babok.ru
8rub444.ru
dewsex.ru
domsos.ru
min888.ru
mne848.site
mon888.site
nadser.ru
rubas888.ru
ser848.site
ser888.site
sexdet.ru
sexma.ru
sexpopok.ru
sexsu.ru
sexsuk.ru
sextelok.ru
sextu.ru
sexvrot.ru
sosdev.ru
votsex.ru
vsexx.ru

# Reference: https://twitter.com/ANeilan/status/1466830092718465028

dhl-getnextalert.duckdns.org

# Reference: https://twitter.com/malwrhunterteam/status/1466358933694656518
# Reference: https://twitter.com/midnight_comms/status/1466962241677402116
# Reference: https://www.virustotal.com/gui/file/8a7d8a57b5545b89bd64aa1b58fd2afbf493b1de6900ffcb96fe5bed5d70f5da/detection

http://91.204.225.159

# Reference: https://twitter.com/malwrhunterteam/status/1466878887506464773
# Reference: https://twitter.com/midnight_comms/status/1466969594556555269
# Reference: https://www.virustotal.com/gui/file/d60b75b48972fd67d339840de0ab61feba25646b7fe6c716467102c69a44b708/detection

http://112.213.126.214

# Reference: https://twitter.com/malwrhunterteam/status/1467226842788675591
# Reference: https://twitter.com/midnight_comms/status/1467682581630046209
# Reference: https://twitter.com/midnight_comms/status/1467685917771145218
# Reference: https://www.virustotal.com/gui/file/958ca7a20954a3e3fc1d7ade9d0b7df04a181631c68c72a733dad1b423deb631/detection
# Reference: https://www.virustotal.com/gui/file/66bf65ec96b7540edeb02d2164fc3bb926c73d674336edfe1eb952d4e395a542/detection

rikobot.xyz
/passfivee.php

# Reference: https://twitter.com/malwrhunterteam/status/1468169063629262852

tayyabgroup.com

# Reference: https://twitter.com/malwrhunterteam/status/1469358216849014787
# Reference: https://www.virustotal.com/gui/file/b70a015271a67801c1c3deeeb0993db7bf4e44eab18bd6744ec01953f357b1cb

http://111.90.151.237
/smnet/playstore_downloadS28/
/playstore_downloadS28/

# Reference: https://twitter.com/malwrhunterteam/status/1471205687967502340
# Reference: https://www.virustotal.com/gui/file/db33a11d3d3d935d73e61b604cf116c2abdb1a9015d09dd0a98b0bd1760fc0ce/detection

ltausincronizador.com
itoken.ltausincronizador.com
/playstore_downloadS32/

# Reference: https://twitter.com/malwrhunterteam/status/1469375284155719686
# Reference: https://www.virustotal.com/gui/file/ef2a1864f3edfb89b1c0597c9f5084333acbeed3b72ffbca383efef9ff99f0bd/detection

wdho.net.ru

# Reference: https://www.virustotal.com/gui/file/84c46be5a461d71b5f7ff79d186f0994b8f330db698e410257cb75c8b07b250c/detection

32a8-2a07-23c0-0-3000-00-625d.ngrok.io

# Reference: https://twitter.com/malwrhunterteam/status/1471194225618427904
# Reference: https://www.virustotal.com/gui/file/4a04da1e328fd7ffe9ee70d38114f7e01574700d8250f475e16b850aea65b285/detection
# Reference: https://www.virustotal.com/gui/file/bd4f2c586447652fc48adf2b84c5afddf0fdd02cb3a01ddd565d5e3e10494643/detection
# Reference: https://www.virustotal.com/gui/file/2ff49693c3aeefbd3353b9b8eb3dc8f3c4808292b13ba4936dacd1725c216ffa/detection
# Reference: https://www.virustotal.com/gui/file/d0fe0ab197ae72487a1fdfa914885f3e7d0411b1dc30ee6274dd2c03c545028f/detection

4f71-2a07-23c0-8-2000-00-b94.ngrok.io
/multipartpost.php

# Reference: https://twitter.com/malwrhunterteam/status/1470502631940534281
# Reference: https://www.virustotal.com/gui/file/ba30f5d88cbe358a2e6055e54b81049262e2e2f0a605c290e57526ab124930e4/detection

csis.digital

# Reference: https://www.virustotal.com/gui/file/b3c64f51ee7faee4dcf62b948ab2c829d71f2bbce8cf1e6df8ed5190855f9c13/detection

commandcntr.herokuapp.com

# Reference: https://twitter.com/seguridadyredes/status/1471004395001294852
# Reference: https://maxkersten.nl/binary-analysis-course/malware-analysis/android-sms-stealer/
# Reference: https://www.virustotal.com/gui/ip-address/37.1.207.31/relations
# Reference: https://www.virustotal.com/gui/file/a94b0de7975cb9b671fd16d9d9cf67977207b685ce720539782c90797d4b7983/detection

http://37.1.207.31

# Reference: https://twitter.com/ReBensk/status/1471466960944721924

diancob.com

# Reference: https://twitter.com/midnight_comms/status/1467872471365922819
# Reference: https://twitter.com/midnight_comms/status/1472989365878116361
# Reference: https://twitter.com/midnight_comms/status/1471869548550758407

http://137.220.168.218
http://137.220.168.221
http://27.124.7.133
http://27.124.7.134

# Reference: https://www.virustotal.com/gui/file/aa81391c30ff16950d3d5070e6e66f3fcf75a6e6d17da016adaa3350dc535873/detection

sexchater.one

# Reference: https://www.virustotal.com/gui/file/c471a1ca16ef1018cde46e2a263305a13c913eb74730789dfdccbf31baadf6ee/detection

cefouccqw.gq

# Reference: https://www.virustotal.com/gui/file/f8677fbacd926fca9fb55239d9491573341c1546cd2ec59e5acc49d43bcf1586/detection
# Reference: https://www.virustotal.com/gui/file/e03b9badfdd85992c8c9f79e25d5975d08b550206f7beb561c5983b3ff1f36b8/detection

datasmsalluser.in
swerverv2.herokuapp.com
testchat8564.herokuapp.com
testdata112.orgfree.com
unsaleable-curls.000webhostapp.com

# Reference: https://twitter.com/malwrhunterteam/status/1474341948169277440
# Reference: https://www.virustotal.com/gui/file/bad0f9ecd0f64d16b31158c28f4453b267d8ede5f1163d66fba200c51ac1b418/detection

http://1.171.163.104

# Reference: https://www.virustotal.com/gui/file/77a7faccc29a1498c39b1c99acd4f3b38667d72c455af2a900ac424bda0b017d/detection
# Reference: https://www.virustotal.com/gui/file/a02b269becf4483fc02768d26827bd3a38a1926a900be79367f0deb3bf6521b4/detection
# Reference: https://www.virustotal.com/gui/file/a9474d795579ea2049451d52d3275defc744a0c88ab6479eae68d20eec7daa5b/detection
# Reference: https://www.virustotal.com/gui/file/23f9918e9c1f33b8680aa0372157e86dac5e935518c9b05f53497038d05d4121/detection

209.141.46.108:8108
91.231.84.41:8108
google.dynns.com

# Reference: https://twitter.com/malwrhunterteam/status/1475482905921130502
# Reference: https://twitter.com/midnight_comms/status/1475484371251511300
# Reference: https://www.virustotal.com/gui/file/b4c892f528c8b86b76263a4095a7912b5aa30fb61fcbbe56fc271d1d130e5c2e/detection

my-api-app.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1474778716001779726
# Reference: https://twitter.com/midnight_comms/status/1475506228243664900
# Reference: https://www.virustotal.com/gui/file/06b3676ec5b7bf1dd08d49e0aec1f80e1aa5f779c67f883062ca498d20df857c/detection

45.43.41.197:1001

# Reference: https://twitter.com/malwrhunterteam/status/1473968251617087488
# Reference: https://twitter.com/midnight_comms/status/1474025832842776586
# Reference: https://www.virustotal.com/gui/file/960a508a362cd881f91182409f39643e2a923dd2b676227e690bb34b1985635a/detection

ipayshop.top
c19.ipayshop.top

# Reference: https://twitter.com/malwrhunterteam/status/1475575324213657601
# Reference: https://twitter.com/midnight_comms/status/1475579499945283587
# Reference: https://www.virustotal.com/gui/file/69fc7e850ae15a8ab94f7196ce0518e93df7ec28a4b2ad04720c101dde629382/detection

47.245.60.4:10900
47.245.60.4:8090
47.245.60.4:8099
lkshops.cc
wending002.com

# Reference: https://twitter.com/malwrhunterteam/status/1425805060987052035

http://114.47.79.189

# Reference: https://twitter.com/ni_fi_70/status/1425815291238313984

http://45.114.125.204

# Reference: https://twitter.com/malwrhunterteam/status/1478079926800637958
# Reference: https://twitter.com/malwrhunterteam/status/1478090631578890247
# Reference: https://twitter.com/malwrhunterteam/status/1478371743760793605
# Reference: https://twitter.com/malwrhunterteam/status/1512014585636741123
# Reference: https://twitter.com/malwrhunterteam/status/1512014588837077001
# Reference: https://twitter.com/ni_fi_70/status/1529357208793792513
# Reference: https://twitter.com/midnight_comms/status/1537262273047121920
# Reference: https://blog.cyble.com/2021/12/01/banking-trojan-targets-banking-users-in-malaysia/
# Reference: https://www.virustotal.com/gui/file/5f8a54d54e25400f52ce317bfdbbc866e11ea784ab2d5e3bd0a082a53c6b2d7b/detection
# Reference: https://www.virustotal.com/gui/file/9b4a0019e7743a46b49a4d8704ffd6e064db2e5d8db6da4056f7eae5369e16f9/detection
# Reference: https://www.virustotal.com/gui/file/0e6721dba6b16a1ef19f0de835ea9e12d842afd846b3a10427e5092b0427e404/detection
# Reference: https://www.virustotal.com/gui/file/18ea02f78ce1b530efaaa7e8c2da0dfe42b2715de79d73f30ebcf402ea3f41b1/detection
# Reference: https://www.virustotal.com/gui/file/53afe5a5672b53cdfd9dee053ab16c67a77b21ff2ad83a5f1bc26fdabfb8f9ff/detection
# Reference: https://www.virustotal.com/gui/file/cbcee96cde3d447d376f7888b10ebe19e8843fd26dde3198f5eb936339265589/detection
# Reference: https://www.virustotal.com/gui/file/a5c7373be95571418c41af0de6a03ce78e82bc1f432e662c0dc42b988640e678/detection
# Reference: https://www.virustotal.com/gui/file/56f6309cf66a763a6bab878792d3a9d68b5efc5efa84571474dad43a02702ab4/detection
# Reference: https://www.virustotal.com/gui/file/6978081372303551b0b159df22e82ce568dadb8a3e1007d722e19299a89c67f6/detection

csapks.online
grabamaid-my.online
grabsapks.online
maidacalls.online
m4apks.online
muapks.online
myhomescleaning.site
myhomecleaningzs.site
petsmore.online
redlabapi.online
sgbx.online
yellowssss.online
/api_spa24135/
/api_spa24135/api_espanol/api.php
/app_abc771_2sfacslfffcs2/cleaningservicemalaysia_888a/dl.php
/app_abc771_2sfacslfffcs2/grabmaid_888a/dl.php
/app_abc771_2sfacslfffcs2/made4u_888a/dl.php
/app_abc771_2sfacslfffcs2/maid4u_888a/dl.php
/app_abc771_2sfacslfffcs2/cleaningservicemalaysia_888a/
/app_abc771_2sfacslfffcs2/grabmaid_888a/
/app_abc771_2sfacslfffcs2/made4u_888a/
/app_abc771_2sfacslfffcs2/maid4u_888a/
/app_abc771_2sfacslfffcs2/
/cleaningservicemalaysia_888a/
/cleaningservicemalaysia_888a/dl.php
/grabmaid_888a/dl.php
/made4u_888a/dl.php
/maid4u_888a/dl.php
/grabmaid_888a/
/made4u_888a/
/maid4u_888a/


# Reference: https://twitter.com/malwrhunterteam/status/1566887963295989760
# Reference: https://twitter.com/midnight_comms/status/1569015763071299585
# Reference: https://www.virustotal.com/gui/file/b344e13fc9840d1c3dcd14778777f8f28b1b56e633989e0649761eddfbf9798a/detection
# Reference: https://www.virustotal.com/gui/file/0b3c4eaf803101b698b55b1b9d33e7c137c2691ccff12f75f3cb591938cd2d20/detection

bestpay-vn.store
gapks.online
ppsss.online
/ecoclean_888a/
/ecoclean_888a/api/api.php

# Reference: https://www.virustotal.com/gui/file/fa62aad4bc54e9822a51f34d8a8fcf4dbc4618f7e78c753c116defde9ef97601/detection

/proclean_888a/
/proclean_888a/api/api.php

# Reference: https://www.virustotal.com/gui/file/10a5e0f827582e6bc07cb5200a769c583d084905bebc446aa703f6bc9e294d39/detection

/agency_888a/
/agency_888a/api/api.php

# Reference: https://www.virustotal.com/gui/file/4f9d0a95e52dab76c681ebe12f0ed095d12ab01f4dd804de1ea9307e24b9dd86/detection

ssapks.online

# Reference: https://www.virustotal.com/gui/file/4f9d0a95e52dab76c681ebe12f0ed095d12ab01f4dd804de1ea9307e24b9dd86/detection

/kleanhouz_888a/
/kleanhouz_888a/api/api.php

# Reference: https://www.virustotal.com/gui/file/3ea00973b966e10775ad2844aabf7504c20e3d923d5bd62d369c9e4a485fbc8a/detection

/rentwheel_888a/
/rentwheel_888a/api/api.php

# Reference: https://www.virustotal.com/gui/file/3e670c24e726bc6136e8c5f30a45c1655e1f4903a74786bb9058b295853aa418/detection

y-sss2.online
/api_982/api.php?pass=

# Reference: https://www.virustotal.com/gui/file/31cdfa8297eec08bfe090cb6fb5e6096a556ee5496334614abc6ac637b72ea4d/detection

yapks.online

# Reference: https://www.welivesecurity.com/2022/04/06/fake-eshops-prowl-banking-credentials-android-malware/
# Reference: https://otx.alienvault.com/pulse/624e98f5c4f98e8acb8e1b64

grabmaidsapks80.online
grabmyapks90.online
maid4uapks90.online
maidacalls.online
meapks.xyz
my-maid4us.site
puapks.online
smsspy.uz
spy.smsspy.uz
yourmaid.online

# Reference: https://twitter.com/malwrhunterteam/status/1527637165827579904
# Reference: https://twitter.com/malwrhunterteam/status/1529194463918272512
# Reference: https://twitter.com/malwrhunterteam/status/1529195619662938121
# Reference: https://twitter.com/malwrhunterteam/status/1535281774338707456
# Reference: https://twitter.com/malwrhunterteam/status/1537175064382152704
# Reference: https://twitter.com/malwrhunterteam/status/1539613981345812480
# Reference: https://twitter.com/LukasStefanko/status/1527648173849722880
# Reference: https://twitter.com/midnight_comms/status/1535301479065608194
# Reference: https://twitter.com/ecarlesi/status/1539835294664499200
# Reference: https://twitter.com/fareedfauzi/status/1571480514539982848
# Reference: https://twitter.com/ReBensk/status/1571544096128512002
# Reference: https://www.virustotal.com/gui/file/642b8bd970d0c035f6b861c0251fc8d0cc941c30fddb93b67f61fa540593b470/detection
# Reference: https://www.virustotal.com/gui/file/dee63434b13911450a54cb6df057f45589cdfaecea2cf30fd3ab06620c0132af/detection
# Reference: https://www.virustotal.com/gui/file/5092fb08941f45b11df3147ca9f16c15339271e91e717244d5158952ce9fa669/detection
# Reference: https://www.virustotal.com/gui/file/dd2e57615871e4aa8d4333b85b2e8b2c4b3fd15ea8f06f5a30db41d8afd21c71/detection
# Reference: https://www.virustotal.com/gui/file/3f1253f3032edb855fd9c1f3128d947d4e4818dd2012fa77130b5cdd4053136b/detection
# Reference: https://www.virustotal.com/gui/file/236df2b89daef81fb266804158df2f50d08d11e52605246ab44fe48e47459a23/detection
# Reference: https://www.virustotal.com/gui/file/05b201c1634a4ff6d2fcd93ccf31d83ba622e939aec1db4967c4912709edf921/detection
# Reference: https://www.virustotal.com/gui/file/26916d220698b18c63534c929f4e5f99479f122023df4f01e60df7733524cc1b/detection
# Reference: https://www.virustotal.com/gui/file/26916d220698b18c63534c929f4e5f99479f122023df4f01e60df7733524cc1b/detection
# Reference: https://www.virustotal.com/gui/file/292d61b5caab7998e7d0d944d2f826ae8dd3b7bd45fb9496864518a3c331aca3/detection
# Reference: https://www.virustotal.com/gui/file/0bfeef92cb67d56483b7420f64a4574a943718ec3717d529af17c2eec3bf6713/detection

allapks.online
alluapks.online
allumroute.online
papks.online
ausbx.xyz
bluenbx.xyz
e12345.online
familiescleaning4u.store
family-cleanings4u.store
familyclean4u.store
familyclean4you.site
familyclean4you.store
familycleaning4u.store
familycleaningz4u.store
familycleans4u.online
greenssss.online
hotapp.store
ikeaexpressmy.com
kuislandtravel.com
tripvouchercart.com
tripvouchercart.store
uapis.online
uapks.online
wine4u-warehouse.online
/app_abc771_2sfacslfffcs2/maidacall_888a/dl.php
/app_abc771_2sfacslfffcs2/maidacall_888a/
/aus_888a/
/green_888a/
/pink_888a/
/yellow_888a/
/maidacall_888a/
/sg_888a/
/maidacall_888a/dl.php
/aus_888a/api/api.php
/green_888a/api/api.php
/pink_888a/api/api.php
/sg_888a/api/api.php
/yellow_888a/api/api.php
/api_982/api.php

# Reference: https://twitter.com/malwrhunterteam/status/1478086438386348033
# Reference: https://www.virustotal.com/gui/ip-address/27.50.59.109/relations
# Reference: https://www.virustotal.com/gui/file/89ec0d0be346bae66f1b640dc8831182d091fcbaf7b19d010fb390500a589f17/detection

bigo10.xyz
bigo15.xyz
bigo17.xyz
bigo29.xyz
dooprimeio.online
dooprimeio.site
happybuy.club
happyto.online
happyto.site
happyto.xyz
renzh.me
renzhengus.me
renzhengweb.me
sappdown.com
shopifly.club
shopifly.me
shopappss.com
api.shopifly.club
app.shopifly.info
app.shopappss.com
coin.bigo15.xyz
coin.bigo17.xyz
coin.bigo29.xyz
coin.dooprimeio.online
coin.renzhengweb.me
jp.dooprimeio.online
kefu.dooprimeio.online
kefu.happybuy.club
kefu.happyto.online
kf.happybuy.club
pf.dooprimeio.online
shop.dooprimeio.site
shop.happybuy.club

# Reference: https://twitter.com/malwrhunterteam/status/1478385379308879883
# Reference: https://twitter.com/midnight_comms/status/1478408536338087936

http://137.220.168.198
http://61.227.28.40

# Reference: https://twitter.com/malwrhunterteam/status/1478388877148803082
# Reference: https://twitter.com/midnight_comms/status/1478392217207193602
# Reference: https://www.virustotal.com/gui/file/eeb866e9375865b1091710c21917b532856c3471cb75583c9a4e7851ab0a0685/detection

http://206.119.81.172
http://206.119.81.174
206.119.81.172:3120
206.119.81.172:3121
206.119.81.174:3120
206.119.81.174:3121

# Reference: https://twitter.com/malwrhunterteam/status/1478377112230838272
# Reference: https://www.virustotal.com/gui/file/9ad24b2ebb2b778b0b4f33a00c878f650f683ee7b5f576b7b0590de2c8a7bf1a/detection

complaintregisterqueries.com

# Reference: https://twitter.com/malwrhunterteam/status/1478680855065280515
# Reference: https://www.virustotal.com/gui/file/610588c6a5bf1c84e5565a49f9bb17c41eea8a6c35aa3cb762ce9f7e8928854c/detection

http://154.92.23.62

# Reference: https://www.virustotal.com/gui/ip-address/45.142.212.216/relations
# Reference: https://www.virustotal.com/gui/file/e981e9dd76b6a22d437d6afd7f89e28780465978c82ff69a45a28c66334398c8/detection

androidradio.life

# Reference: https://twitter.com/malwrhunterteam/status/1479126438951456768
# Reference: https://twitter.com/midnight_comms/status/1479129194705534977
# Reference: https://twitter.com/midnight_comms/status/1479130686250307592
# Reference: https://twitter.com/midnight_comms/status/1479131372161699843
# Reference: https://www.virustotal.com/gui/file/c06bb31b1abe18f3348257c1b9119c07c766f4265180da72a36cf096d9a5834c/detection

91.204.225.189:1003
91.204.225.189:8888
kyuuup.com
down.kyuuup.com

# Reference: https://www.virustotal.com/gui/file/34c1435c856b46b286cbe8f33e764f0b6214270e829a9a94ce5b2f5cda6a8875/detection
# Reference: https://www.virustotal.com/gui/file/99ab12c5a8700baf57b8451c11c58c6ded17005febc94a8684879a495067e20a/detection
# Reference: https://www.virustotal.com/gui/file/caa0841fcf619c82a251f87ac9dc960400bfc6b0d3d338159660de113e855af3/detection
# Reference: https://www.virustotal.com/gui/file/2ff97543a2dc5e1682f6f579eca8829cac4cdb0a7bf25d91b6f2af4bf8efc772/detection
# Reference: https://www.virustotal.com/gui/file/2e0d15ebe64b01961acfd5eb2f5c27b3bc6599a8279e68c8572064dfcb9fd52b/detection
# Reference: https://www.virustotal.com/gui/file/d56aa0e8e04b4be4290a920fab6628d4d2de8a725e9fbfae0ca12bb4607a35c9/detection

18.220.102.103:7173
18.220.102.103:7175
18.220.102.103:7177
3.133.123.89:7777
3.133.123.89:8081
agzvatacado.com.br
atacadolinhares.com

# Reference: https://twitter.com/500mk500/status/1481947421328478219
# Reference: https://www.virustotal.com/gui/file/d35ab11b39ad713206a78cf8eb14a06bab54871e72685313c0abba14ad35df0b/detection

techhostuk.xyz
/Eso/api/payload.php

# Reference: https://www.virustotal.com/gui/file/3693ad57bd27218b76e31c5cde0d8a0877b9267e59a152b7f9f98483192dd370/detection

http://103.13.221.63
220.136.230.106:8081

# Reference: https://twitter.com/malwrhunterteam/status/1483539066591318023
# Reference: https://www.virustotal.com/gui/file/4b9aa94766bcae1a8ffaa958699847aa2b39119db8c6ab26d724444b416d1f5a/detection

tonights01.vip

# Reference: https://twitter.com/malwrhunterteam/status/1483126491294613516
# Reference: https://www.virustotal.com/gui/file/6ae895625fa8a4bbca9386483abc36a82594f3213d0c725a4efff40bf49a77e7/detection

http://45.43.41.197

# Reference: https://twitter.com/malwrhunterteam/status/1485696942025973768
# Reference: https://www.virustotal.com/gui/file/35e4033d09316f54119b61b27eb46636854aa0807f3b8e59ec2a21e1d8dac0a2/detection

http://111.246.108.151

# Reference: https://twitter.com/malwrhunterteam/status/1486052030888259584
# Reference: https://www.virustotal.com/gui/file/3d07a148559d68d986fcace1003ef8d837885b4b27c1ca834f084c512e38bcc4/detection

poderjudicialoficinascontrol.net

# Reference: https://www.virustotal.com/gui/file/295ec13eec8460e796f0d1f21eaa9eed6221d258f4c92f9b53e735093e7f0179/detection

119.29.195.21:9876

# Reference: https://twitter.com/B0rys_Grishenko/status/1486448538494152704
# Reference: https://www.virustotal.com/gui/file/c371e98ebee12cde6c9c5c76e5c83b0ae7efef171b25fc01c6e983a4da239e49/detection

212.192.246.188:1010

# Reference: https://www.virustotal.com/gui/file/710c2244d1ba0f73db5ce21064502339d912a34e9ed4fd8499446c7ac813c569/detection

114.36.208.180:8081

# Reference: https://twitter.com/malwrhunterteam/status/1488832320786341888
# Reference: https://twitter.com/malwrhunterteam/status/1490746990329802755
# Reference: https://twitter.com/malwrhunterteam/status/1492099704422809603
# Reference: https://www.virustotal.com/gui/file/5ed619830a363a0f080cc71249a9dbfec2db3130f399e523b308c99fb2da26bb/detection
# Reference: https://www.virustotal.com/gui/file/bb452ea20d55c5ea89b23d93b974911e61c42cf798df1875d05e10f930ff4672/detection
# Reference: https://www.virustotal.com/gui/file/2285d654954ab1aa92e00f77a67dd1c02e024db8428653d5c62706ab760e1dd9/detection

bbvaupdateappdownload.com
lockappdown.com
update-bbva-v2.com

# Reference: https://twitter.com/malwrhunterteam/status/1492106775826513922
# Reference: https://www.virustotal.com/gui/file/17d7526af61a94cd3707a75b00005d01cd9211eed503baf9325904b186dbc32c/detection

complaintinquiryhelp.com

# Reference: https://twitter.com/malwrhunterteam/status/1493318560722178058
# Reference: https://twitter.com/malwrhunterteam/status/1516114403913093121
# Reference: https://www.virustotal.com/gui/ip-address/198.12.107.13/relations
# Reference: https://www.virustotal.com/gui/file/1240870ae35a18d53287b89f300cafec31e6c2a4962faba4c467c587b24d445b/detection

http://192.227.196.185
http://198.12.107.13
http://3.108.190.204
/iaserver.php

# Reference: https://www.virustotal.com/gui/file/5e259116bb38fc85f9406e7ed07c3af401a4429864adb812d43893e08c05f2fc/detection

103.127.126.78:1001

# Reference: https://twitter.com/JAMESWT_MHT/status/1496477252997025792

normativapsd2-intesasp.duckdns.org
sms-super-rat.site

# Reference: https://twitter.com/malwrhunterteam/status/1496600700498890757
# Reference: https://www.virustotal.com/gui/file/852e371c395d1312931fa9dd8cdc318c5ac27a1a34a0e8bb66df38642e5602fb/detection

43.155.102.71:4010
mcfinancial2018.top
1qaz.mcfinancial2018.top

# Reference: https://twitter.com/malwrhunterteam/status/1497189419484430337
# Reference: https://www.virustotal.com/gui/file/98a9f841661a2e099b0a038b86a21feeda2c6b3c35ec296f28cc056c5208b86f/detection

apkface.co.nz

# Reference: https://twitter.com/malwrhunterteam/status/1497264749511335937
# Reference: https://twitter.com/LukasStefanko/status/1497360616939405314
# Reference: https://www.virustotal.com/gui/file/f8a4ab3e0ae8216fa0fd455e6c1b861187463e761266c2a7aa0b68c062bb8cbe/detection

bitbankchains.com

# Reference: https://twitter.com/dubstard/status/1499277881037447173
# Reference: https://twitter.com/jh__1995/status/1501517261227626498
# Reference: https://www.virustotal.com/gui/file/f0b8d4ab6094cbca5a15049fc187115edf634760959c8572dd8c461b207eeeae/detection
# Reference: https://www.virustotal.com/gui/file/3791991c210a66e13d27d1122c20542907f3e6124e16d55fe3445ce1852011a3/detection
# Reference: https://www.virustotal.com/gui/file/76e0130e745ae7cb89b54f5925424d297bc7dde4b226ddb3ee3f466e616590b1/detection

http://141.95.110.157
141.95.110.157:4646
141.95.110.157:4747
141.95.110.157:5151
141.95.110.157:5656
141.95.110.157:5757
141.95.110.157:5959
it-token.me
nuova-pratica.net

# Reference: https://twitter.com/malwrhunterteam/status/1501306676250656770
# Reference: https://www.virustotal.com/gui/file/c282162cabc838956a26e034f9781add893633f1109840da04be49d964b9b5d6/detection

seguridadbbva.ddns.net

# Reference: https://twitter.com/illegalFawn/status/1502215836471336961

aggiorna-dati.com
app.aggiorna-dati.com

# Reference: https://twitter.com/malwrhunterteam/status/1502741288126455817
# Reference: https://www.virustotal.com/gui/file/007962b4a6813c099e0f682f2b6691427251dee74c7bf949b901ec0f757eace6/detection

iccashback.xyz
server5569.herokuapp.com

# Reference: https://twitter.com/malwrhunterteam/status/1502743002070102017
# Reference: https://www.virustotal.com/gui/ip-address/2.57.187.136/relations
# Reference: https://www.virustotal.com/gui/file/45d94c1bd3db47b49e5ab2ea6d79f7d6437df4dab0e412393b4fb3833fef88ff/detection

hopertemesnedenekerme.net
trasmatosdomones.net
trelicekeremlicenedenes.net

# Reference: https://www.virustotal.com/gui/file/5ce4f9a32f14cb73567a07cfbee92bd967392a889f562a592dea6381644c693e/detection

193.161.193.99:38464
joseluisperalta332-38464.portmap.host

# Reference: https://twitter.com/ThreatFabric/status/1501911413891248128
# Reference: https://twitter.com/malwrhunterteam/status/1504054802086518784
# Reference: https://www.virustotal.com/gui/file/b12dd66de4d180d4bbf4ae23f66bac875b3a9da455d9010720f0840541366490/detection

mycrypto-app.com

# Reference: https://twitter.com/malwrhunterteam/status/1504460977546444801

app-token-new.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1504470425564160004

direttiva.net
utenze-app-2022.net

# Reference: https://twitter.com/bl4ckh0l3z/status/1504573644466495489

verifica-conto-online.com

# Reference: https://twitter.com/malwrhunterteam/status/1505113881219379201
# Reference: https://www.virustotal.com/gui/file/f53b4f10f9f3ae3e0657d6d90f23f4aec1ccaa563e67d0ad307229d49eb94ee6/detection

aggiorna-web.org
conferma-informazioni.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1505993336661938185
# Reference: https://www.virustotal.com/gui/file/c9827143f8e76137e582c4ec53ae10032f6543d5bd02fbeb81ecbccedf648656/detection

resim.ac

# Reference: https://twitter.com/malwrhunterteam/status/1507440648407982082
# Reference: https://www.virustotal.com/gui/file/3272babdbba4ee7c05a3f2c01b810ca58722e105d11c792c9dc684c4e1251e97/detection

dati-info-online.com

# Reference: https://twitter.com/illegalFawn/status/1511976296313675778

attiva-ora.cc

# Reference: https://twitter.com/JAMESWT_MHT/status/1514587748102979585
# Reference: https://twitter.com/JAMESWT_MHT/status/1514602924462075906
# Reference: https://bazaar.abuse.ch/sample/8e24803de9d71899f4e146569462b15f42c0c2d19529482c9e67a2e9d39db374/

no-infami.com

# Reference: https://twitter.com/ThreatFabric/status/1514626208151052288

iqitech.com.ng/assets/default/js/ckeditor/adapters/receiver.php

# Reference: https://twitter.com/malwrhunterteam/status/1514587095742005257
# Reference: https://www.virustotal.com/gui/file/5bc84ed4a80f805ea5d83652624f20708029072080a9356bf5920251e6b717bd/detection

food-bolt.pl

# Reference: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/phishing-android-malware-targets-taxpayers-in-india/
# Reference: https://otx.alienvault.com/pulse/61374d351fd12f7d4a8bef82
# Reference: https://www.virustotal.com/gui/file/1e8fba3c530c3cd7d72e208e25fbf704ad7699c0a6728ab1b290c645995ddd56/detection
# Reference: https://www.virustotal.com/gui/file/120a51611a02d1d8bd404bb426e07959ef79e808f1a55ce5bff33f04de1784ac/detection

jsig.quicksytes.com
/MC/NN180521/mc.php

# Reference: https://twitter.com/malwrhunterteam/status/1516134727438139392
# Reference: https://www.virustotal.com/gui/ip-address/47.243.32.43/relations
# Reference: https://www.virustotal.com/gui/file/64a8a493bbe9149c44e64787e7058f7fa5ec1cc8c4d95ce72414e9f82c423487/detection

krakenwe.com
krakenxz.com
mobile5566.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1516873314572161030
# Reference: https://www.virustotal.com/gui/file/f217d7652934d4f26c379250ed93d94f0f751bf8673f8992b75da703bf408168/detection

android-exploit-default-rtdb.firebaseio.com

# Reference: https://twitter.com/AgidCert/status/1517098761431961602
# Reference: https://cert-agid.gov.it/wp-content/uploads/2022/04/smsgrab_21-04-2022.json_.txt
# Reference: https://www.virustotal.com/gui/ip-address/111.90.142.153/relations
# Reference: https://www.virustotal.com/gui/file/c58befc7919032bdb192f3a29e32d7af425eed133d05db13b2dd8d27ca6a82c0/detection
# Reference: https://www.virustotal.com/gui/file/ed6ecddfd45552c069f0fbb076d60e1a177b4f683988dcba769dc184178a417b/detection
# Reference: https://www.virustotal.com/gui/file/c6051449b53c0d3b884920ae402ac80316b6a4d12d19a4c5a78dc795ab90fac5/detection
# Reference: https://www.virustotal.com/gui/file/5b623c95f027088d55940e1b2f89656c4b634ae825e464c81557b0a487987ba7/detection
# Reference: https://www.virustotal.com/gui/file/31208850ba6add5c0d813109f8ca2149bd706609be2770a1c665da1914c27519/detection
# Reference: https://www.virustotal.com/gui/file/89c61f0c261774f5d61c09e44508619eb3497c2ccec4e831d5c2635b9fe7c333/detection

appmessaggi2022.com
appmessaggi2022.net
/app/appsicurezza/

# Reference: https://cert-agid.gov.it/wp-content/uploads/2022/04/smsgrab_22-04-2022.json_.txt

clienteportale.com
goriziacarcere.altervista.org

# Reference: https://cert-agid.gov.it/wp-content/uploads/2022/05/smsrat_02-05-2022.json_.txt
# Reference: https://www.virustotal.com/gui/ip-address/23.235.232.236/relations
# Reference: https://www.virustotal.com/gui/ip-address/82.221.129.39/relations

aderireweb.com
scarica-adesso.com
scarica-info.com
scarica-orasicura.com
scarica-qui.com
scarica-sicurezza.com
scarica-subito.com
scaricaadesso.com
scaricaqui.com
scaricasubito2022.com
attiva-sicurezza.scarica-orasicura.com
attiva-sicurezza.scaricaadesso.com
sicurezza-web.aderireweb.com
sicurezza-web.scarica-adesso.com
sicurezza-web.scaricasubito2022.com

# Reference: https://twitter.com/malwaremansys/status/1517113535653838848
# Reference: https://www.virustotal.com/gui/file/2ff24ec36b4ee6fa8cd0b26d8a61bffc6cafa48ba21760c7fecae7d11a88b766/detection
# Reference: https://www.virustotal.com/gui/file/e669aaaf69ecfe30f5c7f0b7d4f1fc82be1337aacbbb21b60b0a6f808e7c1da5/detection

http://180.215.155.21
180.215.155.21:6677
180.215.155.21:7788

# Reference: https://twitter.com/malwaremansys/status/1436941904768225280
# Reference: https://www.virustotal.com/gui/file/f9f3097eac9b5f216c8158c23d5bf5c2051cc6657aaaaf9adb6939f0f97b3330/detection
# Reference: https://www.virustotal.com/gui/file/8c6e67d047e7d79ee0246d2b002c79ceb1934b2a070dce884e85efb9fbeaf550/detection
# Reference: https://www.virustotal.com/gui/file/5ec6cb7dac3960738d65c40432dc1221570ee8d65833124cedebab362754e1ea/detection

mivip.xyz
romo.mivip.xyz
topo.mivip.xyz
soyo.mivip.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1517562010942283776
# Reference: https://www.virustotal.com/gui/file/bfa9a861d953247eea496f4a587f59e9ee847e47a68c67a4946a927c37b042c4/detection

ssi.management

# Reference: https://twitter.com/malwrhunterteam/status/1517787583648268288
# Reference: https://www.virustotal.com/gui/file/3efd7a760a17366693a987548e799b29a3a4bdd42bfc8aa0ff45ac560a67e963/detection
# Reference: https://www.virustotal.com/gui/file/da4e28acdadfa2924ae0001d9cfbec8c8cc8fd2480236b0da6e9bc7509c921bd/detection

server5570t.herokuapp.com
server85478.herokuapp.com

# Reference: https://twitter.com/malwrhunterteam/status/1521240037404336128
# Reference: https://www.virustotal.com/gui/file/65d5dea69a514bfc17cba435eccfc3028ff64923fbc825ff8411ed69b9137070/detection

iccashcashback.xyz
server5568t.herokuapp.com

# Reference: https://twitter.com/malwrhunterteam/status/1517577088143962112
# Reference: https://www.virustotal.com/gui/file/825bcade5a6323c5d81b11a572e51232a0ddb205107c2edeb5d42bf94f231f49/detection
# Reference: https://tria.ge/220423-hgcb8afabp/behavioral1

app-connector.duckdns.org

# Reference: https://twitter.com/malwrhunterteam/status/1518635868629745667
# Reference: https://www.virustotal.com/gui/ip-address/217.21.74.60/relations
# Reference: https://www.virustotal.com/gui/file/8bc920af87fa19c3bfe76b40f85390d983b81340af690a49113f247cca957456/detection

biotermitecontrol.com
mymaidkl.com
mobile444.biotermitecontrol.com
mobi1e666.mymaidkl.com

# Reference: https://twitter.com/malwrhunterteam/status/1518869405089808384
# Reference: https://twitter.com/bl4ckh0l3z/status/1520042120282783744
# Reference: https://twitter.com/Gi7w0rm/status/1520152273040691203
# Reference: https://www.virustotal.com/gui/file/f3092c6f398e9f248286817d82e50c45e51df09abc08b6897cdac729b8e9b59a/detection

homeloan.vip
magicmoney.cc
app.homeloan.vip
app.magicmoney.cc

# Reference: https://twitter.com/malwrhunterteam/status/1520023263476436994
# Reference: https://www.virustotal.com/gui/file/659e1b784b4380f50bb96c93593f2715a428ae2e31f7d57f4e15d8ed382997af/detection

acequeen20.net

# Reference: https://twitter.com/malwrhunterteam/status/1520364917324451841
# Reference: https://www.virustotal.com/gui/file/9115408ab7227f30cb6d3f785c208377b31da208171def1c3ec4d81c6f833585/detection

fich.buzz

# Reference: https://twitter.com/malwrhunterteam/status/1520400857900236800
# Reference: https://www.virustotal.com/gui/file/9574cc465edc79f2a0e25ca12a8c9febcff368f498373c9ca841a947c4659a95/detection

inbestbeauty.com

# Reference: https://www.virustotal.com/gui/file/17fb8b2590b9ae36ccd14ee07422c3c987263e91897ffb248748a3318ea5ad0c/detection

27.255.64.75:8080

# Reference: https://twitter.com/malwrhunterteam/status/1527034925442027526
# Reference: https://twitter.com/ni_fi_70/status/1527185971770531840
# Reference: https://www.virustotal.com/gui/file/5e5343aecc20c04f64c89fedb6263fad9bfca7ede36437820f32f3502f7393c8/detection

demosketch.000webhostapp.com
looz-b3052-default-rtdb.firebaseio.com

# Reference: https://twitter.com/malwrhunterteam/status/1529806150228754432
# Reference: https://www.virustotal.com/gui/file/869864fa8ba65b37d03487dae6b403c6cb9ca556368ef4a6bb51d8a43a1c5a22/detection

103.127.125.169:7896

# Reference: https://twitter.com/malwrhunterteam/status/1531333203516174339
# Reference: https://www.virustotal.com/gui/file/7394a5b7e15eba380a4add9c6954b15c85cd082bc8e881380cdf3d2b9f5209d9/detection
# Reference: https://www.virustotal.com/gui/file/90484e012575381a0c8f33d61c76184e2aba5d2b31a929ac2d4bbd79576c2dc0/detection

clientesbbvalock.com

# Reference: https://twitter.com/malwrhunterteam/status/1531719070088929280
# Reference: https://www.virustotal.com/gui/ip-address/154.204.31.226/relations
# Reference: https://www.virustotal.com/gui/file/988438053a028bd6a2735756ef800b3f547fa89f21051b22207940add0cdd1fc/detection

bithumbex.com
humbvip.pro
exchange.bithumbex.com
exchange.humbvip.pro

# Reference: https://twitter.com/malwrhunterteam/status/1501288384760893449
# Reference: https://twitter.com/malwrhunterteam/status/1501297507846037506
# Reference: https://twitter.com/malwrhunterteam/status/1532085707296194560
# Reference: https://www.virustotal.com/gui/ip-address/148.72.158.61/relations
# Reference: https://www.virustotal.com/gui/file/e9d973acffa86c37ae72d3db4093cd7a449d5cd1bf52c6386352a5a6fa223ad6/detection
# Reference: https://www.virustotal.com/gui/file/4a517a3992726cc4ee9f7890ecaaba01e40165c27b8a32ad440fb013721b2c65/detection
# Reference: https://www.virustotal.com/gui/file/24fc61f6184426018bfe9124c68c753339c6cc6c7c507fe5304c42f247963b88/detection
# Reference: https://www.virustotal.com/gui/file/ce71c1916be8edffeca2e5a18709b19188a4ff221647491d9807e7b017d0343a/detection

accountsecureverify.com
contactquarycenter.com
csqs.online
online-complaint.com
thesecureservices.in
secondnew.csis.digital
online-complaint.accountsecureverify.com

# Reference: https://twitter.com/ReBensk/status/1532049841009750017

http://135.181.31.152

# Reference: https://twitter.com/malwrhunterteam/status/1532421877611778057
# Reference: https://twitter.com/malwrhunterteam/status/1538120893506928640
# Reference: https://twitter.com/midnight_comms/status/1538134165371072513
# Reference: https://twitter.com/elhackernet/status/1541673500988940290
# Reference: https://www.virustotal.com/gui/ip-address/185.178.45.125/relations
# Reference: https://www.virustotal.com/gui/ip-address/185.244.183.105/relations
# Reference: https://www.virustotal.com/gui/ip-address/213.178.155.60/relations
# Reference: https://www.virustotal.com/gui/ip-address/45.10.244.134/relations
# Reference: https://www.virustotal.com/gui/ip-address/5.188.90.227/relations
# Reference: https://www.virustotal.com/gui/ip-address/91.203.193.103/relations
# Reference: https://www.virustotal.com/gui/file/caee54ae322d5418f051e468c13a4ec04263f02f8b8bd6b5db34e388dbbb331a/detection
# Reference: https://www.virustotal.com/gui/file/328b4d74654a3d3ed4adc8be6bff11d2adf29d04c13f050c97fa6d2d4fcea455/detection

accesodigital.icu
accesodigitales.icu
app-protect.click
appmovil.click
appmovil.icu
appsecureguide.com
cancelacion.icu
es-appmovil.click
es-appmovil.icu
es-movil.click
es-movilapp.click
es-protect-app.click
es-protect.click
es-protect.icu
es-protectapp.click
es-protectapp.icu
european2fa.com
movil-actual.click
movil-actual.icu
movil-descarga.click
movil-es.icu
movil-protect.click
movilapp.click
movilapp.icu
movilapps.click
movilprotect.xyz
privasol.xyz
protect-actual.icu
protect-app.click
protect-es.icu
protect-mobile.click
protect-movil.click
protect-movil.icu
protect-now.click
protectapp-es.icu
protectapp.click
protectapp.online
reactivar-usuario.click
reinaldotrrr.xyz
acceso.app-protect.click
acceso.appmovil.click
acceso.appmovil.icu
acceso.es-appmovil.click
acceso.es-appmovil.icu
acceso.es-movil.click
acceso.es-movilapp.click
acceso.es-protect-app.click
acceso.es-protect.click
acceso.es-protect.icu
acceso.es-protectapp.click
acceso.es-protectapp.icu
acceso.movil-actual.click
acceso.movil-actual.icu
acceso.movil-descarga.click
acceso.movil-es.icu
acceso.movil-protect.click
acceso.movilapp.click
acceso.movilapp.icu
acceso.movilapps.click
acceso.movilprotect.xyz
acceso.protect-actual.icu
acceso.protect-app.click
acceso.protect-es.icu
acceso.protect-movil.click
acceso.protectapp-es.icu
acceso.protectapp.click
acceso.protectapp.online
acceso.reactivar-usuario.click
access.protect-mobile.click
bbva.app-protect.click
bbva.appmovil.click
bbva.appmovil.icu
bbva.appsecureguide.com
bbva.es-appmovil.click
bbva.es-appmovil.icu
bbva.es-movil.click
bbva.es-movilapp.click
bbva.es-protect-app.click
bbva.es-protect.click
bbva.es-protect.icu
bbva.es-protectapp.click
bbva.es-protectapp.icu
bbva.european2fa.com
bbva.movil-actual.click
bbva.movil-actual.icu
bbva.movil-descarga.click
bbva.movil-es.icu
bbva.movil-protect.click
bbva.movilapp.click
bbva.movilapp.icu
bbva.movilapps.click
bbva.movilprotect.xyz
bbva.protect-actual.icu
bbva.protect-app.click
bbva.protect-es.icu
bbva.protect-movil.click
bbva.protectapp-es.icu
bbva.protectapp.click
bbva.protectapp.online
citi.protect-mobile.click
citi.protect-now.click
login.protect-now.click
unicaja.accesodigital.icu
unicaja.accesodigitales.icu
unicaja.cancelacion.icu
unicaja.reactivar-usuario.click
univia.accesodigital.icu
univia.accesodigitales.icu
univia.cancelacion.icu
/banzreceiver/
/banzreceiver/receiver.php

# Reference: https://twitter.com/malwrhunterteam/status/1549122722596327424
# Reference: https://www.virustotal.com/gui/ip-address/2.59.40.220/relations
# Reference: https://www.virustotal.com/gui/ip-address/85.193.88.116/relations
# Reference: https://www.virustotal.com/gui/file/fc441080c994e53f43c2e8fcb3cbcad69ef36fe84ee239a38656fb7f9fd8ab28/detection

app-movil.icu
app-protect.info
app-protect.top
collab-connect.land
compound-finance.top
dooplicator-mint.com
dooplicator-nft.com
dxdy-trade.top
dxdy-v2.top
dydx-exchange.icu
dydx-exchange.top
es-protect.info
holdercertify.com
movil-protect.icu
protect-app.info
protect-digital.click
protect-movil.info
receddiver.xyz
thedooplicator-mint.com
acceso.app-movil.icu
acceso.app-protect.info
acceso.app-protect.top
acceso.es-protect.info
acceso.movil-protect.icu
acceso.protect-digital.click
acceso.protect-movil.info
bbva.app-movil.icu
bbva.app-protect.info
bbva.app-protect.top
bbva.es-protect.info
bbva.movil-protect.icu
bbva.protect-app.info
bbva.protect-digital.click
bbva.protect-movil.info

# Reference: https://twitter.com/malwrhunterteam/status/1534636991006093317
# Reference: https://www.virustotal.com/gui/file/7a93df01e0de0e0bf98bb35bab1f27ef9349411f5804eddedebc09ccb3115c8b/detection

hotnews.lol
onlyfans.org.nz

# Reference: https://twitter.com/malwrhunterteam/status/1537045669118189568
# Reference: https://twitter.com/midnight_comms/status/1537093970978693120
# Reference: https://www.virustotal.com/gui/file/b2dbd9f108990215d2552545b8879d9c206dc95959c5cc580dda5cb74074c3c4/detection

baguvixforme.ipv6d.my.id
melanieparker.freecluster.eu

# Reference: https://www.virustotal.com/gui/file/7753b955b6e9ac336872cb2b0b10218316bf8b9fc3ba9a8e3146746b5841514d/detection

glosso.info

# Reference: https://twitter.com/malwrhunterteam/status/1539585094699974656
# Reference: https://www.virustotal.com/gui/ip-address/62.197.136.162/relations
# Reference: https://www.virustotal.com/gui/file/fbc44ae305d55f3e70541f52659cc9b0ea153056d0428f81c578d3a748dc91e5/detection

bnbgta.site
bncbia.site
cbiabn.site
dacto.site
datecdo.site
davbn.site
davicanda.site
daviclenta.site
daviderra.site
daviendas.site
davimenla.site
davimica.site
daviunda.site
davlecda.site
dcdto.site
dtceto.site
lillpink.site
smsflash.site
smsinstant.site
smsquick.site
smsrapido.site
solidadria.site

# Reference: https://twitter.com/malwrhunterteam/status/1540428230154506240
# Reference: https://www.virustotal.com/gui/file/47284af8ccf06ae9fc0e93e69e549d17e9a2508886bf6f2952fe54260d8c68aa/detection

projectxcrack23.pserver.ru

# Reference: https://www.virustotal.com/gui/file/acee1384eda616f0f483ee340dbebbfdc8e33876b7002606aedcfcb7c625f01e/detection

lakeforestus.space

# Reference: https://www.cleafy.com/cleafy-labs/revive-from-spyware-to-android-banking-trojan
# Reference: https://www.virustotal.com/gui/file/ebd9f516acce71bd652ac013ec607fa4ccf8d12d0069d492d964611e6d084a40/detection
# Reference: https://www.virustotal.com/gui/file/c27c87f4b2a0d95a17d11535167445e3fa9db05470f1cc57c62b39248a54c4fe/detection

80.85.153.49:4000

# Reference: https://twitter.com/malwrhunterteam/status/1543330479318999042
# Reference: https://www.virustotal.com/gui/file/49438dc8da1cc4882309e381c5e5a36f1fdbc6982de26e7003ff370b80a8dcec/detection
# Reference: https://www.virustotal.com/gui/file/c52d0f4ea9f1da37cd98da4078025fdfc0c90df1bee4b063fecc7634185acaf0/detection
# Reference: https://www.virustotal.com/gui/file/54608032d6acdc53e1070a4c42ef5e4c7a16af9661e2b4e20eb3de0deedbffc2/detection
# Reference: https://www.virustotal.com/gui/file/442ae9f82edee663fa118a7aac5a3ab3e587492d0f4332a97ba8307689014421/detection

http://51.68.145.103
45.141.56.57:6868
51.83.254.113:58990
51.83.254.113:6868
51.83.254.113:58771
51.83.254.113:9988

# Reference: https://twitter.com/malwrhunterteam/status/1552024148674859009
# Reference: https://twitter.com/midnight_comms/status/1552252002826178563
# Reference: https://www.virustotal.com/gui/file/0cdadb7e66e55de9461b890096829d59f3b1da8e16274e36b0554adf9d04dded/detection

http://101.99.94.97
dasboardbeiflus.online
l-santander-es.com
l-start-santnander.online
lsantander-es.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1554717598641803264

gatewayantimanomissioni.com
/xxxa_6iFMrYfrdGnBsUOBS4G103w/

# Reference: https://twitter.com/malwrhunterteam/status/1558508005825675265
# Reference: https://www.virustotal.com/gui/file/653a1f007670b284384239aa88a2c1d4342b8c1a86539d602681ec514c80231d/detection

axisrewardstore.com

# Reference: https://twitter.com/malwrhunterteam/status/1561065045882175488
# Reference: https://www.virustotal.com/gui/file/6ad9414816ae37802667ec2988cf1d733236aa6d082aed159914f5d694621ab6/detection

msamazonshop.com

# Reference: https://www.virustotal.com/gui/ip-address/92.249.45.145/relations
# Reference: https://www.virustotal.com/gui/file/5d6009a941f2731a6c93d70afb917e7f9da79ccf8f6e7c361424f6c86cb513c4/detection

melllthmrh.shop
mlmollat.shop
moliiat.shop
mtlahmrh.shop
nkoxmeos.shop
ohmellt.shop
omletgoje.shop
autodiscover.ohmellt.shop
cpanel.ohmellt.shop
cpcalendars.ohmellt.shop
cpcontacts.ohmellt.shop
mail.ohmellt.shop
webdisk.ohmellt.shop
webmail.ohmellt.shop

# Reference: https://twitter.com/malwrhunterteam/status/1564701134295601152
# Reference: https://www.virustotal.com/gui/file/ba30e251e2373e36180897d1090b25aed1c536147e0cd62c47ade739d2c51f58/detection
# Reference: https://www.virustotal.com/gui/file/2c8f2f1262ff66c55b9ef80b3b4d2225d2c7be4d5bd579222dcd9e22d78d8199/detection

shine-job.com

# Reference: https://www.virustotal.com/gui/file/95242e1d105de9c33b2c9d8a9514f58327ca32d7d24af9af19ff3f0d075ea451/detection (# Zanubis)

http://92.38.132.217
92.38.132.217:8000

# Reference: https://twitter.com/0xabc0/status/1565284403357564931
# Reference: https://www.virustotal.com/gui/file/149597cb556feeb4dab6d22bcdd112a63e76d599a79f585ba288a6f726df97b1/detection

softwarebulldog.net

# Reference: https://twitter.com/malwrhunterteam/status/1565435960380243968
# Reference: https://twitter.com/500mk500/status/1565565283795869698
# Reference: https://www.virustotal.com/gui/ip-address/44.204.164.21/relations
# Reference: https://www.virustotal.com/gui/file/39413b2215f225da68530fa312b08f566a7bd64e55fac70d81eefe8e5cfa6ee4/detection
# Reference: https://www.virustotal.com/gui/file/5bf4fdaa5f0ad65bd3d9b66ce67a6413c0a22c7ff6f411c1727768cde5780cef/detection

cointree.vip
commsecs.info
commsecs.vip
commsecs.xyz
ibkrs.xyz
api.commsecs.vip
api.ibkrs.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1566173265625767937
# Reference: https://www.virustotal.com/gui/file/66c572dd6b68a1abc48241f6d7308fbc42b18470e1d8989190f515a6f621f0a1/detection

axisstore.in

# Reference: https://twitter.com/malwrhunterteam/status/1567880670612955136
# Reference: https://www.virustotal.com/gui/file/e5f85b2d40bb05c0bf9fc22eb04d98ca28bd4b5fcfa84d8dfebf5b5f2e453811/detection

axisbankpoints.com

# Reference: https://twitter.com/malwrhunterteam/status/1568340694606938112
# Reference: https://twitter.com/midnight_comms/status/1569013865584926720
# Reference: https://www.virustotal.com/gui/file/8b36ba2150047191c388ec2f12a7c28cd82b7eccb9b626e8a8620faefee0c9bf/detection

pompi09m.com

# Reference: https://www.virustotal.com/gui/file/19b6456895335a1f930e0a6cd1f7bdf1a1645861c5736da23936702af8617510/detection

http://139.180.144.202
http://217.69.4.117

# Reference: https://www.virustotal.com/gui/file/bcd4b2ee965b683d84d326fa51ed7d8a6caa86e49303f577387c9635f00e302e/detection

34.77.167.32:6060

# Reference: https://www.virustotal.com/gui/file/114d2cb00a820db7f5277dda5c7750f0e3143091d63484a35cb61b34af040964/detection

idapple.tech
cp.idapple.tech

# Reference: https://twitter.com/malwrhunterteam/status/1570511096724987904
# Reference: https://www.virustotal.com/gui/file/549eb190f60075f3ec58e228725f9540f4226f0ff569796fdd884a0c48c4a407/detection

stop-war.co.in

# Reference: https://www.virustotal.com/gui/file/f8407b8e8b407c2c4b61396049be55de577c290c8167de78cfacb0e896c198e8/detection

182.16.42.18:10102

# Reference: https://twitter.com/malwrhunterteam/status/1573777607459495939
# Reference: https://twitter.com/malwrhunterteam/status/1575954702176428032
# Reference: https://www.virustotal.com/gui/file/8325398d82c110e9219cfbd963c915b7753f108ddd109ceefc47e8c7ef978fe9/detection

cardworth.link
najsnjdndjdjdjsnsnsnndnd.link
server565hd.herokuapp.com

# Reference: https://twitter.com/entdark_/status/1574959318331314181
# Reference: https://www.virustotal.com/gui/file/44dd79ed23516673af9084ea8120f3d412e815ab3df36e9c7e2028363cd086de/detection
# Reference: https://www.virustotal.com/gui/file/6f643819b96ca4b0451293954100b1739865fc593d6c75048563ac5d9a34479a/detection

92.38.190.112:8000

# Reference: https://twitter.com/malwrhunterteam/status/1575138007631396865
# Reference: https://twitter.com/ni_fi_70/status/1575447522197360640
# Reference: https://www.virustotal.com/gui/file/359f382d3aa5df5e38ba59905cf7a0f2cd6b171f8c2ff70ddff1a92b1aefc8c6/detection

nimmabengaluru.in
rblrewards.in

# Reference: https://twitter.com/malwrhunterteam/status/1575963051660300289
# Reference: https://www.virustotal.com/gui/file/2a606e0dc430232fc0608e954eabd82d76f1212da4fc47e57d1da25ac282ebd2/detection

bestrahul.com

# Reference: https://twitter.com/malwrhunterteam/status/1580875733714358272
# Reference: https://www.virustotal.com/gui/file/7b0d377bd1efca7cf0ca1f8ff0c3c587d1a7afa355e2c33b5d811c593d8e528c/detection

axisedgepoints.com

# Reference: https://twitter.com/malwrhunterteam/status/1581006821200101378
# Reference: https://www.virustotal.com/gui/file/87edee0649af1f9eff7b8f350790fa20bb4355ee938fba1c068ff6d75b445fe3/detection

iciccireewaards.in

# Reference: https://twitter.com/malwrhunterteam/status/1581218775625478144
# Reference: https://www.virustotal.com/gui/file/87b3de778206c395f05db5d3b39001b64cfbf397685b0c245ea8a8a74f3254cb/detection

nobitx.cam

# Reference: https://twitter.com/malwrhunterteam/status/1581357795441397760
# Reference: https://www.virustotal.com/gui/file/b81c38ce7fb10d1c68f08176a857ca3c74006d70061cdd196f50a579f8b26082/detection

rewardapp.in

# Reference: https://twitter.com/malwrhunterteam/status/1582778164266532864
# Reference: https://www.virustotal.com/gui/file/e32e453296b4e5991947d9b318ca5b44578f58009fa82f96e45fa33d6254c27c/detection

updateyourcard.in

# Reference: https://twitter.com/JAMESWT_MHT/status/1583823756937789441

srvdwnld.com

# Reference: https://twitter.com/malwrhunterteam/status/1584911467219935233
# Reference: https://twitter.com/LukasStefanko/status/1584921537496420362
# Reference: https://twitter.com/ni_fi_70/status/1585536222360895488
# Reference: https://www.virustotal.com/gui/file/e076771ea4f054354e636b6711f135bb9ce956a38429f79b3e97e2cb680043c1/detection

cbrewards.xyz
cbrewardsapply.com
cbcplus.in
domain-customer-security.com

# Reference: https://blog.cyble.com/2022/10/27/drinik-malware-returns-with-advanced-capabilities-targeting-indian-taxpayers/
# Reference: https://otx.alienvault.com/pulse/635bcdd5ea635790dfe7f4d6

gia.3utilities.com

# Reference: https://twitter.com/malwrhunterteam/status/1586322708874203137
# Reference: https://www.virustotal.com/gui/file/ff15418db7062d6df6ea361c227cd9a7392486c16873612667f4889d9bbe58dd/detection

floating-meadow-51578.herokuapp.com
unhealable-henrys.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/e0c5656ca9877b37e92f5208caf9c65365e9d35ea6eb351915eb3efee235db31/detection

194.87.31.3:3000
fiordmoss.ddns.net

# Reference: https://twitter.com/malwrhunterteam/status/1586481558038380544
# Reference: https://www.virustotal.com/gui/file/cedd041132fb09d7ea36005e75c1310458de887ae13bb7771e306223189fdb3e/detection

hrdtjjfhghgghjyfugyuhugyt.xyz
server-op-007.herokuapp.com

# Reference: https://www.virustotal.com/gui/file/f451ead098b1cbba2ddf7616668d79d5eba5b47248bd381dee9102d91d0d1521/detection

eienjk.herokuapp.com

# Reference: https://www.virustotal.com/gui/file/57d0d59602b239ea3f51b424eb97ae0d446976deeee32320351fefc9524e4d4a/detection

mymember.shop
store.mymember.shop

# Reference: https://www.virustotal.com/gui/file/95a492a482de34121ce37f254a895cf24de0499701da8bd5dddc8f38fd14b435/detection

yvette-toy.com

# Reference: https://twitter.com/malwrhunterteam/status/1589744015108284416
# Reference: https://www.virustotal.com/gui/file/549999ad68e83454eefd0203ac028c54d7dcf45b1c1aa783985b8554e5352448/detection

http://192.227.196.172

# Reference: https://twitter.com/malwrhunterteam/status/1589992683459973120
# Reference: https://www.virustotal.com/gui/file/20d756ad6c2a30f1b54d09d3aaad0a58910da0e152a570da11f34bd83dd30f4a/detection

mensural-input.000webhostapp.com
rashmikakyc.pages.dev

# Reference: https://twitter.com/malwrhunterteam/status/1590477370204377088
# Reference: https://www.virustotal.com/gui/file/a62ffd2f7c9932b0d7003d052f8c1c51923dcea7c5d7afba6f8640d8799d0c1b/detection

wordresume.herokuapp.com

# Reference: https://twitter.com/malwrhunterteam/status/1591585679896633345
# Reference: https://twitter.com/midnight_comms/status/1596502593668538371
# Reference: https://www.virustotal.com/gui/file/3eb9661b887251fd28ee95a29cbd4f84497ce5955a2817cdf03aef808420411a/detection

j.000webhostapp.com
jant.000webhostapp.com

# Reference: https://twitter.com/malwrhunterteam/status/1591586472561631233
# Reference: https://www.virustotal.com/gui/ip-address/64.44.139.133/relations
# Reference: https://www.virustotal.com/gui/file/72b867acd69d9ce377aa073bb04ec3f141f27f1985e5d3407e480976ab81d8fe/detection

alroment.tk
rmtedmin.tk

# Reference: https://blog.cyble.com/2022/11/15/phishing-campaign-targeting-indonesian-bri-bank-using-sms-stealer/

apk-ind.com
apk-online.com
formullir-tarlf.com
ionicio.com
login-brimo-tarif.com
britarif.ftml.my.id
layanan.sch.id
tarif-layananbri.my.id
brimo-login-id.apk-ind.com
brimo-login-ind.apk-online.com
brimo-update.apk-online.com
grupwa11197435.apk-ind.com
id-bri-login.apk-online.com
id-login-brimo.apk-ind.com
id-login-brimo.apk-online.com
login-bri-ib.apk-ind.com
skematrf-login.apk-ind.com
trf-skema-bri.apk-online.com
perubahan.tarif-layananbri.my.id

# Reference: https://twitter.com/malwrhunterteam/status/1593723747491614727
# Reference: https://www.virustotal.com/gui/file/e8d7a0436d04e4ce48769481da317755a217a0f9fd08f679a79b4b54f2d45490/detection

ocellar-rice.000webhostapp.com

# Reference: https://twitter.com/malwrhunterteam/status/1594095245582548993
# Reference: https://www.virustotal.com/gui/file/429ef52512fffe6e395700de22cc578eb482ee42f947fab2d48159386adb4d8d/detection
# Reference: https://www.virustotal.com/gui/file/b58594c91a5712a38dbd5a1ceba76cbe0d0f934b53755fa61b9d8f8a369c1b1e/detection

ravins.online
/admin_panel/api/app/client_app
/admin_panel/api/app/user_get_job_price

# Reference: https://twitter.com/malwrhunterteam/status/1593719207597903873
# Reference: https://twitter.com/midnight_comms/status/1596500158170423298
# Reference: https://www.virustotal.com/gui/file/c4801ea49cce0b7fe44779ecc919dd7aa09be7ba8d8ab14b7cecdbcbe538bb32/detection

http://137.220.230.50

# Reference: https://twitter.com/malwrhunterteam/status/1596563368344682497
# Reference: https://www.virustotal.com/gui/file/ada96d3e8a7c01da25aa45cbabbdec28f928fd7aed048d1d96456f1d89cb39cf/detection

accounts-shopify.com

# Reference: https://twitter.com/ReBensk/status/1597189188549386240
# Reference: https://www.virustotal.com/gui/file/fe213dc7e796c1dd9d78eb7b1aa003605a854c729a3b4d2427b624183fae5d0f/detection

point-dekho.xyz
hellorsircheck.000webhostapp.com
ksjkahsadkakkjsdkjakda.web.app
sbi-kyc-apks-v-1-22-2.web.app

# Reference: https://twitter.com/malwrhunterteam/status/1597307590286794753
# Reference: https://www.virustotal.com/gui/file/cc174d774a09796b2952de2c308d2193e7fb093dc4559052483ba49f2f477727/detection

pointrewardas.co.in

# Reference: https://twitter.com/ni_fi_70/status/1597510646408441856
# Reference: https://www.virustotal.com/gui/file/b3b59180bef0e80839b83c421b2100a84dcaf4bf9774072bf2cc19af1092c5e6/detection

aktualizacjakodu.com

# Reference: https://twitter.com/malwrhunterteam/status/1597521278713311232
# Reference: https://www.virustotal.com/gui/file/bd89b188041388f7d2a024546d4a46e7a8e39dc251152f223720a014405e3bf3/detection

d3m4i2q8vx73j8.cloudfront.net

# Reference: https://twitter.com/malwrhunterteam/status/1597520171635453952
# Reference: https://www.virustotal.com/gui/file/007bdb212d92a3402095c8828366f5c1de4f83f5050a1443a7651f79285a4560/detection

luxlury.com
luxury-online.net

# Reference: https://twitter.com/ReBensk/status/1597542999960915969

axisrewardapp.co.in

# Reference: https://twitter.com/ReBensk/status/1597838090235629568

digitalcardowner.in

# Reference: https://twitter.com/malwrhunterteam/status/1598790278084759577
# Reference: https://www.virustotal.com/gui/file/c0241e06937ec89f5153cc3ab25190bc2867ebbeae78c4441b5ff41384d071d4/detection

91.92.120.131:4525

# Reference: https://resecurity.com/blog/article/in-the-box-mobile-malware-webinjects-marketplace

ccotapun66kp4jbpzbrhxepltuzjlh2e2c26w2zgtowhguv5orxk7aqd.onion

# Reference: https://twitter.com/malwrhunterteam/status/1599852746416398336
# Reference: https://twitter.com/midnight_comms/status/1600104507223916544
# Reference: https://www.virustotal.com/gui/file/0fafd3369bdcfabcf7b2da0c783d9779052083de72383a01df1a4e883de594f5/detection

http://193.221.95.147
http://193.221.95.40
http://45.158.22.196
/query?type=yuantong&postid=

# Reference: https://twitter.com/malwrhunterteam/status/1600619259692027904
# Reference: https://twitter.com/midnight_comms/status/1600687606920269827
# Reference: https://www.virustotal.com/gui/ip-address/185.119.57.134/relations
# Reference: https://www.virustotal.com/gui/file/5c9495ed0b80277b58fa163413093c2ed3aed12f8454b2c014f3b752b641e661/detection

badeskot.com
kilototo.host
livesms.space
sermina.host

# Reference: https://twitter.com/l205306/status/1600657484305555456

one-store.marketing
u-pay.club

# Reference: https://twitter.com/ReBensk/status/1600812171633381377

amazonmall.club

# Reference: https://twitter.com/malwrhunterteam/status/1600994059287339008
# Reference: https://www.virustotal.com/gui/file/238492af934405156e9fff888213c0b769e09f4a916fe4e1666897ea12f3ed2a/detection

best-cleanings.com

# Reference: https://twitter.com/malwrhunterteam/status/1601141132758769664
# Reference: https://www.virustotal.com/gui/file/dae85468af435dfbe522d474465f7f5a256b6bf98bf772b87c2c7d50f83895a3/detection

user-update-app-v-12.web.app

# Reference: https://twitter.com/malwrhunterteam/status/1601148538913583105
# Reference: https://www.virustotal.com/gui/file/8202322d718219231fab9e847351fa6493eafe4d087edddbb6fe0abd64b54595/detection

climreward.co.in

# Reference: https://twitter.com/ReBensk/status/1601577314370072578

bounsofferrewards.co.in

# Reference: https://www.virustotal.com/gui/file/4ff71530ae98a58461855a03414afc42d3a38b8bca0394e28847847d7e933199/detection

crrewardpoint.com

# Reference: https://twitter.com/ReBensk/status/1602714938035822594
# Reference: https://www.virustotal.com/gui/ip-address/68.178.148.41/relations
# Reference: https://www.virustotal.com/gui/file/cf8fe2f7d6216af0b90275f6dbeeab8363dcf159d08bf430097e898e1a01cd11/detection
# Reference: https://www.virustotal.com/gui/file/cfb01d73729d5f730a06d12f601dba404ff7fc62e2d1355c9cf428b80bd9f3c2/detection

claimapppoint.co.in
pointawailoffer.co.in

# Reference: https://twitter.com/malwrhunterteam/status/1603313750995517440
# Reference: https://www.virustotal.com/gui/file/91e2dea4e470063583fac581307595fc523653272f444e5e52a291b3830ad5fc/detection

rewadsgovt.in

# Reference: https://twitter.com/malwrhunterteam/status/1603149420610076672
# Reference: https://www.virustotal.com/gui/file/aed5dc80a04344e0f9504317fe3681ac46cca3fc0651e57701c20eb162503f56/detection

nitinbhai-testing.web.app
sbl-v1.firebaseapp.com

# Reference: https://twitter.com/malwrhunterteam/status/1603306358283059202
# Reference: https://twitter.com/ni_fi_70/status/1603324313758736385
# Reference: https://www.virustotal.com/gui/file/9a961af2cd63124f01e9d1a316e095c8416babdba4d7b159e3fb6c1628dc1da8/detection

tech-digital.net
sg1.mall-base-app.com

# Reference: https://twitter.com/Artilllerie/status/1603409473225228289
# Reference: https://www.virustotal.com/gui/file/7ddb7f07349d8b7e519233f1c22c12bfddeec6afcf16c683cebc0da80897b88c/detection

grabspp.online

# Reference: https://twitter.com/malwrhunterteam/status/1605304582489481218
# Reference: https://www.virustotal.com/gui/file/e117bb9f52e736fffcbd42684883cb3701e03f0771b48129b1a33f6a60ffb259/detection

cleanshouse.net

# Reference: https://twitter.com/malwrhunterteam/status/1606406303122866176
# Reference: https://www.virustotal.com/gui/file/b1f231d1f0074b2cf6a5d04a370c4ab11610671759af81530fbfc8aab330ca98/detection

macawschat.net

# Reference: https://twitter.com/0xckr0/status/1607343476961693699
# Reference: https://www.virustotal.com/gui/ip-address/80.66.64.151/relations

coveripotezko.com
heikenmorgan.com

# Reference: https://www.virustotal.com/gui/file/ebcb33e96b24baa973655e70272eaa96d36e1070221da20d64234dd1ca75e248/detection

rhizocarpous-elevat.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/cbf0996af5a4a28e1cd7360c1e3e0079316009ed992a00c579359636fe70ac8d/detection
# Reference: https://www.virustotal.com/gui/file/624e1630cb4d05c7ea859b0478164aa897f0ba6c80a96d26484f4be0c094a1fb/detection
# Reference: https://www.virustotal.com/gui/file/4735686716224aaea522de595edecbac242c07ebd55ad570b7219b7569d8359f/detection
# Reference: https://www.virustotal.com/gui/file/1bd7e5b554365d6b1bb2f53a900a03ef9964a6c3bd2483729e068b4bfb39eeb4/detection

5.239.29.232:1337

# Reference: https://blog.cyble.com/2022/12/27/new-wave-of-finacial-fraud-scammers-monitoring-social-media-complaints/
# Reference: https://otx.alienvault.com/pulse/63ac1c473364458b045732d8
# Reference: https://www.virustotal.com/gui/file/f952c05d9df163cdc96938222c197ea10c9250b3e548a880b0c52faa9c4d6e28/detection

mycomplainquery.in

# Reference: https://www.virustotal.com/gui/file/b38494165e9faf7ed380e669ecb30e515653048f118b5d9b27157980915d8e44/detection

kjhdksakdhkshkdfhkhdskhfkhsdkhfkhdkshfhkd98327439759743975.pages.dev
d0f67a5f.kjhdksakdhkshkdfhkhdskhfkhsdkhfkhdkshfhkd98327439759743975.pages.dev

# Reference: https://www.virustotal.com/gui/file/39cfb6ccf72c01794d078fe27f4ddb99f4753aa8b6fa42a05df0cc0de788cbb9/detection

serbestpanbizikiuchasbir.co.vu

# Reference: https://twitter.com/ni_fi_70/status/1613177368901816323
# Reference: https://www.virustotal.com/gui/ip-address/68.178.145.70/relations
# Reference: https://www.virustotal.com/gui/file/ce2cf2527bc797c2cbaa9b8005a315717d3883bc15c025ca68b0a129feff5a51/detection
# Reference: https://www.virustotal.com/gui/file/eed90cd3499214dc62fc208aa2dbb8f1992810f2b5e863f8201574a9a5d68605/detection
# Reference: https://www.virustotal.com/gui/file/ebdafdf045f1ed27801a7f444fb80c48044da7b8da876723addd9224a496ad51/detection
# Reference: https://www.virustotal.com/gui/file/dc2555b64aafe6285693272b94b68eda2c5b45aabec41b9415cdd8b7f8f2e3ef/detection

axisclaim.co.in
axisedgepoint.com
myaxispoints.com

# Reference: https://www.virustotal.com/gui/file/97d9698f438dbfde0ade6c5cd8acfc8afd3506aa9c1f416a03b615395765ab85/detection

185.163.45.17:8000

# Reference: https://twitter.com/malwrhunterteam/status/1614241349171134465
# Reference: https://www.virustotal.com/gui/file/73ba13bcd8e171c7c653fbfda8f708355cba01b4701c2701b2a35f2d2486c973/detection

carved-screwdrivers.000webhostapp.com
icici-kyc.web.app

# Reference: https://twitter.com/malwrhunterteam/status/1614248897907392515
# Reference: https://www.virustotal.com/gui/file/8b29db147b8e6e4c9206b2c44fc5d11c105a1213ac85009adf818d6321e5b9ed/detection

pinkycatmall.online

# Reference: https://twitter.com/malwrhunterteam/status/1614384893496274945
# Reference: https://www.virustotal.com/gui/file/64b84a63bd404e0177c1821bc92e629d31070df50b0b0fcc45ae20b2236798fb/detection
# Reference: https://www.virustotal.com/gui/file/6f08ec8e147b9892a4a351a68150c37e47cdfa953647333be2fec4e6d9981f73/detection
# Reference: https://www.virustotal.com/gui/file/04022ff49df57bc1f7602fbebd6f935fc31fa219b82cb909054456a7566d87b2/detection

myliveservise.co.in

# Reference: https://twitter.com/ReBensk/status/1614952874420887553
# Reference: https://twitter.com/JAMESWT_MHT/status/1614954104224194562
# Reference: https://www.virustotal.com/gui/file/e9b77e406a67de5ba51b12e9549899bdf11fdcb5dbf9a722e30eb2a2d0459fec/detection

credrewards.in

# Reference: https://twitter.com/malwrhunterteam/status/1616174221541134336
# Reference: https://www.virustotal.com/gui/file/44983dde56eb1f20459f726392535c5777f858cf6e0c7515e5f6257b43124d29/detection

parkservise.co.in

# Reference: https://twitter.com/ReBensk/status/1618919756756836353
# Reference: https://www.virustotal.com/gui/file/50a728cd81dbc8a0fb27d8b19ef4ec730c6e14a728f36c90ec98ef8effd9a00e/detection

redeempoint.co.in

# Reference: https://twitter.com/malwrhunterteam/status/1618952519409102853
# Reference: https://www.virustotal.com/gui/file/268b71cf218519ef9b6570c897a592971c7e8e33219838425fb8a44a9cc22bf4/detection

iboiha.fun
ww25.iboiha.fun

# Reference: https://twitter.com/malwrhunterteam/status/1620926054117568512
# Reference: https://www.virustotal.com/gui/file/5c9fb34f1f12a8fe9adf1a41bde6ce35eb379a9621f35d84c41d589e78f338ee/detection

sb1-kyc.web.app

# Reference: https://twitter.com/ReBensk/status/1622579528571949057

claimcrediptpointred.shop

# Reference: https://twitter.com/malwrhunterteam/status/1627010666023292929
# Reference: https://www.virustotal.com/gui/file/2dd36b10426a729f5ce9785d5b5bab67c4f8c054e9fc5833f6b13f4cb53e45fb/detection

storeapp.co.in

# Reference: https://twitter.com/malwrhunterteam/status/1627090862269419520
# Reference: https://www.virustotal.com/gui/file/c6d3cc2a9d9c5caa34c6c7f82b3ce93489d4254ae722c201cc5e041420bb592a/detection

instant-e-apply-campaign-page-idf-campaign-fix.xyz

# Reference: https://blog.cyble.com/2023/01/31/inthebox-web-injects-targeting-android-banking-applications-worldwide/
# Reference: https://otx.alienvault.com/pulse/63d96828750d112f619c74f6

http://194.180.174.127
http://199.192.26.165
http://85.31.46.136

# Reference: https://twitter.com/malwrhunterteam/status/1629219402280312832
# Reference: https://www.virustotal.com/gui/file/c314b21629fcfac052d5b382a34f8f917da83a904be748f0e62540b17cddcd6c/detection

sbhdclaimpoint.online

# Reference: https://twitter.com/malwrhunterteam/status/1629449605472550914
# Reference: https://www.virustotal.com/gui/file/b97d52639d168de02182e817091697267d000f43de10686bde7b28ee57e5cfaa/detection

makelifedream.in

# Reference:https://www.virustotal.com/gui/file/7753789eeda22ba67782c4f984150c2c38a191838eb4fe8e2f08daa0755740aa/detection

getreward.co.in

# Reference: https://twitter.com/malwrhunterteam/status/1629461441135665158
# Reference: https://www.virustotal.com/gui/file/3b23bd47f2f1b522a32f50a59f37e5fb68a67d4d5c811ae883d464649d63f73a/detection

tenter.co.in

# Reference: https://www.virustotal.com/gui/file/cdf7da21b7823c528e2e1b82cfcbc5e03816ff34a259b7296344dfaead80d798/detection

zizi.accesscam.org
/ZmdoMTE5/cnR5MTIw.php
/ZmdoMTE5/enhjMTE0.php
/ZmdoMTE5/
/cnR5MTIw.php
/enhjMTE0.php

# Reference: https://twitter.com/malwrhunterteam/status/1630689031209074697
# Reference: https://twitter.com/ReBensk/status/1633869800182284289
# Reference: https://www.virustotal.com/gui/file/0fe8c31ba136c2558b8bad93a24704b9b371ff856b3fc09dfe7114bdfd7d5761/detection

s6birwc.xyz
sh6bciewrd.online
sh6cwerd.click

# Reference: https://twitter.com/malwrhunterteam/status/1631662488600080386
# Reference: https://www.virustotal.com/gui/ip-address/5.159.49.165/relations
# Reference: https://www.virustotal.com/gui/file/62b244a547ea78f57843bf358c59c7cedd3af07bb336eacecc2efdd70ed8085e/detection

shamgetme.cloud
shmgetr.tech
shmxc.cloud
xsham.cloud

# Reference: https://twitter.com/malwrhunterteam/status/1616439362455236613
# Reference: https://www.virustotal.com/gui/ip-address/183.111.122.104/relations
# Reference: https://www.virustotal.com/gui/file/d661c68ec155585eae77147982bb2713beeab96a594e8cc0fd5a8b91f714bf29/detection
# Reference: https://www.virustotal.com/gui/file/0a5725d53ea433264a6e16213a5536a55d975c99ed3697fe52b9adc6df139462/detection

amasolo.com
daangnin.com
darkboxshare.com
love-love.cc
metamosk.vip
secret-chat.vip
telegramiamg.com
telegraming.pro
unioneword.com
utalk.site
as.amasolo.com
down.amasolo.com
main.amasolo.com
main.metamosk.vip

# Reference: https://twitter.com/malwrhunterteam/status/1631641982136205315
# Reference: https://www.virustotal.com/gui/file/150e4fcc5214f7365a3cc81c7d14f5455ac339807351e4248dd529a2a88f5dae/detection

ariayoga.cc
ariayoga.online
ariayoga.site
cloudlbum88.com
cloudlbum91.com
jaiyoga.vip
love-love.co
preciousalbum58.com
secret-chat.vip
unioneword.com
down.ariayoga.cc
down.ariayoga.online
down.cloudlbum88.com
down.cloudlbum91.com
down.jaiyoga.vip
down.ariayoga.cc
down.love-love.cc
down.love-love.co
down.preciousalbum58.com

# Reference: https://www.virustotal.com/gui/ip-address/65.109.122.227/relations

bonuscoin.in
offerpointreward.in
offerreddem.in
pointoffer.in

# Reference: https://www.virustotal.com/gui/file/5335f2839fafbc2c9efdc861dfa020876a532b66d5baed7fb69665f8075d0d01/detection

103.244.148.94:809
sadqwdasinf.info

# Reference: https://twitter.com/ReBensk/status/1633872745636454401
# Reference: https://www.virustotal.com/gui/ip-address/68.178.145.187/relations

doorlabel.in

# Reference: https://www.virustotal.com/gui/file/7b2373c6c2ca0b57bd90170ec1d8bb0fa0ad2d8c1fc7613b58beca511f9bcf23/detection
# Reference: https://www.virustotal.com/gui/file/9b46afb380119de9f2f70ddd30b58a4d82b950e8d2bb92920873d0b0920e5494/detection

mylivepointservise.co.in

# Reference: https://twitter.com/Gi7w0rm/status/1633899205621174273
# Reference: https://twitter.com/0x6rsk/status/1659545709077573637
# Reference: https://twitter.com/TLP_R3D/status/1659636656436125698
# Reference: https://www.virustotal.com/gui/ip-address/190.211.255.218/relations
# Reference: https://www.virustotal.com/gui/file/7c1eba7f4a09b6f60ab8f883541104ca3c386a5b7e9282271eef2cf44d27dc94/detection
# Reference: https://www.virustotal.com/gui/file/60af458b972d2fbd2687c053fa7e18fb32b12be6bc2cb899c9b15dc7128822ca/detection
# Reference: https://www.virustotal.com/gui/file/e53b426981bbe8f19a97ba9efa4413ed8fb4f44532e4984a10007c9f204827a1/detection

http://179.43.163.113
http://190.211.255.218
103.175.16.151:443
179.43.163.113:443
190.211.255.218:443
192.198.82.59:443
194.135.33.160:443
32.54.188.44:443
92.119.178.40:443
biribizidurdursunn.com
biribizidurdursunn1.com
biribizidurdursunn2.com
slmmistosi.com
slmmistosi2.com
yamacbank22.xyz
youtubeadvan3242.xyz
youtubeadvanced.pro
/YTFlMzViNjNiNWM3/OTI0NGRhMTFlMDNk/index.php
/YTFlMzViNjNiNWM3/OTI0NGRhMTFlMDNk/
/OTI0NGRhMTFlMDNk/index.php
/OTI0NGRhMTFlMDNk/
/YTFlMzViNjNiNWM3/

# Reference: https://twitter.com/malwrhunterteam/status/1634688954061541378
# Reference: https://www.virustotal.com/gui/ip-address/144.217.191.38/relations
# Reference: https://www.virustotal.com/gui/file/ba41a9469e7057170456f1e4c4c3dcd99b9f33d6e52dd8c9202987cd44d75f7b/detection
# Reference: https://www.virustotal.com/gui/file/824fdcb6753c6f6bbd79e83361b08afc8d587253a95708f844b625f0721afbc0/detection

bmiat.website
ceham.uno
edsim.fun
ersdin.host
frest.host
fsdhem.fun
idolatn.uno
indilt.host
jnshm.fun
milat.fun
msdhen.fun
msdin.uno
sabtnam.host
samen.uno
sbtnam.uno
sedhin.fun
seham.host
seirn.uno
truwalt.com
your-app.xyz
myremote.oghabhost.xyz

# Reference: https://twitter.com/ReBensk/status/1635695388802920464

hdfc-point.web.app

# Reference: https://twitter.com/HaoZhixiang/status/1635937304970706948
# Reference: https://www.virustotal.com/gui/ip-address/43.154.91.41/relations
# Reference: https://www.virustotal.com/gui/file/4c9b6c5c65eff41d99911dffb8f65730e4bf954ff162e9840d3cac7fe1fc9340/detection

a2qw.sbs
a3qw.sbs
ak8a.sbs
d3qw.sbs
e2qw.sbs
ed8a.sbs
gn8a.sbs
i2qw.sbs
i3qw.sbs
iq8a.sbs
kr8a.sbs
mt8a.sbs
ns8a.sbs
o2qw.sbs
o3qw.sbs
p2qw.sbs
p3qw.sbs
q2qw.sbs
qa2qw.sbs
qs3qw.sbs
qw1qw.sbs
r2qw.sbs
s3qw.sbs
t2qw.sbs
u2qw.sbs
u3qw.sbs
w2qw.sbs
wa1qw.sbs
wo1qw.sbs
wp1qw.sbs
ws1qw.sbs
y2qw.sbs

# Reference: https://www.virustotal.com/gui/ip-address/43.154.239.105/relations

dhrg.sbs
erwtg.click
euiop.click
ewfsv.click
fjez.sbs
grbsc.click
hbswz.click
hrffc.click
mkjh.sbs
nhge.sbs
nhgtr.sbs
qadvz.click
rgms.sbs
sdbw.sbs
vhgrdw.click
wefcn.click
yits.sbs
yjhrv.click

# Reference: https://twitter.com/0x6rsk/status/1636322983542128641
# Reference: https://www.virustotal.com/gui/file/4469ea6689654fe0388191097d3938a832abfa597c8195966320dab9e0d77a7b/detection

pointapp.co.in

# Reference: https://research.checkpoint.com/2023/south-korean-android-banking-menace-fakecalls/
# Reference: https://otx.alienvault.com/pulse/641215d6755811b251dcdfc4

http://154.197.48.125
http://154.197.48.195
http://154.197.48.212
http://154.197.48.72
http://154.197.48.93
http://154.23.182.63
http://154.38.113.162
http://156.245.12.211
http://156.245.21.38
http://182.16.42.18
http://206.119.82.78
154.197.48.125:10102
154.197.48.195:10102
154.197.48.212:10102
154.197.48.72:10102
154.197.48.93:10102
154.23.182.63:10102
154.38.113.162:10102
156.245.12.211:10102
156.245.21.38:10102
182.16.42.18:10102
206.119.82.78:10102
154.197.48.125:5055
154.197.48.195:5055
154.197.48.212:5055
154.197.48.72:5055
154.197.48.93:5055
154.23.182.63:5055
154.38.113.162:5055
156.245.12.211:5055
156.245.21.38:5055
182.16.42.18:5055
206.119.82.78:5055
daebak222.com/huhu/admin.txt
data.go.kr/data/15063815/fileData.do

# Reference: https://www.virustotal.com/gui/file/c132022787142928233780c5c6023a8e87d7efbefb5dd53b442274ed23ee05ce/detection

5.255.105.30:9462

# Reference: https://twitter.com/malwrhunterteam/status/1637225888323346432
# Reference: https://www.virustotal.com/gui/file/7b8c3c58acfbaab01328843e066e1992faab4ff91deba1165d2f86d6cf247d53/detection
# Reference: https://www.virustotal.com/gui/file/b54da7ff382d62b252efe4ccf4b17f6ab9e859b1e98e01c0aa3bfa0e123c5144/detection

http://107.174.45.116
mp7.sytes.net
msr.servehttp.com

# Reference: https://www.virustotal.com/gui/file/d55a7c565a8b96f809ee6967837c67f7dc708d79a9bd5c1ebdf287bdaf24e62e/detection

tygaa.in

# Reference: https://www.virustotal.com/gui/file/2d966ab7b50695be6046da0c6817881eaeb16e589b49dc115ec212f221e698d7/detection

prepagos-cancelar-app.com

# Reference: https://twitter.com/0x6rsk/status/1640632227863179269

zektarmunoza.shop

# Reference: https://twitter.com/0x6rsk/status/1642985469251297280
# Reference: https://twitter.com/Gi7w0rm/status/1643274917310513155
# Reference: https://www.virustotal.com/gui/ip-address/5.178.2.174/relations
# Reference: https://www.virustotal.com/gui/file/8fe86e178198c7e5ab8d1eaf4e77772688c37960ddad4d64174c90ae7ced8d28/detection

gahvaperos.shop

# Reference: https://twitter.com/ReBensk/status/1644260955633721344

cashhicash.in

# Reference: https://twitter.com/ReBensk/status/1644217334725320709
# Reference: https://www.virustotal.com/gui/ip-address/47.242.229.139/relations

a-telegram.com
androd-telegram.com
androd-telegram.online
androd-telegram.xyz
android-telegram.online
android-telegram.xyz
apk-telegram.com
apk-telegram.online
apk-telegram.org
apk-telegram.xyz
apk-ws.com
app000.org
app005.org
app006.org
app007.org
app008.org
app009.org
appc-telegram.com
ch-telegram.org
china-telegram.online
china-telegram.site
china-telegram.xyz
chinese-telegram.org
google-telegram.org
hk-telegram.cc
hk-telegram.cn
hk-telegram.top
hk-telegram.xyz
hongkong-telegram.com
hongkong-telegram.online
hongkong-telegram.org
hongkong-telegram.site
hongkong-telegram.xyz
iphone-telegram.com
m-telegram.cc
mac-telegram.org
message-telegram.org
pro-telegram.xyz
telegfcom.org
telegram-888.xyz
telegram-a.org
telegram-androd.cc
telegram-androd.com
telegram-androd.org
telegram-apks.org
telegram-apks.xyz
telegram-c.org
telegram-china.app
telegram-china.co
telegram-china.me
telegram-china.online
telegram-china.site
telegram-china.xyz
telegram-e.cc
telegram-hk.app
telegram-hk.cc
telegram-hk.net
telegram-hk.top
telegram-hongkong.app
telegram-hongkong.cc
telegram-hongkong.co
telegram-hongkong.me
telegram-hongkong.net
telegram-hongkong.xyz
telegram-mac.org
telegram-me.cc
telegram-message.org
telegram-n.cc
telegram-o.cc
telegram-philippines.com
telegram-pro.xyz
telegram-tw.xyz
telegram-v.org
telegran.bike
telegran.bz
telegran.cam
telegran.la
telegran.lat
telegran.sc
telegran.srl
telegran.vc
telegran.ws
tw-telegram.xyz
voice-telegram.org
wed-telegram.org

# Reference: https://twitter.com/malwrhunterteam/status/1644827139466752001
# Reference: https://www.virustotal.com/gui/file/a0bcbaffead02d494fda2b786dd2921db8db0b02d904b85244e26791a4c72a1d/detection

lifesgood.online

# Reference: https://twitter.com/parate_rupali/status/1645407589545693189
# Reference: https://twitter.com/AuCyble/status/1646489771752009728
# Reference: https://blog.cyble.com/2023/04/13/chameleon-a-new-android-malware-spotted-in-the-wild/
# Reference: https://www.virustotal.com/gui/file/153410238d01773e5c705c6d18955793bd61cb2e82c5c7656e74563bb43b3ffa/detection

146.70.41.143:7242

# Reference: https://www.virustotal.com/gui/file/58b7fcee85412190251c7ccecd7ff82f0c219d139debb1830b9f70d6a400858a/detection
# Reference: https://www.virustotal.com/gui/file/67e1212329e9300b6a3aef4a2d8ba968c4219ed929d3060bf8a21a94a01287fb/detection
# Reference: https://www.virustotal.com/gui/file/f6b75cfa07448c9c0e83bd725e079aeb1d01a825e37bd5339d6060501e8f16e2/detection

safakeamanan.com
ek.safakeamanan.com
ud.safakeamanan.com

# Reference: https://twitter.com/malwrhunterteam/status/1646507066369134598
# Reference: https://www.virustotal.com/gui/file/a548748ec7428a687b59b39c5c9280454201733a5c093f9b6df85602b2195500/detection

jio-mart-sales.in

# Reference: https://twitter.com/ReBensk/status/1650901080140656641
# Reference: https://www.virustotal.com/gui/ip-address/23.154.80.191/relations
# Reference: https://www.virustotal.com/gui/file/eaeb252cc13cfa8eb46304475ad37c59ba2151111946216312e142164af0d128/detection
# Reference: https://www.virustotal.com/gui/file/bfd947fe576cbf5dc1cbb79fb4aab0794fe232ac57239bcb0d9360473916b76b/detection
# Reference: https://www.virustotal.com/gui/file/4799fbae3ebb105db12ae167f6328d32a8ed6e1abd2f9a23e5b654484c6421a9/detection

bbstofaroly.xyz
bbstofaronly.xyz
bbstofarunly.xyz
bbtofrunly.xyz
fbstofaronly.xyz
ree-wardbbesofars.xyz
thenjjshop.in
mail.bbstofaroly.xyz
mail.bbstofaronly.xyz
mail.bbstofarunly.xyz
mail.bbtofrunly.xyz
mail.fbstofaronly.xyz
mail.ree-wardbbesofars.xyz
mail.thenjjshop.in

# Reference: https://twitter.com/malwrhunterteam/status/1646516940691890176
# Reference: https://www.virustotal.com/gui/file/49647896946c9336fe3bf55ef935cd2ded832cf0874830306c4e5130767ec498/detection

cashbyreward.in

# Reference: https://n0psn0ps.github.io/2023/03/02/android-malware-analysis-series-ato.apk-part-3.1/
# Reference: https://n0psn0ps.github.io/2023/03/02/android-malware-analysis-series-ato.apk-part-3.2/
# Reference: https://www.virustotal.com/gui/file/55884b3b0018b42e500c8ca427d8ae3b3174d9efca5aa57b34eb9202cb84913a/detection

http://146.70.88.44
146.70.88.44:5678

# Reference: https://twitter.com/malwrhunterteam/status/1648077108676112386
# Reference: https://www.virustotal.com/gui/file/9fe4728c2741e48b14f123c2bacc8465e279368ff0df1e8b0f045ff501b816cd/detection

target-globalshop.com

# Reference: https://twitter.com/malwrhunterteam/status/1648314930850832384
# Reference: https://twitter.com/noexceptcpp/status/1652821481481465863
# Reference: https://www.virustotal.com/gui/file/14da4a46ea086e1a5074cbc695b7dbdc6604c13e23c8fe7d258faddec608184b/detection

caixadasorte.link
fortunacaixa.com
admin.fortunacaixa.com
caixar.oss-us-east-1.aliyuncs.com
ek.fortunacaixa.com
lol.caixadasorte.link
who.caixadasorte.link
ws.caixadasorte.link

# Reference: https://twitter.com/0x6rsk/status/1653413362720559105
# Reference: https://www.virustotal.com/gui/ip-address/45.143.136.125/relations
# Reference: https://www.virustotal.com/gui/file/26f4bce37f3215fb70697c91529943ab18d2e1fcc2f879ccd9d04a209ffe6aab/detection

axperomo.shop

# Reference: https://twitter.com/malwrhunterteam/status/1654248866177503232
# Reference: https://www.virustotal.com/gui/file/07504d45cffd78f6037718361bc50ec2591eabb9749c88ef645088a3ebaa4501/detection

telegram-zh.org.cn

# Reference: https://twitter.com/malwrhunterteam/status/1654970357533532161
# Reference: https://www.virustotal.com/gui/file/d7a8d786d320c17d56161b4a2cb7af9ed7b1e72abc64f1b439b29e96a7b11a92/detection

icici-offer.site

# Reference: https://www.virustotal.com/gui/ip-address/68.178.149.21/relations
# Reference: https://www.virustotal.com/gui/file/a1347a29dd82666ea2735d99983ab3179ee761394232befc18ff5c201ee80e93/detection
# Reference: https://www.virustotal.com/gui/file/97f74263178161d4f5ea61f701ff17adc8da58e3a6e4b643aef48b18f2dec496/detection
# Reference: https://www.virustotal.com/gui/file/40926349628bc42867e9f32fdf0121d7948de424be526c4167362bda0870bc29/detection
# Reference: https://www.virustotal.com/gui/file/2194b74e591b80b665e3f20a008c762a97258704eed59a8800a109d48bd51a16/detection
# Reference: https://www.virustotal.com/gui/file/036cbabb35319e904a7290ca563b31d9bf6f6dda48193aa39085fbb0bc250faa/detection

axispointclaim.co.in
bigbazarmart.in
deltaverify.co.in
payphonnow.in
px.payphonnow.in
/verify/bibbazar

# Reference: https://twitter.com/malwrhunterteam/status/1660736877664653328
# Reference: https://www.virustotal.com/gui/file/aac2f99af5bf5e21a7ae136718a256ba40916b07da0406454746b9e3e487fec6/detection

104.21.6.118:2053
104.21.6.118:2083
172.67.134.210:2053
172.67.134.210:2083
laborer-posted.nl

# Reference: https://twitter.com/malwrhunterteam/status/1661081398327820290
# Reference: https://twitter.com/malwrhunterteam/status/1661079860238794758
# Reference: https://www.virustotal.com/gui/file/185204c45bfe4f90ae29e79d98d0a6afa2f0f0a76448b72a21801585e2e7e552/detection
# Reference: https://www.virustotal.com/gui/file/61c41393f9a73367207c564a07f6faff9b88f99782473f4f3293eaaa8caea438/detection

angelitaful.com
dating-talk.com
onenumsource.com
princetalk.co
princetalk.me
princetalk.pro
princetalk.xyz
theprincetalk.com

# Reference: https://www.virustotal.com/gui/file/8ed1e4c424f34b6af89962f1048b2dd8ddf5d22040d3dac28344eb3e981a2623/detection
# Reference: https://www.virustotal.com/gui/file/cdfbc1ce2af7e335a23e9132558e944f56c43c62296a080c4dc5a4b69059adfc/detection
# Reference: https://www.virustotal.com/gui/file/f82f485662497222df3784f99462ceacac8545b5f78d2ff6389c943da9af349f/detection

156.251.24.194:5521
156.251.24.194:7098

# Reference: https://twitter.com/ReBensk/status/1667388141236285441
# Reference: https://www.virustotal.com/gui/file/35e70ad12f9c549aaf661f61b60ce68700ef4205a0116441cf720c8ca0edccd9/detection

amexindia.host

# Reference: https://twitter.com/malwrhunterteam/status/1667249881696686094
# Reference: https://www.virustotal.com/gui/file/d7f0c77cc027bceee3c2c53d35370e2b035f58eefbe95941fdd2c3cd1b8bd214/detection

aircondservicemy.com

# Reference: https://www.virustotal.com/gui/file/9c046cbf4c023ca81e02a804cc9a7615b9c52e58f0d7e7d43a3cbba7fb801493/detection

user-app.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1668350004350574606
# Reference: https://twitter.com/noexceptcpp/status/1668360185876819970
# Reference: https://www.virustotal.com/gui/ip-address/122.128.107.243/relations
# Reference: https://www.virustotal.com/gui/file/ad6f8ec6aa7f8b5b16816f075b77769aa7e7699d18e4f573850f23c3606ab7cf/detection

http://122.128.107.243
downloadnaver.online
navor.tech
shopnaver.online

# Reference: https://www.virustotal.com/gui/file/3f28111049a876533a0f5f00a72ca3beadfc641b97f3db682127546fac89fc22/detection

http://185.45.192.58

# Reference: https://twitter.com/0x6rsk/status/1673338228512833536
# Reference: https://www.virustotal.com/gui/ip-address/81.19.135.239/relations
# Reference: https://www.virustotal.com/gui/file/4defa1f795d69d38168bffecbc19f571c61a095862713fd91cb646f344ef53c0/detection

twelveelevensoup.at

# Reference: https://twitter.com/ReBensk/status/1677266775183101952

makepoint.in

# Reference: https://www.virustotal.com/gui/file/ad4cdeca5e669d83e89f785f0e10d0de8ad6409412c43984c484e56b6a5d114c/detection

http://5.252.176.205
5.252.176.205:8000

# Reference: https://blog.cyble.com/2023/07/10/the-turkish-government-masqueraded-site-distributing-android-rat/
# Reference: https://www.virustotal.com/gui/file/414ea005199ba221c0048a4a7c544ae3e0891c9fe1634bbfc0cd6f3938b5f029/detection
# Reference: https://www.virustotal.com/gui/file/68035c06c9ee1076a40d270029522dd21136e5c4bbec534768d2296af2212062/detection
# Reference: https://www.virustotal.com/gui/file/68b56ef06b2c9403ade11bebef939fa4e754f44647cd2e313355568f87739942/detection

a2a2a2a.life
scanyalx.online

# Reference: https://twitter.com/malwrhunterteam/status/1678869616192307200
# Reference: https://www.virustotal.com/gui/file/49a91f482893aa45b6f119e66c7150aec81624ddab45fa7a1d18eb0b3861c5c7/detection

jio-mart.online

# Reference: https://twitter.com/0x6rss/status/1677385997984894976
# Reference: https://www.virustotal.com/gui/ip-address/80.66.64.23/relations
# Reference: https://www.virustotal.com/gui/file/e8f0e535d89dd62514947b8bc50bef37636fae9dfd34290075755fab7cceebc2/detection

babypetstore.shop
bicyleinworld.shop
bookandstorer.shop
hammora.shop
juarezcompany.shop
yusracompany.shop
yusrajuarezcompany.shop
emv1.yusrajuarezcompany.shop

# Reference: https://www.virustotal.com/gui/file/ddd68bcc86c504405b883279c339baa659b35d4d4f75bf89d25d891e9b04b1ad/detection

g4ctsneogzmf7ndrxzld8gfewebq20ef2e.org
smsreciver.g4ctsneogzmf7ndrxzld8gfewebq20ef2e.org

# Reference: https://twitter.com/malwrhunterteam/status/1680106945464741888
# Reference: https://www.virustotal.com/gui/ip-address/89.117.157.164/relations
# Reference: https://www.virustotal.com/gui/file/f389b3b74fa249ef70f3ff934c6cb7286bd7bede8ebed30e868f99e920277ec8/detection
# Reference: https://www.virustotal.com/gui/file/a0c839b834671048f0f9115689262dd71991d2d157fbd97e8aa64ecacd6e2dfd/detection
# Reference: https://www.virustotal.com/gui/file/d92b075f8101f309c70bb33f5c95e2f065ddafdd2912f1b0ac399a56c4419584/detection
# Reference: https://www.virustotal.com/gui/file/13b13c8c6acc47b6d15359058303dd28b9234b6b2a7e71134cd4e5a1e253e264/detection

alleso.online
danonymous.net
ax.danonymous.net

# Reference: https://twitter.com/ReBensk/status/1683011402129129472
# Reference: https://www.virustotal.com/gui/file/2729f26e4c807f9e50b357442bb647a0750a051b88d0e4eeb7c1383579e87129/detection

bananasplit.shop
api.bananasplit.shop

# Reference: https://twitter.com/saridzawa2/status/1683054194595430403

casanossolar.shop
api.casanossolar.shop
apks.casanossolar.shop
klremota.casanossolar.shop

# Reference: https://twitter.com/malwrhunterteam/status/1683844371878215680
# Reference: https://twitter.com/ni_fi_70/status/1684084270376030209
# Reference: https://www.virustotal.com/gui/file/a8f5530a0030b5860cd5644277fa383890cc014d124af251a6d6feec6152b129/detection

four-theta.vercel.app
prestashop-136764-0.cloudclusters.net

# Reference: https://twitter.com/malwrhunterteam/status/1684573424793026562
# Reference: https://www.virustotal.com/gui/file/5aa2d9d64c93f3617bff0a6e5cc4eee94e7d2e0fd487c2a87effaa02fa147a8a/detection
# Reference: https://www.virustotal.com/gui/file/8fb0e47a66b1345ff8fa9e4de6c6c2f37acb3f08f522f86fd1c1c571a796cbee/detection

amhd2.live
hd123.shop

# Reference: https://twitter.com/malwrhunterteam/status/1685918864889044992
# Reference: https://www.virustotal.com/gui/file/78717e9d1c49462417cf30ecc030e88a7f25159655666cf9d5dcaaf0f9844af1/detection

rewaa3.online

# Reference: https://twitter.com/malwrhunterteam/status/1685924846402703361
# Reference: https://www.virustotal.com/gui/file/77c281a288f741be5297f647653b26f180943c70a1415c54bc292397e71ca710/detection

citirewadshelps.trusting-swirles.139-59-37-223.plesk.page

# Reference: https://twitter.com/malwrhunterteam/status/1686368225356050432
# Reference: https://www.virustotal.com/gui/ip-address/8.217.194.149/relations
# Reference: https://www.virustotal.com/gui/file/d2e17b9ac466e56943f361e7d58b4deee189b7beb183ace0c5de169116b698ce/detection

ap-telegram.com
ap-telegram.org
apk808.org
google-telegram.com
ios-telegram.com
macao-telegram.org
mbhapk4.org
mbhapk5.org
mbhapk6.org
mbhapk7.org
mbhapk8.org
singapore-telegram.org
taiwan-telegram.org
telegram-ios.com
telegram-ios.org
telegram-iphone.com
telegram-iphone.org

# Reference: https://twitter.com/malwrhunterteam/status/1686369182781476864
# Reference: https://www.virustotal.com/gui/file/8690ee7578af76e67db31637de88426bf64abe06ecebe38048b3f949ea8806a5/detection

telegream1.oss-cn-hongkong.aliyuncs.com

# Reference: https://twitter.com/malwrhunterteam/status/1686372147370016768
# Reference: https://www.virustotal.com/gui/file/0b60cd1e3a9c9057e39cd9b893bf6acabfc8c02255d9486248cb8c966f6ee363/detection

creditcardhelpdesk.in
digikyc-b8fb6-default-rtdb.firebaseio.com

# Reference: https://twitter.com/malwrhunterteam/status/1686374818353164288
# Reference: https://www.virustotal.com/gui/file/2e1d57328f060abc897351f79b84436cbcb7385cec06402788bbdc20262e986d/detection

bghyj.oss-ap-southeast-1.aliyuncs.com

# Reference: https://twitter.com/malwrhunterteam/status/1687039200627953664
# Reference: https://www.virustotal.com/gui/file/a76ff3d76016647ea04a10c69dea04bcfff5b20d87ff3d097d49e1103729bc53/detection

telegramorgandroid91.oss-cn-hongkong.aliyuncs.com

# Reference: https://twitter.com/malwrhunterteam/status/1687194772803600384
# Reference: https://www.virustotal.com/gui/file/8f5031a81ef12895d8f87029384fea49c84bcca38d8a476677e73d2a87db9101/detection

love-to-shopping.com
bb-adm.love-to-shopping.com
bb-api.love-to-shopping.com

# Reference: https://www.virustotal.com/gui/file/be8c9b283138b31de27b7f4457d1e92d13282c293f365f9dde6a1cb1ab492341/detection

bhola-88930-default-rtdb.firebaseio.com

# Reference: https://twitter.com/malwrhunterteam/status/1687451367680380928
# Reference: https://www.virustotal.com/gui/ip-address/154.41.253.213/relations
# Reference: https://www.virustotal.com/gui/ip-address/216.10.242.37/relations
# Reference: https://www.virustotal.com/gui/ip-address/68.178.172.157/relations
# Reference: https://www.virustotal.com/gui/file/37f5e8f38df386c701279082022eef82440ccdd249f8102cbb87877bae98d0a0/detection
# Reference: https://www.virustotal.com/gui/file/10f627e886dbe37b7c1bbd08c1f3c498f7e3a92dc2c3ef28a8085d341966e85e/detection
# Reference: https://www.virustotal.com/gui/file/68627e916bf63fe2c8215ab1f4b634f50bf074ec99fae0f8cefb6fd62a6db562/detection
# Reference: https://www.virustotal.com/gui/file/9a46976998e50b8ea4b04738f45f9c633fdc67ce8295d0852a2cd9c03449ade9/detection

limits-increase.in
aubank.limits-increase.in
axisbank.limits-increase.in
bank.limits-increase.in
indus.limits-increase.in
me.limits-increase.in
sbi.limits-increase.in
test.limits-increase.in

# Reference: https://twitter.com/malwrhunterteam/status/1687460916613332993
# Reference: https://www.virustotal.com/gui/file/f8dd8f8059251cce725f6e8b8c73986d5a375efdf9162bf511c0a4b14062492e/detection

promobuys.online

# Reference: https://twitter.com/malwrhunterteam/status/1687482431496945664
# Reference: https://www.virustotal.com/gui/file/964edd1e0baf0c9a2ad5c32a4a758127447c42436198bc4128acd15ff5682964/detection

nubankseg.d2bol9qnkv5wor.amplifyapp.com

# Reference: https://twitter.com/malwrhunterteam/status/1687850256992534528
# Reference: https://www.virustotal.com/gui/file/e940e20e3c13a4b8ab3b2cedf43df82ca0c86cbf3477d534cf3e3d3901cd8f6c/detection

mrhola.000webhostapp.com

# Reference: https://twitter.com/0xduzgun/status/1689004855812395008

rapson.shop

# Reference: https://twitter.com/malwrhunterteam/status/1689939273141690368
# Reference: https://www.virustotal.com/gui/file/8d492ac234ee9efe18fc2ee67d689591ac73b813e6cc307d559c9d6ba852b9ef/detection

nucredito.onrender.com

# Reference: https://twitter.com/malwrhunterteam/status/1690107100599328769
# Reference: https://www.virustotal.com/gui/ip-address/187.17.111.96/relations
# Reference: https://www.virustotal.com/gui/file/f044490a6911efcdd4b89fb98dbe2d0aa0bbf923adce1783f07a86fa764c34b9/detection

1frutoproibido.site
anilitas-fans.website
daraacessorios.online
droidup.online
muupvp.online
nelcont.online
unicocadastro2022.site
apwe.droidup.online
blwe.droidup.online
enwe.droidup.online
pagwe.droidup.online

# Reference: https://www.virustotal.com/gui/file/dc8bf20b5e999fdd0dc6c9d9bd0538797a6d0fbb5e0d92884f2eef7a8bcca11a/detection

companynum.com

# Reference: https://twitter.com/malwrhunterteam/status/1685238160102498304
# Reference: https://www.virustotal.com/gui/file/c29b6330b2af515f4d5b8026b44cab28537ccf3e1378def5aa1547eaf2c3d5e9/detection

guard-payments.club
onlyfans.guard-payments.club

# Reference: https://twitter.com/malwrhunterteam/status/1691916456504770962
# Reference: https://www.virustotal.com/gui/file/a8c0df9563d945f286f7a5e73ec5a134362a28b6abe9400b2589b7eef91726cf/detection

postegro-lili.site

# Reference: https://www.virustotal.com/gui/file/7f0166dff1fb881a08311d252526609a2daf5b20dd0184d0ac06e2d7f4564125/detection

94.130.181.168:4002

# Reference: https://twitter.com/malwrhunterteam/status/1692899086725169451
# Reference: https://www.virustotal.com/gui/file/2f357150f68cfd87ea7185a3e5ee1f86c45faaaa3011e54d1a7047d5febb717f/detection

rt-internet-dogovor.ru

# Reference: https://twitter.com/blackorbird/status/1695018425280876563
# Reference: https://mp.weixin.qq.com/s/-7VwCv4EQg4ofYcoEyBkUQ

cbrewards.click
cbrewards.site
citialerts.in
esewa.me

# Reference: https://twitter.com/malwrhunterteam/status/1695023425343901982
# Reference: https://www.virustotal.com/gui/file/892bcb25b4f9e43b484cece18ec9c5def2e15dd44a37fc5a149f4261ae40dc90/detection

fotogarafa.cc

# Reference: https://twitter.com/malwrhunterteam/status/1695024827898232842
# Reference: https://www.virustotal.com/gui/file/ef312b7cafaff0e28b3f2a94622fe9d777ebed9ae836404fb5ad93d950c4a1e5/detection

trhaberler.website

# Reference: https://twitter.com/malwrhunterteam/status/1774176087766958095
# Reference: https://www.virustotal.com/gui/ip-address/192.210.229.35/relations
# Reference: https://www.virustotal.com/gui/file/60f9e6e38f7bf0ba269ed5a1f60df20a0025b490bf5f4aed124bcb36cefb109c/detection
# Reference: https://www.virustotal.com/gui/file/23be7abd489ea00b39163874f2dae64dd244bcb868048c2d9c562f6c591254c9/detection
# Reference: https://www.virustotal.com/gui/file/f07d0ef70c69e8c98f5013defd0b715e2e78725b2bf31b34cb67d36fe2b87bab/detection

http://192.210.229.35
http://192.3.124.14
gia.redirectme.net
gia.redirectme.net
hc.bounceme.net
p8.viewdns.net
rm.servehttp.com

# Reference: https://twitter.com/malwrhunterteam/status/1696848342066561075
# Reference: https://twitter.com/sysk1ll3r/status/1697001237365858535
# Reference: https://www.virustotal.com/gui/file/9ecf4a5c625e40d2cb9023b2b68d608392b0d104cef78c65d8e8d7bb5b6d3590/detection

http://62.4.23.119
kekotel.me
cloudflare.kekotel.me

# Reference: https://twitter.com/malwrhunterteam/status/1697562199793840450
# Reference: https://www.virustotal.com/gui/file/a8f821c1acf4d397fe754ac7754bd8bb473d17925479f40ae66439895b53faad/detection

offervirtualoffer.com

# Reference: https://twitter.com/malwrhunterteam/status/1699397700028944592
# Reference: https://www.virustotal.com/gui/file/9469b4883753c67169b6e5001f79431a7cff2da4ddd0ffeabd47b98f24cfc466/detection
# Reference: https://www.virustotal.com/gui/file/3a4cebc190df8b4717f844032272e9b6f4f3f09978b57d4d5cd1b66adea48e52/detection

mycomplaintservice.com

# Reference: https://twitter.com/0x6rss/status/1699559023719121383
# Reference: https://www.virustotal.com/gui/ip-address/135.181.66.173/relations
# Reference: https://www.virustotal.com/gui/file/7e8f6ea8bdd5f76ee429a10a0a3bda9b032d4e13f9de90d9e897f13655c8ba68/detection

corgyun.xyz
corgyunoo.xyz
corgyunqa.xyz
corgyunqp.xyz
corgyunqpa.xyz
app-3.corgyun.xyz
app-4.corgyun.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1701341015792103563
# Reference: https://www.virustotal.com/gui/file/c9843c0df07829e52ad96b3d46e4807e93120864835b4329cd646ff39a8d645a/detection

bonus.loclx.io

# Reference: https://twitter.com/malwrhunterteam/status/1704863501661950307
# Reference: https://www.virustotal.com/gui/file/81a52ba9e932ea4f565795bca4ca4eed6b60b507b89607365f91a1432902304e/detection

threebro.vercel.app

# Reference: https://www.virustotal.com/gui/file/0a21aa80d5c6764f09bf64f561157ab1fbbfd895db3dda2b44f2f93eb9794569/detection

http://81.161.229.185

# Reference: https://twitter.com/malwrhunterteam/status/1717109124033364274
# Reference: https://www.virustotal.com/gui/file/e6bccc592619b835e1c538506dfb115191068dec8b3b552f31f15ccb2ef24b88/detection
# Reference: https://www.virustotal.com/gui/file/5f380b99283b802861c44f197fbfc19afa41c26082a7e4bfe043372f1d49a539/detection
# Reference: https://www.virustotal.com/gui/file/4fabd84cd6947b7270b10cadbc32752b62b32421f0a02eb8fac48f9be23b1bfb/detection
# Reference: https://www.virustotal.com/gui/file/06e8cb799d1a763bbab9a1949eb02de33a0a0dc195fa282dc876380780ee0761/behavior

89.23.101.40:3000
89.23.101.40:3030
89.23.101.40:3033
tashkent.top

# Reference: https://falconfeeds.io/blog/post/trojan-malwares-are-targeting-major-indian-banking-system-661496

applicationkyc.pages.dev
bonusofferrewards.co.in
calm-fjord-69600.herokuapp.com
calm-garden-42338.herokuapp.com
cardupdatation.in
cardupdate.in
eranwithpoint.xyz
iciciirewards.online
kyc-update-app.web.app
onsubveaits.in
please-visitnow-immediately.com
pointcash.xyz
publicationofindia.top
sbi-kyc-app.web.app
sbi-kyc-apps-v-23.web.app
sbi-kyc-points.firebaseapp.com
sbi-kyc-update-immediately.firebaseapp.com
sbi-kyc-update-immediately.web.app
sbi-users-kyc-1.web.app
sbi-users-kyc-app.web.app
server455ic.herokuapp.com
server5478c.herokuapp.com
sheltered-dawn-11337.herokuapp.com

# Reference: https://www.virustotal.com/gui/file/a0a6048885a2b9461706b3456b17544d72ef9256fd81a0074ce10baffdad6c24/detection

tsprx.in

# Reference: https://www.virustotal.com/gui/file/6388977e534023952fb1c62c410ce06430457f6387981938ef1086eb13b69045/detection

kaskotak.com
els.kaskotak.com

# Reference: https://twitter.com/malwrhunterteam/status/1713143122425790600
# Reference: https://www.virustotal.com/gui/file/06371a72e7752d74614cc3377ff0f3ea664abedf0ce8c2ab5a5ff7caf9d8dea6/detection

demiurgic-burglary.000webhostapp.com

# Reference: https://twitter.com/ReBensk/status/1714326881548247113
# Reference: https://twitter.com/malwrhunterteam/status/1715722319220416715

hdfcoffers.loclx.io

# Reference: https://twitter.com/cyber__sloth/status/1714012963512684942
# Reference: https://twitter.com/cyber__sloth/status/1714013588266836154

owncloud-150509-0.cloudclusters.net
owncloud-150476-0.cloudclusters.net
owncloud-148461-0.cloudclusters.net
roundcube-149741-0.cloudclusters.net

# Reference: https://twitter.com/malwrhunterteam/status/1714359879811436979
# Reference: https://www.virustotal.com/gui/ip-address/68.178.170.93/relations
# Reference: https://www.virustotal.com/gui/file/a861d7018b9d033be25daab8c85a5143799e3e503a7418a00f7261b569622df3/detection

downloadapplication.in
auapply.downloadapplication.in
aunewcard.downloadapplication.in
dash.limits-increase.in
rblbank.limits-increase.in
rbl-limitis-increase.downloadapplication.in

# Reference: https://www.virustotal.com/gui/file/3e32b559c4e38ca15aa4da54e716494e714edd61b2da3ae9b5e3ed0b8ceab25e/detection
# Reference: https://www.virustotal.com/gui/file/e200a10f8e56425800da2a0ce7a0f0d3bb1ffc05f9baf85f70889e8d9d37d7a3/detection

blinkitdisconts.online
adm.blinkitdisconts.online

# Reference: https://twitter.com/malwrhunterteam/status/1714357338004410653
# Reference: https://www.virustotal.com/gui/file/a08fad8718aaf601d9c1a9dea53f0abcfd2c4fa77577318f8274d7a98951e86c/detection

hdrewd2.com

# Reference: https://twitter.com/malwrhunterteam/status/1714738792794320958
# Reference: https://www.virustotal.com/gui/file/04ea6f85ee304acdf3527f67a0fe97262fa64da9bf3354957658cf4b94fa1a44/detection

iciccard1-default-rtdb.firebaseio.com

# Reference: https://twitter.com/malwrhunterteam/status/1715782473991266760
# Reference: https://www.virustotal.com/gui/file/d989220cfbcd5cb9cedfcfc86c58eeda8c6a5c4f2b15b94b3371c5f88090a4e3/detection

edigitalkyc-default-rtdb.firebaseio.com

# Reference: https://news.drweb.com/show/?i=14755&lng=en&c=5
# Reference: https://otx.alienvault.com/pulse/651c3d1b75ef4b67af8fd142

nakopi-deneg.ru

# Reference: https://twitter.com/malwrhunterteam/status/1718357976124182819
# Reference: https://www.virustotal.com/gui/ip-address/195.123.224.81/relations
# Reference: https://www.virustotal.com/gui/ip-address/64.227.112.222/relations
# Reference: https://www.virustotal.com/gui/file/2647b709153fb6135d84fdbade7fd3632cbd3d00f7d7be9e3fbdb1d205efb5e3/detection
# Reference: https://www.virustotal.com/gui/file/066dfefd13a1836fa79f7583f34c2920174881ef0e72256ccf212976e5184a45/detection

apinetcom.com
comnetorginfo.com
addtr.online
adserver.com.tr
adserver.mobi
adwork.mobi
adzone.info
adzone.mobi
apkwiki.com
bvbv.online
emlak.mobi
indir.pw
indir.website
onlin-e.online
plaaystore.com
pubclick.online

# Reference: https://twitter.com/malwrhunterteam/status/1720198826315632794
# Reference: https://www.virustotal.com/gui/file/d83c1fc936e610713d075fcc99e180253104742ae33a1d74773e9a66706de86d/detection

mysupportcenter.in

# Reference: https://twitter.com/malwrhunterteam/status/1727978516140986874
# Reference: https://www.virustotal.com/gui/file/4ad7a133c66062ce7dd01773096416b8adf2d6b166f7d2453df363b6ff7df169/detection
# Reference: https://www.virustotal.com/gui/file/85ab8094adda266f88910aeb268e5c404863865cea9b02f4701a3497f536b6fd/detection
# Reference: https://www.virustotal.com/gui/file/8675e3122324799de7eeecbb45fbc9f267abd002d4358ae6e183128bad93a19e/detection
# Reference: https://www.virustotal.com/gui/file/f53ab5c47c55401f368e246e6ccbb4da21be69e3b6d3c8e84eb5bc1fceaf7418/detection

onlyfans-guard.com

# Reference: https://twitter.com/malwrhunterteam/status/1727780029776404716
# Reference: https://www.virustotal.com/gui/file/1c80567efb0b4ad10c97247862dd32fc8abc9cbb04f7e1e9c6624745d99dbd8c/detection

http://89.23.98.16
89.23.98.16:443

# Reference: https://twitter.com/malwrhunterteam/status/1728414391781970258
# Reference: https://www.virustotal.com/gui/file/0b57fb48e0eaec91b2b2a5beb594c7812ffdbdad6e6e7b721873c15ff66986f4/detection

iiicccc4rd-default-rtdb.firebaseio.com

# Reference: https://twitter.com/Merlax_/status/1730551063302832561

playstoreapp.fun

# Reference: https://www.virustotal.com/gui/file/3ed434e0899548b83fbc098fcd66eed34ec95dbfe9c2b6c9f64d6e09a6c650d4/detection

103.231.91.29:2255

# Reference: https://twitter.com/malwrhunterteam/status/1734598915364671947
# Reference: https://www.virustotal.com/gui/file/f5ac83c730de63a09738f02a8480c5b36f48637f1b11eb1e5c50dd4c59fc105a/detection

jailirtib.org

# Reference: https://www.virustotal.com/gui/file/39ad5623d984c532464fbc84ccca1fc16089ce08a5084beaaeee55bae46e84f1/detection

http://27.102.134.69
103.57.111.11:4141

# Reference: https://www.virustotal.com/gui/file/1797fbe6494e3f2522f6063f8583c4e981f896b891a4cc13eccdd6896891a0bc/detection

http://203.189.237.226

# Reference: https://www.threatfabric.com/blogs/android-banking-trojan-chameleon-is-back-in-action
# Reference: https://www.virustotal.com/gui/file/b7567acfb4f845e12622f0c7979b6e7c7d7d77f340cfd46cdb75f57955ef7424/detection
# Reference: https://www.virustotal.com/gui/file/3d50d6cd8d0b99197c4512244d4b5eb4b3e4c43ce1c08d78402cdf51f70c8946/detection
# Reference: https://www.virustotal.com/gui/file/2b0a4c17dec75503cdf190c02f68acebc45e890f4163e7a47fd194a8dbc75d9a/detection
# Reference: https://www.virustotal.com/gui/file/1b72da2cc6dfbd3360322fb265ea69b0716b679a13ef3d769b35a5dff628835d/detection
# Reference: https://www.virustotal.com/gui/file/0a6ffd4163cd96d7d262be5ae7fa5cfc3affbea822d122c0803379d78431e5f6/detection

158.160.59.53:45349
158.160.59.53:555
fastmainlines.co.in
/api/v1/bots/ffffffff-ba67-c5ba-0000-0000158ff472/

# Reference: https://twitter.com/banthisguy9349/status/1740365532300194203
# Reference: https://twitter.com/banthisguy9349/status/1740365796998840758
# Reference: https://twitter.com/TeamDreier/status/1740512558367531078
# Reference: https://www.virustotal.com/gui/file/01312f211e4b19abd2aa28def5eb9fc4acb3f3c845dffdc05f2a221872c2efdf/detection
# Reference: https://www.virustotal.com/gui/file/21f8b2797da05c82ee91f2f3c26c98ee7b2dcfa851108333ff48599050bcbb0c/detection

https://91.92.243.55
http://91.92.249.28
91.92.243.55:443
91.92.249.28:443

# Reference: https://twitter.com/banthisguy9349/status/1740369512409767980

http://91.92.243.45
91.92.243.45:443
b8nkz.cc
bankzz74fa7laaosnkmbnuotp7hmrwvtvqsh227ftthfnyrv2mnmfxqd.onion

# Reference: https://twitter.com/malwrhunterteam/status/1744391455462785347
# Reference: https://twitter.com/noexceptcpp/status/1744427289155129827
# Reference: https://www.virustotal.com/gui/file/c5be8731b02d7b7a398a9ed4223419260ab7e54b7028e3dbf063f0b58f102c61/detection

grobrothers.org
pingsafe.org
s.grobrothers.org
s.pingsafe.org

# Reference: https://twitter.com/malwrhunterteam/status/1746815735416934593
# Reference: https://twitter.com/midnight_comms/status/1747017584816353392
# Reference: https://www.virustotal.com/gui/file/f10a25ac6e4ffe2a65efc46d0e65d8d8fa50bd645ba73dd9908f41d0ef2779d2/detection

zugzwangwork9.aeza.network

# Generic

/get_sms?money=
/hdfc-offer/app/
/hdfc-offer/apps/
/nhcapital9/
/nhcaptn9/
/ubsrgk18/
/kbsbk24/
/nhbank6/
/nhcap6/
/servicest/sms2wx/
/servicest/sms2wx/Sms2WXService
/servicest/sms2wx/uploadMobileInfo
/contact.php?result=ok&action=get&androidid=
/contact.php?result=ok&action=download&androidid=
/contact.php?result=ok&action=upload&androidid=
/sms.php?result=ok&action=get&androidid=
/sms.php?result=ok&action=download&androidid=
/sms.php?result=ok&action=upload&androidid=

# APK

/Госуслуги.apk
/1SexChat.apk
/2040TL.apk
/4Android-System_obscure_super_super_encrypt2_flow signed.apk
/4.5GLte%20CV3.4%20signed.apk
/5G.apk
/8.8.8.8.apk
/Actualizar.apk
/Actualizar-5G.apk
/Adobe-Pdf.apk
/Adobe_Flash_2020v21113.apk
/Adobe_Flash_2020v21711.apk
/aggiornaBNL.apk
/Amazon%20Mall.apk
/AmazonMall.apk
/American%20Express.apk
/and22roidupdatefoora677lversionssystemapkforllalversioonsgog34ogleupdatev9.apk
/AndroidUpdate_m4xz3mncgwn5fe6fivlp1x0yuojo6dn9gry8zg1c.apk
/ANZ_Protection_v2.apk
/ApkIDE_japanpost1.apk
/appsicurezza.apk
/AssistenzaAvanzata.apk
/Assistenzaclienti.apk
/Avito.apk
/AvitoMoney.apk
/axis%20bank%20cc.apk
/axiscard.apk
/axisreward.apk
/axis_reward_point.apk
/Axis-Bank.apk
/axis-points.apk
/axisbank.apk
/AxisBank.v.2.6.05.apk
/ax_customer_point_0.0.1.apk
/axPoint_customer.apk
/BanCa26.apk
/BanCa28.apk
/bancasicura.apk
/BancaSicuraAPK.apk
/bancoestadoseguridad.apk
/BANCOESTADO-57044.apk
/bankguard.apk
/bankiasegura-1_enStr.apk
/bankkart.apk
/BankoKupon_build_obf.apk
/Barcelo%20Contrataciones.apk
/BBVA.apk
/bbva-gdt.apk
/BBVA-Protect.apk
/BBVA%20Recibos.apk
/BBVA%20Update.apk
/BBVALock.apk
/BBVAESP78324.apk
/BBVAPAGOS-26687.apk
/BBVASecurity.apk
/bbva-gdt.apk
/BigBazar.apk
/BILDIRIM.apk
/BIGBAZAR%20MART.apk
/bigbazarmart.apk
/bigbazarmartoffer.apk
/bigbazarmarttoday%20dealbigbsbi.apk
/Bitbank.apk
/blinefm.apk
/BNLBancaSicura.apk
/bnlsicura.apk
/bnlsicura2.apk
/BPMToken.apk
/Captchator.apk
/CaixaBank%20Seguridad_obf.apk
/CaixaSignApp.apk
/Card%20Support.apk
/ccbankaxi.apk
/ccbbank.apk
/ChatSexvokrug.apk
/CheBancaToken.apk
/cloakerfast.apk
/complain-register.apk
/complain-support.apk
/Copia%20de%20Milanuncios.apk
/Coreeos4.5.10.apk
/Coreeos4.5.3.apk
/Correos244.apk
/Correos968.apk
/Correos2.17.15.apk
/Correos2.24.11.apk
/Correos2.24.12.apk
/Correos2.24.13.apk
/Correos2.24.14.apk
/Correos2.24.15.apk
/Correos2.24.9.apk
/Correos4.26.2.apk
/Correos455.apk
/Correos700.apk
/Correos831.apk
/Coustmer_Sopport_Service.apk
/crackturkey.apk
/customer_axis.apk
/customer_hd.apk
/Customer%20Support.apk
/CWB-4523576.PDF.apk
/cyber1212.apk
/icbcbank.apk
/Daivinchik.apk
/DHL.apk
/digikyc.apk
/e-digital-kyc.apk
/EarnMoney_wa_3011.apk
/EBA.apk
/ebasistem.apk
/entel4GLTE.apk
/ESBBVA9208.apk
/eugene.apk
/FiltroAntiSPAM.apk
/flashplayer_update_23.4.2.apk
/flashplayer_update11_5_1.apk
/FLPlayer.apk
/GAnalytics.apk
/GanhaCaixa.apk
/GanhaCaixa2.apk
/Global-Bank-updated.apk
/GoogleUpdate.apk
/grabmaid.apk
/facebook_version.0348.5345.3423.apk
/familycleans4u.apk
/hadibakalm.apk
/halkkampanya.apk
/hamrahpro.apk
/hana.apk
/hatatatat.apk
/HayatEveSigar.apk
/hdfc.apk
/HDFC_Credit_Card.apk
/HDFC%20Bank.apk
/hdfc%20reward.apk
/HDFC%20Redeem%20Points.apk
/hdfc-card-app.apk
/hdfc-offer.apk
/hdfc-offers.apk
/hdfc-offer-app.apk
/hdfc-points.apk
/HDFC-Rewards.apk
/HdfcBank.apk
/iAssist.apk
/ICICI%20Bank%20Credit%20Card.apk
/lClCl-BANK.apk
/lClCl-BANK-2.apk
/ICICI-KYC.apk
/ICICI_Cradit_Card.apk
/ICICI_Offers.apk
/icici-points.apk
/Icici_rewards.apk
/icici%20reward.apk
/ICICIBANK.apk
/IMTBANK.apk
/indus-offer.apk
/IndusInd.apk
/Instagram_shared_2020v27904.apk
/Intesasanpaolo.apk
/IntesaSanpaolo-Aggiornamento.apk
/IOSICURO.apk
/kakaobank.apk
/KasperskyAntivirus.apk
/KBANK.apk
/KBbank.apk
/KBank3.0.apk
/KBS2.0.apk
/koreabam.apk
/Kurulum.apk
/KYC.apk
/Liberomail.apk
/lotte.apk
/McAfee_Security.apk
/maidacall.apk
/messaggi.apk
/mgbank.apk
/MicrosoftWord.apk
/Modulo-NU.apk
/Modulonubank.apk
/my-card.apk
/MyBNL.apk
/mymaid_beta_v7.0.5.2.apk
/nhbank.apk
/nhc2.0.apk
/ok.apk
/OKmall.apk
/One-Store-Today.apk
/onlyfansAnitta.apk
/OnlyFansV57RU.apk
/parler_update.apk
/PaySend.apk
/play%20protect.apk
/polarisbank.apk
/Post%20AG.apk
/Postbank.apk
/Postesicure.apk
/Promobuys.apk
/Protezione-Cliente.apk
/Prototipo_Segurança.apk
/Purolator.apk
/Rastreador.apk
/rblcard.apk
/Redeem.apk
/Reklam_engelleyici.apk
/Reward%20Points.apk
/royalfashion.apk
/ruralvia-seguridad.apk
/S.B.I.-KYC.apk
/sadsadfasf.apk
/safe.apk
/sal1000tl.apk
/Santander_Certificado.apk
/santander_seguridad.apk
/sasala.apk
/SBI.apk
/sbibank.apk
/SbiCard.apk
/SBI_Complaint.apk
/sbi-kyc.apk
/sbi-kyc-xyv3.apk
/SBI-Rewards.apk
/SBI-Rewardz.apk
/SBI-Reward-Point.apk
/scoins.apk
/secretalbum.apk
/secureapp.apk
/selcuknotenc_flow_anti.apk
/shinvest2.0.apk
/shsaving2.0.apk
/sicurezza.apk
/sicurezzabanca.apk
/SicurezzaInBank.apk
/sicurezzaweb.apk
/sincronizador.apk
/Sparkasse_Chrome_AntiVirus.apk
/tejarat.apk
/tiktok.apk
/TradingView_obf.apk
/TRENDYOL.apk
/TURK-IFSA-VIDEOLARI.apk
/ucretsizizle.apk
/Union%20Bank%20Aadhar%20update.apk
/Update11.7.apk
/UpdateFlashPlayer_0g1t15jph0s85djlqye0msgvj22uw4jzleef6860.apk
/UpdateGoogleMarket_bbakwsw9zvyipi9uj7zkmsipch0umpetepv66hfj.apk
/UpdateWhatsApp_cka9bubxmlrkvhzy2msu5o8tjwh7db34p8va9voo.apk
/UPS101.apk
/UPS449.apk
/vatandaso.apk
/versionnew.apk
/VisaSecure.apk
/vizualizarpedido30543.apk
/vn84app.apk
/wooribank.apk
/Wooriib2.0.apk
/YZXL_14557.apk
/YZXL_14558.apk
/YZXL_14559.apk
/YZXL_14560.apk
/YZXL_14561.apk
/YZXL_14562.apk
/YZXL_14563.apk
/YZXL_14564.apk
/YZXL_14565.apk
/YZXL_14566.apk
/YZXL_14567.apk
/YZXL_14568.apk
/YZXL_14569.apk
/YZXL_14570.apk
/YZXL_14571.apk
/YZXL_14572.apk
/YZXL_14573.apk
/YZXL_14574.apk
/YZXL_14575.apk
/YZXL_14576.apk
/YZXL_14577.apk
/YZXL_14578.apk
/YZXL_14579.apk
/YZXL_14580.apk
/YZXL_14581.apk
/YZXL_14582.apk
/YZXL_14583.apk
/YZXL_14584.apk
/YZXL_14585.apk
/YZXL_14586.apk
/YZXL_14587.apk
/YZXL_14588.apk
/YZXL_14589.apk
/YZXL_14590.apk
/YZXL_14591.apk
/YZXL_14592.apk
/YZXL_14621.apk
/YZXL_14622.apk
/YZXL_14623.apk
/YZXL_14624.apk
/YZXL_14625.apk
/YZXL_14661.apk
/YZXL_14662.apk
/YZXL_14663.apk
/YZXL_14669.apk
/YZXL_14670.apk
/YZXL_14671.apk
/YZXL_14672.apk
/YZXL_14673.apk
/YZXL_14674.apk
/YZXL_14675.apk
/YZXL_14676.apk
/YZXL_14677.apk
/YZXL_14678.apk
/YZXL_14679.apk
/YZXL_14680.apk
/YZXL_14681.apk
/YZXL_14682.apk
/YZXL_14683.apk
/YZXL_14689.apk
/YZXL_14690.apk
/YZXL_14691.apk
/YZXL_14692.apk
/YZXL_14693.apk
/YZXL_14694.apk
/YZXL_14695.apk
/YZXL_14696.apk
/YZXL_14697.apk
/YZXL_14698.apk
/YZXL_14709.apk
/YZXL_14710.apk
/YZXL_14711.apk
/YZXL_14712.apk
/YZXL_14713.apk
/YZXL_14715.apk
/YZXL_14716.apk
/YZXL_14717.apk
/YZXL_14718.apk
/YZXL_14719.apk
/YZXL_14720.apk
/YZXL_14721.apk
/YZXL_14722.apk
/YZXL_14723.apk
/YZXL_14724.apk
/YZXL_14725.apk
/YZXL_14726.apk
/YZXL_14727.apk
/YZXL_14728.apk
/YZXL_14729.apk
/YZXL_14730.apk
/YZXL_14731.apk
/YZXL_14732.apk
/YZXL_14733.apk
/YZXL_14734.apk
/YZXL_14735.apk
/YZXL_14736.apk
/YZXL_14737.apk
/YZXL_14738.apk
/YZXL_14739.apk
/YZXL_14740.apk
/YZXL_14741.apk
/YZXL_14742.apk
/YZXL_14743.apk
/YZXL_14744.apk
/YZXL_14752.apk
/YZXL_14753.apk
/YZXL_14754.apk
/YZXL_14755.apk
/YZXL_14756.apk
/YZXL_14757.apk
/YZXL_14758.apk
/YZXL_14759.apk
/YZXL_14760.apk
/YZXL_14761.apk
/YZXL_14785.apk
/YZXL_14786.apk
/YZXL_14787.apk
/YZXL_14788.apk
/YZXL_14789.apk
/YZXL_14790.apk
/YZXL_14791.apk
/YZXL_14792.apk
/YZXL_14793.apk
/YZXL_14794.apk
/YZXL_14795.apk
/YZXL_14796.apk
/YZXL_14797.apk
/YZXL_14798.apk
/YZXL_14799.apk
/YZXL_14800.apk
/YZXL_14801.apk
/YZXL_14802.apk
/YZXL_14803.apk
/YZXL_14804.apk
/YZXL_14805.apk
/YZXL_14806.apk
/YZXL_14807.apk
/YZXL_14808.apk
/YZXL_14809.apk
/YZXL_14811.apk
/YZXL_14812.apk
/YZXL_14813.apk
/YZXL_14814.apk
/YZXL_14815.apk
/YZXL_14816.apk
/YZXL_14817.apk
/YZXL_14818.apk
/YZXL_14819.apk
/YZXL_14820.apk
/YZXL_14821.apk
/YZXL_14822.apk
/YZXL_14855.apk
/YZXL_14856.apk
/YZXL_14857.apk
/YZXL_14858.apk
/YZXL_14859.apk
/YZXL_14873.apk
/YZXL_14874.apk
/YZXL_14875.apk
/YZXL_14876.apk
/YZXL_14877.apk
/YZXL_14878.apk
/YZXL_14879.apk
/YZXL_14880.apk
/YZXL_14881.apk
/YZXL_14882.apk
/YZXL_14883.apk 
/YZXL_14884.apk 
/YZXL_14885.apk 
/YZXL_14886.apk 
/YZXL_14887.apk 
/YZXL_14888.apk 
/YZXL_14910.apk
/YZXL_14911.apk
/YZXL_14912.apk
/YZXL_14913.apk
/YZXL_14914.apk
/YZXL_14915.apk
/YZXL_14916.apk
/YZXL_14917.apk
/YZXL_14918.apk
/YZXL_14919.apk
/YZXL_14920.apk
/YZXL_14921.apk
/YZXL_14922.apk
/YZXL_14923.apk
/YZXL_14924.apk
/YZXL_14925.apk
/YZXL_14926.apk
/YZXL_14927.apk
/YZXL_14928.apk
/YZXL_14929.apk
/YZXL_15028.apk
/YZXL_15029.apk
/YZXL_15030.apk
/YZXL_15031.apk
/YZXL_15032.apk
/YZXL_15033.apk
/YZXL_15065.apk
/YZXL_15066.apk
/YZXL_15067.apk
/YZXL_15068.apk
/YZXL_15069.apk
/YZXL_15070.apk
/YZXL_15071.apk
/YZXL_15072.apk
/YZXL_15075.apk
/YZXL_15076.apk
/YZXL_15077.apk
/YZXL_15078.apk
/YZXL_15079.apk
/YZXL_15080.apk
/YZXL_15082.apk
/YZXL_15083.apk
/YZXL_15084.apk
/YZXL_15085.apk
/YZXL_15086.apk
/YZXL_15105.apk
/YZXL_15106.apk
/YZXL_15107.apk
/YZXL_15108.apk
/YZXL_15109.apk
/YZXL_15110.apk
/YZXL_15111.apk
/YZXL_15112.apk
/YZXL_15113.apk
/YZXL_15114.apk
/YZXL_15480.apk
/YZXL_15481.apk
/YZXL_15482.apk
/YZXL_15483.apk
/YZXL_15484.apk
/YZXL_15485.apk
/YZXL_15486.apk
/YZXL_15487.apk
/YZXL_15488.apk
/YZXL_15489.apk
/YZXL_15490.apk
/YZXL_15491.apk
/YZXL_15492.apk
/YZXL_15493.apk
/YZXL_15494.apk
/YZXL_15495.apk
/YZXL_15496.apk
/YZXL_15497.apk
/YZXL_15498.apk
/YZXL_15499.apk
/YZXL_15518.apk
/YZXL_15519.apk
/YZXL_15520.apk
/YZXL_15521.apk
/YZXL_15522.apk
/YZXL_15523.apk
/YZXL_15524.apk
/YZXL_15525.apk
/YZXL_15526.apk
/YZXL_15527.apk
/YZXL_15528.apk
/YZXL_15529.apk
/YZXL_15530.apk
/YZXL_15531.apk
/YZXL_15532.apk
/YZXL_15533.apk
/YZXL_15534.apk
/YZXL_15535.apk
/YZXL_15536.apk
/YZXL_15537.apk
/YZXL_15863.apk
/YZXL_15864.apk
/YZXL_15865.apk
/YZXL_15866.apk
/YZXL_15867.apk
/YZXL_15868.apk
/YZXL_15869.apk
/YZXL_15870.apk
/YZXL_15871.apk
/YZXL_15872.apk
/YZXL_15873.apk
/YZXL_15874.apk
/YZXL_15875.apk
/YZXL_15876.apk
/YZXL_15877.apk
/YZXL_15899.apk
/YZXL_15900.apk
/YZXL_15901.apk
/YZXL_15902.apk
/YZXL_15903.apk
/YZXL_15904.apk
/YZXL_15905.apk
/YZXL_15906.apk
/YZXL_15907.apk
/YZXL_15908.apk
/YZXL_15909.apk
/YZXL_15910.apk
/YZXL_15911.apk
/YZXL_15912.apk
/YZXL_15913.apk
/YZXL_15914.apk
/YZXL_15915.apk
/YZXL_15916.apk
/YZXL_15917.apk
/YZXL_15918.apk
/YZXL_15949.apk
/YZXL_15950.apk
/YZXL_15958.apk
/YZXL_15959.apk
/YZXL_15960.apk
/YZXL_15961.apk
/YZXL_15962.apk
/YZXL_15963.apk
/YZXL_15964.apk
/YZXL_15965.apk
/YZXL_15966.apk
/YZXL_15967.apk
/YZXL_15968.apk
/YZXL_15969.apk
/YZXL_15970.apk
/YZXL_16069.apk
/YZXL_16070.apk
/YZXL_16071.apk
/YZXL_16072.apk
/YZXL_16073.apk
/YZXL_16074.apk
/YZXL_16075.apk
/YZXL_16076.apk
/YZXL_16077.apk
/YZXL_16078.apk
/YZXL_16171.apk
/YZXL_16172.apk
/YZXL_16173.apk
/YZXL_16174.apk
/YZXL_16175.apk
/YZXL_16178.apk
/YZXL_16179.apk
/YZXL_16180.apk
/YZXL_16181.apk
/YZXL_16182.apk
/YZXL_16183.apk
/YZXL_16184.apk
/YZXL_16185.apk
/YZXL_16186.apk
/YZXL_16187.apk
/YZXL_16188.apk
/YZXL_16189.apk
/YZXL_16190.apk
/YZXL_16193.apk
/YZXL_16232.apk
/YZXL_16233.apk
/YZXL_16234.apk
/YZXL_16235.apk
/YZXL_16236.apk
/YZXL_16237.apk
/YZXL_16238.apk
/YZXL_16239.apk
/YZXL_16240.apk
/YZXL_16241.apk
/YZXL_16358.apk
/YZXL_16359.apk
/YZXL_16360.apk
/YZXL_16361.apk
/YZXL_16362.apk
/YZXL_16363.apk
/YZXL_16364.apk
/YZXL_16365.apk
/YZXL_16366.apk
/YZXL_16367.apk
/YZXL_16368.apk
/YZXL_16369.apk
/YZXL_16370.apk
/YZXL_16371.apk
/YZXL_16372.apk
/YZXL_16373.apk
/YZXL_16374.apk
/YZXL_16375.apk
/YZXL_16376.apk
/YZXL_16377.apk
/YZXL_16378.apk
/YZXL_16379.apk
/YZXL_16380.apk
/YZXL_16381.apk
/YZXL_16382.apk
/YZXL_16383.apk
/YZXL_16384.apk
/YZXL_16385.apk
/YZXL_16386.apk
/YZXL_16387.apk
/YZXL_16388.apk
/YZXL_16389.apk
/YZXL_16390.apk
/YZXL_16391.apk
/YZXL_16392.apk
/YZXL_16393.apk
/YZXL_16394.apk
/YZXL_16395.apk
/YZXL_16396.apk
/YZXL_16397.apk
/YZXL_16398.apk
/YZXL_16399.apk
/YZXL_16400.apk
/YZXL_16401.apk
/YZXL_16402.apk
/YZXL_16403.apk
/YZXL_16404.apk
/YZXL_16405.apk
/YZXL_16406.apk
/YZXL_16407.apk
/YZXL_16423.apk
/YZXL_16424.apk
/YZXL_16425.apk
/YZXL_16426.apk
/YZXL_16427.apk
/YZXL_16428.apk
/YZXL_16429.apk
/YZXL_16430.apk
/YZXL_16431.apk
/YZXL_16432.apk
/YZXL_16433.apk
/YZXL_16434.apk
/YZXL_16435.apk
/YZXL_16436.apk
/YZXL_16437.apk
/YZXL_16438.apk
/YZXL_16439.apk
/YZXL_16440.apk
/YZXL_16441.apk
/YZXL_16457.apk
/YZXL_16458.apk
/YZXL_16459.apk
/YZXL_16460.apk
/YZXL_16461.apk
/YZXL_16462.apk
/YZXL_16463.apk
/YZXL_16464.apk
/YZXL_16465.apk
/YZXL_16466.apk
/YZXL_16467.apk
/YZXL_16468.apk
/YZXL_16469.apk
/YZXL_16470.apk
/YZXL_16471.apk
/YZXL_16488.apk
/YZXL_16489.apk
/YZXL_16490.apk
/YZXL_16491.apk
/YZXL_16492.apk
/YZXL_16493.apk
/YZXL_16494.apk
/YZXL_16495.apk
/YZXL_16496.apk
/YZXL_16497.apk
/YZXL_16498.apk
/YZXL_16499.apk
/YZXL_16500.apk
/YZXL_16501.apk
/YZXL_16502.apk
/ZorunluAndoridGuncellemesi.apk

# Reference: https://twitter.com/MrCl0wnLab/status/1745243191815635274

app-codigo-bbva.com

# Reference: https://twitter.com/luc4m/status/1745475786948145380

app-nuova.com
completar-aqui.com
descarga-aqui.com
descargar-nueva-app.com
formulario-personal.com
nuova-app-token.com

# Reference: https://twitter.com/malwrhunterteam/status/1746830258693710202
# Reference: https://twitter.com/midnight_comms/status/1747012719339778217
# Reference: https://www.virustotal.com/gui/file/c5e3ece0126eff00c3179d7d4376dd76af666e2dcbfd10bd0684dd2d0b7deba6/detection

maaaarts.in

# Reference: https://twitter.com/malwrhunterteam/status/1747651173534884268
# Reference: https://www.virustotal.com/gui/file/7b9723b877ab4070813979700c53ffb174985f48e70dfc406ee19ff6281d294f/detection
# Reference: https://www.virustotal.com/gui/file/da5bd7e2726405722f95dea19049fedaea4cb9b4d95f877167ecfea08aa4eb78/detection
# Reference: https://www.virustotal.com/gui/file/d8c8273f5bf44bb6325984c1d8b43914270efecca2ad2f2fb0fabec136656458/detection
# Reference: https://www.virustotal.com/gui/file/6d87f74477b91cc12998819e7191f064cbe9edbee76bcd90f0f92772fac471c4/detection

yadongrec.com
broler.shop
api.broler.shop

# Reference: https://unit42.paloaltonetworks.com/malicious-apks-steal-pii-from-chinese-users/
# Reference: https://www.virustotal.com/gui/file/2cf117abf5ced6d37e98068d1961b85f400ecede4c11ebd69cc5cc9629aaaacd/detection
# Reference: https://www.virustotal.com/gui/file/6e43d2d4f14b26a75b9094eb1bd509b0f63e069a3c97867bfb0ac6c2a154dcd6/detection
# Reference: https://www.virustotal.com/gui/file/0243e5090590c89af6b7534de5d7ef711ca0d1f7a587170a493ceada7b54522b/detection

http://13.250.172.152
http://18.143.192.34
http://18.166.72.58
http://52.221.181.208

# Reference: https://twitter.com/malwrhunterteam/status/1750590052001026402
# Reference: https://twitter.com/midnight_comms/status/1750858457618497877
# Reference: https://www.virustotal.com/gui/file/86774e6b5f6e155c98231010a1a93fbc9d9a629a3e7dbfbd62db3e898c9a33b0/detection
# Reference: https://www.virustotal.com/gui/file/dd70fd67cc25ba05eeefeb56a6f684d7f07c6b7c593e4224e4af26cd3d464c8f/detection
# Reference: https://www.virustotal.com/gui/file/dac8801640f21930748fab5f7b05ada2185c1f12cc813e59e0c028090746beed/detection
# Reference: https://www.virustotal.com/gui/file/15ed388cd62291d1740742f49157a40f8d8ed97532fa280f078aaae94779ca3b/detection
# Reference: https://www.virustotal.com/gui/file/bced48f492f1c9c38fbb81fde264e12585ea0bf5b4a986c6beaa59af3f7d19d9/detection

149.13.5.167:8080
185.255.95.13:25432
212.224.93.193:8080
95.217.157.143:25432

# Reference: https://www.virustotal.com/gui/file/2158d691fc832d2a101e263a22893ea0836d12cf2d5f9ff3a31f765cbdeb5cd8/detection

141.255.144.136:1177
141.255.144.194:1177
141.255.145.162:1177
141.255.147.235:1177
barkabarkabarka.ddns.net

# Reference: https://www.virustotal.com/gui/file/121e4e25911f4744fd079c15f46213561c75f62a6ee9a3e213e6c04449f88996/detection

141.255.144.84:1337

# Reference: https://www.virustotal.com/gui/file/14c67f723b36c724a79b7ef657a74fe8aec20bbce3c06779fde11006dcb9165f/detection
# Reference: https://www.virustotal.com/gui/file/2b3462925a9cf377b7af08fd6155dd1d2dfe94fd3614c22acf7b33ef293406fd/detection

141.255.144.195:4434
141.255.144.219:4434
141.255.144.84:4434
141.255.147.51:4434
217.20.209.16:4434
a7laax0.hopto.org

# Reference: https://www.virustotal.com/gui/file/f55a5adc413407f486d17a2d09d53dbc8fadeb7eb9d32ab0b50aaaecbf680a0d/detection
# Reference: https://www.virustotal.com/gui/file/d8711d26c3e4069328f13f93303d925d1dda2a80b56bed73615424fca83ec8b5/detection
# Reference: https://www.virustotal.com/gui/file/cc9ba13a425a187d522c881a3d9648fff6ecff269d499d19960f8abcfb3321b0/detection
# Reference: https://www.virustotal.com/gui/file/9315c1581dd74aee6a4f9ee944f4ba0ee083e61c33b601a41a6ab2876e949f53/detection
# Reference: https://www.virustotal.com/gui/file/5ee1448c14686743dc501a0c5c14edc95a1d9e9fa9cded549e5845d85e6cd305/detection
# Reference: https://www.virustotal.com/gui/file/533bdda8eccdeb4f1434e3bd816a33dcdb60808c6664003b29535832f341aca9/detection
# Reference: https://www.virustotal.com/gui/file/4bcc666c10c48ed2a0c227e96a49d02e760091634d3237fb4df54020b0f98abe/detection
# Reference: https://www.virustotal.com/gui/file/2278fd7235bf09bf08c9a81c06076240b144875dc28f44997eb7633b687078d2/detection
# Reference: https://www.virustotal.com/gui/file/0787f0df258e7111c6e0060e24d27de57ff3f59885020a5f4f56540bca084a12/detection

dbdb.addea.workers.dev

# Reference: https://www.virustotal.com/gui/file/0b482f807278eada7076a922a2dd8610244049e6aa31e9fdda59b8c66bf329e1/detection

79.137.205.212:8080

# Reference: https://twitter.com/malwrhunterteam/status/1752366951593021747
# Reference: https://www.virustotal.com/gui/file/ee3f7edc721a391a3dd14c72b2e8b5060261cdd5b31e87a29aed4ecf935143b2/detection
# Reference: https://www.virustotal.com/gui/file/b41b0912889b4b29127623dfba72f0402bfaca40ce0aad92e0077f9034782383/detection
# Reference: https://www.virustotal.com/gui/file/b217d64c0069c7c85edf120ae6b8401914ad343bfe02fd151b86208e17d84661/detection
# Reference: https://www.virustotal.com/gui/file/5583543b81a796986007951bda29a2bb5593aa7dcadcc6bcca5319b9fb22d20e/detection
# Reference: https://www.virustotal.com/gui/file/01d2e1a0c8091b8ec2cae47bbfefcf0bfb7264d7d3d5a95d364805a67adaf64a/detection

shineinterview.online
connect.shineinterview.online

# Reference: https://twitter.com/malwrhunterteam/status/1753059970508063040
# Reference: https://twitter.com/noexceptcpp/status/1753099339092918552
# Reference: https://www.virustotal.com/gui/file/6b23da94dd27bb077274ffd83f2e0cbd27c2ba9e390db8b2dcb32cee0e254c61/detection

filipkatrt.in
billupdateff-default-rtdb.firebaseio.com

# Reference: https://www.virustotal.com/gui/file/a3ed5d56be29901386547731d68d7b70fe00ffa52c4c442db8fc70725c0fa891/detection

sembrano.store
api.sembrano.store

# Reference: https://twitter.com/malwrhunterteam/status/1752662267764600873
# Reference: https://www.virustotal.com/gui/file/ea1834a3614a871f3d071413015637b9cc246b915a2a536ebdbbdd3e692bb8b6/detection
# Reference: https://www.virustotal.com/gui/file/e958a635a0e27edf2c4e1f812d2e2115525503b04391da362f2db5c28f8f1ea5/detection
# Reference: https://www.virustotal.com/gui/file/d1b4b154b4975284903a0268cb04e87578828dd40e1e970791be45a701dfb6ac/detection
# Reference: https://www.virustotal.com/gui/file/7fcc47b964af5bf878ad0b2661f7d1be51555decacb822595d0463f6c4a0a1bb/detection
# Reference: https://www.virustotal.com/gui/file/7407554ad598e66e81b011a050e75efc5d1589252080bd70fb04d15e18732517/detection
# Reference: https://www.virustotal.com/gui/file/536fa04377151c285a0ad8ecdd3565046167eca03e675c8835f3f56a62bd9c92/detection

quacklypay.online
urdu-jor-tor-default-rtdb.firebaseio.com

# Reference: https://twitter.com/malwrhunterteam/status/1753705453505090036
# Reference: https://www.virustotal.com/gui/file/e97258fc999c3f0441fd16a0e0ddb0d04fb6d49744d6b917913bd3c9d04cc10d/detection
# Reference: https://www.virustotal.com/gui/file/59b7ef53c39b1d2dff414b6a737fd1a3cff17893020f78f66d4709765376ece4/detection

156.251.25.66:5963
156.251.25.66:8873

# Reference: https://twitter.com/malwrhunterteam/status/1753750269966405670
# Reference: https://www.virustotal.com/gui/file/1320f3f84f553c78844fb07bf851cc3c626d6c7a2e5e534bc8de3de5667e5c73/detection

http://109.107.182.49

# Reference: https://twitter.com/malwrhunterteam/status/1754986869241065693
# Reference: https://www.virustotal.com/gui/file/41d7aa06c21bd1b06536243666619f116747b55e978b4a0a38dd582e094a5f82/detection

photos.salerozana.com

# Reference: https://twitter.com/ReBensk/status/1767564399781327123
# Reference: https://www.virustotal.com/gui/ip-address/185.16.39.47/relations
# Reference: https://www.virustotal.com/gui/file/65bbfa625aa4bed8889eeaebd086f0370ec48a4f8b14f6b76564d0ec6c3858fc/detection

app-login.top
app-open.online
app-update.download
app-update.online
black-sms.co
egh-apps.site
galaxytvapp-api.site
open-app.site
payload-sms.online
playstore-update.info
playstore-update.online
playstore-update.site
playstore-update1.online
sk-group-api.site
ultimate-sms.online

# Reference: https://www.virustotal.com/gui/file/d750850dccc45ece2603bdaa29b7d385df6eaa44b7999dcc115d270ce789819a/detection

015lja.gq

# Reference: https://www.virustotal.com/gui/file/d69d0a8e763a40fadc22b0e1891e9fa4e192538fedc69a9ef92e89e6c7a65126/detection

robomap.ml

# Reference: https://www.virustotal.com/gui/file/6cc5336ba16336d53ad36b5dbcab24fe99b43160683ebe47431616fe4a7147f0/detection

http://147.45.45.83

# Reference: https://www.virustotal.com/gui/file/00e9828f3e5043f826d98ed9088d2fb681385e72712e31f68fb02eee8509dea5/detection
# Reference: https://www.virustotal.com/gui/file/60bd7541256d68721e2165c0df1be03c5bdb55489e3f4a65cc1016495d9a9f07/detection

diginspire.in
just-stick.xyz

# Reference: https://www.virustotal.com/gui/file/00608dbf2156d8d8285bf7f072c2cb28f845a51370231aa24da14bb96ff5125b/detection

works.diginspire.in

# Reference: https://twitter.com/malwrhunterteam/status/1770514848859787266
# Reference: https://www.virustotal.com/gui/file/d4ef7a894cab80a8c5ad08c892489a86a54cc94518bb845e235105a4787e1b8e/detection

onicsimbh.com

# Reference: https://twitter.com/Merlax_/status/1772815651154935896

http://5.181.156.150
5.181.156.150:443

# Reference: https://www.virustotal.com/gui/file/e5074729a121c7308e207d22083b3e6cc6871585cb6e1dcaca659607f10269b2/detection
# Reference: https://www.virustotal.com/gui/file/1cba39fe25c4c16f35e3ed835bb0dc4b4429414ed4e4a0bb474f7ffa76927a40/detection

onlyfans-live.online

# Reference: https://www.virustotal.com/gui/file/b6cc64406310ad7b34c08f1dde36f8c456e752aab9c0697b3ab29695124152db/detection
# Reference: https://www.virustotal.com/gui/file/55742d15d2e4b88f5abf5c0a223cd028cba1bceaf030caa4d8278c48b8f3a98f/detection

http://185.209.28.250
185.209.28.250:443

# Reference: https://www.virustotal.com/gui/file/4fbdcceddeed4fc7ee7fbd9a27bb3fabcf066237ee3a79f9273637f1ea574a70/detection

myrattest-dd4df-default-rtdb.firebaseio.com

# Reference: https://www.virustotal.com/gui/file/6e4b34102b88e7e8bc677005ab63c6110b8d4fc67eff7a2ded99845a5c37b3ca/detection

billnew3-ccb27-default-rtdb.firebaseio.com

# Reference: https://www.virustotal.com/gui/file/1c86296c1934d8697a5c0770aef3fe391e503b9d031926fc0f19b55442b5f44a/detection

server21201g.onrender.com

# Reference: https://twitter.com/malwrhunterteam/status/1778364515001790818
# Reference: https://www.virustotal.com/gui/file/8e7ccb749f1e73b52c7d3ec844435b339efcf0eb0da6c40f4ef0784be57ac724/detection

5tr45ff4wg.000webhostapp.com

# Reference: https://twitter.com/malwrhunterteam/status/1779805653281730608
# Reference: https://www.virustotal.com/gui/ip-address/46.175.145.67/relations
# Reference: https://www.virustotal.com/gui/file/e19a7c8e4994ea4ed680136c9e3a6fff7b82c72f5743952821a446b6cb830f06/detection
# Reference: https://www.virustotal.com/gui/file/ddd9e5cfa9e1ddd8d849baef2b487a1608d1695f44c70f246c101de1275887dd/detection
# Reference: https://www.virustotal.com/gui/file/1d126e5904dde3b46175a4aae89eec1fb8a6b80e35b1f473878e5dd288f8aae6/detection
# Reference: https://www.virustotal.com/gui/file/17a16f08108e25af1c8b058adbaca2cada6a93c2d38c9854148f9e9caac76ac3/detection
# Reference: https://www.virustotal.com/gui/file/162f8c6bafe0c343c37f173344c4f6880eaec0aea7b491565db874366b161784/detection

1q2w.shop
hide-me.online
tbc-app.life
2f1c0b7d.tbc-app.life
csob-98.1q2w.shop
geo-4bfa49b2.tbc-app.life
george.tbc-app.life
rb-62d3a.tbc-app.life
rb.2f1c0b7d.tbc-app.life
rb.hide-me.online

# Reference: https://twitter.com/malwrhunterteam/status/1779771892607463661
# Reference: https://www.virustotal.com/gui/file/913f63b805c087563e2c516d48f890d89570237fac9b63e55dcea1a50c312e30/detection

cardmacdehsbc-apply-new-cards.online
cardsmacdehsbc-apply-new-card.online

# Reference: https://www.virustotal.com/gui/file/5cfafafc175d858e3fd886801458193a9577fa909ed5f2f19bf077a9a262b722/detection

iol0lio0liollliolio0ii0olli0.cc
easybackend.iol0lio0liollliolio0ii0olli0.cc

# Reference: https://twitter.com/malwrhunterteam/status/1781293030386839740
# Reference: https://www.virustotal.com/gui/file/19520556143759f2f68253b0f4a558a924ec3dba32e202c137bc500fba5bef7b/detection

mulatiserveraap0090.onrender.com

# Reference: https://securelist.com/soumnibot-android-banker-obfuscates-app-manifest/112334/

kt9.site
google.kt9.site

# Reference: https://www.virustotal.com/gui/ip-address/185.199.53.63/relations
# Reference: https://www.virustotal.com/gui/file/25fa9cbd3118111d31875a054d8a5a2a2c7254ae11bbc2b57df2c434375f66a2/detection

p4ni.cloud

# Reference: https://x.com/malwrhunterteam/status/1791566436936118557
# Reference: https://www.virustotal.com/gui/ip-address/185.199.53.63/relations
# Reference: https://www.virustotal.com/gui/file/ca7dfd2b264409710f84210af0f70af607624a871714b6e13f908fe0877fa6a1/detection
# Reference: https://www.virustotal.com/gui/file/bbc158917ecfa2b24b7373883f4490897635dd76d00119cd8f31f9e665118b02/detection

forwarding.live
p4niapi.forwarding.live

# Reference: https://www.virustotal.com/gui/file/4c50ea3d40b29724614727af9213a96e363a31595b6da289a4b6b5a6a0ba5eb3/detection

delivery-top.ru
/AvitoTracker.apk
/BlablaTracker.apk
/YandexDostavkaTracker.apk
/YandexUslugiTracker.apk
/YouDoTracker.apk

# Reference: https://twitter.com/banthisguy9349/status/1782455070279315645
# Reference: https://www.virustotal.com/gui/file/4db089fa45c1020a1afbccb6cc3b6d6787cf2ea0915cee8c30511a6bd442fdea/detection
# Reference: https://www.virustotal.com/gui/file/4170a728a436b2755e0751f8392309a0149996b5d48a27c04127a738b8c12cd2/detection

http://91.92.241.192
91.92.241.192:4444
lolamicene.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/dad9e0976d663f0b75e5913c8debcd2f55609f4064cbfaafb538ca056f876f76/detection

billupdate-b2a79-default-rtdb.firebaseio.com

# Reference: https://twitter.com/malwrhunterteam/status/1785307909263372759
# Reference: https://www.virustotal.com/gui/file/3fc0b858a342c470770daaccaa55bf6f4e49ea4a51cf0ff38ed8a2ffe2e1d96a/detection

sbdata-a6e34-default-rtdb.firebaseio.com
zero-a4c52-default-rtdb.firebaseio.com

# Reference: https://twitter.com/malwrhunterteam/status/1789014056986124765
# Reference: https://www.virustotal.com/gui/file/8ef518ee42217f4f84573f707e810b29c406402612ceb2773e00bb7edfbdb922/detection

sbd2sms-default-rtdb.firebaseio.com

# Reference: https://twitter.com/RacWatchin8872/status/1786023651726307398

60.18.118.119:88

# Reference: https://twitter.com/DaveLikesMalwre/status/1771505309153890553
# Reference: https://www.virustotal.com/gui/file/f4743556c5040fc790e3357b01a3f13633cd1849134879718f8b726fe5f76598/detection
# Reference: https://www.virustotal.com/gui/file/3f1caa8d3e56806547e03f6f4512c5aeef6b563984148cd3a7a1de3d137738d5/detection

vietgovca.com
vietnamtctgooc.com
vitegov.com

# Reference: https://twitter.com/malwrhunterteam/status/1788493794511397268
# Reference: https://www.virustotal.com/gui/file/33248337303ba86af033006546f3c0109114e8db755abbdf584cb72c4635d737/detection

94.156.79.207:8000

# Reference: https://twitter.com/malwrhunterteam/status/1789263341019451417
# Reference: https://www.virustotal.com/gui/file/025b806be9ea1b853d03c3a72502800599788e6e8f944a084a7de7ff56347e68/detection

complaintresolvers.com
resolvecomplaint9.complaintresolvers.com

# Reference: https://twitter.com/malwrhunterteam/status/1789258096071622905
# Reference: https://www.virustotal.com/gui/file/e60393a322b0d4f65495c0820e47ffbcb3319b0375bf04f45f98f0ef15b7a84a/detection

154.211.15.72:8324
/api/uploads/apisms

# Reference: https://twitter.com/malwrhunterteam/status/1789230789642670283
# Reference: https://www.virustotal.com/gui/file/e01d2ab0f3c21f6c0b8449476bf8ee7cec0ebc0b7f2f8c9c3398807ea0d68639/detection

apknew-39a2a-default-rtdb.firebaseio.com

# Reference: https://twitter.com/malwrhunterteam/status/1789420916989931991
# Reference: https://www.virustotal.com/gui/file/0598f1cda284ca08c37b280d4748c137f544aaca26f655658c86a46a22b12c5d/detection

ahas80186.pythonanywhere.com

# Reference: https://twitter.com/NDA0E/status/1789712209301352640

202.79.165.160:9080
202.79.165.162:9080
202.79.165.170:9080

# Reference: https://twitter.com/malwrhunterteam/status/1790486723689939219
# Reference: https://www.virustotal.com/gui/file/70749c5688a17f70ff840e7f411397bf2ee35cce7600862e4f8fd14bfbc3a9b9/detection

http://38.177.48.154
/obituary/index.php?phone/requestimage
/obituary/index.php?phone/savephone

# Reference: https://www.virustotal.com/gui/file/0000f15a002a7a5e966daa0aa6318c16d30341c9a97285e6360594002d64a01f/detection

104.255.152.61:7779
0djedia.duckdns.org

# Reference: https://www.virustotal.com/gui/file/00012ab343c3c77450eee6695fb53c9e4a61a8991fffab0bf36d142aad02de66/detection

104.255.152.61:7775
2118888.xyz
d.2118888.xyz

# Reference: https://x.com/malwrhunterteam/status/1791568003248627922
# Reference: https://x.com/banthisguy9349/status/1793675277261853153
# Reference: https://www.virustotal.com/gui/file/0e4d279cbbe4ad91c74404c21cff5e209249760fede4ba9d6d25fb90a154c1ec/detection
# Reference: https://www.virustotal.com/gui/file/55b3f96c6b675abefb16aaef41ac3572f99af3fc4e27bf2cc78414ec51ccb09a/detection
# Reference: https://www.virustotal.com/gui/file/e4c5323adb55426e3d1513422a7a4a98321d722ead406c7157ad88d9c88bc3ff/detection

77.91.124.14:173
77.91.124.14:200
77.91.124.14:201
77.91.124.14:250

# Reference: https://x.com/malwrhunterteam/status/1791921100923826212
# Reference: https://www.virustotal.com/gui/file/3ef56c613c6d4e6091be21b2dce376716ae520b3696a3ad3ecb2e9c477ffcea0/detection

helplinenumber83.com
canara-bank-407ce-default-rtdb.firebaseio.com

# Reference: https://www.virustotal.com/gui/file/02431074582ccb0c93f1a169b3a1f0a74730c222a3de5178bae48dfaaa801a94/detection

findutroeut.club

# Reference: https://x.com/malwrhunterteam/status/1792914705368879365
# Reference: https://www.virustotal.com/gui/file/8f888ebfedf14aa9906c2e1720093ab585fc4663be3d75ef0d8c03a2c39b1b78/detection

teserver007.onrender.com

# Reference: https://x.com/malwrhunterteam/status/1793208394376999219
# Reference: https://www.virustotal.com/gui/file/07ea0a73b6d33249f26a5393d30dca8977a1775439253d1b98cf4c157f402f88/detection

semakpdfcom.taplink.ws

# Reference: https://x.com/malwrhunterteam/status/1793282269978730801
# Reference: https://www.virustotal.com/gui/ip-address/195.35.22.89/relations
# Reference: https://www.virustotal.com/gui/file/81e4c4e2619be77ac489fe4dd6de901472eca6250509ed55a5df2bf16487564f/detection
# Reference: https://www.virustotal.com/gui/file/6209d11302c8cb08ffbc0edb60d222e8b15595c87502bd9032db9dbebd49c997/detection

comolain.info
sallu.info

# Reference: https://x.com/malwrhunterteam/status/1793644749167182151
# Reference: https://www.virustotal.com/gui/file/a8c7b80b6f08e76f22024f4a22ccd18cf81ad50a15ba058bf7dbd307de29bcf2/detection

canarra545-default-rtdb.firebaseio.com

# Reference: https://x.com/malwrhunterteam/status/1794500173839610239
# Reference: https://www.virustotal.com/gui/file/f61f0fb8b8f8ddfacbc4b1fa9713583f39fe3e3e70db23b801b39ee7b47be479/detection
# Reference: https://www.virustotal.com/gui/file/dca6fef201d670e9e94b45d4ddd8b99b624d68dfae4d824953bfa2418b47548f/detection
# Reference: https://www.virustotal.com/gui/file/c65de62d646dcfbee56740063fc607d60ab271e15d8feafe7fad73b81a09c288/detection
# Reference: https://www.virustotal.com/gui/file/72e8628eff093f88b60305801b821624561c810997285bac7017933d251629e9/detection

77.91.124.56:250
77.91.68.217:250

# Reference: https://x.com/malwrhunterteam/status/1795103148781994246
# Reference: https://www.virustotal.com/gui/file/ec2f59973066508a4e5d6b962e86e847b1686205e9ee1585b150f3d210fc97df/detection

update-ua3-default-rtdb.firebaseio.com

# Reference: https://x.com/malwrhunterteam/status/1795553624975720644
# Reference: https://www.virustotal.com/gui/file/56d3c161bd3919e6be9c073d2f02f30737d160e78372f226fe62fa0526ef9728/detection

200.9.154.202:8080
bnbempresta.fun
tst.bnbempresta.fun

# Reference: https://x.com/malwrhunterteam/status/1795786999158190222
# Reference: https://www.virustotal.com/gui/file/c2aa215dac0c7641b8c1452d9e30db4b4acdcb4c3f7d673440d69e3d6936ac06/detection

shine-interview-5b6c6-default-rtdb.firebaseio.com

# Reference: https://www.virustotal.com/gui/file/ad6ac0753455d5cdaff2324e98c4ee5df1b009a9f022555fb9941a529eacec6e/detection

lkcxkiu.xyz
lkgulidjnh2.xyz
lknuredvac.xyz
lksenopisua.xyz
lkvhshocjha.xyz
lkvivanidua.xyz
oodollert5va.xyz

# Reference: https://www.virustotal.com/gui/ip-address/198.98.62.145/relations
# Reference: https://www.virustotal.com/gui/file/002ee0f1368a03a9e2f72d7f2041c3d74ac5dd45f9f96236697eee5a7f305873/detection

cdkaq200.top
ngnwenh.top
a.cdkaq200.top
a.ngnwenh.top
3jqa0awh.duckdns.org
6thotml.duckdns.org
7jbockzc.duckdns.org
asc47hr6.duckdns.org
cvfb7d6.duckdns.org
gmyj4e7.duckdns.org
hhrhrsd.duckdns.org
sdgsahha.duckdns.org

# Reference: https://x.com/raghav127001/status/1798603167497928833
# Reference: https://www.virustotal.com/gui/file/6d47519034a8b145e2ab0dce85026b9b99ca02a82aa1dfd83ffec08118d65ff6/detection

bizgrit.online
ch00057.tw1.ru
sh5080551.c.had.su

# Reference: https://x.com/0x6rss/status/1799141355739808231

lxhaz.top
kef.lxhaz.top
rpc.lxhaz.top

# Reference: https://x.com/0x6rss/status/1800545200957530162
# Reference: https://x.com/9823f_/status/1800575871058870587
# Reference: https://x.com/0x6rss/status/1800853348469633415
# Reference: https://x.com/h4kb4n/status/1801050386952077509
# Reference: https://www.virustotal.com/gui/file/7b153be55e372db36a20534f8c484801a3acde6ef6bf030288493004c13a5e22/detection

16.163.253.122:8020
43.198.123.12:8010
43.198.123.12:8020
45.207.44.134:8092
a8b3rio.top
m9xszj6dla2q.top
pk6gb3.top
binance.pk6gb3.top
c205caomei.m9xszj6dla2q.top
c60pkex.a8b3rio.top
c999testdemo.pk6gb3.top
r90zing02.pk6gb3.top
r90zing06.pk6gb3.top
r999testdemo01.pk6gb3.top
r999testdemo02.pk6gb3.top
r999testdemo03.pk6gb3.top
r999testdemo05.pk6gb3.top
r999testdemo06.pk6gb3.top

# Reference: https://x.com/RacWatchin8872/status/1800569625975177582

caixa-geralp.com

# Reference: https://x.com/ReBensk/status/1800579670423011754
# Reference: https://www.virustotal.com/gui/file/bf5f20140bcb03cda537b605432d56d452b47d16630301d1c829704e29053eda/detection

mycreditpoint.online
mail.mycreditpoint.online

# Reference: https://x.com/ValidinLLC/status/1801690641774297502

hlkw2txo12ai.cyou
hlkw4523.icu
imgfafafa.com
maotaitp.cc
maotaitp.me
maotaitp.net
sljttpkj.com
sljttpkj.me
testnewline.info
tututu666.com
wlyimg.cc
wlyimg.com
wlytpkj.me
yanghetp.vip
fn1000mhk001.testnewline.info
mt.imgfafafa.com
mt.maotaitp.cc
mt.maotaitp.me
mt.maotaitp.net
tu.sljttpkj.com
tu.sljttpkj.me
vhdapc.i234.me
vhdapc.i234.me
yh.yanghetp.vip
yy.tututu666.com
yy.wlyimg.cc
yy.wlyimg.com
yy.wlytpkj.me

# Reference: https://x.com/maulikl/status/1811120958943453314
# Reference: https://app.validin.com/detail?find=390a6ad8c43e9f6c67a80649c184f509&type=hash&ref_id=1983492a2f3#tab=host_pairs_v2

http://91.92.240.200
http://91.92.241.3
g00gl0e.com
updateservice.digital
fctopenchoruser.tftpd.net
sdoschorsfacts.tftpd.net
swr0729008320.tftpd.net
swr0765009509.tftpd.net

# Reference: https://x.com/ReBensk/status/1813246450614116718
# Reference: https://app.validin.com/detail?find=184.168.122.142&type=ip4&ref_id=7f133b0ffe5#tab=resolutions
# Reference: https://www.virustotal.com/gui/file/c0658d5666af950992e762606105831505ee877948f2e24df41d059209bab17f/detection
# Reference: https://www.virustotal.com/gui/file/5e592d07e7084394a501fb2d74106cdb90e2550ae6d48a26d8a0cda63d18e1cf/detection

axiservices.com
cards-application.com
creditcard-app.com
indusserve.com
the-cards.in
axis.the-cards.in
axis-apply-now.the-cards.in
axis-service.the-cards.in
indus.the-cards.in

# Reference: https://x.com/malwrhunterteam/status/1813646246923387189
# Reference: https://www.virustotal.com/gui/file/d71a7fd52389d30837ce7c46b7c32da137746558148f43327582027f87ef0a6e/detection
# Reference: https://www.virustotal.com/gui/file/6252e1e668d53a48c4128b1096f2937508cdad3fa25382eda6fb9a66a61a9e34/detection

77.105.133.17:8080

# Reference: https://x.com/Zimperium/status/1818643598205706745
# Reference: https://x.com/9823f_/status/1818697817868693965
# Reference: https://www.zimperium.com/blog/unmasking-the-sms-stealer-targeting-several-countries-with-deceptive-apps/
# Reference: https://www.virustotal.com/gui/ip-address/37.77.107.18/relations
# Reference: https://github.com/Zimperium/IOC/blob/master/2024-07-OTP-Stealer/C2.txt

209.58.160.196:9082
fastsms2.su
huisadomen.su
2.proxicoin.org
giga4.campriority.org
giga6.campriority.org
giga8.campriority.org
giga10.campriority.org
s.6srvfcm.com
s.dt6remosa.org
s.greendeff.org
s.grobrothers.org
s.ht7joxar.org
s.jr2mutef.org
s.pingsafe.org
s.sh2gote.org
s.vi6jolifd.org
tg3.proxicoin.org

# Reference: https://www.virustotal.com/gui/file/808306d47ede3154baa562d37a5cd04bba2d5c194e214fca03238503afd77385/detection

brd.serveirc.com

# Reference: https://www.virustotal.com/gui/file/270b940322eed96cce371f85d265fb867f4bc667258404710fed7dca8a30e77e/detection

korea.onedumb.com

# Reference: https://www.virustotal.com/gui/file/7ada3a3db996925531e3f680957d5de902cedfc71ff6e8c576f9b6419820e761/detection

koarea.itemdb.com

# Reference: https://www.virustotal.com/gui/file/b91ecb4a73fcec31cb00f87815915522b4e7cb98f9d916cb9bd0a4b7f4b57c9c/detection

daliangdaliang.itemdb.com
daliangdaliang.onedumb.com

# Reference: https://www.virustotal.com/gui/file/f2e54a0ce9ccd4f1f8e10a065daf248a244e02fe21d60e5c1e9b49aa491218aa/detection

stk.itemdb.com

# Reference: https://www.virustotal.com/gui/file/df75a72225d2c2752a9d93462c2784960fc93a476768f94e65d316f7a6369ea1/detection

hhh.itemdb.com

# Reference: https://www.virustotal.com/gui/file/734738935835dd41050e3071976e93366db24ebd2d9414c2f051424609248fb2/detection

http://204.16.169.54

# Reference: https://x.com/NDA0E/status/1827043755385630958

106.7.94.109:9718
106.7.94.124:9718
106.7.94.175:9718
106.7.94.48:9718
106.7.94.61:9718
106.7.94.72:9718
106.7.94.73:9718
106.7.94.76:9718
106.7.95.133:9718
106.7.95.163:9718
106.7.95.199:9718
106.7.95.3:9718
106.7.95.44:9718
115.148.124.21:9718
115.148.124.241:9718
115.150.107.140:9718
115.150.107.209:9718
115.150.107.253:9718
115.150.107.83:9718
115.150.112.147:9718
115.150.112.231:9718
115.150.112.37:9718
115.150.112.92:9718
115.150.37.166:9718
182.101.150.111:9718
182.101.150.211:9718
182.101.150.212:9718
182.101.150.83:9718
182.98.1.195:9718
220.177.90.147:9718
220.177.90.179:9718
220.177.90.28:9718
220.177.90.59:9718

# Reference: https://x.com/malwrhunterteam/status/1828168553901756844
# Reference: https://www.virustotal.com/gui/ip-address/91.202.233.150/relations
# Reference: https://www.virustotal.com/gui/file/9314649d50d50031d23a1f8cee8dae7502e965adb3f5721398e89fb7f83428af/detection

banazaraka.top
tavako.top

# Reference: https://x.com/MichalKoczwara/status/1828858323627626913
# Reference: https://app.validin.com/detail?find=45.143.166.88&type=ip4&ref_id=e294b849cc0#tab=resolutions
# Reference: https://app.validin.com/detail?type=ip&find=45.59.120.20#tab=resolutions
# Reference: https://app.validin.com/detail?type=ip&find=45.86.229.248#tab=resolutions
# Reference: https://www.virustotal.com/gui/file/9d57217b740a9dba870e96db446745bc008e57a7356d6ace1f3c5c7059a22200/detection

bnp-fluvius.com
coinsph-secure.com
veri-info-auth.com
alpha.gr.veri-info-auth.com
gov.pl.veri-info-auth.com
itsme-id.com.veri-info-auth.com
itsme-veilig.id.veri-info-auth.com
itsme.id.veri-info-auth.com
itsme.veri-info-auth.com
myluxtrustlogin.lu.veri-info-auth.com
payconiq.be.veri-info-auth.com
safetycheck.veri-info-auth.com

# Reference: https://x.com/malwrhunterteam/status/1829260444697276839
# Reference: https://www.virustotal.com/gui/file/a09e67202c6527a5063beff64672f6a93ef318f057dd33d080511f9b604d8499/detection

institutoliterario.edu.mx
06b5dc89897a611c7efba30de3253491.lat
4aec4c9c981a00a790504f992c057986.mx
5ca2b920bb806eb148999f0a92080b6f.click
64a2ec701401bbd0dc01b679153af1de.xyz
ca4dabe904e25fce5f7bcb33d4028bff.pro
f21e155d4a3d68da99f40e8e6d0fad5e.info

# Reference: https://x.com/malwrhunterteam/status/1829627215648342054
# Reference: https://www.virustotal.com/gui/file/67db432ad914758488641bc4cd995edf5a443ada294b66c6ee7a0f1f110ceb4a/detection

http://208.115.109.246
thesshh.online

# Reference: https://www.virustotal.com/gui/file/2ec799b356ebedc807f294549cafae3b39b0a3fcb9ce86a77987c572dbae6c51/detection

affiliates-cruises-explicit-assure.trycloudflare.com
wellknownbyme-default-rtdb.firebaseio.com

# Reference: https://x.com/malwrhunterteam/status/1831569064268816604
# Reference: https://www.virustotal.com/gui/file/9c9b305f8fd31fc9db2f53a73668e5049de4e899bf436e5be9758940ca1c963f/detection

154.216.19.19:8000

# Reference: https://x.com/malwrhunterteam/status/1831692556771504426
# Reference: https://app.validin.com/detail?type=dom&find=google-download.one#tab=host_pairs_v2
# Reference: https://www.virustotal.com/gui/file/30afff95d7a4c4af2a82682ecc02ea4a41772ace88f2ddb7af37466813f24dd8/detection

google-download.one
umniydom.online

# Reference: https://x.com/malwrhunterteam/status/1832052086336348208
# Reference: https://www.virustotal.com/gui/file/027014be763384f64f2720dc1edecc2eae76025e4bfa6b90a8ec977d2d43e92f/detection

alinmaexchange.com

# Reference: https://x.com/malwrhunterteam/status/1833614493873516715
# Reference: https://www.virustotal.com/gui/file/d2aa3bda11d2bb9c965e330aed098515a3ba93ce40abc152c8e4f88af011fcff/detection

protonvpns.com

# Reference: https://x.com/malwrhunterteam/status/1835784614947770509
# Reference: https://www.virustotal.com/gui/file/e9e10601bf28c7cd7cbcb5c6b5d645497d1df88ff5847712865d04d7f0300d77/detection

keitoralo.top
download.keitoralo.top
four.keitoralo.top
id.keitoralo.top
three.keitoralo.top
two.keitoralo.top

# Reference: https://x.com/malwrhunterteam/status/1836043781595938909
# Reference: https://www.virustotal.com/gui/file/87f4a67542a8cbe3945f0056aaf68f2320c49fdb9fbeb7fc933cc41fccd90066/detection

new-bahrainn-default-rtdb.asia-southeast1.firebasedatabase.app

# Reference: https://x.com/malwrhunterteam/status/1836371609294180810
# Reference: https://www.virustotal.com/gui/file/2b7b7681c4741966eeff8df1badc57e1c36cb972577f6b92e6461f9c727a39c5/detection

union-abhishek1-default-rtdb.firebaseio.com

# Reference: https://x.com/RakeshKrish12/status/1837417348283703355
# Reference: https://app.validin.com/detail?find=ICICI%20Bank&type=raw&ref_id=6d3248c8144#tab=host_pairs_v2
# Reference: https://www.virustotal.com/gui/ip-address/77.37.34.191/relations
# Reference: https://app.validin.com/detail?find=118.139.177.174&type=ip4&ref_id=8f6f8179306#tab=resolutions
# Reference: https://www.virustotal.com/gui/file/cd89b4cc7dc155f30db39e31b30894ed11f3fb6ad0fe5b2d014b123e333084c6/detection
# Reference: https://www.virustotal.com/gui/file/e0631f4b6ea80583493f892448784695956dc42eaec9bf2a7a897c8d8aadd147/detection

ccpplan.info
cppcard.in
cppcard.info
cppcc.info
cppcccare.com
cpponcc.online
echallan.xyz
iciciicard.in
icicicreditcard.in
imobilecard.co
manageaxis.online
rbllcard.in
asdgdsgs.pages.dev
au.ccpplan.info
ftp.cppcccare.com
mail.iciciicard.in
icici-backup-default-rtdb.firebaseio.com

# Reference: https://app.validin.com/detail?find=82.112.229.220&type=ip4&ref_id=af61b1d9735#tab=resolutions

77aviator.net
accueil.mobili-juice.io
aetherway.in
aikawaz.pk
aikawaz.site
anudha.in
astrodpdubey.in
best.insureandsell.in
blogs.gstwada.xyz
bmw1.online
cjcea.in
colbay.online
crc2.online
cri1.online
cric.es
cricaa.online
criic.online
criir.online
deepankar.xyz
digimart.org.in
emailauth.online
geeeo.online
glora.life
gstwada.xyz
gurunanakdigitalagency.in
happinesscoachvasantha.in
hdfcergorenewalinsurancepolicys.in
heartfullblessings.org
inclarity-82-112-229-220.inclarity.net
inlie.online
insureandsell.in
interiorfix.in
ishashutter.in
job.jobonphone.in
jobonphone.in
jobs.techatphone.in
jrdinternational.in
kfc.restaurantfranchiseltd.in
kiyansh.org
malik1.cloud
manageaxis.online
manageicici.yonosbi.site
masterseng.org
mobili-juice.io
modei.cloud
mokhdom.cloud
namakkalactingdrivers.in
nasibo.online
newsdw.online
omsrivelavanjothidam.in
parivahan.echallan.xyz
parveenhub.online
playstore.echallan.xyz
rangoon.pk
rawnarajputjagrat.online
readbusiness.in
restaurantfranchiseltd.in
restaurantsfranchise.online
sdesheet.techatphone.in
shop.anudha.in
shop.zoonshop.me
smartkids.smartkidsghy.in
smartkidsghy.in
smdm.online
studiohue.in
sudai.cloud
sunandasathe.in
targettribe.in
task.kiyansh.org
techatphone.in
telugu.anudha.in
thilakb.thrivetechnologies.in
thrivetechnologies.in
tkelectrical.co.in
vahanparivahan.echallan.xyz
vdies.online
verify.emailauth.online
vinayaktextiles.in
vodies.online
wideangles.org
wonderjoy.in
yonosbi.site
zoonshop.me

# Reference: https://x.com/malwrhunterteam/status/1841005555713786003
# Reference: https://www.virustotal.com/gui/file/8de0a9cfd8daf3ff6d9e4c15eee38e0f5deb5aebdd1f23a5e6ca22a0002966c1/detection

idfc-4f54a-default-rtdb.firebaseio.com

# Reference: https://x.com/Cazandophishing/status/1841099527379451946

app-caixa.cc

# Reference: https://x.com/malwrhunterteam/status/1841216411970257118
# Reference: https://www.virustotal.com/gui/file/1006277747fcc576c0807ca64db860baf73afa9676ec7d015e1ccad9cf59ad6a/detection

axisallversions-default-rtdb.firebaseio.com
