# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://info.phishlabs.com/blog/new-variant-bankbot-banking-trojan-aubis

ussensivitius.gq
webcam4bdsm.tk
domainprobr.tk
eltinjapp.cf

# Reference: https://twitter.com/jorgemieres/status/1129069254395990016
# Reference: https://pastebin.com/8v7TEu3D

asdfqw.xyz
fastwebworks2010.org
protec-guvenlik-4.top

# Reference: https://twitter.com/JAMESWT_MHT/status/1221865730054008833

kozzet.ru

# Reference: https://www.virustotal.com/gui/ip-address/162.244.32.142/relations

162.244.32.142:443
162.244.32.142:80

# Reference: https://twitter.com/sh1shk0va/status/1229720531680796677 (Black Rose Lucy)
# Reference: https://www.virustotal.com/gui/file/72c84191fe66c690f5101cf307293c003f82d80f1d00ee010e3067bb0c668d75/detection

gapsoinasj.in
ja0h12p14k.in
jqeoq0r1hgf03ds.in
q9120qwpsa.in

# Reference: https://twitter.com/ReBensk/status/1243500015613554688

protectphone.pw

# Reference: https://twitter.com/malwrhunterteam/status/1248220464473923584

gov-bnminfo.com

# Reference: https://twitter.com/malwrhunterteam/status/1248226241527844865

http://45.63.98.87
213.176.36.43:4207

# Reference: https://twitter.com/malwrhunterteam/status/1250386648598228992
# Reference: https://www.virustotal.com/gui/file/a55a9e204ca0f1015a34f76967ab1e93d7e6ff4ab5abb4816b7438c8db41c8e7/detection
# Reference: https://seguranca-informatica.pt/marco-2020-analise-reversa-da-app-android-entregue-com-o-phishing-do-novo-banco
# Reference: https://www.virustotal.com/gui/ip-address/51.83.252.64/detection
# Reference: https://twitter.com/ESETresearch/status/1252252094066819072

http://186.235.91.100
abanca-sms.com
bankinter.online
bcp-cadastro.com
bcp-millennium.com
cadastro-bcp.com
cadastronb.com
caixaes.site
cgd-cadastro.com
cgd-cadastro.site
es-atualiza.com
estado-sms.com
millennium-bcp.online
nb-cadastro.com
net24apk.website
santa-espanha.com
sms-nb.site
totta2020.com
/controls/nb/control.php
/controls/nb/sms.php
/extras/bpi_link.txt
/extras/nb_link_lyly.txt

# Reference: https://twitter.com/malwrhunterteam/status/1250798529850880000
# Reference: https://twitter.com/midnight_comms/status/1250811148204675072

http://176.121.14.127
vodafone5gapps.com

# Reference: https://twitter.com/malwrhunterteam/status/1252269448267997185
# Reference: https://www.virustotal.com/gui/file/111cfd455f836794e40c6b088ab8e73f8e673a79c18e559adcffa89630a51042/detection

http://218.187.103.198
27.255.64.95:8080

# Reference: https://twitter.com/malwrhunterteam/status/1252287608274722817 (# Android variation)
# Reference: https://www.virustotal.com/gui/file/10cf5bdab95219661759bc58d572379953233ec44b30bf2f83a89f6058610f09/detection
# Reference: https://twitter.com/ninoseki/status/1253272702573395972 (# iOS variation)
# Reference: https://www.virustotal.com/gui/file/748b9f36e5a738665d082b347b5b1f4448d06a70906a32b52b77acd5aa70052e/detection

23.251.45.232:8080

# Reference: https://twitter.com/malwrhunterteam/status/1252323010662588421

poczta-interia.com

# Reference: https://twitter.com/malwrhunterteam/status/1252325976308166660

evdehayatvarfree20gb.com

# Reference: https://twitter.com/malwrhunterteam/status/1253016217268498437
# Reference: https://twitter.com/LukasStefanko/status/1253265204646903809

25s.site
obmenvsemfiles.com

# Reference: https://twitter.com/malwrhunterteam/status/1259886844961005568

bocongan113.com

# Reference: https://twitter.com/malwrhunterteam/status/1259906137891241985

bocongan113vn.com

# Reference: https://twitter.com/malwrhunterteam/status/1259909960311463936

8400113.com

# Reference: https://twitter.com/seafaringturtle/status/1259908100703821825

103.57.111.11:4163

# Reference: https://twitter.com/ReBensk/status/1260184449414647811

photobank-shar2020.website

# Reference: https://twitter.com/malwrhunterteam/status/1261545686325174273
# Reference: https://twitter.com/seafaringturtle/status/1263163367818215424
# Reference: https://www.virustotal.com/gui/file/8d742a1b50492fc35a54119f305daa054f666bf0ec08f7a668aa657af28a6563/detection

216.118.243.114:3500
216.118.243.114:57157
216.118.243.115:57157
216.118.243.116:57157
216.118.243.117:57157
216.118.243.118:57157

# Reference: https://twitter.com/malwrhunterteam/status/1266069349917503495

sosyaldestek-tr.com

# Reference: https://twitter.com/malwrhunterteam/status/1266073872614526982

dbierzkod.pl
odbierzkod.pl

# Reference: https://twitter.com/ReBensk/status/1269306854233997316

krazyfoxx9.xyz

# Reference: https://twitter.com/ReBensk/status/1270725741273964548
# Reference: https://www.virustotal.com/gui/ip-address/8.208.90.169/relations

covid-19argentina.top
darkfantasy.top
drzapato.online
drzapato.xyz
fastupdate.top
fastupdatemanager.top
greenandgrey.top
lovemeany.online
telecentrocovid19.top

# Reference: https://twitter.com/ReBensk/status/1272566330873479170

nansy782seetoyou38.website

# Reference: https://twitter.com/ReBensk/status/1272565628604502018

flashplayerupdate.top

# Reference: https://twitter.com/NtSetDefault/status/1275103442172891138

http://154.206.173.205
139.5.200.26:3500
139.5.200.27:3500
139.5.200.28:3500
139.5.200.29:3500

# Reference: https://twitter.com/malwrhunterteam/status/1349349426486153218
# Reference: https://twitter.com/bl4ckh0l3z/status/1350100010797559808
# Reference: https://www.virustotal.com/gui/file/6d29817636bd1eb314dfe5170765ef59f21c44054fb60049ade96e8becacc15d/detection

http://119.42.149.122
http://119.42.149.123
http://119.42.149.124
http://119.42.149.125
http://119.42.149.126
http://154.83.102.138
119.42.149.122:3500
119.42.149.123:3500
119.42.149.124:3500
119.42.149.125:3500
119.42.149.126:3500

# Reference: https://www.virustotal.com/gui/ip-address/213.176.36.42/relations

http://213.176.36.42

# Reference: https://www.virustotal.com/gui/file/786a73ac6036cf091939ccfa945e14e53524875ce8911f1c8d98d441fac2fd19/detection

213.176.36.42:4207
bank-negaramy.com

# Reference: https://www.virustotal.com/gui/file/a240e8586dd9d5cf199cb96deef63356dd24ae9274d750a076fd5ac4bed3f402/detection

213.176.36.42:4205
gov-bnminfo.com

# Reference: https://www.virustotal.com/gui/file/388bdb3f1f2e514e29646fe3a36bf20b7d0c47c0f0375f0aa2af262df6401845/detection

213.176.36.42:4201

# Reference: https://www.virustotal.com/gui/file/796bcb1df6fe45592137e0ddfb4dd1aa8fa264b396e43b58111543c9af89e564/detection

bnm-gov-info.com

# Reference: https://www.virustotal.com/gui/file/91807792a8c025f5b4c96a4d62f65ab335f695e9a7bbc6484c598a6ad3463684/detection

213.176.36.42:4202
negaramy-bank.com

# Reference: https://www.virustotal.com/gui/file/d3724868bb2966d0bffd235a995b6ac926a66b0756ca13679f3075d976da28e2/detection

213.176.36.42:4203
negarabank-my.com

# Reference: https://www.virustotal.com/gui/file/9ecca511661e72be443fc179cc71a1ecfcc8af48c6a8c87ef3883cb4724377b7/detection

213.176.36.42:4206
siasatan-gov-bnm.com

# Reference: https://www.virustotal.com/gui/file/c07cde11fb494e666a36ac7bb9cc593b877fb5267d04174c2295e586fdaada57/detection

bnm-govinfo.com

# Reference: https://www.virustotal.com/gui/file/0734c1af9909ce1c55bfe7d71f0c80c18792680880f4e35d849d038ce15962c7/detection

213.176.60.234:3403

# Reference: https://www.virustotal.com/gui/file/486234a479def6497524d3b501e3dfa9ae2f5e1815bd9b09219e98b8e95d62b2/detection

bnmgovinfo.com
smkgovinfo.com

# Reference: https://www.virustotal.com/gui/file/0460ecbe48b8b9d657fd1a8f7e8bbae779eddf312388f46359b21a9d97616170/detection

gov-cbminfo.com

# Reference: https://blacklist.cyberthreatcoalition.org/vetted/url.txt

cdek-payments.com
satterfieldbanks.com

# Reference: https://twitter.com/B0rys_Grishenko/status/1277515350658224128
# Reference: https://www.virustotal.com/gui/file/5ca38b7d208fbc5f665b4e0af7de5a1ac6cbc796375368934bffbef68732fc77/detection

sklepplay24.com

# Reference: https://twitter.com/ReBensk/status/1277615119594409987

http://154.206.173.194

# Reference: https://twitter.com/ReBensk/status/1277616463457792000
# Reference: https://www.virustotal.com/gui/file/c69af883dc42792500eecb12dc1f0641f1b9f4b4c340365c0491985ce6a89448/detection

193.112.126.184:39090

# Reference: https://twitter.com/ESETresearch/status/1277930672477343760

arabamuayenesi.com
usom-gov-tr.ml

# Reference: https://twitter.com/malwrhunterteam/status/1280220519460208641

http://102.129.249.232

# Reference: https://twitter.com/malwrhunterteam/status/1280502011981676546

chromekill.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1280572099686531072

looparkadaslik.xyz

# Reference: https://www.virustotal.com/gui/file/1998850290d2d17e5537610fdd074fce3027e0999a06bc7f2d9c2ee9170773eb/detection
# Reference: https://www.virustotal.com/gui/file/a8cae4f6c6c0121522baff7610a6fd09495426a90d816b8334acae903e8f6985/detection
# Reference: https://www.virustotal.com/gui/file/525198da8ae0c46f7707b9040eb4cf28794ab53df29f5f4ae5ec9830b4ea7eaa/detection
# Reference: https://www.joesandbox.com/analysis/199559/0/html

172.104.120.109:23040
172.104.135.129:3040
172.104.181.99:23040
/phoneinfo/xb_bin
/phoneinfo/xb_bin_one

# Reference: https://twitter.com/LukasStefanko/status/1280624418876686336
# Reference: https://twitter.com/NtSetDefault/status/1280648662499155968

antonioguterres.app
billclinton.app
bobiger.app
charlleskoch.institute
dougmcmillon.app
georgewbush.dev
jimyongkim.app
martinlutherkingjr.app
micheltemer.app
nelsonmandela.dev
pedroalvarescabral.dev
ragfactory.red
rupertmurdoch.red

# Reference: https://twitter.com/malwrhunterteam/status/1280846189433413634
# Reference: https://twitter.com/JCyberSec_/status/1303618860449509377
# Reference: https://www.virustotal.com/gui/ip-address/5.252.179.35/relations

bufirte.xyz
contatorfull.best
contmobi.club
contmobi.online
contmobi.work
cubirta.club
cubirta.xyz
dietasricas.xyz
gameapps.link
loltopgor.monster
mastercuponsdays.com
masteroffersdays.com
norditcph.xyz
ofertasgrandes.best
offersdirects.com
parse654.xyz
parse655.xyz
passtravel.best
poptoper2.monster
shopingoffers.xyz
topbestoffers.best
topbestoffers.monster
topbestoffers.xyz
topnomber.monster
toroftos.xyz
yourbestoffers.best

# Reference: https://twitter.com/malwrhunterteam/status/1281269010231853056

http://154.206.173.205

# Reference: https://twitter.com/malwrhunterteam/status/1283040684614852609

http://154.206.147.115

# Reference: https://www.virustotal.com/gui/file/fc0b880ddd9bda92dfb776d32a1958635be8933fa138dd35044cb5e76f470860/detection

emobileservices.club

# Reference: https://twitter.com/malwrhunterteam/status/1288838413345607680

foranymefc.site

# Reference: https://twitter.com/0bfusCat/status/1089817931435905025

izmirsiberahmet.online

# Reference: https://twitter.com/0bfusCat/status/1088413094722879488
# Reference: https://www.virustotal.com/gui/ip-address/47.74.70.68/relations

aperdosali.top
atbfinance.top
atbfinanza.top
atbfinanziario.top
comedirtad.top
ctechnick.top
dopeblock.top
materongoc.top
oldcrystal.top
sickslick.top
sleepmate.top

# Reference: https://twitter.com/sh1shk0va/status/1290267524592934918
# Reference: https://www.virustotal.com/gui/file/548ea89dcfe3fed1e6766d1c9ef36407b6d3a852fd359635e5fe9de99732eb0b/detection

vigolimone.website

# Reference: https://twitter.com/malwrhunterteam/status/1290635046169260032

cooperativa-mobile.ml

# Reference: https://twitter.com/malwrhunterteam/status/1290964433402044416

llmymdq.site

# Reference: https://twitter.com/malwrhunterteam/status/1293831060611096579
# Reference: https://www.virustotal.com/gui/file/63a07c43fc8ab595a45eb17329f8b310c8db72efef3b16a4ea081251f2e40b05/detection

154.92.17.105:1506
154.92.17.105:1509

# Reference: https://twitter.com/malwrhunterteam/status/1297078797553074176
# Reference: https://twitter.com/B0rys_Grishenko/status/1297277745362358273
# Reference: https://www.virustotal.com/gui/file/92648f5945ce65aa9ee46afe1a07e9300d4724255118d4c37bf58b8bafdbedeb/detection

http://217.8.117.104

# Reference: https://twitter.com/malwrhunterteam/status/1298677192667402248
# Reference: https://www.virustotal.com/gui/file/b336120b0dcb02d15b63f623ec1ef55659aed23f9d1355f80f2b5d1000963eac/detection

http://154.218.21.181

# Reference: https://twitter.com/malwrhunterteam/status/1301135258025431041

tiende.ru

# Reference: https://www.virustotal.com/gui/file/c073bf806c4ff8a4cacd515681cac215ee8e7b214f4cb1ad7303912aba2eb67f/detection

http://112.213.127.89

# Reference: https://twitter.com/malwaretracekr/status/1305403739117776902

http://220.129.70.58

# Reference: https://www.virustotal.com/gui/file/2502b3b57aa43a63aecb4ad6bae9e739742e78091436c27b3949b55c3387a0f4/detection

185.246.64.188:8001

# Reference: https://twitter.com/bl4ckh0l3z/status/1308789853354692608

senteam.ru

# Reference: https://twitter.com/ReBensk/status/1311154202643660801

paypal-sign.myddns.me
support-paypal.myddns.me

# Reference: https://twitter.com/malwrhunterteam/status/1311307895443787778

http://155.138.163.183

# Reference: https://twitter.com/malwrhunterteam/status/1316057431370326017

http://156.235.187.217
 
# Reference: https://twitter.com/ReBensk/status/1311536162499162112

http://157.185.179.73

# Reference: https://twitter.com/malwrhunterteam/status/1311710159715082241

http://144.202.11.123

# Reference: https://www.virustotal.com/gui/file/5642f08b04be9460fcdb973042e4841ccbd732cd5ffc0107d9750e5f9afc4449/detection
# Reference: https://www.virustotal.com/gui/file/fffa5c2a67db847f43217aa5551c75f5aa1f8f9d82bed032d6eb2a9df1f781e3/detection
# Reference: https://www.virustotal.com/gui/file/ab52aa605dde9edf4437388c5df75552ecc196b07c196f6435e7fcf7875e1745/detection

45.138.209.18:8080

# Reference: https://www.virustotal.com/gui/file/1ebe007267a27b653ab572fc4e0a6cccb9b914981d2f90b19d84b75a1bfad55d/detection

45.138.209.34:8080

# Reference: https://www.virustotal.com/gui/file/6046d1b0961301b4b2f26857c5c10e296f03ef942a1b9028631736aa0d8f1205/detection

45.138.209.37:8080

# Reference: https://www.virustotal.com/gui/file/3a3e58f6ee3b0ebc6f3373deddc32255457b710d7ae2200b823536a321a5e001/detection
# Reference: https://www.virustotal.com/gui/file/4bcb08348feda24f4f162784772d20d7808957bd052afbf4e5995ebe0ded0f5c/detection
# Reference: https://www.virustotal.com/gui/file/d601ff978865fa44311b55420c6cbb61a2a65a9631f797895c1b6406e0b9e731/detection
# Reference: https://www.virustotal.com/gui/file/74a12057215be8b65c46a8614a97fcca61012a28b1dc416fd9a9f700ef4f3485/detection

45.138.209.23:7788

# Reference: https://www.virustotal.com/gui/file/d2fd885065dacd134d54f9f07a6a95e2b3371a387102b7094cac812d7da97e25/detection

45.154.14.63:7788

# Reference: https://twitter.com/malwrhunterteam/status/1370021678915350542
# Reference: https://www.virustotal.com/gui/file/08eced64db2e5a0d8de2b57f8a1fee9f724a59be95dfb9f4935ad8d204d45bae/detection

45.154.14.95:7788

# Reference: https://www.virustotal.com/gui/file/fcfb19c41114a5bf5195d8d6316ac1738aec58b38984076ed0c63f2b48f6997f/detection
# Reference: https://www.virustotal.com/gui/file/eefe5825eb631b1ab81f2646cec7cdb21673066dd4c409e89d257b50260df324/detection

141.255.151.19:5214
141.255.157.49:5214
asdtt23488.hopto.org

# Reference: https://twitter.com/malwrhunterteam/status/1313355326670942208
# Reference: https://twitter.com/bl4ckh0l3z/status/1313374708688134144
# Reference: https://www.virustotal.com/gui/file/74b194615ce6ac50435e211470c3b2948c244a94b5b75ff2d8825bcb5a26b79c/detection

fusaed.com
qctetc.com
uxsahd.com

# Reference: https://twitter.com/malwrhunterteam/status/1313522877443043332

flash-player-indir.com

# Reference: https://twitter.com/malwrhunterteam/status/1313800408746393603

mollyptuwo.online

# Reference: https://twitter.com/malwrhunterteam/status/1316059882987061248

heapafoo.ru

# Reference: https://twitter.com/malwrhunterteam/status/1316708831678935042

http://92.63.106.163

# Reference: https://twitter.com/malwrhunterteam/status/1316782508764266496
# Reference: https://www.virustotal.com/gui/file/30557d0306ca5502de037538857c8448edc09f9f318807506cc2e285fcb40893/detection

http://154.85.186.46

# Reference: https://twitter.com/Cengiz86035319/status/1317019371764580355
# Reference: https://www.virustotal.com/gui/file/2703c955b8470f8022f4ed74c9e5ca52eabfba37b900bdc47486ee9e6af1b6e1/detection

http://35.202.212.117

# Reference: https://twitter.com/malwrhunterteam/status/1317059994907455488
# Reference: https://www.virustotal.com/gui/ip-address/91.134.159.176/relations
# Reference: https://www.virustotal.com/gui/ip-address/94.23.180.186/relations
# Reference: https://www.virustotal.com/gui/file/58a6117c374159928685e79dd55766eca1c9ac4cbe264acdd0fb1f1815427835/detection
# Reference: https://www.virustotal.com/gui/file/4c2114824eaf97c3c0ded5dea516db8dc7435a00c04aa2ac6706877908a42585/detection

ebsex.ru
exsos.ru
gomon48.ru
kexsex.ru
kosex.ru
sexet.ru
sexkex.ru
sexoko.ru
sexpis.ru
sexsos.ru
sextuk.ru
sexura.ru
sexvam.ru
sexvokrug.ru
sexvsem.ru
sosep.ru
soses.ru
sosev.ru
soske.ru
soskex.ru
sosto.ru
sosvot.ru
totsos.ru
zosos.ru

# Reference: https://twitter.com/malwrhunterteam/status/1317403643700719616

гусар.online
xn--80af4bcj.online

# Reference: https://twitter.com/malwrhunterteam/status/1318276866449510400

nuevospainflplayer.info

# Reference: https://twitter.com/malwrhunterteam/status/1319918657804357632
# Reference: https://twitter.com/bl4ckh0l3z/status/1320690035327410177
# Reference: https://www.virustotal.com/gui/file/08d74a860befbad4e3e4fc80c6b9d4b46be3c723cb1056d596f3e33dc77343a6/detection
# Reference: https://www.virustotal.com/gui/file/4c2378ead460da2282b37c58e8cf911bca55bad57baac485c8e2f9e9ad2b9313/detection

shopee-coins.com
shopee.cc-cashwallet.com
f-spy.com
a.f-spy.com
b.f-spy.com
c.f-spy.com
d.f-spy.com
f.f-spy.com
g.f-spy.com

# Reference: https://twitter.com/malwrhunterteam/status/1319952092119896065
# Reference: https://www.virustotal.com/gui/ip-address/98.126.156.85/relations
# Reference: https://www.virustotal.com/gui/file/3f7340fc7ec7028dcec2e1d9c766b72d70e5656eb17e7982e434ebe644d27878/detection

160.124.255.97:2018
1136984.com
840113.com
84113113.com

# Reference: https://twitter.com/Boyv3r/status/1320076344034791424

ebatabletiniz.com

# Reference: https://twitter.com/ReBensk/status/1322064414175092740
# Reference: https://www.virustotal.com/gui/file/c096d30ee0a0df796ca023e421aa4580a9adb5f2893bc2657577fa0e0b691e97/detection
# Reference: https://www.virustotal.com/gui/file/3e860c4ede3c07ee29ad269635e2ae6cd6790b2c74bf5ffa201e8cb4dd52b736/detection
# Reference: https://www.virustotal.com/gui/ip-address/185.193.91.74/relations

acrisias.xyz
akdorr.xyz
alphesiboeus.xyz
amyntor.xyz
anchises.xyz
antipatros.xyz
arutruck.xyz
atcor.xyz
athenades.xyz
azzaur.xyz
barud6347.xyz
busgud.xyz
calcurr.xyz
cissesd.xyz
cleathes.xyz
corydallos.xyz
crodolvith.xyz
dakquth.xyz
diokles.xyz
epaenetus.xyz
euchenor.xyz
eudoxsus.xyz
euryleon.xyz
eurysthios.xyz
eutuches.xyz
gaddurud.xyz
gruavran.xyz
grulgojer.xyz
gruraborr.xyz
hermotimos.xyz
iamusasf.xyz
iboddeth.xyz
icarius.xyz
khaascon.xyz
krakott.xyz
krazalzutt.xyz
kruzangozz.xyz
leonidasmy.xyz
leontis.xyz
lorozz.xyz
lydusasd.xyz
medonhfg.xyz
montudsan.xyz
nauvamutt.xyz
nedalqex.xyz
nezrozz.xyz
nikasiosayur.xyz
nisosfhg.xyz
omunomn.xyz
oniasasd.xyz
phanias.xyz
phileasg.xyz
praxislol.xyz
praxisyui.xyz
priamadg.xyz
priamgfg.xyz
qavukozz.xyz
rokrirr.xyz
rozrux.xyz
segerux.xyz
sinisssa.xyz
stukkuar.xyz
tectondas.xyz
telemacho.xyz
theageshgf.xyz
tigegax.xyz
timasion.xyz
tithonius.xyz
vulkuar.xyz
xiphilinus.xyz
xuthusyu.xyz

# Reference: https://www.virustotal.com/gui/ip-address/185.193.91.5/relations
# Reference: https://www.virustotal.com/gui/ip-address/192.64.119.224/relations
# Reference: https://www.virustotal.com/gui/ip-address/63.250.44.166/relations

1zmt5e0yjt.xyz
anita1898kurovsk1.xyz
babalaykaandcomp.xyz
dakquth.xyz
davnad.xyz
droid2021.xyz
gorajorr.xyz
gruraborr.xyz
heartways.xyz
iboddeth.xyz
khaascon.xyz
krazalzutt.xyz
mandalorec2021.xyz
masteronil.xyz
obiwan2021.xyz
princeleya021.xyz
tsubaka2021.xyz
warior7766.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1323157065284681728
# Reference: https://twitter.com/bl4ckh0l3z/status/1323180531891101696
# Reference: https://www.virustotal.com/gui/file/affd5f9084641dee0355dc09b60db37a162538be44727884eb45e929bd4b2f60/detection

103.85.72.156:8080
blinefm.com
2020.blinefm.com

# Reference: https://twitter.com/malwrhunterteam/status/1323284195515531265

agoralux.com.br

# Reference: https://twitter.com/malwrhunterteam/status/1323674314521141249
# Reference: https://www.virustotal.com/gui/file/7e7be8412de67b5aead030c0f03dc19285b2f4597dda554b7748e72544c45d21/detection

espflplayerdescargar.live

# Reference: https://twitter.com/malwrhunterteam/status/1326163604459180037

blinefm.com

# Reference: https://twitter.com/malwrhunterteam/status/1262783846690492418

filmspolandxxx.com

# Reference: https://twitter.com/malwrhunterteam/status/1327354542086889472
# Reference: https://www.virustotal.com/gui/file/20a7aeeadfeb548d2d6df10ed7e4d7e84caa326313f917385d7fb7736af48bd4/detection

189.6.120.28:5050

# Reference: https://twitter.com/malwrhunterteam/status/1328392462088462336
# Reference: https://twitter.com/B0rys_Grishenko/status/1328402107892981761
# Reference: https://www.virustotal.com/gui/ip-address/47.254.176.26/relations
# Reference: https://www.virustotal.com/gui/file/ea6cae544c3822e8ff4cfa86bd9285f9c1363388603d3120dacbeecda291649c/detection

3030sisisinononono.info
332dskakkwkkksk22dada.info
5050sisisinononono.info
bancosantander-segura.com
dsfiudsfdnsjds.top

# Reference: https://twitter.com/malwrhunterteam/status/1329709356116570113
# Reference: https://twitter.com/bl4ckh0l3z/status/1329713263060377608

888ccb.com
ushdka.com

# Reference: https://twitter.com/bl4ckh0l3z/status/1329776743339712518
# Reference: https://www.virustotal.com/gui/ip-address/185.156.172.69/relations

soofoodoo.club

# Reference: https://labs.k7computing.com/?p=21246
# Reference: https://www.virustotal.com/gui/ip-address/114.55.79.183/relations
# Reference: https://www.virustotal.com/gui/domain/i9600.com/relations
# Reference: https://www.virustotal.com/gui/file/280dcc68e8b10a9834252aa3bfe2eb48781da56719915c896bfba7d3e0f8c000/detection

114.55.79.183:10011
i9600.com
aff.i9600.com
control.i9600.com
kd-apk.i9600.com
service.i9600.com
zhf.i9600.com
mei669.com
oms.mei669.com

# Reference: https://twitter.com/malwrhunterteam/status/1332644727808724996
# Reference: https://www.virustotal.com/gui/file/a2fd23a258d8a39c8b096183cdd028f958fa004135cc9df2c0d8910da88e3e46/detection
# Reference: https://www.virustotal.com/gui/file/64b48ee8a113fd171fca60d8bbc495b9af3663d65a08cece12114a4d4e8b64c4/detection
# Reference: https://www.virustotal.com/gui/file/311f3ac5c075be4b1e34d50d08ff6bf8724facf018f31490f349d3c68a8815ed/detection
# Reference: https://www.virustotal.com/gui/file/7df4b0a98d44a8db431340f50c9fec4c22e7b93b6d96f09cf97695d335818dd6/detection
# Reference: https://www.virustotal.com/gui/file/ab3db21229eee4b716824ca831f9ddbb837a4b2abb6abc12101e02e84159cb88/detection

146.185.241.6:7878

# Reference: https://twitter.com/bl4ckh0l3z/status/1333009513037893632

148.66.8.98:1935
148.66.8.99:1935
148.66.8.100:1935
148.66.8.101:1935
148.66.8.98:57162
148.66.8.99:57162
148.66.8.100:57162
148.66.8.101:57162

# Reference: https://twitter.com/bl4ckh0l3z/status/1281565691037003782/photo/3

154.206.45.22:21823

# Reference: https://twitter.com/malwrhunterteam/status/1333507473504948226
# Reference: https://twitter.com/bl4ckh0l3z/status/1334147416854056960
# Reference: https://www.virustotal.com/gui/file/e5bf969569c8e4d4ad93f5f6a6b8004bebc58187238a3f0085209004e6be12f6/detection

103.145.191.61:8978
http://103.145.191.61

# Reference: https://twitter.com/malwrhunterteam/status/1334222729558548490
# Reference: https://twitter.com/bl4ckh0l3z/status/1334480342854590465
# Reference: https://www.virustotal.com/gui/file/501ca1c4ce3a6c1d03655d35109b7d16e4dc111142ffa0c3f1cec95b7a604e6f/detection

116.193.152.176:7788
http://45.138.209.52

# Reference: https://twitter.com/malwrhunterteam/status/1336983774354173952

61.227.124.151:30

# Reference: https://twitter.com/malwrhunterteam/status/1337502083608670215
# Reference: https://twitter.com/bl4ckh0l3z/status/1338168054644150273
# Reference: https://www.virustotal.com/gui/file/787f671b98b0393dc6dc703ea0f04d1d79bb6cb45ecae2173c948de61f575e53/detection

103.40.163.156:9090
blinefml.com

# Reference: https://twitter.com/malwrhunterteam/status/1338912835523534848
# Reference: https://twitter.com/bl4ckh0l3z/status/1339305454149758978

isjxkac.com
ksjajsxccb.com

# Reference: https://twitter.com/malwrhunterteam/status/1339667434450653185

http://191.101.234.104

# Reference: https://twitter.com/malwrhunterteam/status/1341710227780104192

http://111.249.159.138

# Reference: https://twitter.com/malwrhunterteam/status/1342098542224142336
# Reference: https://www.virustotal.com/gui/file/bfaed122e095077d937d878ee80cdec7c9d295ddf701361b1a2e5013e3f42c93/detection

112.213.127.149:8978
http://112.213.127.149

# Reference: https://twitter.com/malwrhunterteam/status/1343662715437510656
# Reference: https://www.virustotal.com/gui/file/652d93eff67cb6ca7f50d8b1fd89652e6878c9e7173cb211baf64d7ce5756b1b/detection

103.147.13.139:8978
http://103.147.13.139

# Reference: https://www.virustotal.com/gui/file/87c9d15e7bb4ca798947adecee7ec162206e5975680375c4f4d5f044926a5e17/detection

bb.fbb0oy.net

# Reference: https://twitter.com/malwrhunterteam/status/1346515280919408647
# Reference: https://twitter.com/bl4ckh0l3z/status/1348294330537168902
# Reference: https://www.virustotal.com/gui/file/f25e7e0de3a02fcef6749ed4ba69df20e07a6982db626903cdadac9432847038/detection
# Reference: https://www.virustotal.com/gui/file/9952ff78d120eae1637b66862d3967d06126f0b1d2c0967270207702e086cc75/detection

http://45.138.209.52
103.145.106.214:7788
45.154.14.19:7788

# Reference: https://s3.amazonaws.com/snort-org/www/rules/community/community-rules.tar.gz
# Reference: https://snort-org-site.s3.amazonaws.com/production/release_files/files/000/012/156/original/snort3-community-rules.tar.gz
# Reference: https://www.virustotal.com/gui/domain/smsgrabber.url.ph/relations

smsgrabber.url.ph

# Reference: https://twitter.com/malwrhunterteam/status/1351221272710176770
# Reference: https://www.virustotal.com/gui/file/d927fddc84d4f06c2879487756c89c89bf99848e4bec39e5aad0da6a0c53f1a9/detection

pornohdcenter.com

# Reference: https://twitter.com/malwrhunterteam/status/1351894856281579522
# Reference: https://www.virustotal.com/gui/file/5265ebe2a3e33f003b111f4f7cd4c760800e5ff55f2dd43dea8f22fda3337f81/detection

196.69.61.56:707
ndseven.hopto.org

# Reference: https://twitter.com/ReBensk/status/1352201093728518149
# Reference: https://www.virustotal.com/gui/file/cb74cd54650ba5c39a4c9e609b3a371cc7289d81dcdd849d1c5032f6a5fc5c27/detection

settings.pw
/huawei.apk
/huawei9998.apk
/xhuawei.apk

# Reference: https://twitter.com/malwrhunterteam/status/1353042982505742341
# Reference: https://www.virustotal.com/gui/file/7b769c23c607caaa1022307071e803bcfe1394c82aed11499cb65fedb5e19f17/detection

cervezaelhechicero.cl/DHLUSA/
/DHLUSA/DHLTrackShippment.html
/DHLSpain/DHLGlobalES.html

# Reference: https://twitter.com/malwrhunterteam/status/1352672839208476678
# Reference: https://twitter.com/malwrhunterteam/status/1352673988212912130
# Reference: https://twitter.com/malwrhunterteam/status/1352876505630695424
# Reference: https://www.virustotal.com/gui/ip-address/193.38.55.56/relations
# Reference: https://www.virustotal.com/gui/ip-address/194.58.108.142/detection
# Reference: https://www.virustotal.com/gui/ip-address/47.254.171.138/relations

dhl-api.club
dhl-api.icu
dhl-api.online
dhl-api.space
dhl-api.store
dhl-api.website
dhl-api.work
dhl-api.xyz
dhl-apk.com
dhl-apli.icu
dhl-apli.online
dhl-apli.site
dhl-apli.space
dhl-apli.store
dhl-apli.website
dhl-apli.work
dhl-apli.xyz
dhl-app.info
dhl-app.ru
dhl-app.space
dhl-app.website
dhl-cdn.pw
dhl-cdn.site
dhl-cdn.space
dhl-cdn.store
dhl-cdn.website
dhl-ebalo.casa
dhl-ebalo.club
dhl-ebalo.cyou
dhl-ebalo.fun
dhl-ebalo.icu
dhl-ebalo.online
dhl-ebalo.site
dhl-ebalo.space
dhl-ebalo.store
dhl-ebalo.surf
dhl-ebalo.website
dhl-ebalo.work
dhl-ebalo.xyz
dhl-ebat.icu
dhl-ebat.online
dhl-ebat.site
dhl-ebat.space
dhl-ebat.store
dhl-ebat.surf
dhl-ebat.xyz
dhl-kurva.casa
dhl-kurva.club
dhl-kurva.cyou
dhl-kurva.fun
dhl-kurva.icu
dhl-kurva.online
dhl-kurva.site
dhl-kurva.space
dhl-kurva.store
dhl-kurva.website
dhl-kurva.work
dhl-kurva.xyz
dhl-pidor.casa
dhl-pidor.club
dhl-pidor.cyou
dhl-pidor.icu
dhl-pidor.monster
dhl-pidor.online
dhl-pidor.site
dhl-pidor.space
dhl-pidor.store
dhl-pidor.surf
dhl-pidor.website
dhl-pidor.work
dhl-pidor.xyz
dhl-serv.cyou
dhl-serv.site
dhl-serv.space
dhl-serv.store
dhl-serv.website
dhl-serv.xyz
dhl-suka.casa
dhl-suka.club
dhl-suka.cyou
dhl-suka.fun
dhl-suka.icu
dhl-suka.online
dhl-suka.site
dhl-suka.space
dhl-suka.store
dhl-suka.website
dhl-suka.work
dhl-suka.xyz
dhlapk.com
dhlapp.info
dhlapp.space
dhlapp.website
/dhl-1.apk
/dhl-2.apk
/dhl-3.apk
/dhl-4.apk
/dhl-5.apk
/dhl-6.apk
/dhl-7.apk
/dhl-8.apk
/dhl-9.apk

# Reference: https://twitter.com/malwrhunterteam/status/1376476624703602698

/mrw-1.apk
/mrw-2.apk
/mrw-3.apk
/mrw-4.apk
/mrw-5.apk
/mrw-6.apk
/mrw-7.apk
/mrw-8.apk
/mrw-9.apk

# Reference: https://twitter.com/malwrhunterteam/status/1353773189864816642
# Reference: https://twitter.com/bl4ckh0l3z/status/1353794801901195271
# Reference: https://www.virustotal.com/gui/file/10658430a56a31ab8f295b3bb2860a1fc2fd95b09664d523b168de5d9bd71c2f/detection

ratapi11223344786.azurewebsites.net

# Reference: https://twitter.com/RickyLafleur1/status/1214587889700478976
# Reference: https://www.virustotal.com/gui/file/a6547415ef61bc66531978ef28913938f74dacb887bbd4ec5fc3a4ee978c4376/detection

http://185.185.71.90
whats-app.gq

# Reference: https://twitter.com/AgidCert/status/1353763168909225987
# Reference: https://twitter.com/ni_fi_70/status/1354352455123918848
# Reference: https://twitter.com/sS55752750/status/1354418390551711746
# Reference: https://twitter.com/sS55752750/status/1354420546809847820
# Reference: https://cert-agid.gov.it/news/individuato-sito-che-veicola-in-italia-un-apk-malevolo/
# Reference: https://www.virustotal.com/gui/file/9ae593c5611fa04fc0b7cf85f356b0ac92dcbe51fc5f481425ec7d6743368447/detection

cosmosframework.xyz
cosmospayments.online
montanatony.xyz
smoothbots.online
starbots.xyz
supportoapp.com
/js/app.19d5011b.js

# Reference: https://twitter.com/bl4ckh0l3z/status/1354755976755372035
# Reference: https://www.virustotal.com/gui/file/233835b9ff122185f2ff32b4841d38f6768508767f5cc5a021bc307489140a1a/detection
# Reference: https://www.virustotal.com/gui/file/1a0b29851c66a4750e132302fb3bbe180b0822069a916125feb18ce35b9ec319/detection

45.142.213.31:38920
45.142.213.31:38921
45.142.213.31:38922
45.142.213.31:38923
45.142.213.31:38924
45.142.213.31:38925
45.142.213.31:38926
45.142.213.31:38927
45.142.213.31:38928
45.142.213.31:38929
45.142.213.31:38930
45.142.213.31:38931
45.142.213.31:38932
45.142.213.31:38933
45.142.213.31:38934
45.142.213.31:38935
vpsp.ru
/A0.php?Android=
/A0.php?BankBotLog=
/A0.php?ShowPass

# Reference: https://twitter.com/ReBensk/status/1355752152740753413
# Reference: https://www.virustotal.com/gui/file/90301cc8484dab405e53a0a1ee07ff4117016412663d1df0154e6500ff1bbffd/detection

tosanfrancisco.life

# Reference: https://www.virustotal.com/gui/file/3ed04f22534c0d72641f96f59613005d72f50f7206f5e5d41a6284642df961e8/detection
# Reference: https://www.virustotal.com/gui/file/afc660b822bd032489407cc195b8ea544cde82335e17bca0fbd170e6fa4b2f52/detection
# Reference: https://www.virustotal.com/gui/file/a0075b79f75cbd0005beabbe9397a6cc79ce2521faf80771fb73bada49d898d8/detection

2.61.243.211:3210
2.61.243.211:5214
kolsayan.system-ns.net

# Reference: https://www.virustotal.com/gui/file/221926ac32a0a3da6a880320edacf5a5a8485214e5ca71bd7219fe25357f4f0e/detection

mixan4uk.system-ns.net

# Reference: https://www.virustotal.com/gui/file/b86fd4c42a30a1fbb6af287f23f7b50b72acf3308f43b4f31880563d8999b209/detection

41.233.168.80:1025
mugiwara.system-ns.net

# Reference: https://www.virustotal.com/gui/file/2cc928515b78a082307f3d813ba5e113fc0b36dff7c0f4f22534e6f1d64a2545/detection

boothead99.system-ns.net

# Reference: https://twitter.com/malwrhunterteam/status/1361753980053970950
# Reference: https://www.virustotal.com/gui/file/74adb6bd25a9714501c5e165de1875b17a69fd42d853435f0907ea7abee44fca/detection

freeplayer.site

# Reference: https://twitter.com/malwrhunterteam/status/1362067913159630851
# Reference: https://www.virustotal.com/gui/file/56ba4301cb77686a2f050bb20bf5443ce817aa582f63d4f8c76877bc230f328f/detection

bankspray.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1362853473272881155
# Reference: https://www.virustotal.com/gui/file/ff169cffd911225c22760b6e228a5857bd5e85a379b13a506c35be9639d23aa2/detection

dreamseed.info

# Reference: https://twitter.com/pmmkowalczyk/status/1367210739681943552

buguilou.com
contornosdesign.pt
spave.com.pk
weboyal.com
ylem222.com

# Reference: https://twitter.com/danlopgom/status/1367820701789532163
# Reference: https://www.virustotal.com/gui/file/85e2227bac98f2a283470798f9f15d63dc3e8f5d98c71385514603f181aefd83/detection

correos.website
correos.startupinside.net

# Reference: https://twitter.com/malwrhunterteam/status/1370443450487869441
# Reference: https://www.virustotal.com/gui/file/dd679ed92ab85e7b3f6d6b8996f681ba07b8e5afd7cf38a33b4edac38f392f4d/detection

http://154.203.226.182

# Reference: https://twitter.com/malwrhunterteam/status/1374820280636424201
# Reference: https://www.virustotal.com/gui/file/546f93d93d47c422b3193864c872a64f87fabd1dab845eecbf68195c41d35207/detection

http://154.23.55.21

# Reference: https://www.virustotal.com/gui/file/8292218f8d2630c5a03593cebb4899c7e06d4f8afedb9aa3c432b450d9e33b4a/detection

oiwa27enioaa2oinz.top

# Reference: https://www.virustotal.com/gui/file/aaf8de7f4c51e8196d677eb175f67bc614356f3acd01bc6da821fc74d863bf9a/detection

jyrsrydjrtsf0912.top

# Reference: https://www.virustotal.com/gui/ip-address/34.65.156.127/relations

awqwywewfs56843.top
gaweawgeaweg232.top
ghslitvomurjfurepj.top
ghslitvomurjfurfsdhdafhijkvepj.top
ghslitvomurjfurfsdhjkvepj.top
make9019jaion.top
se44syesegs4e3.top

# Reference: https://www.virustotal.com/gui/ip-address/35.199.117.241/relations

ghslitvomurjfurepj.top
lukabukazykasas.top
peskoleonido9201.top

# Reference: https://twitter.com/malwrhunterteam/status/1377022272926519306
# Reference: https://twitter.com/malwrhunterteam/status/1377377262404657154
# Reference: https://twitter.com/malwrhunterteam/status/1380255616376184835
# Reference: https://www.virustotal.com/gui/ip-address/198.187.29.144/relations
# Reference: https://www.virustotal.com/gui/ip-address/68.65.120.237/relations
# Reference: https://www.virustotal.com/gui/file/ae9208fd8c3e5170c3cb32df36c9f8596c4acd2fdebb7f98decd13583f26f0b5/detection
# Reference: https://www.virustotal.com/gui/file/5e816b8f4c0df1d6f1bd409988658f40416de7d7333b6776a64ce66fb41fcadb/detection

antivirusmc.xyz
apkchrome.xyz
browserchrome.xyz
chrome2apk.xyz
chrome3apk.xyz
chrome4apk.xyz
chromea1k.xyz
chromeapk.xyz
chromeapk5.xyz
chromeapk6.xyz
chromeapk7.xyz
chromeapk8.xyz
chromeapkupdate.xyz
chromebrowser.xyz
chromeeapkk.xyz
chromeupdateantivirus.xyz
chromeupdateapk.xyz
updatechromeapk.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1377563398775447555
# Reference: https://twitter.com/LukasStefanko/status/1377574453220114432
# Reference: https://twitter.com/NtSetDefault/status/1377654475507302401
# Reference: https://www.virustotal.com/gui/file/be3d8500df167b9aaf21c5f76df61c466808b8fdf60e4a7da8d6057d476282b6/detection

134.209.66.184:5000
atualservicenovo.hopto.org
modulo-gatewayzzz-com-br.umbler.net

# Reference: https://twitter.com/malwrhunterteam/status/1379513330633691153
# Reference: https://twitter.com/bl4ckh0l3z/status/1379715519553622019
# Reference: https://www.virustotal.com/gui/file/2e403d7dfbf9641dd9d54cab50b06bbc8a09aeeafa5a4b824a79750befbefe74/detection

api.88888.pm
rtmp.5555577777.cn
tiktok.tf

# Reference: https://twitter.com/malwrhunterteam/status/1382676216893804547
# Reference: https://www.virustotal.com/gui/file/9e0383ce956c1a31c44367d6886dc36d7e036771b6351082567a9e434cc1018d/detection

http://139.177.192.54

# Reference: https://twitter.com/malwrhunterteam/status/1382712585557016581
# Reference: https://www.virustotal.com/gui/file/7a392dea26a6482842a1b14b3d5fb3e0a138eba7cd8c18146758bb4c2021c3e4/detection

http://139.177.193.252

# Reference: https://twitter.com/malwrhunterteam/status/1384025728128229381
# Reference: https://twitter.com/malwrhunterteam/status/1480914416887599115
# Reference: https://twitter.com/malwrhunterteam/status/1532716068598386692
# Reference: https://twitter.com/midnight_comms/status/1532717468732379136
# Reference: https://www.virustotal.com/gui/file/eeec5a484623068336306c6dfa696981b87048ac9e37bdc14e21beca8ef6eecd/detection
# Reference: https://www.virustotal.com/gui/file/be1ea062a9496d469fc6b6579644db325d278f97ec5091777ce90b519789645b/detection
# Reference: https://www.virustotal.com/gui/file/7d29fef5cd3dc1a0271b97288f2a51e082628877091865e81ea0d13214ff50ef/detection
# Reference: https://www.virustotal.com/gui/file/8aac771bf14279eb41574fd191cf9c344f8b20ad52ac3b7a1941eca75e549935/detection

http://103.81.169.137
http://154.194.3.236
http://51.79.168.103
http://51.79.168.123
103.81.169.137:6001
154.194.3.236:6001
51.79.168.103:9001
51.79.168.123:8001
magicpro.xyz
/spy/OneNeedHintAlertDone?imei=
/spy/Sync?imei=
/spy/SyncConfig?imei=
/spy/SyncDone?imei=
/spy/addMobileAccount
/spy/addMobileApp
/spy/deleteMobileApp
/spy/downloadMobileApps
/spy/getOneModifyContact?imei=
/spy/getOneModifySms?imei=
/spy/getOneNeedHintAlert?imei=
/spy/syncMobileCallLogs
/spy/updateModifySmsResult?imei=
/spy/uploadBinary
/spy/uploadFormInfo
/spy/uploadMobileApps
/spy/uploadMobileCallLogs
/spy/uploadMobileContacts
/spy/uploadMobileGps
/spy/uploadMobileInfo
/spy/uploadMobileSmss

# Reference: https://www.virustotal.com/gui/file/0af2ab5df68cdd44d5e4e385a322f39b5bed3680197a4293ade43485fc454288/detection

http://103.126.241.166
103.126.241.166:6001

# Reference: https://twitter.com/malwrhunterteam/status/1631397387116638211
# Reference: https://www.virustotal.com/gui/file/843050142cb7b50908541d73815f1a4fbb2881db650042c3ad4008c3c67ff8c5/detection

183.111.122.124:6002
authpermission.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/e2d8d55584ac0ae5b81e93037d5fe28a5ab63dd205f5a9037cb4b035ae4a4908/detection

183.111.122.123:6002

# Reference: https://www.virustotal.com/gui/file/02307f548db01d30fd3c0cdac26b06631b26e7097bb15844bd773d7d99733f55/detection

http://45.114.125.201

# Reference: https://www.virustotal.com/gui/ip-address/142.91.115.180/relations
# Reference: https://www.virustotal.com/gui/domain/m.anyhall.com/relations
# Reference: https://www.virustotal.com/gui/file/28073e582a4374651de45479b4ba509d028cad636352ec99fb49a9e474b688d5/detection

142.91.115.180:8855
m.anyhall.com

# Reference: https://twitter.com/malwrhunterteam/status/1385925206477361154
# Reference: https://www.virustotal.com/gui/file/cb534251500fc47ac910f82ee40ddfd5657b60727af2d5178d85e19948b3d576/detection

hd-freepornvideos.club

# Reference: https://www.virustotal.com/gui/file/4b098f9f68d5f21a7ea9e23d1a3c730714abb4246f929074f7980493d0c37d09/detection

kassandra.fun
sonaspection.ru

# Reference: https://twitter.com/malwrhunterteam/status/1389255478266548224
# Reference: https://www.virustotal.com/gui/file/e911c7b36dd45be7c5e2443fe048e89c93bf057a769bf274830bd057363187be/detection

http://167.99.177.19

# Reference: https://www.virustotal.com/gui/file/b42c476a09d95582247f1e0fdae17670c6b96f5192e310b0e40121ef79755a43/detection

156.234.25.53:7788

# Reference: https://www.virustotal.com/gui/file/dfdf94f829ee1cd42da43553bad0bbea90141ed655076f73af4b02a6e9369bf2/detection

156.234.25.181:7788

# Reference: https://www.virustotal.com/gui/file/ac858a30302591b82e2417c5d60484ca4a9065974425506a03cdfc4d4b41a8a7/detection

156.234.25.249:7788

# Reference: https://twitter.com/malwrhunterteam/status/1391818475195219971
# Reference: https://www.virustotal.com/gui/file/df096b2fd6b09f2cabc7d5eedb0497058831c08d1f746f91df43bfe1d2d561b9/detection

103.40.163.75:9090
koreabam21.com

# Reference: https://twitter.com/malwrhunterteam/status/1397510362598084610
# Reference: https://twitter.com/malwrhunterteam/status/1438455316564303872
# Reference: https://www.virustotal.com/gui/file/1ab363d46c6e511bcce08c0c4dc702ceaf602ac8eef2a6663b47a4c60cb179d5/detection
# Reference: https://www.virustotal.com/gui/file/2e708e464074aed4242fb8cc3d93a16ff5ed724c33da6e45e002c3c8c30fa053/detection
# Reference: https://www.virustotal.com/gui/file/3fbcf74876ae8d6845d93be6fd747a7cc38afda00bb650443d3d52281535888b/detection

172.104.133.201:20027
ankatras.xyz
covid19-ca.link
godforgiveuss.live
sock.godforgiveuss.live
socktest.ankatras.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1417549231221616643
# Reference: https://www.virustotal.com/gui/file/39fd11ec4890da87f22b05825a1d8de1423cb2caf31aef72376ba611433ef59a/detection

139.177.182.88:20027
hhhhrkanandda.xyz
unknknknnkknkknnk.xyz
sock.hhhhrkanandda.xyz
sock.unknknknnkknkknnk.xyz

# Reference: https://twitter.com/k3yp0d/status/1446446384882782224

172.104.226.138:20027
pembesir.xyz
sock.pembesir.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1450183476842536967
# Reference: https://www.virustotal.com/gui/file/6a0aa9262bff716cbaf0be6a019fb6a1b87990311f445bb97df1240fff1248a2

139.162.233.149:20027
essesessssssss.top
sock.essesessssssss.top

# Reference: https://twitter.com/unidentified0xc/status/1425161173465538562
# Reference: https://www.virustotal.com/gui/file/e1a2efc352e34661eddae757bc6d1856c64a6e0202ea8a427a3f237c4c440162/detection

nmnmnmfsamsfan.xyz
usvpn.xyz
sock.nmnmnmfsamsfan.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1394401728372559872

contratacionesbarcelo.com

# Reference: https://www.virustotal.com/gui/file/cc5c5128939aa43d6ebb661e846ed0e18fcbad4273595244a03fee42607c51dd/detection

http://103.249.104.120
103.249.104.120:9090

# Reference: https://twitter.com/malwrhunterteam/status/1399444793747456006
# Reference: https://www.virustotal.com/gui/file/c3c3550938850cb8571e7ea69158559fd859f81e5640a2706284148ceee4ae97/detection

http://154.208.162.197

# Reference: https://twitter.com/malwrhunterteam/status/1402637471683330050
# Reference: https://www.virustotal.com/gui/file/14f4cd43cc995800f3feea4c7ebaa0e6f550ca84c18dbd103290b90d3405425b/detection

http://185.220.103.7
185.220.103.7:443 
185.220.103.7:7777

# Reference: https://www.virustotal.com/gui/file/ce9e9c7e45d8abee3dce73c1cf7389b9eeafbf0d8eb32aaf10c5cb4c7301745f/detection

156.234.25.93:7788

# Reference: https://www.virustotal.com/gui/file/88a311f0f359e231b36c4f71a17242540e4476e6047b8b96e38d12473c50d316/detection

156.234.25.58:7788

# Reference: https://twitter.com/malwrhunterteam/status/1403302055352188930
# Reference: https://www.virustotal.com/gui/file/a12d3f74deff9a214fb7c686f20c4ff8adcca6a9f9d283eed02d84c07a93ee0d/detection

secyrecontrolremontepanel.xyz

# Reference: https://twitter.com/unidentified0xc/status/1415819610616631299
# Reference: https://www.virustotal.com/gui/file/3c3d31f4febde81d2e1714bb71916acf646cbca0b4ba1e27d2e45f46389bd6e0/detection
# Reference: https://www.virustotal.com/gui/file/ae87e417e0da723d202d4030bf514b29f9115c629f1a64cddb77d2b244425a90/detection

googlesystem.cf

# Reference: https://twitter.com/f3d__/status/1252164411881598977

nuova-gestione-app.guru

# Reference: https://www.virustotal.com/gui/file/831346106da21d6edd95d62d22065a705e1c8c3edd29a31fb4ca7431d50d5cb1/detection

4-u.wtf
fitnessstyle.xyz
sportsstyle.club

# Reference: https://twitter.com/malwrhunterteam/status/1418674419296243714
# Reference: https://www.virustotal.com/gui/ip-address/66.29.137.15/relations
# Reference: https://www.virustotal.com/gui/file/2969bb031811769e2567e09c3bcd6c7d2d874b141df95f48077ea7cc311054ad/detection

apkchromee.xyz
browserchrome.club
chromeapk.site

# Reference: https://twitter.com/JAMESWT_MHT/status/1420310582553718784

pornhd1080.one

# Reference: https://twitter.com/Gritzman_/status/1328335209004150786
# Reference: https://twitter.com/ni_fi_70/status/1328345659188064258
# Reference: https://www.virustotal.com/gui/file/002d97585e2ea7b8c76a60bc576edc0d418b4b0847a011ff2c75615ab359eec6/detection

servicemail.space

# Reference: https://twitter.com/ni_fi_70/status/1308753894051401729

i-heroes-fb.nextersglobal.com

# Reference: https://twitter.com/ni_fi_70/status/1291269207133491200

imklocloforvert.com

# Reference: https://twitter.com/ni_fi_70/status/1072410706782380032

bitsolution.info

# Reference: https://twitter.com/ni_fi_70/status/1019466719474212864
# Reference: https://www.virustotal.com/gui/file/bf4027f3938897fde77a91c52d888d146f4a394a58294d349e992674b62cf09d/detection

ok091880.online

# Reference: https://twitter.com/ni_fi_70/status/1008598804164173824
# Reference: https://www.virustotal.com/gui/file/4a88d7a89e8025916e5e98cd0249fb58feee79abe3a34b63a1de28076a0b6f20/detection

p182229.top

# Reference: https://twitter.com/ni_fi_70/status/986527550498377729
# Reference: https://www.virustotal.com/gui/file/cace7765a5df91602634ff1f19fa7e23f2964d237b24fdab7c736cfeb26febc7/detection

sicher1730.top

# Reference: https://twitter.com/ni_fi_70/status/941592229960970240
# Reference: https://www.virustotal.com/gui/file/066dac5aeb7508eaaf2e30d3be117571df8c9a73fff23a3d3065c64d0dad6b15/detection

sicher911323.gdn

# Reference: https://www.virustotal.com/gui/file/8280f8182aa1ac8d861fd848521181d103003671cb167d1e3661f0eb3bae6081/detection

evernews.gdn

# Reference: https://www.virustotal.com/gui/file/cace7765a5df91602634ff1f19fa7e23f2964d237b24fdab7c736cfeb26febc7/detection

gdgfatrzwsa.top

# Reference: https://www.virustotal.com/gui/file/4a88d7a89e8025916e5e98cd0249fb58feee79abe3a34b63a1de28076a0b6f20/detection

185.243.243.242:7878

# Reference: https://twitter.com/ni_fi_70/status/783974646869884928

019863.pw

# Reference: https://twitter.com/ni_fi_70/status/781422928478994432
# Reference: https://www.virustotal.com/gui/file/8eaa248e569ac11588825695de17bcf6ca7506b3458c0584ef43480991784de0/detection

1234567898122.tk
xxx.1234567898122.tk

# Reference: https://twitter.com/ni_fi_70/status/770890719833812992
# Reference: https://www.virustotal.com/gui/file/f78aeb9ae5968c9c700f09b97f566796160a033111b080e3a6f9d126b69e4d1c/detection

santamariagorettimestre.it
sicherheit-app.biz

# Reference: https://twitter.com/JAMESWT_MHT/status/1420976920423014402

http://39.109.117.11
xarm.top

# Reference: https://twitter.com/malwrhunterteam/status/1423539502287577089
# Reference: https://twitter.com/_icebre4ker_/status/1423579192466280448
# Reference: https://securityintelligence.com/posts/brazking-android-malware-upgraded-targeting-brazilian-banks/
# Reference: https://www.virustotal.com/gui/file/d5bd93943a5433a4da132a8eab5dd14c0b5c320a40b1209812bc2c957fe6d090/detection
# Reference: https://www.virustotal.com/gui/file/8f0c8fb724bc8a8cdc66bd25172af840382db505315d17cf3b8e9d01de2f3ff9/detection
# Reference: https://www.virustotal.com/gui/file/11f0a591fbab78790bae2ab8d5c706b2f685b878aadd11b12036517938ad78b6/detection
# Reference: https://www.virustotal.com/gui/file/7774d7d0cb3635886f030cb55b51627fd02b25fcaf00c2d1d8d7c5533351f16a/detection
# Reference: https://www.virustotal.com/gui/file/a00f8137fa6a89c5de8674a23e39bf2933fd76d8639f8ecef7948158bb61a907/detection
# Reference: https://www.virustotal.com/gui/file/9cdffc731d56a20d44923e098423dc9a8a2add3a2a19833daae107a3e2ed2eda/detection

18.231.193.200:7175
54.71.124.199:7171
54.71.124.199:7173
54.71.124.199:8010
54.71.124.199:8011
54.71.124.199:8012
93.188.161.202:7175
clienteacc.online
mobile-droid.com
bemcomido.clienteacc.online
hfolqxn.clienteacc.online
iftduys.clienteacc.online
kor.clienteacc.online
mobile.clienteacc.online
ochabkd.clienteacc.online
oznxawi.clienteacc.online
vgejakw.clienteacc.online
wossupw.clienteacc.online
zastec.clienteacc.online
zkor.clienteacc.online
zwcnxgh.clienteacc.online

# Reference: https://twitter.com/malwrhunterteam/status/1423624779991601152
# Reference: https://www.virustotal.com/gui/file/6ffc8a414bd2d9ff920b2df84ee09927b41ad583775f8471879b457a0cb5e213/detection

onlyfansalisa.one

# Reference: https://twitter.com/malwrhunterteam/status/1423907902545346564

xvideos1080hd.club

# Reference: https://twitter.com/ReBensk/status/1429482221618929668
# Reference: https://www.virustotal.com/gui/file/4d915f18eea64ef2ce199c8dc34ec3e165c34faf6f692532ee50c33872f711d5/detection

cvectorart.club

# Reference: https://twitter.com/ReBensk/status/1438448553186119689

nuevosecua.duckdns.org

# Reference: https://twitter.com/ReBensk/status/1438455283362123780
# Reference: https://www.virustotal.com/gui/file/2d83480371cf081092bfa89628552abb461175333349122ead306bdc8ab9cf0b/detection

pag.mobi
dian.pag.mobi

# Reference: https://twitter.com/ReBensk/status/1438027183490940931
# Reference: https://twitter.com/malwrhunterteam/status/1438814957290852352
# Reference: https://www.virustotal.com/gui/file/ed7ef6718a6b6e7abf3bd96c72929ee9f1e9a4bfcd97429154141c7702093f36/detection

http://114.47.93.211
http://61.227.52.208

# Reference: https://twitter.com/ReBensk/status/1444958740902416390
# Reference: https://www.virustotal.com/gui/ip-address/153.92.220.42/relations

covid-alert.live
covid-help.online
covid19-alert.online
covid19-stat.online

# Reference: https://twitter.com/malwrhunterteam/status/1445760971062976512

ttneiva.com

# Reference: https://twitter.com/malwrhunterteam/status/1446084392045142019
# Reference: https://twitter.com/_icebre4ker_/status/1446091010329792519
# Reference: https://www.virustotal.com/gui/file/b4dc9230a103f57f7eba786c310a8070cd583dc3321486b08172ebbb7ac154c3/detection

onlineregisterquery.com

# Reference: https://www.virustotal.com/gui/file/db6246bd102fdfa9614a9fa5968362c5de8a3bb1cd23b5740392210d20a7d22a/detection

185.215.113.42:3000

# Reference: https://twitter.com/malwrhunterteam/status/1458757293043068933
# Reference: https://twitter.com/midnight_comms/status/1458982901907746818
# Reference: https://www.virustotal.com/gui/file/4d6c73272adb081f436048ac4f5b995458321d5dfd862da6a56ea0156ccc33ac/detection

ruslov-project.com
sant-ander-seguridad.com
/sms-santander/
/sms-santander/sendsms.php

# Reference: https://twitter.com/ReBensk/status/1459870129580220417
# Reference: https://www.virustotal.com/gui/file/e3a4d122d8850c09b89145db1b06acf33c714cd2f6a711eeef064ad6c473e4a5/detection

mydearapk.xyz
bg-1109-1.mydearapk.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1458754114645602304
# Reference: https://twitter.com/midnight_comms/status/1460265717790564355
# Reference: https://www.virustotal.com/gui/file/578c2f159d3a68ce9b7d9500eeaac99c71ce18d6e78524b30b505c80f57a945b/detection

http://114.43.207.242
http://202.79.165.35

# Reference: https://www.virustotal.com/gui/file/244dfd4beb1691c3810852f5dc74808584a9f4b174543a21f2f50abb16846807/detection

154.31.1.147:3500
154.31.1.147:57165

# Reference: https://twitter.com/malwrhunterteam/status/1461329787268575240

http://156.235.197.219

# Reference: https://twitter.com/malwrhunterteam/status/1455238660090208260
# Reference: https://www.virustotal.com/gui/file/f0bf3b4249910751edafcb0c8466b46130a0caf7662e7fb5dec0fee4f60eb86b/detection

http://164.88.248.31
134.172.19.66:9000

# Reference: https://www.virustotal.com/gui/file/f76177a0094c1fb604dd8b8c356cd0278e5acc725c4b6fe36645c2d8eed6a240/detection
# Reference: https://www.virustotal.com/gui/file/1f26fbc4d6b1da772fbe1287908b27296fafbc7866cc8f87487eb508327b1f59/detection

http://185.130.104.172

# Reference: https://twitter.com/ReBensk/status/1464584885071278080

ccservices.online

# Reference: https://twitter.com/malwrhunterteam/status/1464591393356230661
# Reference: https://www.virustotal.com/gui/file/d9953afa201d881a468242b54040fc72e5440f663313a924b043a5654c165bb4

sttania.com

# Reference: https://www.virustotal.com/gui/file/2227e156d2b92cd5d6f7b3e5a03391051074bfd25a03d7e2a957e4fd7c9ac97a/detection

sexvo.ru

# Reference: https://www.virustotal.com/gui/file/221e7abb84ed558c1c54cfb88e0f92528ce04dd8aa0b961c660b585874a61f37/detection
# Reference: https://www.virustotal.com/gui/file/a5f0111af1aed630a205b2a8cb26832b6767bd9eaae0491da1b3f03ff7c59c36/detection

8rub444.ru
8serv4.ru

# Reference: https://www.virustotal.com/gui/ip-address/213.32.35.48/relations
# Reference: https://www.virustotal.com/gui/file/3d919552a86c7b3dcda9cb26546c2bc3502adb33de4a47b70992e8c247aa2381/detection
# Reference: https://www.virustotal.com/gui/file/5568b2827c0044e07e4361aa4630133f40bba414c9039c59b2bed5142e7eedff/detection
# Reference: https://www.virustotal.com/gui/file/bed661111f11bb5e19dd14bd0ead5a62b1234410243d6377bb1e49b2413cbe1b/detection

izi444.site
ser4888.ru

# Reference: https://www.virustotal.com/gui/file/a38b6bf6b87af137778a0f590e72d856cd185ebe764825ff59f55cd1b57e72a8/detection

sexsu.ru
wsexe.ru

# Reference: https://www.virustotal.com/gui/file/ba2ed0c55aebc4ac1e3c3163c5291dcee405eacb4c2254da8fca7f6b1ba0fead/detection

taborx.ru

# Reference: https://www.virustotal.com/gui/ip-address/213.32.35.{49,1,51}/relations

8babok.ru
8rub444.ru
dewsex.ru
domsos.ru
min888.ru
mne848.site
mon888.site
nadser.ru
rubas888.ru
ser848.site
ser888.site
sexdet.ru
sexma.ru
sexpopok.ru
sexsu.ru
sexsuk.ru
sextelok.ru
sextu.ru
sexvrot.ru
sosdev.ru
votsex.ru
vsexx.ru

# Reference: https://twitter.com/ANeilan/status/1466830092718465028

dhl-getnextalert.duckdns.org

# Reference: https://twitter.com/malwrhunterteam/status/1466358933694656518
# Reference: https://twitter.com/midnight_comms/status/1466962241677402116
# Reference: https://www.virustotal.com/gui/file/8a7d8a57b5545b89bd64aa1b58fd2afbf493b1de6900ffcb96fe5bed5d70f5da/detection

http://91.204.225.159

# Reference: https://twitter.com/malwrhunterteam/status/1466878887506464773
# Reference: https://twitter.com/midnight_comms/status/1466969594556555269
# Reference: https://www.virustotal.com/gui/file/d60b75b48972fd67d339840de0ab61feba25646b7fe6c716467102c69a44b708/detection

http://112.213.126.214

# Reference: https://twitter.com/malwrhunterteam/status/1467226842788675591
# Reference: https://twitter.com/midnight_comms/status/1467682581630046209
# Reference: https://twitter.com/midnight_comms/status/1467685917771145218
# Reference: https://www.virustotal.com/gui/file/958ca7a20954a3e3fc1d7ade9d0b7df04a181631c68c72a733dad1b423deb631/detection
# Reference: https://www.virustotal.com/gui/file/66bf65ec96b7540edeb02d2164fc3bb926c73d674336edfe1eb952d4e395a542/detection

rikobot.xyz
/passfivee.php

# Reference: https://twitter.com/malwrhunterteam/status/1468169063629262852

tayyabgroup.com

# Reference: https://twitter.com/malwrhunterteam/status/1469358216849014787
# Reference: https://www.virustotal.com/gui/file/b70a015271a67801c1c3deeeb0993db7bf4e44eab18bd6744ec01953f357b1cb

http://111.90.151.237
/smnet/playstore_downloadS28/
/playstore_downloadS28/

# Reference: https://twitter.com/malwrhunterteam/status/1471205687967502340
# Reference: https://www.virustotal.com/gui/file/db33a11d3d3d935d73e61b604cf116c2abdb1a9015d09dd0a98b0bd1760fc0ce/detection

ltausincronizador.com
itoken.ltausincronizador.com
/playstore_downloadS32/

# Reference: https://twitter.com/malwrhunterteam/status/1469375284155719686
# Reference: https://www.virustotal.com/gui/file/ef2a1864f3edfb89b1c0597c9f5084333acbeed3b72ffbca383efef9ff99f0bd/detection

wdho.net.ru

# Reference: https://www.virustotal.com/gui/file/84c46be5a461d71b5f7ff79d186f0994b8f330db698e410257cb75c8b07b250c/detection

32a8-2a07-23c0-0-3000-00-625d.ngrok.io

# Reference: https://twitter.com/malwrhunterteam/status/1471194225618427904
# Reference: https://www.virustotal.com/gui/file/4a04da1e328fd7ffe9ee70d38114f7e01574700d8250f475e16b850aea65b285/detection
# Reference: https://www.virustotal.com/gui/file/bd4f2c586447652fc48adf2b84c5afddf0fdd02cb3a01ddd565d5e3e10494643/detection
# Reference: https://www.virustotal.com/gui/file/2ff49693c3aeefbd3353b9b8eb3dc8f3c4808292b13ba4936dacd1725c216ffa/detection
# Reference: https://www.virustotal.com/gui/file/d0fe0ab197ae72487a1fdfa914885f3e7d0411b1dc30ee6274dd2c03c545028f/detection

4f71-2a07-23c0-8-2000-00-b94.ngrok.io
/multipartpost.php

# Reference: https://twitter.com/malwrhunterteam/status/1470502631940534281
# Reference: https://www.virustotal.com/gui/file/ba30f5d88cbe358a2e6055e54b81049262e2e2f0a605c290e57526ab124930e4/detection

csis.digital

# Reference: https://www.virustotal.com/gui/file/b3c64f51ee7faee4dcf62b948ab2c829d71f2bbce8cf1e6df8ed5190855f9c13/detection

commandcntr.herokuapp.com

# Reference: https://twitter.com/seguridadyredes/status/1471004395001294852
# Reference: https://maxkersten.nl/binary-analysis-course/malware-analysis/android-sms-stealer/
# Reference: https://www.virustotal.com/gui/ip-address/37.1.207.31/relations
# Reference: https://www.virustotal.com/gui/file/a94b0de7975cb9b671fd16d9d9cf67977207b685ce720539782c90797d4b7983/detection

http://37.1.207.31

# Reference: https://twitter.com/ReBensk/status/1471466960944721924

diancob.com

# Reference: https://twitter.com/midnight_comms/status/1467872471365922819
# Reference: https://twitter.com/midnight_comms/status/1472989365878116361
# Reference: https://twitter.com/midnight_comms/status/1471869548550758407

http://137.220.168.218
http://137.220.168.221
http://27.124.7.133
http://27.124.7.134

# Reference: https://www.virustotal.com/gui/file/aa81391c30ff16950d3d5070e6e66f3fcf75a6e6d17da016adaa3350dc535873/detection

sexchater.one

# Reference: https://www.virustotal.com/gui/file/c471a1ca16ef1018cde46e2a263305a13c913eb74730789dfdccbf31baadf6ee/detection

cefouccqw.gq

# Reference: https://www.virustotal.com/gui/file/f8677fbacd926fca9fb55239d9491573341c1546cd2ec59e5acc49d43bcf1586/detection
# Reference: https://www.virustotal.com/gui/file/e03b9badfdd85992c8c9f79e25d5975d08b550206f7beb561c5983b3ff1f36b8/detection

datasmsalluser.in
swerverv2.herokuapp.com
testchat8564.herokuapp.com
testdata112.orgfree.com
unsaleable-curls.000webhostapp.com

# Reference: https://twitter.com/malwrhunterteam/status/1474341948169277440
# Reference: https://www.virustotal.com/gui/file/bad0f9ecd0f64d16b31158c28f4453b267d8ede5f1163d66fba200c51ac1b418/detection

http://1.171.163.104

# Reference: https://www.virustotal.com/gui/file/77a7faccc29a1498c39b1c99acd4f3b38667d72c455af2a900ac424bda0b017d/detection
# Reference: https://www.virustotal.com/gui/file/a02b269becf4483fc02768d26827bd3a38a1926a900be79367f0deb3bf6521b4/detection
# Reference: https://www.virustotal.com/gui/file/a9474d795579ea2049451d52d3275defc744a0c88ab6479eae68d20eec7daa5b/detection
# Reference: https://www.virustotal.com/gui/file/23f9918e9c1f33b8680aa0372157e86dac5e935518c9b05f53497038d05d4121/detection

209.141.46.108:8108
91.231.84.41:8108
google.dynns.com

# Reference: https://twitter.com/malwrhunterteam/status/1475482905921130502
# Reference: https://twitter.com/midnight_comms/status/1475484371251511300
# Reference: https://www.virustotal.com/gui/file/b4c892f528c8b86b76263a4095a7912b5aa30fb61fcbbe56fc271d1d130e5c2e/detection

my-api-app.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1474778716001779726
# Reference: https://twitter.com/midnight_comms/status/1475506228243664900
# Reference: https://www.virustotal.com/gui/file/06b3676ec5b7bf1dd08d49e0aec1f80e1aa5f779c67f883062ca498d20df857c/detection

45.43.41.197:1001

# Reference: https://twitter.com/malwrhunterteam/status/1473968251617087488
# Reference: https://twitter.com/midnight_comms/status/1474025832842776586
# Reference: https://www.virustotal.com/gui/file/960a508a362cd881f91182409f39643e2a923dd2b676227e690bb34b1985635a/detection

ipayshop.top
c19.ipayshop.top

# Reference: https://twitter.com/malwrhunterteam/status/1475575324213657601
# Reference: https://twitter.com/midnight_comms/status/1475579499945283587
# Reference: https://www.virustotal.com/gui/file/69fc7e850ae15a8ab94f7196ce0518e93df7ec28a4b2ad04720c101dde629382/detection

47.245.60.4:10900
47.245.60.4:8090
47.245.60.4:8099
lkshops.cc
wending002.com

# Reference: https://twitter.com/malwrhunterteam/status/1425805060987052035

http://114.47.79.189

# Reference: https://twitter.com/ni_fi_70/status/1425815291238313984

http://45.114.125.204

# Reference: https://twitter.com/malwrhunterteam/status/1478079926800637958
# Reference: https://twitter.com/malwrhunterteam/status/1478090631578890247
# Reference: https://twitter.com/malwrhunterteam/status/1478371743760793605
# Reference: https://twitter.com/malwrhunterteam/status/1512014585636741123
# Reference: https://twitter.com/malwrhunterteam/status/1512014588837077001
# Reference: https://twitter.com/ni_fi_70/status/1529357208793792513
# Reference: https://twitter.com/midnight_comms/status/1537262273047121920
# Reference: https://blog.cyble.com/2021/12/01/banking-trojan-targets-banking-users-in-malaysia/
# Reference: https://www.virustotal.com/gui/file/5f8a54d54e25400f52ce317bfdbbc866e11ea784ab2d5e3bd0a082a53c6b2d7b/detection
# Reference: https://www.virustotal.com/gui/file/9b4a0019e7743a46b49a4d8704ffd6e064db2e5d8db6da4056f7eae5369e16f9/detection
# Reference: https://www.virustotal.com/gui/file/0e6721dba6b16a1ef19f0de835ea9e12d842afd846b3a10427e5092b0427e404/detection
# Reference: https://www.virustotal.com/gui/file/18ea02f78ce1b530efaaa7e8c2da0dfe42b2715de79d73f30ebcf402ea3f41b1/detection
# Reference: https://www.virustotal.com/gui/file/53afe5a5672b53cdfd9dee053ab16c67a77b21ff2ad83a5f1bc26fdabfb8f9ff/detection
# Reference: https://www.virustotal.com/gui/file/cbcee96cde3d447d376f7888b10ebe19e8843fd26dde3198f5eb936339265589/detection
# Reference: https://www.virustotal.com/gui/file/a5c7373be95571418c41af0de6a03ce78e82bc1f432e662c0dc42b988640e678/detection
# Reference: https://www.virustotal.com/gui/file/56f6309cf66a763a6bab878792d3a9d68b5efc5efa84571474dad43a02702ab4/detection
# Reference: https://www.virustotal.com/gui/file/6978081372303551b0b159df22e82ce568dadb8a3e1007d722e19299a89c67f6/detection

csapks.online
grabamaid-my.online
grabsapks.online
maidacalls.online
m4apks.online
muapks.online
myhomescleaning.site
myhomecleaningzs.site
petsmore.online
redlabapi.online
sgbx.online
yellowssss.online
/api_spa24135/
/api_spa24135/api_espanol/api.php
/app_abc771_2sfacslfffcs2/cleaningservicemalaysia_888a/dl.php
/app_abc771_2sfacslfffcs2/grabmaid_888a/dl.php
/app_abc771_2sfacslfffcs2/made4u_888a/dl.php
/app_abc771_2sfacslfffcs2/maid4u_888a/dl.php
/app_abc771_2sfacslfffcs2/cleaningservicemalaysia_888a/
/app_abc771_2sfacslfffcs2/grabmaid_888a/
/app_abc771_2sfacslfffcs2/made4u_888a/
/app_abc771_2sfacslfffcs2/maid4u_888a/
/app_abc771_2sfacslfffcs2/
/cleaningservicemalaysia_888a/
/cleaningservicemalaysia_888a/dl.php
/grabmaid_888a/dl.php
/made4u_888a/dl.php
/maid4u_888a/dl.php
/grabmaid_888a/
/made4u_888a/
/maid4u_888a/


# Reference: https://twitter.com/malwrhunterteam/status/1566887963295989760
# Reference: https://twitter.com/midnight_comms/status/1569015763071299585
# Reference: https://www.virustotal.com/gui/file/b344e13fc9840d1c3dcd14778777f8f28b1b56e633989e0649761eddfbf9798a/detection
# Reference: https://www.virustotal.com/gui/file/0b3c4eaf803101b698b55b1b9d33e7c137c2691ccff12f75f3cb591938cd2d20/detection

bestpay-vn.store
gapks.online
ppsss.online
/ecoclean_888a/
/ecoclean_888a/api/api.php

# Reference: https://www.virustotal.com/gui/file/fa62aad4bc54e9822a51f34d8a8fcf4dbc4618f7e78c753c116defde9ef97601/detection

/proclean_888a/
/proclean_888a/api/api.php

# Reference: https://www.virustotal.com/gui/file/10a5e0f827582e6bc07cb5200a769c583d084905bebc446aa703f6bc9e294d39/detection

/agency_888a/
/agency_888a/api/api.php

# Reference: https://www.virustotal.com/gui/file/4f9d0a95e52dab76c681ebe12f0ed095d12ab01f4dd804de1ea9307e24b9dd86/detection

ssapks.online

# Reference: https://www.virustotal.com/gui/file/4f9d0a95e52dab76c681ebe12f0ed095d12ab01f4dd804de1ea9307e24b9dd86/detection

/kleanhouz_888a/
/kleanhouz_888a/api/api.php

# Reference: https://www.virustotal.com/gui/file/3ea00973b966e10775ad2844aabf7504c20e3d923d5bd62d369c9e4a485fbc8a/detection

/rentwheel_888a/
/rentwheel_888a/api/api.php

# Reference: https://www.virustotal.com/gui/file/3e670c24e726bc6136e8c5f30a45c1655e1f4903a74786bb9058b295853aa418/detection

y-sss2.online
/api_982/api.php?pass=

# Reference: https://www.virustotal.com/gui/file/31cdfa8297eec08bfe090cb6fb5e6096a556ee5496334614abc6ac637b72ea4d/detection

yapks.online

# Reference: https://www.welivesecurity.com/2022/04/06/fake-eshops-prowl-banking-credentials-android-malware/
# Reference: https://otx.alienvault.com/pulse/624e98f5c4f98e8acb8e1b64

grabmaidsapks80.online
grabmyapks90.online
maid4uapks90.online
maidacalls.online
meapks.xyz
my-maid4us.site
puapks.online
smsspy.uz
spy.smsspy.uz
yourmaid.online

# Reference: https://twitter.com/malwrhunterteam/status/1527637165827579904
# Reference: https://twitter.com/malwrhunterteam/status/1529194463918272512
# Reference: https://twitter.com/malwrhunterteam/status/1529195619662938121
# Reference: https://twitter.com/malwrhunterteam/status/1535281774338707456
# Reference: https://twitter.com/malwrhunterteam/status/1537175064382152704
# Reference: https://twitter.com/malwrhunterteam/status/1539613981345812480
# Reference: https://twitter.com/LukasStefanko/status/1527648173849722880
# Reference: https://twitter.com/midnight_comms/status/1535301479065608194
# Reference: https://twitter.com/ecarlesi/status/1539835294664499200
# Reference: https://twitter.com/fareedfauzi/status/1571480514539982848
# Reference: https://twitter.com/ReBensk/status/1571544096128512002
# Reference: https://www.virustotal.com/gui/file/642b8bd970d0c035f6b861c0251fc8d0cc941c30fddb93b67f61fa540593b470/detection
# Reference: https://www.virustotal.com/gui/file/dee63434b13911450a54cb6df057f45589cdfaecea2cf30fd3ab06620c0132af/detection
# Reference: https://www.virustotal.com/gui/file/5092fb08941f45b11df3147ca9f16c15339271e91e717244d5158952ce9fa669/detection
# Reference: https://www.virustotal.com/gui/file/dd2e57615871e4aa8d4333b85b2e8b2c4b3fd15ea8f06f5a30db41d8afd21c71/detection
# Reference: https://www.virustotal.com/gui/file/3f1253f3032edb855fd9c1f3128d947d4e4818dd2012fa77130b5cdd4053136b/detection
# Reference: https://www.virustotal.com/gui/file/236df2b89daef81fb266804158df2f50d08d11e52605246ab44fe48e47459a23/detection
# Reference: https://www.virustotal.com/gui/file/05b201c1634a4ff6d2fcd93ccf31d83ba622e939aec1db4967c4912709edf921/detection
# Reference: https://www.virustotal.com/gui/file/26916d220698b18c63534c929f4e5f99479f122023df4f01e60df7733524cc1b/detection
# Reference: https://www.virustotal.com/gui/file/26916d220698b18c63534c929f4e5f99479f122023df4f01e60df7733524cc1b/detection
# Reference: https://www.virustotal.com/gui/file/292d61b5caab7998e7d0d944d2f826ae8dd3b7bd45fb9496864518a3c331aca3/detection
# Reference: https://www.virustotal.com/gui/file/0bfeef92cb67d56483b7420f64a4574a943718ec3717d529af17c2eec3bf6713/detection

allapks.online
alluapks.online
allumroute.online
papks.online
ausbx.xyz
bluenbx.xyz
e12345.online
familiescleaning4u.store
family-cleanings4u.store
familyclean4u.store
familyclean4you.site
familyclean4you.store
familycleaning4u.store
familycleaningz4u.store
familycleans4u.online
greenssss.online
hotapp.store
ikeaexpressmy.com
kuislandtravel.com
tripvouchercart.com
tripvouchercart.store
uapis.online
uapks.online
wine4u-warehouse.online
/app_abc771_2sfacslfffcs2/maidacall_888a/dl.php
/app_abc771_2sfacslfffcs2/maidacall_888a/
/aus_888a/
/green_888a/
/pink_888a/
/yellow_888a/
/maidacall_888a/
/sg_888a/
/maidacall_888a/dl.php
/aus_888a/api/api.php
/green_888a/api/api.php
/pink_888a/api/api.php
/sg_888a/api/api.php
/yellow_888a/api/api.php
/api_982/api.php

# Reference: https://twitter.com/malwrhunterteam/status/1478086438386348033
# Reference: https://www.virustotal.com/gui/ip-address/27.50.59.109/relations
# Reference: https://www.virustotal.com/gui/file/89ec0d0be346bae66f1b640dc8831182d091fcbaf7b19d010fb390500a589f17/detection

bigo10.xyz
bigo15.xyz
bigo17.xyz
bigo29.xyz
dooprimeio.online
dooprimeio.site
happybuy.club
happyto.online
happyto.site
happyto.xyz
renzh.me
renzhengus.me
renzhengweb.me
sappdown.com
shopifly.club
shopifly.me
shopappss.com
api.shopifly.club
app.shopifly.info
app.shopappss.com
coin.bigo15.xyz
coin.bigo17.xyz
coin.bigo29.xyz
coin.dooprimeio.online
coin.renzhengweb.me
jp.dooprimeio.online
kefu.dooprimeio.online
kefu.happybuy.club
kefu.happyto.online
kf.happybuy.club
pf.dooprimeio.online
shop.dooprimeio.site
shop.happybuy.club

# Reference: https://twitter.com/malwrhunterteam/status/1478385379308879883
# Reference: https://twitter.com/midnight_comms/status/1478408536338087936

http://137.220.168.198
http://61.227.28.40

# Reference: https://twitter.com/malwrhunterteam/status/1478388877148803082
# Reference: https://twitter.com/midnight_comms/status/1478392217207193602
# Reference: https://www.virustotal.com/gui/file/eeb866e9375865b1091710c21917b532856c3471cb75583c9a4e7851ab0a0685/detection

http://206.119.81.172
http://206.119.81.174
206.119.81.172:3120
206.119.81.172:3121
206.119.81.174:3120
206.119.81.174:3121

# Reference: https://twitter.com/malwrhunterteam/status/1478377112230838272
# Reference: https://www.virustotal.com/gui/file/9ad24b2ebb2b778b0b4f33a00c878f650f683ee7b5f576b7b0590de2c8a7bf1a/detection

complaintregisterqueries.com

# Reference: https://twitter.com/malwrhunterteam/status/1478680855065280515
# Reference: https://www.virustotal.com/gui/file/610588c6a5bf1c84e5565a49f9bb17c41eea8a6c35aa3cb762ce9f7e8928854c/detection

http://154.92.23.62

# Reference: https://www.virustotal.com/gui/ip-address/45.142.212.216/relations
# Reference: https://www.virustotal.com/gui/file/e981e9dd76b6a22d437d6afd7f89e28780465978c82ff69a45a28c66334398c8/detection

androidradio.life

# Reference: https://twitter.com/malwrhunterteam/status/1479126438951456768
# Reference: https://twitter.com/midnight_comms/status/1479129194705534977
# Reference: https://twitter.com/midnight_comms/status/1479130686250307592
# Reference: https://twitter.com/midnight_comms/status/1479131372161699843
# Reference: https://www.virustotal.com/gui/file/c06bb31b1abe18f3348257c1b9119c07c766f4265180da72a36cf096d9a5834c/detection

91.204.225.189:1003
91.204.225.189:8888
kyuuup.com
down.kyuuup.com

# Reference: https://www.virustotal.com/gui/file/34c1435c856b46b286cbe8f33e764f0b6214270e829a9a94ce5b2f5cda6a8875/detection
# Reference: https://www.virustotal.com/gui/file/99ab12c5a8700baf57b8451c11c58c6ded17005febc94a8684879a495067e20a/detection
# Reference: https://www.virustotal.com/gui/file/caa0841fcf619c82a251f87ac9dc960400bfc6b0d3d338159660de113e855af3/detection
# Reference: https://www.virustotal.com/gui/file/2ff97543a2dc5e1682f6f579eca8829cac4cdb0a7bf25d91b6f2af4bf8efc772/detection
# Reference: https://www.virustotal.com/gui/file/2e0d15ebe64b01961acfd5eb2f5c27b3bc6599a8279e68c8572064dfcb9fd52b/detection
# Reference: https://www.virustotal.com/gui/file/d56aa0e8e04b4be4290a920fab6628d4d2de8a725e9fbfae0ca12bb4607a35c9/detection

18.220.102.103:7173
18.220.102.103:7175
18.220.102.103:7177
3.133.123.89:7777
3.133.123.89:8081
agzvatacado.com.br
atacadolinhares.com

# Reference: https://twitter.com/500mk500/status/1481947421328478219
# Reference: https://www.virustotal.com/gui/file/d35ab11b39ad713206a78cf8eb14a06bab54871e72685313c0abba14ad35df0b/detection

techhostuk.xyz
/Eso/api/payload.php

# Reference: https://www.virustotal.com/gui/file/3693ad57bd27218b76e31c5cde0d8a0877b9267e59a152b7f9f98483192dd370/detection

http://103.13.221.63
220.136.230.106:8081

# Reference: https://twitter.com/malwrhunterteam/status/1483539066591318023
# Reference: https://www.virustotal.com/gui/file/4b9aa94766bcae1a8ffaa958699847aa2b39119db8c6ab26d724444b416d1f5a/detection

tonights01.vip

# Reference: https://twitter.com/malwrhunterteam/status/1483126491294613516
# Reference: https://www.virustotal.com/gui/file/6ae895625fa8a4bbca9386483abc36a82594f3213d0c725a4efff40bf49a77e7/detection

http://45.43.41.197

# Reference: https://twitter.com/malwrhunterteam/status/1485696942025973768
# Reference: https://www.virustotal.com/gui/file/35e4033d09316f54119b61b27eb46636854aa0807f3b8e59ec2a21e1d8dac0a2/detection

http://111.246.108.151

# Reference: https://twitter.com/malwrhunterteam/status/1486052030888259584
# Reference: https://www.virustotal.com/gui/file/3d07a148559d68d986fcace1003ef8d837885b4b27c1ca834f084c512e38bcc4/detection

poderjudicialoficinascontrol.net

# Reference: https://www.virustotal.com/gui/file/295ec13eec8460e796f0d1f21eaa9eed6221d258f4c92f9b53e735093e7f0179/detection

119.29.195.21:9876

# Reference: https://twitter.com/B0rys_Grishenko/status/1486448538494152704
# Reference: https://www.virustotal.com/gui/file/c371e98ebee12cde6c9c5c76e5c83b0ae7efef171b25fc01c6e983a4da239e49/detection

212.192.246.188:1010

# Reference: https://www.virustotal.com/gui/file/710c2244d1ba0f73db5ce21064502339d912a34e9ed4fd8499446c7ac813c569/detection

114.36.208.180:8081

# Reference: https://twitter.com/malwrhunterteam/status/1488832320786341888
# Reference: https://twitter.com/malwrhunterteam/status/1490746990329802755
# Reference: https://twitter.com/malwrhunterteam/status/1492099704422809603
# Reference: https://www.virustotal.com/gui/file/5ed619830a363a0f080cc71249a9dbfec2db3130f399e523b308c99fb2da26bb/detection
# Reference: https://www.virustotal.com/gui/file/bb452ea20d55c5ea89b23d93b974911e61c42cf798df1875d05e10f930ff4672/detection
# Reference: https://www.virustotal.com/gui/file/2285d654954ab1aa92e00f77a67dd1c02e024db8428653d5c62706ab760e1dd9/detection

bbvaupdateappdownload.com
lockappdown.com
update-bbva-v2.com

# Reference: https://twitter.com/malwrhunterteam/status/1492106775826513922
# Reference: https://www.virustotal.com/gui/file/17d7526af61a94cd3707a75b00005d01cd9211eed503baf9325904b186dbc32c/detection

complaintinquiryhelp.com

# Reference: https://twitter.com/malwrhunterteam/status/1493318560722178058
# Reference: https://twitter.com/malwrhunterteam/status/1516114403913093121
# Reference: https://www.virustotal.com/gui/ip-address/198.12.107.13/relations
# Reference: https://www.virustotal.com/gui/file/1240870ae35a18d53287b89f300cafec31e6c2a4962faba4c467c587b24d445b/detection

http://192.227.196.185
http://198.12.107.13
http://3.108.190.204
/iaserver.php

# Reference: https://www.virustotal.com/gui/file/5e259116bb38fc85f9406e7ed07c3af401a4429864adb812d43893e08c05f2fc/detection

103.127.126.78:1001

# Reference: https://twitter.com/JAMESWT_MHT/status/1496477252997025792

normativapsd2-intesasp.duckdns.org
sms-super-rat.site

# Reference: https://twitter.com/malwrhunterteam/status/1496600700498890757
# Reference: https://www.virustotal.com/gui/file/852e371c395d1312931fa9dd8cdc318c5ac27a1a34a0e8bb66df38642e5602fb/detection

43.155.102.71:4010
mcfinancial2018.top
1qaz.mcfinancial2018.top

# Reference: https://twitter.com/malwrhunterteam/status/1497189419484430337
# Reference: https://www.virustotal.com/gui/file/98a9f841661a2e099b0a038b86a21feeda2c6b3c35ec296f28cc056c5208b86f/detection

apkface.co.nz

# Reference: https://twitter.com/malwrhunterteam/status/1497264749511335937
# Reference: https://twitter.com/LukasStefanko/status/1497360616939405314
# Reference: https://www.virustotal.com/gui/file/f8a4ab3e0ae8216fa0fd455e6c1b861187463e761266c2a7aa0b68c062bb8cbe/detection

bitbankchains.com

# Reference: https://twitter.com/dubstard/status/1499277881037447173
# Reference: https://twitter.com/jh__1995/status/1501517261227626498
# Reference: https://www.virustotal.com/gui/file/f0b8d4ab6094cbca5a15049fc187115edf634760959c8572dd8c461b207eeeae/detection
# Reference: https://www.virustotal.com/gui/file/3791991c210a66e13d27d1122c20542907f3e6124e16d55fe3445ce1852011a3/detection
# Reference: https://www.virustotal.com/gui/file/76e0130e745ae7cb89b54f5925424d297bc7dde4b226ddb3ee3f466e616590b1/detection

http://141.95.110.157
141.95.110.157:4646
141.95.110.157:4747
141.95.110.157:5151
141.95.110.157:5656
141.95.110.157:5757
141.95.110.157:5959
it-token.me
nuova-pratica.net

# Reference: https://twitter.com/malwrhunterteam/status/1501306676250656770
# Reference: https://www.virustotal.com/gui/file/c282162cabc838956a26e034f9781add893633f1109840da04be49d964b9b5d6/detection

seguridadbbva.ddns.net

# Reference: https://twitter.com/illegalFawn/status/1502215836471336961

aggiorna-dati.com
app.aggiorna-dati.com

# Reference: https://twitter.com/malwrhunterteam/status/1502741288126455817
# Reference: https://www.virustotal.com/gui/file/007962b4a6813c099e0f682f2b6691427251dee74c7bf949b901ec0f757eace6/detection

iccashback.xyz
server5569.herokuapp.com

# Reference: https://twitter.com/malwrhunterteam/status/1502743002070102017
# Reference: https://www.virustotal.com/gui/ip-address/2.57.187.136/relations
# Reference: https://www.virustotal.com/gui/file/45d94c1bd3db47b49e5ab2ea6d79f7d6437df4dab0e412393b4fb3833fef88ff/detection

hopertemesnedenekerme.net
trasmatosdomones.net
trelicekeremlicenedenes.net

# Reference: https://www.virustotal.com/gui/file/5ce4f9a32f14cb73567a07cfbee92bd967392a889f562a592dea6381644c693e/detection

193.161.193.99:38464
joseluisperalta332-38464.portmap.host

# Reference: https://twitter.com/ThreatFabric/status/1501911413891248128
# Reference: https://twitter.com/malwrhunterteam/status/1504054802086518784
# Reference: https://www.virustotal.com/gui/file/b12dd66de4d180d4bbf4ae23f66bac875b3a9da455d9010720f0840541366490/detection

mycrypto-app.com

# Reference: https://twitter.com/malwrhunterteam/status/1504460977546444801

app-token-new.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1504470425564160004

direttiva.net
utenze-app-2022.net

# Reference: https://twitter.com/bl4ckh0l3z/status/1504573644466495489

verifica-conto-online.com

# Reference: https://twitter.com/malwrhunterteam/status/1505113881219379201
# Reference: https://www.virustotal.com/gui/file/f53b4f10f9f3ae3e0657d6d90f23f4aec1ccaa563e67d0ad307229d49eb94ee6/detection

aggiorna-web.org
conferma-informazioni.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1505993336661938185
# Reference: https://www.virustotal.com/gui/file/c9827143f8e76137e582c4ec53ae10032f6543d5bd02fbeb81ecbccedf648656/detection

resim.ac

# Reference: https://twitter.com/malwrhunterteam/status/1507440648407982082
# Reference: https://www.virustotal.com/gui/file/3272babdbba4ee7c05a3f2c01b810ca58722e105d11c792c9dc684c4e1251e97/detection

dati-info-online.com

# Reference: https://twitter.com/illegalFawn/status/1511976296313675778

attiva-ora.cc

# Reference: https://twitter.com/JAMESWT_MHT/status/1514587748102979585
# Reference: https://twitter.com/JAMESWT_MHT/status/1514602924462075906
# Reference: https://bazaar.abuse.ch/sample/8e24803de9d71899f4e146569462b15f42c0c2d19529482c9e67a2e9d39db374/

no-infami.com

# Reference: https://twitter.com/ThreatFabric/status/1514626208151052288

iqitech.com.ng/assets/default/js/ckeditor/adapters/receiver.php

# Reference: https://twitter.com/malwrhunterteam/status/1514587095742005257
# Reference: https://www.virustotal.com/gui/file/5bc84ed4a80f805ea5d83652624f20708029072080a9356bf5920251e6b717bd/detection

food-bolt.pl

# Reference: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/phishing-android-malware-targets-taxpayers-in-india/
# Reference: https://otx.alienvault.com/pulse/61374d351fd12f7d4a8bef82
# Reference: https://www.virustotal.com/gui/file/1e8fba3c530c3cd7d72e208e25fbf704ad7699c0a6728ab1b290c645995ddd56/detection
# Reference: https://www.virustotal.com/gui/file/120a51611a02d1d8bd404bb426e07959ef79e808f1a55ce5bff33f04de1784ac/detection

jsig.quicksytes.com
/MC/NN180521/mc.php

# Reference: https://twitter.com/malwrhunterteam/status/1516134727438139392
# Reference: https://www.virustotal.com/gui/ip-address/47.243.32.43/relations
# Reference: https://www.virustotal.com/gui/file/64a8a493bbe9149c44e64787e7058f7fa5ec1cc8c4d95ce72414e9f82c423487/detection

krakenwe.com
krakenxz.com
mobile5566.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1516873314572161030
# Reference: https://www.virustotal.com/gui/file/f217d7652934d4f26c379250ed93d94f0f751bf8673f8992b75da703bf408168/detection

android-exploit-default-rtdb.firebaseio.com

# Reference: https://twitter.com/AgidCert/status/1517098761431961602
# Reference: https://cert-agid.gov.it/wp-content/uploads/2022/04/smsgrab_21-04-2022.json_.txt
# Reference: https://www.virustotal.com/gui/ip-address/111.90.142.153/relations
# Reference: https://www.virustotal.com/gui/file/c58befc7919032bdb192f3a29e32d7af425eed133d05db13b2dd8d27ca6a82c0/detection
# Reference: https://www.virustotal.com/gui/file/ed6ecddfd45552c069f0fbb076d60e1a177b4f683988dcba769dc184178a417b/detection
# Reference: https://www.virustotal.com/gui/file/c6051449b53c0d3b884920ae402ac80316b6a4d12d19a4c5a78dc795ab90fac5/detection
# Reference: https://www.virustotal.com/gui/file/5b623c95f027088d55940e1b2f89656c4b634ae825e464c81557b0a487987ba7/detection
# Reference: https://www.virustotal.com/gui/file/31208850ba6add5c0d813109f8ca2149bd706609be2770a1c665da1914c27519/detection
# Reference: https://www.virustotal.com/gui/file/89c61f0c261774f5d61c09e44508619eb3497c2ccec4e831d5c2635b9fe7c333/detection

appmessaggi2022.com
appmessaggi2022.net
/app/appsicurezza/

# Reference: https://cert-agid.gov.it/wp-content/uploads/2022/04/smsgrab_22-04-2022.json_.txt

clienteportale.com
goriziacarcere.altervista.org

# Reference: https://cert-agid.gov.it/wp-content/uploads/2022/05/smsrat_02-05-2022.json_.txt
# Reference: https://www.virustotal.com/gui/ip-address/23.235.232.236/relations
# Reference: https://www.virustotal.com/gui/ip-address/82.221.129.39/relations

aderireweb.com
scarica-adesso.com
scarica-info.com
scarica-orasicura.com
scarica-qui.com
scarica-sicurezza.com
scarica-subito.com
scaricaadesso.com
scaricaqui.com
scaricasubito2022.com
attiva-sicurezza.scarica-orasicura.com
attiva-sicurezza.scaricaadesso.com
sicurezza-web.aderireweb.com
sicurezza-web.scarica-adesso.com
sicurezza-web.scaricasubito2022.com

# Reference: https://twitter.com/malwaremansys/status/1517113535653838848
# Reference: https://www.virustotal.com/gui/file/2ff24ec36b4ee6fa8cd0b26d8a61bffc6cafa48ba21760c7fecae7d11a88b766/detection
# Reference: https://www.virustotal.com/gui/file/e669aaaf69ecfe30f5c7f0b7d4f1fc82be1337aacbbb21b60b0a6f808e7c1da5/detection

http://180.215.155.21
180.215.155.21:6677
180.215.155.21:7788

# Reference: https://twitter.com/malwaremansys/status/1436941904768225280
# Reference: https://www.virustotal.com/gui/file/f9f3097eac9b5f216c8158c23d5bf5c2051cc6657aaaaf9adb6939f0f97b3330/detection
# Reference: https://www.virustotal.com/gui/file/8c6e67d047e7d79ee0246d2b002c79ceb1934b2a070dce884e85efb9fbeaf550/detection
# Reference: https://www.virustotal.com/gui/file/5ec6cb7dac3960738d65c40432dc1221570ee8d65833124cedebab362754e1ea/detection

mivip.xyz
romo.mivip.xyz
topo.mivip.xyz
soyo.mivip.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1517562010942283776
# Reference: https://www.virustotal.com/gui/file/bfa9a861d953247eea496f4a587f59e9ee847e47a68c67a4946a927c37b042c4/detection

ssi.management

# Reference: https://twitter.com/malwrhunterteam/status/1517787583648268288
# Reference: https://www.virustotal.com/gui/file/3efd7a760a17366693a987548e799b29a3a4bdd42bfc8aa0ff45ac560a67e963/detection
# Reference: https://www.virustotal.com/gui/file/da4e28acdadfa2924ae0001d9cfbec8c8cc8fd2480236b0da6e9bc7509c921bd/detection

server5570t.herokuapp.com
server85478.herokuapp.com

# Reference: https://twitter.com/malwrhunterteam/status/1521240037404336128
# Reference: https://www.virustotal.com/gui/file/65d5dea69a514bfc17cba435eccfc3028ff64923fbc825ff8411ed69b9137070/detection

iccashcashback.xyz
server5568t.herokuapp.com

# Reference: https://twitter.com/malwrhunterteam/status/1517577088143962112
# Reference: https://www.virustotal.com/gui/file/825bcade5a6323c5d81b11a572e51232a0ddb205107c2edeb5d42bf94f231f49/detection
# Reference: https://tria.ge/220423-hgcb8afabp/behavioral1

app-connector.duckdns.org

# Reference: https://twitter.com/malwrhunterteam/status/1518635868629745667
# Reference: https://www.virustotal.com/gui/ip-address/217.21.74.60/relations
# Reference: https://www.virustotal.com/gui/file/8bc920af87fa19c3bfe76b40f85390d983b81340af690a49113f247cca957456/detection

biotermitecontrol.com
mymaidkl.com
mobile444.biotermitecontrol.com
mobi1e666.mymaidkl.com

# Reference: https://twitter.com/malwrhunterteam/status/1518869405089808384
# Reference: https://twitter.com/bl4ckh0l3z/status/1520042120282783744
# Reference: https://twitter.com/Gi7w0rm/status/1520152273040691203
# Reference: https://www.virustotal.com/gui/file/f3092c6f398e9f248286817d82e50c45e51df09abc08b6897cdac729b8e9b59a/detection

homeloan.vip
magicmoney.cc
app.homeloan.vip
app.magicmoney.cc

# Reference: https://twitter.com/malwrhunterteam/status/1520023263476436994
# Reference: https://www.virustotal.com/gui/file/659e1b784b4380f50bb96c93593f2715a428ae2e31f7d57f4e15d8ed382997af/detection

acequeen20.net

# Reference: https://twitter.com/malwrhunterteam/status/1520364917324451841
# Reference: https://www.virustotal.com/gui/file/9115408ab7227f30cb6d3f785c208377b31da208171def1c3ec4d81c6f833585/detection

fich.buzz

# Reference: https://twitter.com/malwrhunterteam/status/1520400857900236800
# Reference: https://www.virustotal.com/gui/file/9574cc465edc79f2a0e25ca12a8c9febcff368f498373c9ca841a947c4659a95/detection

inbestbeauty.com

# Reference: https://www.virustotal.com/gui/file/17fb8b2590b9ae36ccd14ee07422c3c987263e91897ffb248748a3318ea5ad0c/detection

27.255.64.75:8080

# Reference: https://twitter.com/malwrhunterteam/status/1527034925442027526
# Reference: https://twitter.com/ni_fi_70/status/1527185971770531840
# Reference: https://www.virustotal.com/gui/file/5e5343aecc20c04f64c89fedb6263fad9bfca7ede36437820f32f3502f7393c8/detection

demosketch.000webhostapp.com
looz-b3052-default-rtdb.firebaseio.com

# Reference: https://twitter.com/malwrhunterteam/status/1529806150228754432
# Reference: https://www.virustotal.com/gui/file/869864fa8ba65b37d03487dae6b403c6cb9ca556368ef4a6bb51d8a43a1c5a22/detection

103.127.125.169:7896

# Reference: https://twitter.com/malwrhunterteam/status/1531333203516174339
# Reference: https://www.virustotal.com/gui/file/7394a5b7e15eba380a4add9c6954b15c85cd082bc8e881380cdf3d2b9f5209d9/detection
# Reference: https://www.virustotal.com/gui/file/90484e012575381a0c8f33d61c76184e2aba5d2b31a929ac2d4bbd79576c2dc0/detection

clientesbbvalock.com

# Reference: https://twitter.com/malwrhunterteam/status/1531719070088929280
# Reference: https://www.virustotal.com/gui/ip-address/154.204.31.226/relations
# Reference: https://www.virustotal.com/gui/file/988438053a028bd6a2735756ef800b3f547fa89f21051b22207940add0cdd1fc/detection

bithumbex.com
humbvip.pro
exchange.bithumbex.com
exchange.humbvip.pro

# Reference: https://twitter.com/malwrhunterteam/status/1501288384760893449
# Reference: https://twitter.com/malwrhunterteam/status/1501297507846037506
# Reference: https://twitter.com/malwrhunterteam/status/1532085707296194560
# Reference: https://www.virustotal.com/gui/ip-address/148.72.158.61/relations
# Reference: https://www.virustotal.com/gui/file/e9d973acffa86c37ae72d3db4093cd7a449d5cd1bf52c6386352a5a6fa223ad6/detection
# Reference: https://www.virustotal.com/gui/file/4a517a3992726cc4ee9f7890ecaaba01e40165c27b8a32ad440fb013721b2c65/detection
# Reference: https://www.virustotal.com/gui/file/24fc61f6184426018bfe9124c68c753339c6cc6c7c507fe5304c42f247963b88/detection
# Reference: https://www.virustotal.com/gui/file/ce71c1916be8edffeca2e5a18709b19188a4ff221647491d9807e7b017d0343a/detection

accountsecureverify.com
contactquarycenter.com
csqs.online
online-complaint.com
thesecureservices.in
secondnew.csis.digital
online-complaint.accountsecureverify.com

# Reference: https://twitter.com/ReBensk/status/1532049841009750017

http://135.181.31.152

# Reference: https://twitter.com/malwrhunterteam/status/1532421877611778057
# Reference: https://twitter.com/malwrhunterteam/status/1538120893506928640
# Reference: https://twitter.com/midnight_comms/status/1538134165371072513
# Reference: https://twitter.com/elhackernet/status/1541673500988940290
# Reference: https://www.virustotal.com/gui/ip-address/185.178.45.125/relations
# Reference: https://www.virustotal.com/gui/ip-address/185.244.183.105/relations
# Reference: https://www.virustotal.com/gui/ip-address/213.178.155.60/relations
# Reference: https://www.virustotal.com/gui/ip-address/45.10.244.134/relations
# Reference: https://www.virustotal.com/gui/ip-address/5.188.90.227/relations
# Reference: https://www.virustotal.com/gui/ip-address/91.203.193.103/relations
# Reference: https://www.virustotal.com/gui/file/caee54ae322d5418f051e468c13a4ec04263f02f8b8bd6b5db34e388dbbb331a/detection
# Reference: https://www.virustotal.com/gui/file/328b4d74654a3d3ed4adc8be6bff11d2adf29d04c13f050c97fa6d2d4fcea455/detection

accesodigital.icu
accesodigitales.icu
app-protect.click
appmovil.click
appmovil.icu
appsecureguide.com
cancelacion.icu
es-appmovil.click
es-appmovil.icu
es-movil.click
es-movilapp.click
es-protect-app.click
es-protect.click
es-protect.icu
es-protectapp.click
es-protectapp.icu
european2fa.com
movil-actual.click
movil-actual.icu
movil-descarga.click
movil-es.icu
movil-protect.click
movilapp.click
movilapp.icu
movilapps.click
movilprotect.xyz
privasol.xyz
protect-actual.icu
protect-app.click
protect-es.icu
protect-mobile.click
protect-movil.click
protect-movil.icu
protect-now.click
protectapp-es.icu
protectapp.click
protectapp.online
reactivar-usuario.click
reinaldotrrr.xyz
acceso.app-protect.click
acceso.appmovil.click
acceso.appmovil.icu
acceso.es-appmovil.click
acceso.es-appmovil.icu
acceso.es-movil.click
acceso.es-movilapp.click
acceso.es-protect-app.click
acceso.es-protect.click
acceso.es-protect.icu
acceso.es-protectapp.click
acceso.es-protectapp.icu
acceso.movil-actual.click
acceso.movil-actual.icu
acceso.movil-descarga.click
acceso.movil-es.icu
acceso.movil-protect.click
acceso.movilapp.click
acceso.movilapp.icu
acceso.movilapps.click
acceso.movilprotect.xyz
acceso.protect-actual.icu
acceso.protect-app.click
acceso.protect-es.icu
acceso.protect-movil.click
acceso.protectapp-es.icu
acceso.protectapp.click
acceso.protectapp.online
acceso.reactivar-usuario.click
access.protect-mobile.click
bbva.app-protect.click
bbva.appmovil.click
bbva.appmovil.icu
bbva.appsecureguide.com
bbva.es-appmovil.click
bbva.es-appmovil.icu
bbva.es-movil.click
bbva.es-movilapp.click
bbva.es-protect-app.click
bbva.es-protect.click
bbva.es-protect.icu
bbva.es-protectapp.click
bbva.es-protectapp.icu
bbva.european2fa.com
bbva.movil-actual.click
bbva.movil-actual.icu
bbva.movil-descarga.click
bbva.movil-es.icu
bbva.movil-protect.click
bbva.movilapp.click
bbva.movilapp.icu
bbva.movilapps.click
bbva.movilprotect.xyz
bbva.protect-actual.icu
bbva.protect-app.click
bbva.protect-es.icu
bbva.protect-movil.click
bbva.protectapp-es.icu
bbva.protectapp.click
bbva.protectapp.online
citi.protect-mobile.click
citi.protect-now.click
login.protect-now.click
unicaja.accesodigital.icu
unicaja.accesodigitales.icu
unicaja.cancelacion.icu
unicaja.reactivar-usuario.click
univia.accesodigital.icu
univia.accesodigitales.icu
univia.cancelacion.icu
/banzreceiver/
/banzreceiver/receiver.php

# Reference: https://twitter.com/malwrhunterteam/status/1549122722596327424
# Reference: https://www.virustotal.com/gui/ip-address/2.59.40.220/relations
# Reference: https://www.virustotal.com/gui/ip-address/85.193.88.116/relations
# Reference: https://www.virustotal.com/gui/file/fc441080c994e53f43c2e8fcb3cbcad69ef36fe84ee239a38656fb7f9fd8ab28/detection

app-movil.icu
app-protect.info
app-protect.top
collab-connect.land
compound-finance.top
dooplicator-mint.com
dooplicator-nft.com
dxdy-trade.top
dxdy-v2.top
dydx-exchange.icu
dydx-exchange.top
es-protect.info
holdercertify.com
movil-protect.icu
protect-app.info
protect-digital.click
protect-movil.info
receddiver.xyz
thedooplicator-mint.com
acceso.app-movil.icu
acceso.app-protect.info
acceso.app-protect.top
acceso.es-protect.info
acceso.movil-protect.icu
acceso.protect-digital.click
acceso.protect-movil.info
bbva.app-movil.icu
bbva.app-protect.info
bbva.app-protect.top
bbva.es-protect.info
bbva.movil-protect.icu
bbva.protect-app.info
bbva.protect-digital.click
bbva.protect-movil.info

# Reference: https://twitter.com/malwrhunterteam/status/1534636991006093317
# Reference: https://www.virustotal.com/gui/file/7a93df01e0de0e0bf98bb35bab1f27ef9349411f5804eddedebc09ccb3115c8b/detection

hotnews.lol
onlyfans.org.nz

# Reference: https://twitter.com/malwrhunterteam/status/1537045669118189568
# Reference: https://twitter.com/midnight_comms/status/1537093970978693120
# Reference: https://www.virustotal.com/gui/file/b2dbd9f108990215d2552545b8879d9c206dc95959c5cc580dda5cb74074c3c4/detection

baguvixforme.ipv6d.my.id
melanieparker.freecluster.eu

# Reference: https://www.virustotal.com/gui/file/7753b955b6e9ac336872cb2b0b10218316bf8b9fc3ba9a8e3146746b5841514d/detection

glosso.info

# Reference: https://twitter.com/malwrhunterteam/status/1539585094699974656
# Reference: https://www.virustotal.com/gui/ip-address/62.197.136.162/relations
# Reference: https://www.virustotal.com/gui/file/fbc44ae305d55f3e70541f52659cc9b0ea153056d0428f81c578d3a748dc91e5/detection

bnbgta.site
bncbia.site
cbiabn.site
dacto.site
datecdo.site
davbn.site
davicanda.site
daviclenta.site
daviderra.site
daviendas.site
davimenla.site
davimica.site
daviunda.site
davlecda.site
dcdto.site
dtceto.site
lillpink.site
smsflash.site
smsinstant.site
smsquick.site
smsrapido.site
solidadria.site

# Reference: https://twitter.com/malwrhunterteam/status/1540428230154506240
# Reference: https://www.virustotal.com/gui/file/47284af8ccf06ae9fc0e93e69e549d17e9a2508886bf6f2952fe54260d8c68aa/detection

projectxcrack23.pserver.ru

# Reference: https://www.virustotal.com/gui/file/acee1384eda616f0f483ee340dbebbfdc8e33876b7002606aedcfcb7c625f01e/detection

lakeforestus.space

# Reference: https://www.cleafy.com/cleafy-labs/revive-from-spyware-to-android-banking-trojan
# Reference: https://www.virustotal.com/gui/file/ebd9f516acce71bd652ac013ec607fa4ccf8d12d0069d492d964611e6d084a40/detection
# Reference: https://www.virustotal.com/gui/file/c27c87f4b2a0d95a17d11535167445e3fa9db05470f1cc57c62b39248a54c4fe/detection

80.85.153.49:4000

# Reference: https://twitter.com/malwrhunterteam/status/1543330479318999042
# Reference: https://www.virustotal.com/gui/file/49438dc8da1cc4882309e381c5e5a36f1fdbc6982de26e7003ff370b80a8dcec/detection
# Reference: https://www.virustotal.com/gui/file/c52d0f4ea9f1da37cd98da4078025fdfc0c90df1bee4b063fecc7634185acaf0/detection
# Reference: https://www.virustotal.com/gui/file/54608032d6acdc53e1070a4c42ef5e4c7a16af9661e2b4e20eb3de0deedbffc2/detection
# Reference: https://www.virustotal.com/gui/file/442ae9f82edee663fa118a7aac5a3ab3e587492d0f4332a97ba8307689014421/detection

http://51.68.145.103
45.141.56.57:6868
51.83.254.113:58990
51.83.254.113:6868
51.83.254.113:58771
51.83.254.113:9988

# Reference: https://twitter.com/malwrhunterteam/status/1552024148674859009
# Reference: https://twitter.com/midnight_comms/status/1552252002826178563
# Reference: https://www.virustotal.com/gui/file/0cdadb7e66e55de9461b890096829d59f3b1da8e16274e36b0554adf9d04dded/detection

http://101.99.94.97
dasboardbeiflus.online
l-santander-es.com
l-start-santnander.online
lsantander-es.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1554717598641803264

gatewayantimanomissioni.com
/xxxa_6iFMrYfrdGnBsUOBS4G103w/

# Reference: https://twitter.com/malwrhunterteam/status/1558508005825675265
# Reference: https://www.virustotal.com/gui/file/653a1f007670b284384239aa88a2c1d4342b8c1a86539d602681ec514c80231d/detection

axisrewardstore.com

# Reference: https://twitter.com/malwrhunterteam/status/1561065045882175488
# Reference: https://www.virustotal.com/gui/file/6ad9414816ae37802667ec2988cf1d733236aa6d082aed159914f5d694621ab6/detection

msamazonshop.com

# Reference: https://www.virustotal.com/gui/ip-address/92.249.45.145/relations
# Reference: https://www.virustotal.com/gui/file/5d6009a941f2731a6c93d70afb917e7f9da79ccf8f6e7c361424f6c86cb513c4/detection

melllthmrh.shop
mlmollat.shop
moliiat.shop
mtlahmrh.shop
nkoxmeos.shop
ohmellt.shop
omletgoje.shop
autodiscover.ohmellt.shop
cpanel.ohmellt.shop
cpcalendars.ohmellt.shop
cpcontacts.ohmellt.shop
mail.ohmellt.shop
webdisk.ohmellt.shop
webmail.ohmellt.shop

# Reference: https://twitter.com/malwrhunterteam/status/1564701134295601152
# Reference: https://www.virustotal.com/gui/file/ba30e251e2373e36180897d1090b25aed1c536147e0cd62c47ade739d2c51f58/detection
# Reference: https://www.virustotal.com/gui/file/2c8f2f1262ff66c55b9ef80b3b4d2225d2c7be4d5bd579222dcd9e22d78d8199/detection

shine-job.com

# Reference: https://www.virustotal.com/gui/file/95242e1d105de9c33b2c9d8a9514f58327ca32d7d24af9af19ff3f0d075ea451/detection (# Zanubis)

http://92.38.132.217
92.38.132.217:8000

# Reference: https://twitter.com/0xabc0/status/1565284403357564931
# Reference: https://www.virustotal.com/gui/file/149597cb556feeb4dab6d22bcdd112a63e76d599a79f585ba288a6f726df97b1/detection

softwarebulldog.net

# Reference: https://twitter.com/malwrhunterteam/status/1565435960380243968
# Reference: https://twitter.com/500mk500/status/1565565283795869698
# Reference: https://www.virustotal.com/gui/ip-address/44.204.164.21/relations
# Reference: https://www.virustotal.com/gui/file/39413b2215f225da68530fa312b08f566a7bd64e55fac70d81eefe8e5cfa6ee4/detection
# Reference: https://www.virustotal.com/gui/file/5bf4fdaa5f0ad65bd3d9b66ce67a6413c0a22c7ff6f411c1727768cde5780cef/detection

cointree.vip
commsecs.info
commsecs.vip
commsecs.xyz
ibkrs.xyz
api.commsecs.vip
api.ibkrs.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1566173265625767937
# Reference: https://www.virustotal.com/gui/file/66c572dd6b68a1abc48241f6d7308fbc42b18470e1d8989190f515a6f621f0a1/detection

axisstore.in

# Reference: https://twitter.com/malwrhunterteam/status/1567880670612955136
# Reference: https://www.virustotal.com/gui/file/e5f85b2d40bb05c0bf9fc22eb04d98ca28bd4b5fcfa84d8dfebf5b5f2e453811/detection

axisbankpoints.com

# Reference: https://twitter.com/malwrhunterteam/status/1568340694606938112
# Reference: https://twitter.com/midnight_comms/status/1569013865584926720
# Reference: https://www.virustotal.com/gui/file/8b36ba2150047191c388ec2f12a7c28cd82b7eccb9b626e8a8620faefee0c9bf/detection

pompi09m.com

# Reference: https://www.virustotal.com/gui/file/19b6456895335a1f930e0a6cd1f7bdf1a1645861c5736da23936702af8617510/detection

http://139.180.144.202
http://217.69.4.117

# Reference: https://www.virustotal.com/gui/file/bcd4b2ee965b683d84d326fa51ed7d8a6caa86e49303f577387c9635f00e302e/detection

34.77.167.32:6060

# Reference: https://www.virustotal.com/gui/file/114d2cb00a820db7f5277dda5c7750f0e3143091d63484a35cb61b34af040964/detection

idapple.tech
cp.idapple.tech

# Reference: https://twitter.com/malwrhunterteam/status/1570511096724987904
# Reference: https://www.virustotal.com/gui/file/549eb190f60075f3ec58e228725f9540f4226f0ff569796fdd884a0c48c4a407/detection

stop-war.co.in

# Reference: https://www.virustotal.com/gui/file/f8407b8e8b407c2c4b61396049be55de577c290c8167de78cfacb0e896c198e8/detection

182.16.42.18:10102

# Reference: https://twitter.com/malwrhunterteam/status/1573777607459495939
# Reference: https://twitter.com/malwrhunterteam/status/1575954702176428032
# Reference: https://www.virustotal.com/gui/file/8325398d82c110e9219cfbd963c915b7753f108ddd109ceefc47e8c7ef978fe9/detection

cardworth.link
najsnjdndjdjdjsnsnsnndnd.link
server565hd.herokuapp.com

# Reference: https://twitter.com/entdark_/status/1574959318331314181
# Reference: https://www.virustotal.com/gui/file/44dd79ed23516673af9084ea8120f3d412e815ab3df36e9c7e2028363cd086de/detection
# Reference: https://www.virustotal.com/gui/file/6f643819b96ca4b0451293954100b1739865fc593d6c75048563ac5d9a34479a/detection

92.38.190.112:8000

# Reference: https://twitter.com/malwrhunterteam/status/1575138007631396865
# Reference: https://twitter.com/ni_fi_70/status/1575447522197360640
# Reference: https://www.virustotal.com/gui/file/359f382d3aa5df5e38ba59905cf7a0f2cd6b171f8c2ff70ddff1a92b1aefc8c6/detection

nimmabengaluru.in
rblrewards.in

# Reference: https://twitter.com/malwrhunterteam/status/1575963051660300289
# Reference: https://www.virustotal.com/gui/file/2a606e0dc430232fc0608e954eabd82d76f1212da4fc47e57d1da25ac282ebd2/detection

bestrahul.com

# Reference: https://twitter.com/malwrhunterteam/status/1580875733714358272
# Reference: https://www.virustotal.com/gui/file/7b0d377bd1efca7cf0ca1f8ff0c3c587d1a7afa355e2c33b5d811c593d8e528c/detection

axisedgepoints.com

# Reference: https://twitter.com/malwrhunterteam/status/1581006821200101378
# Reference: https://www.virustotal.com/gui/file/87edee0649af1f9eff7b8f350790fa20bb4355ee938fba1c068ff6d75b445fe3/detection

iciccireewaards.in

# Reference: https://twitter.com/malwrhunterteam/status/1581218775625478144
# Reference: https://www.virustotal.com/gui/file/87b3de778206c395f05db5d3b39001b64cfbf397685b0c245ea8a8a74f3254cb/detection

nobitx.cam

# Reference: https://twitter.com/malwrhunterteam/status/1581357795441397760
# Reference: https://www.virustotal.com/gui/file/b81c38ce7fb10d1c68f08176a857ca3c74006d70061cdd196f50a579f8b26082/detection

rewardapp.in

# Reference: https://twitter.com/malwrhunterteam/status/1582778164266532864
# Reference: https://www.virustotal.com/gui/file/e32e453296b4e5991947d9b318ca5b44578f58009fa82f96e45fa33d6254c27c/detection

updateyourcard.in

# Reference: https://twitter.com/JAMESWT_MHT/status/1583823756937789441

srvdwnld.com

# Reference: https://twitter.com/malwrhunterteam/status/1584911467219935233
# Reference: https://twitter.com/LukasStefanko/status/1584921537496420362
# Reference: https://twitter.com/ni_fi_70/status/1585536222360895488
# Reference: https://www.virustotal.com/gui/file/e076771ea4f054354e636b6711f135bb9ce956a38429f79b3e97e2cb680043c1/detection

cbrewards.xyz
cbrewardsapply.com
cbcplus.in
domain-customer-security.com

# Reference: https://blog.cyble.com/2022/10/27/drinik-malware-returns-with-advanced-capabilities-targeting-indian-taxpayers/
# Reference: https://otx.alienvault.com/pulse/635bcdd5ea635790dfe7f4d6

gia.3utilities.com

# Reference: https://twitter.com/malwrhunterteam/status/1586322708874203137
# Reference: https://www.virustotal.com/gui/file/ff15418db7062d6df6ea361c227cd9a7392486c16873612667f4889d9bbe58dd/detection

floating-meadow-51578.herokuapp.com
unhealable-henrys.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/e0c5656ca9877b37e92f5208caf9c65365e9d35ea6eb351915eb3efee235db31/detection

194.87.31.3:3000
fiordmoss.ddns.net

# Reference: https://twitter.com/malwrhunterteam/status/1586481558038380544
# Reference: https://www.virustotal.com/gui/file/cedd041132fb09d7ea36005e75c1310458de887ae13bb7771e306223189fdb3e/detection

hrdtjjfhghgghjyfugyuhugyt.xyz
server-op-007.herokuapp.com

# Reference: https://www.virustotal.com/gui/file/f451ead098b1cbba2ddf7616668d79d5eba5b47248bd381dee9102d91d0d1521/detection

eienjk.herokuapp.com

# Reference: https://www.virustotal.com/gui/file/57d0d59602b239ea3f51b424eb97ae0d446976deeee32320351fefc9524e4d4a/detection

mymember.shop
store.mymember.shop

# Reference: https://www.virustotal.com/gui/file/95a492a482de34121ce37f254a895cf24de0499701da8bd5dddc8f38fd14b435/detection

yvette-toy.com

# Reference: https://twitter.com/malwrhunterteam/status/1589744015108284416
# Reference: https://www.virustotal.com/gui/file/549999ad68e83454eefd0203ac028c54d7dcf45b1c1aa783985b8554e5352448/detection

http://192.227.196.172

# Reference: https://twitter.com/malwrhunterteam/status/1589992683459973120
# Reference: https://www.virustotal.com/gui/file/20d756ad6c2a30f1b54d09d3aaad0a58910da0e152a570da11f34bd83dd30f4a/detection

mensural-input.000webhostapp.com
rashmikakyc.pages.dev

# Reference: https://twitter.com/malwrhunterteam/status/1590477370204377088
# Reference: https://www.virustotal.com/gui/file/a62ffd2f7c9932b0d7003d052f8c1c51923dcea7c5d7afba6f8640d8799d0c1b/detection

wordresume.herokuapp.com

# Reference: https://twitter.com/malwrhunterteam/status/1591585679896633345
# Reference: https://twitter.com/midnight_comms/status/1596502593668538371
# Reference: https://www.virustotal.com/gui/file/3eb9661b887251fd28ee95a29cbd4f84497ce5955a2817cdf03aef808420411a/detection

j.000webhostapp.com
jant.000webhostapp.com

# Reference: https://twitter.com/malwrhunterteam/status/1591586472561631233
# Reference: https://www.virustotal.com/gui/ip-address/64.44.139.133/relations
# Reference: https://www.virustotal.com/gui/file/72b867acd69d9ce377aa073bb04ec3f141f27f1985e5d3407e480976ab81d8fe/detection

alroment.tk
rmtedmin.tk

# Reference: https://blog.cyble.com/2022/11/15/phishing-campaign-targeting-indonesian-bri-bank-using-sms-stealer/

apk-ind.com
apk-online.com
formullir-tarlf.com
ionicio.com
login-brimo-tarif.com
britarif.ftml.my.id
layanan.sch.id
tarif-layananbri.my.id
brimo-login-id.apk-ind.com
brimo-login-ind.apk-online.com
brimo-update.apk-online.com
grupwa11197435.apk-ind.com
id-bri-login.apk-online.com
id-login-brimo.apk-ind.com
id-login-brimo.apk-online.com
login-bri-ib.apk-ind.com
skematrf-login.apk-ind.com
trf-skema-bri.apk-online.com
perubahan.tarif-layananbri.my.id

# Reference: https://twitter.com/malwrhunterteam/status/1593723747491614727
# Reference: https://www.virustotal.com/gui/file/e8d7a0436d04e4ce48769481da317755a217a0f9fd08f679a79b4b54f2d45490/detection

ocellar-rice.000webhostapp.com

# Reference: https://twitter.com/malwrhunterteam/status/1594095245582548993
# Reference: https://www.virustotal.com/gui/file/429ef52512fffe6e395700de22cc578eb482ee42f947fab2d48159386adb4d8d/detection
# Reference: https://www.virustotal.com/gui/file/b58594c91a5712a38dbd5a1ceba76cbe0d0f934b53755fa61b9d8f8a369c1b1e/detection

ravins.online
/admin_panel/api/app/client_app
/admin_panel/api/app/user_get_job_price

# Reference: https://twitter.com/malwrhunterteam/status/1593719207597903873
# Reference: https://twitter.com/midnight_comms/status/1596500158170423298
# Reference: https://www.virustotal.com/gui/file/c4801ea49cce0b7fe44779ecc919dd7aa09be7ba8d8ab14b7cecdbcbe538bb32/detection

http://137.220.230.50

# Reference: https://twitter.com/malwrhunterteam/status/1596563368344682497
# Reference: https://www.virustotal.com/gui/file/ada96d3e8a7c01da25aa45cbabbdec28f928fd7aed048d1d96456f1d89cb39cf/detection

accounts-shopify.com

# Reference: https://twitter.com/ReBensk/status/1597189188549386240
# Reference: https://www.virustotal.com/gui/file/fe213dc7e796c1dd9d78eb7b1aa003605a854c729a3b4d2427b624183fae5d0f/detection

point-dekho.xyz
hellorsircheck.000webhostapp.com
ksjkahsadkakkjsdkjakda.web.app
sbi-kyc-apks-v-1-22-2.web.app

# Reference: https://twitter.com/malwrhunterteam/status/1597307590286794753
# Reference: https://www.virustotal.com/gui/file/cc174d774a09796b2952de2c308d2193e7fb093dc4559052483ba49f2f477727/detection

pointrewardas.co.in

# Reference: https://twitter.com/ni_fi_70/status/1597510646408441856
# Reference: https://www.virustotal.com/gui/file/b3b59180bef0e80839b83c421b2100a84dcaf4bf9774072bf2cc19af1092c5e6/detection

aktualizacjakodu.com

# Reference: https://twitter.com/malwrhunterteam/status/1597521278713311232
# Reference: https://www.virustotal.com/gui/file/bd89b188041388f7d2a024546d4a46e7a8e39dc251152f223720a014405e3bf3/detection

d3m4i2q8vx73j8.cloudfront.net

# Reference: https://twitter.com/malwrhunterteam/status/1597520171635453952
# Reference: https://www.virustotal.com/gui/file/007bdb212d92a3402095c8828366f5c1de4f83f5050a1443a7651f79285a4560/detection

luxlury.com
luxury-online.net

# Reference: https://twitter.com/ReBensk/status/1597542999960915969

axisrewardapp.co.in

# Reference: https://twitter.com/ReBensk/status/1597838090235629568

digitalcardowner.in

# Reference: https://twitter.com/malwrhunterteam/status/1598790278084759577
# Reference: https://www.virustotal.com/gui/file/c0241e06937ec89f5153cc3ab25190bc2867ebbeae78c4441b5ff41384d071d4/detection

91.92.120.131:4525

# Reference: https://resecurity.com/blog/article/in-the-box-mobile-malware-webinjects-marketplace

ccotapun66kp4jbpzbrhxepltuzjlh2e2c26w2zgtowhguv5orxk7aqd.onion

# Reference: https://twitter.com/malwrhunterteam/status/1599852746416398336
# Reference: https://twitter.com/midnight_comms/status/1600104507223916544
# Reference: https://www.virustotal.com/gui/file/0fafd3369bdcfabcf7b2da0c783d9779052083de72383a01df1a4e883de594f5/detection

http://193.221.95.147
http://193.221.95.40
http://45.158.22.196
/query?type=yuantong&postid=

# Reference: https://twitter.com/malwrhunterteam/status/1600619259692027904
# Reference: https://twitter.com/midnight_comms/status/1600687606920269827
# Reference: https://www.virustotal.com/gui/ip-address/185.119.57.134/relations
# Reference: https://www.virustotal.com/gui/file/5c9495ed0b80277b58fa163413093c2ed3aed12f8454b2c014f3b752b641e661/detection

badeskot.com
kilototo.host
livesms.space
sermina.host

# Reference: https://twitter.com/l205306/status/1600657484305555456

one-store.marketing
u-pay.club

# Reference: https://twitter.com/ReBensk/status/1600812171633381377

amazonmall.club

# Reference: https://twitter.com/malwrhunterteam/status/1600994059287339008
# Reference: https://www.virustotal.com/gui/file/238492af934405156e9fff888213c0b769e09f4a916fe4e1666897ea12f3ed2a/detection

best-cleanings.com

# Reference: https://twitter.com/malwrhunterteam/status/1601141132758769664
# Reference: https://www.virustotal.com/gui/file/dae85468af435dfbe522d474465f7f5a256b6bf98bf772b87c2c7d50f83895a3/detection

user-update-app-v-12.web.app

# Reference: https://twitter.com/malwrhunterteam/status/1601148538913583105
# Reference: https://www.virustotal.com/gui/file/8202322d718219231fab9e847351fa6493eafe4d087edddbb6fe0abd64b54595/detection

climreward.co.in

# Reference: https://twitter.com/ReBensk/status/1601577314370072578

bounsofferrewards.co.in

# Reference: https://www.virustotal.com/gui/file/4ff71530ae98a58461855a03414afc42d3a38b8bca0394e28847847d7e933199/detection

crrewardpoint.com

# Reference: https://twitter.com/ReBensk/status/1602714938035822594
# Reference: https://www.virustotal.com/gui/ip-address/68.178.148.41/relations
# Reference: https://www.virustotal.com/gui/file/cf8fe2f7d6216af0b90275f6dbeeab8363dcf159d08bf430097e898e1a01cd11/detection
# Reference: https://www.virustotal.com/gui/file/cfb01d73729d5f730a06d12f601dba404ff7fc62e2d1355c9cf428b80bd9f3c2/detection

claimapppoint.co.in
pointawailoffer.co.in

# Reference: https://twitter.com/malwrhunterteam/status/1603313750995517440
# Reference: https://www.virustotal.com/gui/file/91e2dea4e470063583fac581307595fc523653272f444e5e52a291b3830ad5fc/detection

rewadsgovt.in

# Reference: https://twitter.com/malwrhunterteam/status/1603149420610076672
# Reference: https://www.virustotal.com/gui/file/aed5dc80a04344e0f9504317fe3681ac46cca3fc0651e57701c20eb162503f56/detection

nitinbhai-testing.web.app
sbl-v1.firebaseapp.com

# Reference: https://twitter.com/malwrhunterteam/status/1603306358283059202
# Reference: https://twitter.com/ni_fi_70/status/1603324313758736385
# Reference: https://www.virustotal.com/gui/file/9a961af2cd63124f01e9d1a316e095c8416babdba4d7b159e3fb6c1628dc1da8/detection

tech-digital.net
sg1.mall-base-app.com

# Reference: https://twitter.com/Artilllerie/status/1603409473225228289
# Reference: https://www.virustotal.com/gui/file/7ddb7f07349d8b7e519233f1c22c12bfddeec6afcf16c683cebc0da80897b88c/detection

grabspp.online

# Reference: https://twitter.com/malwrhunterteam/status/1605304582489481218
# Reference: https://www.virustotal.com/gui/file/e117bb9f52e736fffcbd42684883cb3701e03f0771b48129b1a33f6a60ffb259/detection

cleanshouse.net

# Reference: https://twitter.com/malwrhunterteam/status/1606406303122866176
# Reference: https://www.virustotal.com/gui/file/b1f231d1f0074b2cf6a5d04a370c4ab11610671759af81530fbfc8aab330ca98/detection

macawschat.net

# Reference: https://twitter.com/0xckr0/status/1607343476961693699
# Reference: https://www.virustotal.com/gui/ip-address/80.66.64.151/relations

coveripotezko.com
heikenmorgan.com

# Reference: https://www.virustotal.com/gui/file/ebcb33e96b24baa973655e70272eaa96d36e1070221da20d64234dd1ca75e248/detection

rhizocarpous-elevat.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/cbf0996af5a4a28e1cd7360c1e3e0079316009ed992a00c579359636fe70ac8d/detection
# Reference: https://www.virustotal.com/gui/file/624e1630cb4d05c7ea859b0478164aa897f0ba6c80a96d26484f4be0c094a1fb/detection
# Reference: https://www.virustotal.com/gui/file/4735686716224aaea522de595edecbac242c07ebd55ad570b7219b7569d8359f/detection
# Reference: https://www.virustotal.com/gui/file/1bd7e5b554365d6b1bb2f53a900a03ef9964a6c3bd2483729e068b4bfb39eeb4/detection

5.239.29.232:1337

# Reference: https://blog.cyble.com/2022/12/27/new-wave-of-finacial-fraud-scammers-monitoring-social-media-complaints/
# Reference: https://otx.alienvault.com/pulse/63ac1c473364458b045732d8
# Reference: https://www.virustotal.com/gui/file/f952c05d9df163cdc96938222c197ea10c9250b3e548a880b0c52faa9c4d6e28/detection

mycomplainquery.in

# Reference: https://www.virustotal.com/gui/file/b38494165e9faf7ed380e669ecb30e515653048f118b5d9b27157980915d8e44/detection

kjhdksakdhkshkdfhkhdskhfkhsdkhfkhdkshfhkd98327439759743975.pages.dev
d0f67a5f.kjhdksakdhkshkdfhkhdskhfkhsdkhfkhdkshfhkd98327439759743975.pages.dev

# Reference: https://www.virustotal.com/gui/file/39cfb6ccf72c01794d078fe27f4ddb99f4753aa8b6fa42a05df0cc0de788cbb9/detection

serbestpanbizikiuchasbir.co.vu

# Reference: https://twitter.com/ni_fi_70/status/1613177368901816323
# Reference: https://www.virustotal.com/gui/ip-address/68.178.145.70/relations
# Reference: https://www.virustotal.com/gui/file/ce2cf2527bc797c2cbaa9b8005a315717d3883bc15c025ca68b0a129feff5a51/detection
# Reference: https://www.virustotal.com/gui/file/eed90cd3499214dc62fc208aa2dbb8f1992810f2b5e863f8201574a9a5d68605/detection
# Reference: https://www.virustotal.com/gui/file/ebdafdf045f1ed27801a7f444fb80c48044da7b8da876723addd9224a496ad51/detection
# Reference: https://www.virustotal.com/gui/file/dc2555b64aafe6285693272b94b68eda2c5b45aabec41b9415cdd8b7f8f2e3ef/detection

axisclaim.co.in
axisedgepoint.com
myaxispoints.com

# Reference: https://www.virustotal.com/gui/file/97d9698f438dbfde0ade6c5cd8acfc8afd3506aa9c1f416a03b615395765ab85/detection

185.163.45.17:8000

# Reference: https://twitter.com/malwrhunterteam/status/1614241349171134465
# Reference: https://www.virustotal.com/gui/file/73ba13bcd8e171c7c653fbfda8f708355cba01b4701c2701b2a35f2d2486c973/detection

carved-screwdrivers.000webhostapp.com
icici-kyc.web.app

# Reference: https://twitter.com/malwrhunterteam/status/1614248897907392515
# Reference: https://www.virustotal.com/gui/file/8b29db147b8e6e4c9206b2c44fc5d11c105a1213ac85009adf818d6321e5b9ed/detection

pinkycatmall.online

# Reference: https://twitter.com/malwrhunterteam/status/1614384893496274945
# Reference: https://www.virustotal.com/gui/file/64b84a63bd404e0177c1821bc92e629d31070df50b0b0fcc45ae20b2236798fb/detection
# Reference: https://www.virustotal.com/gui/file/6f08ec8e147b9892a4a351a68150c37e47cdfa953647333be2fec4e6d9981f73/detection
# Reference: https://www.virustotal.com/gui/file/04022ff49df57bc1f7602fbebd6f935fc31fa219b82cb909054456a7566d87b2/detection

myliveservise.co.in

# Reference: https://twitter.com/ReBensk/status/1614952874420887553
# Reference: https://twitter.com/JAMESWT_MHT/status/1614954104224194562
# Reference: https://www.virustotal.com/gui/file/e9b77e406a67de5ba51b12e9549899bdf11fdcb5dbf9a722e30eb2a2d0459fec/detection

credrewards.in

# Reference: https://twitter.com/malwrhunterteam/status/1616174221541134336
# Reference: https://www.virustotal.com/gui/file/44983dde56eb1f20459f726392535c5777f858cf6e0c7515e5f6257b43124d29/detection

parkservise.co.in

# Reference: https://twitter.com/ReBensk/status/1618919756756836353
# Reference: https://www.virustotal.com/gui/file/50a728cd81dbc8a0fb27d8b19ef4ec730c6e14a728f36c90ec98ef8effd9a00e/detection

redeempoint.co.in

# Reference: https://twitter.com/malwrhunterteam/status/1618952519409102853
# Reference: https://www.virustotal.com/gui/file/268b71cf218519ef9b6570c897a592971c7e8e33219838425fb8a44a9cc22bf4/detection

iboiha.fun
ww25.iboiha.fun

# Reference: https://twitter.com/malwrhunterteam/status/1620926054117568512
# Reference: https://www.virustotal.com/gui/file/5c9fb34f1f12a8fe9adf1a41bde6ce35eb379a9621f35d84c41d589e78f338ee/detection

sb1-kyc.web.app

# Reference: https://twitter.com/ReBensk/status/1622579528571949057

claimcrediptpointred.shop

# Reference: https://twitter.com/malwrhunterteam/status/1627010666023292929
# Reference: https://www.virustotal.com/gui/file/2dd36b10426a729f5ce9785d5b5bab67c4f8c054e9fc5833f6b13f4cb53e45fb/detection

storeapp.co.in

# Reference: https://twitter.com/malwrhunterteam/status/1627090862269419520
# Reference: https://www.virustotal.com/gui/file/c6d3cc2a9d9c5caa34c6c7f82b3ce93489d4254ae722c201cc5e041420bb592a/detection

instant-e-apply-campaign-page-idf-campaign-fix.xyz

# Reference: https://blog.cyble.com/2023/01/31/inthebox-web-injects-targeting-android-banking-applications-worldwide/
# Reference: https://otx.alienvault.com/pulse/63d96828750d112f619c74f6

http://194.180.174.127
http://199.192.26.165
http://85.31.46.136

# Reference: https://twitter.com/malwrhunterteam/status/1629219402280312832
# Reference: https://www.virustotal.com/gui/file/c314b21629fcfac052d5b382a34f8f917da83a904be748f0e62540b17cddcd6c/detection

sbhdclaimpoint.online

# Reference: https://twitter.com/malwrhunterteam/status/1629449605472550914
# Reference: https://www.virustotal.com/gui/file/b97d52639d168de02182e817091697267d000f43de10686bde7b28ee57e5cfaa/detection

makelifedream.in

# Reference:https://www.virustotal.com/gui/file/7753789eeda22ba67782c4f984150c2c38a191838eb4fe8e2f08daa0755740aa/detection

getreward.co.in

# Reference: https://twitter.com/malwrhunterteam/status/1629461441135665158
# Reference: https://www.virustotal.com/gui/file/3b23bd47f2f1b522a32f50a59f37e5fb68a67d4d5c811ae883d464649d63f73a/detection

tenter.co.in

# Reference: https://www.virustotal.com/gui/file/cdf7da21b7823c528e2e1b82cfcbc5e03816ff34a259b7296344dfaead80d798/detection

zizi.accesscam.org
/ZmdoMTE5/cnR5MTIw.php
/ZmdoMTE5/enhjMTE0.php
/ZmdoMTE5/
/cnR5MTIw.php
/enhjMTE0.php

# Reference: https://twitter.com/malwrhunterteam/status/1630689031209074697
# Reference: https://twitter.com/ReBensk/status/1633869800182284289
# Reference: https://www.virustotal.com/gui/file/0fe8c31ba136c2558b8bad93a24704b9b371ff856b3fc09dfe7114bdfd7d5761/detection

s6birwc.xyz
sh6bciewrd.online
sh6cwerd.click

# Reference: https://twitter.com/malwrhunterteam/status/1631662488600080386
# Reference: https://www.virustotal.com/gui/ip-address/5.159.49.165/relations
# Reference: https://www.virustotal.com/gui/file/62b244a547ea78f57843bf358c59c7cedd3af07bb336eacecc2efdd70ed8085e/detection

shamgetme.cloud
shmgetr.tech
shmxc.cloud
xsham.cloud

# Reference: https://twitter.com/malwrhunterteam/status/1616439362455236613
# Reference: https://www.virustotal.com/gui/ip-address/183.111.122.104/relations
# Reference: https://www.virustotal.com/gui/file/d661c68ec155585eae77147982bb2713beeab96a594e8cc0fd5a8b91f714bf29/detection
# Reference: https://www.virustotal.com/gui/file/0a5725d53ea433264a6e16213a5536a55d975c99ed3697fe52b9adc6df139462/detection

amasolo.com
daangnin.com
darkboxshare.com
love-love.cc
metamosk.vip
secret-chat.vip
telegramiamg.com
telegraming.pro
unioneword.com
utalk.site
as.amasolo.com
down.amasolo.com
main.amasolo.com
main.metamosk.vip

# Reference: https://twitter.com/malwrhunterteam/status/1631641982136205315
# Reference: https://www.virustotal.com/gui/file/150e4fcc5214f7365a3cc81c7d14f5455ac339807351e4248dd529a2a88f5dae/detection

ariayoga.cc
ariayoga.online
ariayoga.site
cloudlbum88.com
cloudlbum91.com
jaiyoga.vip
love-love.co
preciousalbum58.com
secret-chat.vip
unioneword.com
down.ariayoga.cc
down.ariayoga.online
down.cloudlbum88.com
down.cloudlbum91.com
down.jaiyoga.vip
down.ariayoga.cc
down.love-love.cc
down.love-love.co
down.preciousalbum58.com

# Reference: https://www.virustotal.com/gui/ip-address/65.109.122.227/relations

bonuscoin.in
offerpointreward.in
offerreddem.in
pointoffer.in

# Reference: https://www.virustotal.com/gui/file/5335f2839fafbc2c9efdc861dfa020876a532b66d5baed7fb69665f8075d0d01/detection

103.244.148.94:809
sadqwdasinf.info

# Reference: https://twitter.com/ReBensk/status/1633872745636454401
# Reference: https://www.virustotal.com/gui/ip-address/68.178.145.187/relations

doorlabel.in

# Reference: https://www.virustotal.com/gui/file/7b2373c6c2ca0b57bd90170ec1d8bb0fa0ad2d8c1fc7613b58beca511f9bcf23/detection
# Reference: https://www.virustotal.com/gui/file/9b46afb380119de9f2f70ddd30b58a4d82b950e8d2bb92920873d0b0920e5494/detection

mylivepointservise.co.in

# Reference: https://twitter.com/Gi7w0rm/status/1633899205621174273
# Reference: https://twitter.com/0x6rsk/status/1659545709077573637
# Reference: https://twitter.com/TLP_R3D/status/1659636656436125698
# Reference: https://www.virustotal.com/gui/ip-address/190.211.255.218/relations
# Reference: https://www.virustotal.com/gui/file/7c1eba7f4a09b6f60ab8f883541104ca3c386a5b7e9282271eef2cf44d27dc94/detection
# Reference: https://www.virustotal.com/gui/file/60af458b972d2fbd2687c053fa7e18fb32b12be6bc2cb899c9b15dc7128822ca/detection
# Reference: https://www.virustotal.com/gui/file/e53b426981bbe8f19a97ba9efa4413ed8fb4f44532e4984a10007c9f204827a1/detection

http://179.43.163.113
http://190.211.255.218
103.175.16.151:443
179.43.163.113:443
190.211.255.218:443
192.198.82.59:443
194.135.33.160:443
32.54.188.44:443
92.119.178.40:443
biribizidurdursunn.com
biribizidurdursunn1.com
biribizidurdursunn2.com
slmmistosi.com
slmmistosi2.com
yamacbank22.xyz
youtubeadvan3242.xyz
youtubeadvanced.pro
/YTFlMzViNjNiNWM3/OTI0NGRhMTFlMDNk/index.php
/YTFlMzViNjNiNWM3/OTI0NGRhMTFlMDNk/
/OTI0NGRhMTFlMDNk/index.php
/OTI0NGRhMTFlMDNk/
/YTFlMzViNjNiNWM3/

# Reference: https://twitter.com/malwrhunterteam/status/1634688954061541378
# Reference: https://www.virustotal.com/gui/ip-address/144.217.191.38/relations
# Reference: https://www.virustotal.com/gui/file/ba41a9469e7057170456f1e4c4c3dcd99b9f33d6e52dd8c9202987cd44d75f7b/detection
# Reference: https://www.virustotal.com/gui/file/824fdcb6753c6f6bbd79e83361b08afc8d587253a95708f844b625f0721afbc0/detection

bmiat.website
ceham.uno
edsim.fun
ersdin.host
frest.host
fsdhem.fun
idolatn.uno
indilt.host
jnshm.fun
milat.fun
msdhen.fun
msdin.uno
sabtnam.host
samen.uno
sbtnam.uno
sedhin.fun
seham.host
seirn.uno
truwalt.com
your-app.xyz
myremote.oghabhost.xyz

# Reference: https://twitter.com/ReBensk/status/1635695388802920464

hdfc-point.web.app

# Reference: https://twitter.com/HaoZhixiang/status/1635937304970706948
# Reference: https://www.virustotal.com/gui/ip-address/43.154.91.41/relations
# Reference: https://www.virustotal.com/gui/file/4c9b6c5c65eff41d99911dffb8f65730e4bf954ff162e9840d3cac7fe1fc9340/detection

a2qw.sbs
a3qw.sbs
ak8a.sbs
d3qw.sbs
e2qw.sbs
ed8a.sbs
gn8a.sbs
i2qw.sbs
i3qw.sbs
iq8a.sbs
kr8a.sbs
mt8a.sbs
ns8a.sbs
o2qw.sbs
o3qw.sbs
p2qw.sbs
p3qw.sbs
q2qw.sbs
qa2qw.sbs
qs3qw.sbs
qw1qw.sbs
r2qw.sbs
s3qw.sbs
t2qw.sbs
u2qw.sbs
u3qw.sbs
w2qw.sbs
wa1qw.sbs
wo1qw.sbs
wp1qw.sbs
ws1qw.sbs
y2qw.sbs

# Reference: https://www.virustotal.com/gui/ip-address/43.154.239.105/relations

dhrg.sbs
erwtg.click
euiop.click
ewfsv.click
fjez.sbs
grbsc.click
hbswz.click
hrffc.click
mkjh.sbs
nhge.sbs
nhgtr.sbs
qadvz.click
rgms.sbs
sdbw.sbs
vhgrdw.click
wefcn.click
yits.sbs
yjhrv.click

# Reference: https://twitter.com/0x6rsk/status/1636322983542128641
# Reference: https://www.virustotal.com/gui/file/4469ea6689654fe0388191097d3938a832abfa597c8195966320dab9e0d77a7b/detection

pointapp.co.in

# Reference: https://research.checkpoint.com/2023/south-korean-android-banking-menace-fakecalls/
# Reference: https://otx.alienvault.com/pulse/641215d6755811b251dcdfc4

http://154.197.48.125
http://154.197.48.195
http://154.197.48.212
http://154.197.48.72
http://154.197.48.93
http://154.23.182.63
http://154.38.113.162
http://156.245.12.211
http://156.245.21.38
http://182.16.42.18
http://206.119.82.78
154.197.48.125:10102
154.197.48.195:10102
154.197.48.212:10102
154.197.48.72:10102
154.197.48.93:10102
154.23.182.63:10102
154.38.113.162:10102
156.245.12.211:10102
156.245.21.38:10102
182.16.42.18:10102
206.119.82.78:10102
154.197.48.125:5055
154.197.48.195:5055
154.197.48.212:5055
154.197.48.72:5055
154.197.48.93:5055
154.23.182.63:5055
154.38.113.162:5055
156.245.12.211:5055
156.245.21.38:5055
182.16.42.18:5055
206.119.82.78:5055
daebak222.com/huhu/admin.txt
data.go.kr/data/15063815/fileData.do

# Reference: https://www.virustotal.com/gui/file/c132022787142928233780c5c6023a8e87d7efbefb5dd53b442274ed23ee05ce/detection

5.255.105.30:9462

# Reference: https://twitter.com/malwrhunterteam/status/1637225888323346432
# Reference: https://www.virustotal.com/gui/file/7b8c3c58acfbaab01328843e066e1992faab4ff91deba1165d2f86d6cf247d53/detection
# Reference: https://www.virustotal.com/gui/file/b54da7ff382d62b252efe4ccf4b17f6ab9e859b1e98e01c0aa3bfa0e123c5144/detection

http://107.174.45.116
mp7.sytes.net
msr.servehttp.com

# Reference: https://www.virustotal.com/gui/file/d55a7c565a8b96f809ee6967837c67f7dc708d79a9bd5c1ebdf287bdaf24e62e/detection

tygaa.in

# Reference: https://www.virustotal.com/gui/file/2d966ab7b50695be6046da0c6817881eaeb16e589b49dc115ec212f221e698d7/detection

prepagos-cancelar-app.com

# Reference: https://twitter.com/0x6rsk/status/1640632227863179269

zektarmunoza.shop

# Reference: https://twitter.com/0x6rsk/status/1642985469251297280
# Reference: https://twitter.com/Gi7w0rm/status/1643274917310513155
# Reference: https://www.virustotal.com/gui/ip-address/5.178.2.174/relations
# Reference: https://www.virustotal.com/gui/file/8fe86e178198c7e5ab8d1eaf4e77772688c37960ddad4d64174c90ae7ced8d28/detection

gahvaperos.shop

# Reference: https://twitter.com/ReBensk/status/1644260955633721344

cashhicash.in

# Reference: https://twitter.com/ReBensk/status/1644217334725320709
# Reference: https://www.virustotal.com/gui/ip-address/47.242.229.139/relations

a-telegram.com
androd-telegram.com
androd-telegram.online
androd-telegram.xyz
android-telegram.online
android-telegram.xyz
apk-telegram.com
apk-telegram.online
apk-telegram.org
apk-telegram.xyz
apk-ws.com
app000.org
app005.org
app006.org
app007.org
app008.org
app009.org
appc-telegram.com
ch-telegram.org
china-telegram.online
china-telegram.site
china-telegram.xyz
chinese-telegram.org
google-telegram.org
hk-telegram.cc
hk-telegram.cn
hk-telegram.top
hk-telegram.xyz
hongkong-telegram.com
hongkong-telegram.online
hongkong-telegram.org
hongkong-telegram.site
hongkong-telegram.xyz
iphone-telegram.com
m-telegram.cc
mac-telegram.org
message-telegram.org
pro-telegram.xyz
telegfcom.org
telegram-888.xyz
telegram-a.org
telegram-androd.cc
telegram-androd.com
telegram-androd.org
telegram-apks.org
telegram-apks.xyz
telegram-c.org
telegram-china.app
telegram-china.co
telegram-china.me
telegram-china.online
telegram-china.site
telegram-china.xyz
telegram-e.cc
telegram-hk.app
telegram-hk.cc
telegram-hk.net
telegram-hk.top
telegram-hongkong.app
telegram-hongkong.cc
telegram-hongkong.co
telegram-hongkong.me
telegram-hongkong.net
telegram-hongkong.xyz
telegram-mac.org
telegram-me.cc
telegram-message.org
telegram-n.cc
telegram-o.cc
telegram-philippines.com
telegram-pro.xyz
telegram-tw.xyz
telegram-v.org
telegran.bike
telegran.bz
telegran.cam
telegran.la
telegran.lat
telegran.sc
telegran.srl
telegran.vc
telegran.ws
tw-telegram.xyz
voice-telegram.org
wed-telegram.org

# Reference: https://twitter.com/malwrhunterteam/status/1644827139466752001
# Reference: https://www.virustotal.com/gui/file/a0bcbaffead02d494fda2b786dd2921db8db0b02d904b85244e26791a4c72a1d/detection

lifesgood.online

# Reference: https://twitter.com/parate_rupali/status/1645407589545693189
# Reference: https://twitter.com/AuCyble/status/1646489771752009728
# Reference: https://blog.cyble.com/2023/04/13/chameleon-a-new-android-malware-spotted-in-the-wild/
# Reference: https://www.virustotal.com/gui/file/153410238d01773e5c705c6d18955793bd61cb2e82c5c7656e74563bb43b3ffa/detection

146.70.41.143:7242

# Reference: https://www.virustotal.com/gui/file/58b7fcee85412190251c7ccecd7ff82f0c219d139debb1830b9f70d6a400858a/detection
# Reference: https://www.virustotal.com/gui/file/67e1212329e9300b6a3aef4a2d8ba968c4219ed929d3060bf8a21a94a01287fb/detection
# Reference: https://www.virustotal.com/gui/file/f6b75cfa07448c9c0e83bd725e079aeb1d01a825e37bd5339d6060501e8f16e2/detection

safakeamanan.com
ek.safakeamanan.com
ud.safakeamanan.com

# Reference: https://twitter.com/malwrhunterteam/status/1646507066369134598
# Reference: https://www.virustotal.com/gui/file/a548748ec7428a687b59b39c5c9280454201733a5c093f9b6df85602b2195500/detection

jio-mart-sales.in

# Reference: https://twitter.com/ReBensk/status/1650901080140656641
# Reference: https://www.virustotal.com/gui/ip-address/23.154.80.191/relations
# Reference: https://www.virustotal.com/gui/file/eaeb252cc13cfa8eb46304475ad37c59ba2151111946216312e142164af0d128/detection
# Reference: https://www.virustotal.com/gui/file/bfd947fe576cbf5dc1cbb79fb4aab0794fe232ac57239bcb0d9360473916b76b/detection
# Reference: https://www.virustotal.com/gui/file/4799fbae3ebb105db12ae167f6328d32a8ed6e1abd2f9a23e5b654484c6421a9/detection

bbstofaroly.xyz
bbstofaronly.xyz
bbstofarunly.xyz
bbtofrunly.xyz
fbstofaronly.xyz
ree-wardbbesofars.xyz
thenjjshop.in
mail.bbstofaroly.xyz
mail.bbstofaronly.xyz
mail.bbstofarunly.xyz
mail.bbtofrunly.xyz
mail.fbstofaronly.xyz
mail.ree-wardbbesofars.xyz
mail.thenjjshop.in

# Reference: https://twitter.com/malwrhunterteam/status/1646516940691890176
# Reference: https://www.virustotal.com/gui/file/49647896946c9336fe3bf55ef935cd2ded832cf0874830306c4e5130767ec498/detection

cashbyreward.in

# Reference: https://n0psn0ps.github.io/2023/03/02/android-malware-analysis-series-ato.apk-part-3.1/
# Reference: https://n0psn0ps.github.io/2023/03/02/android-malware-analysis-series-ato.apk-part-3.2/
# Reference: https://www.virustotal.com/gui/file/55884b3b0018b42e500c8ca427d8ae3b3174d9efca5aa57b34eb9202cb84913a/detection

http://146.70.88.44
146.70.88.44:5678

# Reference: https://twitter.com/malwrhunterteam/status/1648077108676112386
# Reference: https://www.virustotal.com/gui/file/9fe4728c2741e48b14f123c2bacc8465e279368ff0df1e8b0f045ff501b816cd/detection

target-globalshop.com

# Reference: https://twitter.com/malwrhunterteam/status/1648314930850832384
# Reference: https://twitter.com/noexceptcpp/status/1652821481481465863
# Reference: https://www.virustotal.com/gui/file/14da4a46ea086e1a5074cbc695b7dbdc6604c13e23c8fe7d258faddec608184b/detection

caixadasorte.link
fortunacaixa.com
admin.fortunacaixa.com
caixar.oss-us-east-1.aliyuncs.com
ek.fortunacaixa.com
lol.caixadasorte.link
who.caixadasorte.link
ws.caixadasorte.link

# Reference: https://twitter.com/0x6rsk/status/1653413362720559105
# Reference: https://www.virustotal.com/gui/ip-address/45.143.136.125/relations
# Reference: https://www.virustotal.com/gui/file/26f4bce37f3215fb70697c91529943ab18d2e1fcc2f879ccd9d04a209ffe6aab/detection

axperomo.shop

# Reference: https://twitter.com/malwrhunterteam/status/1654248866177503232
# Reference: https://www.virustotal.com/gui/file/07504d45cffd78f6037718361bc50ec2591eabb9749c88ef645088a3ebaa4501/detection

telegram-zh.org.cn

# Reference: https://twitter.com/malwrhunterteam/status/1654970357533532161
# Reference: https://www.virustotal.com/gui/file/d7a8d786d320c17d56161b4a2cb7af9ed7b1e72abc64f1b439b29e96a7b11a92/detection

icici-offer.site

# Reference: https://www.virustotal.com/gui/ip-address/68.178.149.21/relations
# Reference: https://www.virustotal.com/gui/file/a1347a29dd82666ea2735d99983ab3179ee761394232befc18ff5c201ee80e93/detection
# Reference: https://www.virustotal.com/gui/file/97f74263178161d4f5ea61f701ff17adc8da58e3a6e4b643aef48b18f2dec496/detection
# Reference: https://www.virustotal.com/gui/file/40926349628bc42867e9f32fdf0121d7948de424be526c4167362bda0870bc29/detection
# Reference: https://www.virustotal.com/gui/file/2194b74e591b80b665e3f20a008c762a97258704eed59a8800a109d48bd51a16/detection
# Reference: https://www.virustotal.com/gui/file/036cbabb35319e904a7290ca563b31d9bf6f6dda48193aa39085fbb0bc250faa/detection

axispointclaim.co.in
bigbazarmart.in
deltaverify.co.in
payphonnow.in
px.payphonnow.in
/verify/bibbazar

# Reference: https://twitter.com/malwrhunterteam/status/1660736877664653328
# Reference: https://www.virustotal.com/gui/file/aac2f99af5bf5e21a7ae136718a256ba40916b07da0406454746b9e3e487fec6/detection

104.21.6.118:2053
104.21.6.118:2083
172.67.134.210:2053
172.67.134.210:2083
laborer-posted.nl

# Reference: https://twitter.com/malwrhunterteam/status/1661081398327820290
# Reference: https://twitter.com/malwrhunterteam/status/1661079860238794758
# Reference: https://www.virustotal.com/gui/file/185204c45bfe4f90ae29e79d98d0a6afa2f0f0a76448b72a21801585e2e7e552/detection
# Reference: https://www.virustotal.com/gui/file/61c41393f9a73367207c564a07f6faff9b88f99782473f4f3293eaaa8caea438/detection

angelitaful.com
dating-talk.com
onenumsource.com
princetalk.co
princetalk.me
princetalk.pro
princetalk.xyz
theprincetalk.com

# Reference: https://www.virustotal.com/gui/file/8ed1e4c424f34b6af89962f1048b2dd8ddf5d22040d3dac28344eb3e981a2623/detection
# Reference: https://www.virustotal.com/gui/file/cdfbc1ce2af7e335a23e9132558e944f56c43c62296a080c4dc5a4b69059adfc/detection
# Reference: https://www.virustotal.com/gui/file/f82f485662497222df3784f99462ceacac8545b5f78d2ff6389c943da9af349f/detection

156.251.24.194:5521
156.251.24.194:7098

# Reference: https://twitter.com/ReBensk/status/1667388141236285441
# Reference: https://www.virustotal.com/gui/file/35e70ad12f9c549aaf661f61b60ce68700ef4205a0116441cf720c8ca0edccd9/detection

amexindia.host

# Reference: https://twitter.com/malwrhunterteam/status/1667249881696686094
# Reference: https://www.virustotal.com/gui/file/d7f0c77cc027bceee3c2c53d35370e2b035f58eefbe95941fdd2c3cd1b8bd214/detection

aircondservicemy.com

# Reference: https://www.virustotal.com/gui/file/9c046cbf4c023ca81e02a804cc9a7615b9c52e58f0d7e7d43a3cbba7fb801493/detection

user-app.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1668350004350574606
# Reference: https://twitter.com/noexceptcpp/status/1668360185876819970
# Reference: https://www.virustotal.com/gui/ip-address/122.128.107.243/relations
# Reference: https://www.virustotal.com/gui/file/ad6f8ec6aa7f8b5b16816f075b77769aa7e7699d18e4f573850f23c3606ab7cf/detection

http://122.128.107.243
downloadnaver.online
navor.tech
shopnaver.online

# Reference: https://www.virustotal.com/gui/file/3f28111049a876533a0f5f00a72ca3beadfc641b97f3db682127546fac89fc22/detection

http://185.45.192.58

# Reference: https://twitter.com/0x6rsk/status/1673338228512833536
# Reference: https://www.virustotal.com/gui/ip-address/81.19.135.239/relations
# Reference: https://www.virustotal.com/gui/file/4defa1f795d69d38168bffecbc19f571c61a095862713fd91cb646f344ef53c0/detection

twelveelevensoup.at

# Reference: https://twitter.com/ReBensk/status/1677266775183101952

makepoint.in

# Reference: https://www.virustotal.com/gui/file/ad4cdeca5e669d83e89f785f0e10d0de8ad6409412c43984c484e56b6a5d114c/detection

http://5.252.176.205
5.252.176.205:8000

# Reference: https://blog.cyble.com/2023/07/10/the-turkish-government-masqueraded-site-distributing-android-rat/
# Reference: https://www.virustotal.com/gui/file/414ea005199ba221c0048a4a7c544ae3e0891c9fe1634bbfc0cd6f3938b5f029/detection
# Reference: https://www.virustotal.com/gui/file/68035c06c9ee1076a40d270029522dd21136e5c4bbec534768d2296af2212062/detection
# Reference: https://www.virustotal.com/gui/file/68b56ef06b2c9403ade11bebef939fa4e754f44647cd2e313355568f87739942/detection

a2a2a2a.life
scanyalx.online

# Reference: https://twitter.com/malwrhunterteam/status/1678869616192307200
# Reference: https://www.virustotal.com/gui/file/49a91f482893aa45b6f119e66c7150aec81624ddab45fa7a1d18eb0b3861c5c7/detection

jio-mart.online

# Reference: https://twitter.com/0x6rss/status/1677385997984894976
# Reference: https://www.virustotal.com/gui/ip-address/80.66.64.23/relations
# Reference: https://www.virustotal.com/gui/file/e8f0e535d89dd62514947b8bc50bef37636fae9dfd34290075755fab7cceebc2/detection

babypetstore.shop
bicyleinworld.shop
bookandstorer.shop
hammora.shop
juarezcompany.shop
yusracompany.shop
yusrajuarezcompany.shop
emv1.yusrajuarezcompany.shop

# Reference: https://www.virustotal.com/gui/file/ddd68bcc86c504405b883279c339baa659b35d4d4f75bf89d25d891e9b04b1ad/detection

g4ctsneogzmf7ndrxzld8gfewebq20ef2e.org
smsreciver.g4ctsneogzmf7ndrxzld8gfewebq20ef2e.org

# Reference: https://twitter.com/malwrhunterteam/status/1680106945464741888
# Reference: https://www.virustotal.com/gui/ip-address/89.117.157.164/relations
# Reference: https://www.virustotal.com/gui/file/f389b3b74fa249ef70f3ff934c6cb7286bd7bede8ebed30e868f99e920277ec8/detection
# Reference: https://www.virustotal.com/gui/file/a0c839b834671048f0f9115689262dd71991d2d157fbd97e8aa64ecacd6e2dfd/detection
# Reference: https://www.virustotal.com/gui/file/d92b075f8101f309c70bb33f5c95e2f065ddafdd2912f1b0ac399a56c4419584/detection
# Reference: https://www.virustotal.com/gui/file/13b13c8c6acc47b6d15359058303dd28b9234b6b2a7e71134cd4e5a1e253e264/detection

alleso.online
danonymous.net
ax.danonymous.net

# Reference: https://twitter.com/ReBensk/status/1683011402129129472
# Reference: https://www.virustotal.com/gui/file/2729f26e4c807f9e50b357442bb647a0750a051b88d0e4eeb7c1383579e87129/detection

bananasplit.shop
api.bananasplit.shop

# Reference: https://twitter.com/saridzawa2/status/1683054194595430403

casanossolar.shop
api.casanossolar.shop
apks.casanossolar.shop
klremota.casanossolar.shop

# Reference: https://twitter.com/malwrhunterteam/status/1683844371878215680
# Reference: https://twitter.com/ni_fi_70/status/1684084270376030209
# Reference: https://www.virustotal.com/gui/file/a8f5530a0030b5860cd5644277fa383890cc014d124af251a6d6feec6152b129/detection

four-theta.vercel.app
prestashop-136764-0.cloudclusters.net

# Reference: https://twitter.com/malwrhunterteam/status/1684573424793026562
# Reference: https://www.virustotal.com/gui/file/5aa2d9d64c93f3617bff0a6e5cc4eee94e7d2e0fd487c2a87effaa02fa147a8a/detection
# Reference: https://www.virustotal.com/gui/file/8fb0e47a66b1345ff8fa9e4de6c6c2f37acb3f08f522f86fd1c1c571a796cbee/detection

amhd2.live
hd123.shop

# Reference: https://twitter.com/malwrhunterteam/status/1685918864889044992
# Reference: https://www.virustotal.com/gui/file/78717e9d1c49462417cf30ecc030e88a7f25159655666cf9d5dcaaf0f9844af1/detection

rewaa3.online

# Reference: https://twitter.com/malwrhunterteam/status/1685924846402703361
# Reference: https://www.virustotal.com/gui/file/77c281a288f741be5297f647653b26f180943c70a1415c54bc292397e71ca710/detection

citirewadshelps.trusting-swirles.139-59-37-223.plesk.page

# Reference: https://twitter.com/malwrhunterteam/status/1686368225356050432
# Reference: https://www.virustotal.com/gui/ip-address/8.217.194.149/relations
# Reference: https://www.virustotal.com/gui/file/d2e17b9ac466e56943f361e7d58b4deee189b7beb183ace0c5de169116b698ce/detection

ap-telegram.com
ap-telegram.org
apk808.org
google-telegram.com
ios-telegram.com
macao-telegram.org
mbhapk4.org
mbhapk5.org
mbhapk6.org
mbhapk7.org
mbhapk8.org
singapore-telegram.org
taiwan-telegram.org
telegram-ios.com
telegram-ios.org
telegram-iphone.com
telegram-iphone.org

# Reference: https://twitter.com/malwrhunterteam/status/1686369182781476864
# Reference: https://www.virustotal.com/gui/file/8690ee7578af76e67db31637de88426bf64abe06ecebe38048b3f949ea8806a5/detection

telegream1.oss-cn-hongkong.aliyuncs.com

# Reference: https://twitter.com/malwrhunterteam/status/1686372147370016768
# Reference: https://www.virustotal.com/gui/file/0b60cd1e3a9c9057e39cd9b893bf6acabfc8c02255d9486248cb8c966f6ee363/detection

creditcardhelpdesk.in
digikyc-b8fb6-default-rtdb.firebaseio.com

# Reference: https://twitter.com/malwrhunterteam/status/1686374818353164288
# Reference: https://www.virustotal.com/gui/file/2e1d57328f060abc897351f79b84436cbcb7385cec06402788bbdc20262e986d/detection

bghyj.oss-ap-southeast-1.aliyuncs.com

# Reference: https://twitter.com/malwrhunterteam/status/1687039200627953664
# Reference: https://www.virustotal.com/gui/file/a76ff3d76016647ea04a10c69dea04bcfff5b20d87ff3d097d49e1103729bc53/detection

telegramorgandroid91.oss-cn-hongkong.aliyuncs.com

# Reference: https://twitter.com/malwrhunterteam/status/1687194772803600384
# Reference: https://www.virustotal.com/gui/file/8f5031a81ef12895d8f87029384fea49c84bcca38d8a476677e73d2a87db9101/detection

love-to-shopping.com
bb-adm.love-to-shopping.com
bb-api.love-to-shopping.com

# Reference: https://www.virustotal.com/gui/file/be8c9b283138b31de27b7f4457d1e92d13282c293f365f9dde6a1cb1ab492341/detection

bhola-88930-default-rtdb.firebaseio.com

# Reference: https://twitter.com/malwrhunterteam/status/1687451367680380928
# Reference: https://www.virustotal.com/gui/ip-address/154.41.253.213/relations
# Reference: https://www.virustotal.com/gui/ip-address/216.10.242.37/relations
# Reference: https://www.virustotal.com/gui/ip-address/68.178.172.157/relations
# Reference: https://www.virustotal.com/gui/file/37f5e8f38df386c701279082022eef82440ccdd249f8102cbb87877bae98d0a0/detection
# Reference: https://www.virustotal.com/gui/file/10f627e886dbe37b7c1bbd08c1f3c498f7e3a92dc2c3ef28a8085d341966e85e/detection
# Reference: https://www.virustotal.com/gui/file/68627e916bf63fe2c8215ab1f4b634f50bf074ec99fae0f8cefb6fd62a6db562/detection
# Reference: https://www.virustotal.com/gui/file/9a46976998e50b8ea4b04738f45f9c633fdc67ce8295d0852a2cd9c03449ade9/detection

limits-increase.in
aubank.limits-increase.in
axisbank.limits-increase.in
bank.limits-increase.in
indus.limits-increase.in
me.limits-increase.in
sbi.limits-increase.in
test.limits-increase.in

# Reference: https://twitter.com/malwrhunterteam/status/1687460916613332993
# Reference: https://www.virustotal.com/gui/file/f8dd8f8059251cce725f6e8b8c73986d5a375efdf9162bf511c0a4b14062492e/detection

promobuys.online

# Reference: https://twitter.com/malwrhunterteam/status/1687482431496945664
# Reference: https://www.virustotal.com/gui/file/964edd1e0baf0c9a2ad5c32a4a758127447c42436198bc4128acd15ff5682964/detection

nubankseg.d2bol9qnkv5wor.amplifyapp.com

# Reference: https://twitter.com/malwrhunterteam/status/1687850256992534528
# Reference: https://www.virustotal.com/gui/file/e940e20e3c13a4b8ab3b2cedf43df82ca0c86cbf3477d534cf3e3d3901cd8f6c/detection

mrhola.000webhostapp.com

# Reference: https://twitter.com/0xduzgun/status/1689004855812395008

rapson.shop

# Reference: https://twitter.com/malwrhunterteam/status/1689939273141690368
# Reference: https://www.virustotal.com/gui/file/8d492ac234ee9efe18fc2ee67d689591ac73b813e6cc307d559c9d6ba852b9ef/detection

nucredito.onrender.com

# Reference: https://twitter.com/malwrhunterteam/status/1690107100599328769
# Reference: https://www.virustotal.com/gui/ip-address/187.17.111.96/relations
# Reference: https://www.virustotal.com/gui/file/f044490a6911efcdd4b89fb98dbe2d0aa0bbf923adce1783f07a86fa764c34b9/detection

1frutoproibido.site
anilitas-fans.website
daraacessorios.online
droidup.online
muupvp.online
nelcont.online
unicocadastro2022.site
apwe.droidup.online
blwe.droidup.online
enwe.droidup.online
pagwe.droidup.online

# Reference: https://www.virustotal.com/gui/file/dc8bf20b5e999fdd0dc6c9d9bd0538797a6d0fbb5e0d92884f2eef7a8bcca11a/detection

companynum.com

# Reference: https://twitter.com/malwrhunterteam/status/1685238160102498304
# Reference: https://www.virustotal.com/gui/file/c29b6330b2af515f4d5b8026b44cab28537ccf3e1378def5aa1547eaf2c3d5e9/detection

guard-payments.club
onlyfans.guard-payments.club

# Reference: https://twitter.com/malwrhunterteam/status/1691916456504770962
# Reference: https://www.virustotal.com/gui/file/a8c0df9563d945f286f7a5e73ec5a134362a28b6abe9400b2589b7eef91726cf/detection

postegro-lili.site

# Reference: https://www.virustotal.com/gui/file/7f0166dff1fb881a08311d252526609a2daf5b20dd0184d0ac06e2d7f4564125/detection

94.130.181.168:4002

# Reference: https://twitter.com/malwrhunterteam/status/1692899086725169451
# Reference: https://www.virustotal.com/gui/file/2f357150f68cfd87ea7185a3e5ee1f86c45faaaa3011e54d1a7047d5febb717f/detection

rt-internet-dogovor.ru

# Reference: https://twitter.com/blackorbird/status/1695018425280876563
# Reference: https://mp.weixin.qq.com/s/-7VwCv4EQg4ofYcoEyBkUQ

cbrewards.click
cbrewards.site
citialerts.in
esewa.me

# Reference: https://twitter.com/malwrhunterteam/status/1695023425343901982
# Reference: https://www.virustotal.com/gui/file/892bcb25b4f9e43b484cece18ec9c5def2e15dd44a37fc5a149f4261ae40dc90/detection

fotogarafa.cc

# Reference: https://twitter.com/malwrhunterteam/status/1695024827898232842
# Reference: https://www.virustotal.com/gui/file/ef312b7cafaff0e28b3f2a94622fe9d777ebed9ae836404fb5ad93d950c4a1e5/detection

trhaberler.website

# Reference: https://twitter.com/malwrhunterteam/status/1774176087766958095
# Reference: https://www.virustotal.com/gui/ip-address/192.210.229.35/relations
# Reference: https://www.virustotal.com/gui/file/60f9e6e38f7bf0ba269ed5a1f60df20a0025b490bf5f4aed124bcb36cefb109c/detection
# Reference: https://www.virustotal.com/gui/file/23be7abd489ea00b39163874f2dae64dd244bcb868048c2d9c562f6c591254c9/detection
# Reference: https://www.virustotal.com/gui/file/f07d0ef70c69e8c98f5013defd0b715e2e78725b2bf31b34cb67d36fe2b87bab/detection

http://192.210.229.35
http://192.3.124.14
gia.redirectme.net
gia.redirectme.net
hc.bounceme.net
p8.viewdns.net
rm.servehttp.com

# Reference: https://twitter.com/malwrhunterteam/status/1696848342066561075
# Reference: https://twitter.com/sysk1ll3r/status/1697001237365858535
# Reference: https://www.virustotal.com/gui/file/9ecf4a5c625e40d2cb9023b2b68d608392b0d104cef78c65d8e8d7bb5b6d3590/detection

http://62.4.23.119
kekotel.me
cloudflare.kekotel.me

# Reference: https://twitter.com/malwrhunterteam/status/1697562199793840450
# Reference: https://www.virustotal.com/gui/file/a8f821c1acf4d397fe754ac7754bd8bb473d17925479f40ae66439895b53faad/detection

offervirtualoffer.com

# Reference: https://twitter.com/malwrhunterteam/status/1699397700028944592
# Reference: https://www.virustotal.com/gui/file/9469b4883753c67169b6e5001f79431a7cff2da4ddd0ffeabd47b98f24cfc466/detection
# Reference: https://www.virustotal.com/gui/file/3a4cebc190df8b4717f844032272e9b6f4f3f09978b57d4d5cd1b66adea48e52/detection

mycomplaintservice.com

# Reference: https://twitter.com/0x6rss/status/1699559023719121383
# Reference: https://www.virustotal.com/gui/ip-address/135.181.66.173/relations
# Reference: https://www.virustotal.com/gui/file/7e8f6ea8bdd5f76ee429a10a0a3bda9b032d4e13f9de90d9e897f13655c8ba68/detection

corgyun.xyz
corgyunoo.xyz
corgyunqa.xyz
corgyunqp.xyz
corgyunqpa.xyz
app-3.corgyun.xyz
app-4.corgyun.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1701341015792103563
# Reference: https://www.virustotal.com/gui/file/c9843c0df07829e52ad96b3d46e4807e93120864835b4329cd646ff39a8d645a/detection

bonus.loclx.io

# Reference: https://twitter.com/malwrhunterteam/status/1704863501661950307
# Reference: https://www.virustotal.com/gui/file/81a52ba9e932ea4f565795bca4ca4eed6b60b507b89607365f91a1432902304e/detection

threebro.vercel.app

# Reference: https://www.virustotal.com/gui/file/0a21aa80d5c6764f09bf64f561157ab1fbbfd895db3dda2b44f2f93eb9794569/detection

http://81.161.229.185

# Reference: https://twitter.com/malwrhunterteam/status/1717109124033364274
# Reference: https://www.virustotal.com/gui/file/e6bccc592619b835e1c538506dfb115191068dec8b3b552f31f15ccb2ef24b88/detection
# Reference: https://www.virustotal.com/gui/file/5f380b99283b802861c44f197fbfc19afa41c26082a7e4bfe043372f1d49a539/detection
# Reference: https://www.virustotal.com/gui/file/4fabd84cd6947b7270b10cadbc32752b62b32421f0a02eb8fac48f9be23b1bfb/detection
# Reference: https://www.virustotal.com/gui/file/06e8cb799d1a763bbab9a1949eb02de33a0a0dc195fa282dc876380780ee0761/behavior

89.23.101.40:3000
89.23.101.40:3030
89.23.101.40:3033
tashkent.top

# Reference: https://falconfeeds.io/blog/post/trojan-malwares-are-targeting-major-indian-banking-system-661496

applicationkyc.pages.dev
bonusofferrewards.co.in
calm-fjord-69600.herokuapp.com
calm-garden-42338.herokuapp.com
cardupdatation.in
cardupdate.in
eranwithpoint.xyz
iciciirewards.online
kyc-update-app.web.app
onsubveaits.in
please-visitnow-immediately.com
pointcash.xyz
publicationofindia.top
sbi-kyc-app.web.app
sbi-kyc-apps-v-23.web.app
sbi-kyc-points.firebaseapp.com
sbi-kyc-update-immediately.firebaseapp.com
sbi-kyc-update-immediately.web.app
sbi-users-kyc-1.web.app
sbi-users-kyc-app.web.app
server455ic.herokuapp.com
server5478c.herokuapp.com
sheltered-dawn-11337.herokuapp.com

# Reference: https://www.virustotal.com/gui/file/a0a6048885a2b9461706b3456b17544d72ef9256fd81a0074ce10baffdad6c24/detection

tsprx.in

# Reference: https://www.virustotal.com/gui/file/6388977e534023952fb1c62c410ce06430457f6387981938ef1086eb13b69045/detection

kaskotak.com
els.kaskotak.com

# Reference: https://twitter.com/malwrhunterteam/status/1713143122425790600
# Reference: https://www.virustotal.com/gui/file/06371a72e7752d74614cc3377ff0f3ea664abedf0ce8c2ab5a5ff7caf9d8dea6/detection

demiurgic-burglary.000webhostapp.com

# Reference: https://twitter.com/ReBensk/status/1714326881548247113
# Reference: https://twitter.com/malwrhunterteam/status/1715722319220416715

hdfcoffers.loclx.io

# Reference: https://twitter.com/cyber__sloth/status/1714012963512684942
# Reference: https://twitter.com/cyber__sloth/status/1714013588266836154

owncloud-150509-0.cloudclusters.net
owncloud-150476-0.cloudclusters.net
owncloud-148461-0.cloudclusters.net
roundcube-149741-0.cloudclusters.net

# Reference: https://twitter.com/malwrhunterteam/status/1714359879811436979
# Reference: https://www.virustotal.com/gui/ip-address/68.178.170.93/relations
# Reference: https://www.virustotal.com/gui/file/a861d7018b9d033be25daab8c85a5143799e3e503a7418a00f7261b569622df3/detection

downloadapplication.in
auapply.downloadapplication.in
aunewcard.downloadapplication.in
dash.limits-increase.in
rblbank.limits-increase.in
rbl-limitis-increase.downloadapplication.in

# Reference: https://www.virustotal.com/gui/file/3e32b559c4e38ca15aa4da54e716494e714edd61b2da3ae9b5e3ed0b8ceab25e/detection
# Reference: https://www.virustotal.com/gui/file/e200a10f8e56425800da2a0ce7a0f0d3bb1ffc05f9baf85f70889e8d9d37d7a3/detection

blinkitdisconts.online
adm.blinkitdisconts.online

# Reference: https://twitter.com/malwrhunterteam/status/1714357338004410653
# Reference: https://www.virustotal.com/gui/file/a08fad8718aaf601d9c1a9dea53f0abcfd2c4fa77577318f8274d7a98951e86c/detection

hdrewd2.com

# Reference: https://twitter.com/malwrhunterteam/status/1714738792794320958
# Reference: https://www.virustotal.com/gui/file/04ea6f85ee304acdf3527f67a0fe97262fa64da9bf3354957658cf4b94fa1a44/detection

iciccard1-default-rtdb.firebaseio.com

# Reference: https://twitter.com/malwrhunterteam/status/1715782473991266760
# Reference: https://www.virustotal.com/gui/file/d989220cfbcd5cb9cedfcfc86c58eeda8c6a5c4f2b15b94b3371c5f88090a4e3/detection

edigitalkyc-default-rtdb.firebaseio.com

# Reference: https://news.drweb.com/show/?i=14755&lng=en&c=5
# Reference: https://otx.alienvault.com/pulse/651c3d1b75ef4b67af8fd142

nakopi-deneg.ru

# Reference: https://twitter.com/malwrhunterteam/status/1718357976124182819
# Reference: https://www.virustotal.com/gui/ip-address/195.123.224.81/relations
# Reference: https://www.virustotal.com/gui/ip-address/64.227.112.222/relations
# Reference: https://www.virustotal.com/gui/file/2647b709153fb6135d84fdbade7fd3632cbd3d00f7d7be9e3fbdb1d205efb5e3/detection
# Reference: https://www.virustotal.com/gui/file/066dfefd13a1836fa79f7583f34c2920174881ef0e72256ccf212976e5184a45/detection

apinetcom.com
comnetorginfo.com
addtr.online
adserver.com.tr
adserver.mobi
adwork.mobi
adzone.info
adzone.mobi
apkwiki.com
bvbv.online
emlak.mobi
indir.pw
indir.website
onlin-e.online
plaaystore.com
pubclick.online

# Reference: https://twitter.com/malwrhunterteam/status/1720198826315632794
# Reference: https://www.virustotal.com/gui/file/d83c1fc936e610713d075fcc99e180253104742ae33a1d74773e9a66706de86d/detection

mysupportcenter.in

# Reference: https://twitter.com/malwrhunterteam/status/1727978516140986874
# Reference: https://www.virustotal.com/gui/file/4ad7a133c66062ce7dd01773096416b8adf2d6b166f7d2453df363b6ff7df169/detection
# Reference: https://www.virustotal.com/gui/file/85ab8094adda266f88910aeb268e5c404863865cea9b02f4701a3497f536b6fd/detection
# Reference: https://www.virustotal.com/gui/file/8675e3122324799de7eeecbb45fbc9f267abd002d4358ae6e183128bad93a19e/detection
# Reference: https://www.virustotal.com/gui/file/f53ab5c47c55401f368e246e6ccbb4da21be69e3b6d3c8e84eb5bc1fceaf7418/detection

onlyfans-guard.com

# Reference: https://twitter.com/malwrhunterteam/status/1727780029776404716
# Reference: https://www.virustotal.com/gui/file/1c80567efb0b4ad10c97247862dd32fc8abc9cbb04f7e1e9c6624745d99dbd8c/detection

http://89.23.98.16
89.23.98.16:443

# Reference: https://twitter.com/malwrhunterteam/status/1728414391781970258
# Reference: https://www.virustotal.com/gui/file/0b57fb48e0eaec91b2b2a5beb594c7812ffdbdad6e6e7b721873c15ff66986f4/detection

iiicccc4rd-default-rtdb.firebaseio.com

# Reference: https://twitter.com/Merlax_/status/1730551063302832561

playstoreapp.fun

# Reference: https://www.virustotal.com/gui/file/3ed434e0899548b83fbc098fcd66eed34ec95dbfe9c2b6c9f64d6e09a6c650d4/detection

103.231.91.29:2255

# Reference: https://twitter.com/malwrhunterteam/status/1734598915364671947
# Reference: https://www.virustotal.com/gui/file/f5ac83c730de63a09738f02a8480c5b36f48637f1b11eb1e5c50dd4c59fc105a/detection

jailirtib.org

# Reference: https://www.virustotal.com/gui/file/39ad5623d984c532464fbc84ccca1fc16089ce08a5084beaaeee55bae46e84f1/detection

http://27.102.134.69
103.57.111.11:4141

# Reference: https://www.virustotal.com/gui/file/1797fbe6494e3f2522f6063f8583c4e981f896b891a4cc13eccdd6896891a0bc/detection

http://203.189.237.226

# Reference: https://www.threatfabric.com/blogs/android-banking-trojan-chameleon-is-back-in-action
# Reference: https://www.virustotal.com/gui/file/b7567acfb4f845e12622f0c7979b6e7c7d7d77f340cfd46cdb75f57955ef7424/detection
# Reference: https://www.virustotal.com/gui/file/3d50d6cd8d0b99197c4512244d4b5eb4b3e4c43ce1c08d78402cdf51f70c8946/detection
# Reference: https://www.virustotal.com/gui/file/2b0a4c17dec75503cdf190c02f68acebc45e890f4163e7a47fd194a8dbc75d9a/detection
# Reference: https://www.virustotal.com/gui/file/1b72da2cc6dfbd3360322fb265ea69b0716b679a13ef3d769b35a5dff628835d/detection
# Reference: https://www.virustotal.com/gui/file/0a6ffd4163cd96d7d262be5ae7fa5cfc3affbea822d122c0803379d78431e5f6/detection

158.160.59.53:45349
158.160.59.53:555
fastmainlines.co.in
/api/v1/bots/ffffffff-ba67-c5ba-0000-0000158ff472/

# Reference: https://twitter.com/banthisguy9349/status/1740365532300194203
# Reference: https://twitter.com/banthisguy9349/status/1740365796998840758
# Reference: https://twitter.com/TeamDreier/status/1740512558367531078
# Reference: https://www.virustotal.com/gui/file/01312f211e4b19abd2aa28def5eb9fc4acb3f3c845dffdc05f2a221872c2efdf/detection
# Reference: https://www.virustotal.com/gui/file/21f8b2797da05c82ee91f2f3c26c98ee7b2dcfa851108333ff48599050bcbb0c/detection

https://91.92.243.55
http://91.92.249.28
91.92.243.55:443
91.92.249.28:443

# Reference: https://twitter.com/banthisguy9349/status/1740369512409767980

http://91.92.243.45
91.92.243.45:443
b8nkz.cc
bankzz74fa7laaosnkmbnuotp7hmrwvtvqsh227ftthfnyrv2mnmfxqd.onion

# Reference: https://twitter.com/malwrhunterteam/status/1744391455462785347
# Reference: https://twitter.com/noexceptcpp/status/1744427289155129827
# Reference: https://www.virustotal.com/gui/file/c5be8731b02d7b7a398a9ed4223419260ab7e54b7028e3dbf063f0b58f102c61/detection

grobrothers.org
pingsafe.org
s.grobrothers.org
s.pingsafe.org

# Reference: https://twitter.com/malwrhunterteam/status/1746815735416934593
# Reference: https://twitter.com/midnight_comms/status/1747017584816353392
# Reference: https://www.virustotal.com/gui/file/f10a25ac6e4ffe2a65efc46d0e65d8d8fa50bd645ba73dd9908f41d0ef2779d2/detection

zugzwangwork9.aeza.network

# Generic

/get_sms?money=
/hdfc-offer/app/
/hdfc-offer/apps/
/nhcapital9/
/nhcaptn9/
/ubsrgk18/
/kbsbk24/
/nhbank6/
/nhcap6/
/servicest/sms2wx/
/servicest/sms2wx/Sms2WXService
/servicest/sms2wx/uploadMobileInfo
/contact.php?result=ok&action=get&androidid=
/contact.php?result=ok&action=download&androidid=
/contact.php?result=ok&action=upload&androidid=
/sms.php?result=ok&action=get&androidid=
/sms.php?result=ok&action=download&androidid=
/sms.php?result=ok&action=upload&androidid=

# APK

/Госуслуги.apk
/1SexChat.apk
/2040TL.apk
/4Android-System_obscure_super_super_encrypt2_flow signed.apk
/4.5GLte%20CV3.4%20signed.apk
/5G.apk
/8.8.8.8.apk
/Actualizar.apk
/Actualizar-5G.apk
/Adobe-Pdf.apk
/Adobe_Flash_2020v21113.apk
/Adobe_Flash_2020v21711.apk
/aggiornaBNL.apk
/Amazon%20Mall.apk
/AmazonMall.apk
/American%20Express.apk
/and22roidupdatefoora677lversionssystemapkforllalversioonsgog34ogleupdatev9.apk
/AndroidUpdate_m4xz3mncgwn5fe6fivlp1x0yuojo6dn9gry8zg1c.apk
/ANZ_Protection_v2.apk
/ApkIDE_japanpost1.apk
/appsicurezza.apk
/AssistenzaAvanzata.apk
/Assistenzaclienti.apk
/Avito.apk
/AvitoMoney.apk
/axis%20bank%20cc.apk
/axiscard.apk
/axisreward.apk
/axis_reward_point.apk
/Axis-Bank.apk
/axis-points.apk
/axisbank.apk
/AxisBank.v.2.6.05.apk
/ax_customer_point_0.0.1.apk
/axPoint_customer.apk
/BanCa26.apk
/BanCa28.apk
/bancasicura.apk
/BancaSicuraAPK.apk
/bancoestadoseguridad.apk
/BANCOESTADO-57044.apk
/bankguard.apk
/bankiasegura-1_enStr.apk
/bankkart.apk
/BankoKupon_build_obf.apk
/Barcelo%20Contrataciones.apk
/BBVA.apk
/BBVA_Prime.apk
/bbva-gdt.apk
/BBVA-Protect.apk
/BBVA%20Recibos.apk
/BBVA%20Update.apk
/BBVALock.apk
/BBVAESP78324.apk
/BBVAPAGOS-26687.apk
/BBVASecurity.apk
/bbva-gdt.apk
/BigBazar.apk
/BILDIRIM.apk
/BIGBAZAR%20MART.apk
/bigbazarmart.apk
/bigbazarmartoffer.apk
/bigbazarmarttoday%20dealbigbsbi.apk
/Bitbank.apk
/blinefm.apk
/BNLBancaSicura.apk
/bnlsicura.apk
/bnlsicura2.apk
/BPMToken.apk
/Captchator.apk
/CaixaBank%20Seguridad_obf.apk
/CaixaSignApp.apk
/Card%20Support.apk
/ccbankaxi.apk
/ccbbank.apk
/ChatSexvokrug.apk
/CheBancaToken.apk
/cloakerfast.apk
/complain-register.apk
/complain-support.apk
/Copia%20de%20Milanuncios.apk
/Coreeos4.5.10.apk
/Coreeos4.5.3.apk
/Correos244.apk
/Correos968.apk
/Correos2.17.15.apk
/Correos2.24.11.apk
/Correos2.24.12.apk
/Correos2.24.13.apk
/Correos2.24.14.apk
/Correos2.24.15.apk
/Correos2.24.9.apk
/Correos4.26.2.apk
/Correos455.apk
/Correos700.apk
/Correos831.apk
/Coustmer_Sopport_Service.apk
/crackturkey.apk
/customer_axis.apk
/customer_hd.apk
/Customer%20Support.apk
/CWB-4523576.PDF.apk
/cyber1212.apk
/icbcbank.apk
/Daivinchik.apk
/DHL.apk
/digikyc.apk
/e-digital-kyc.apk
/EarnMoney_wa_3011.apk
/EBA.apk
/ebasistem.apk
/entel4GLTE.apk
/ESBBVA9208.apk
/eugene.apk
/FiltroAntiSPAM.apk
/flashplayer_update_23.4.2.apk
/flashplayer_update11_5_1.apk
/FLPlayer.apk
/GAnalytics.apk
/GanhaCaixa.apk
/GanhaCaixa2.apk
/Global-Bank-updated.apk
/GoogleUpdate.apk
/govFirewall.apk
/grabmaid.apk
/facebook_version.0348.5345.3423.apk
/familycleans4u.apk
/hadibakalm.apk
/halkkampanya.apk
/hamrahpro.apk
/hana.apk
/hatatatat.apk
/HayatEveSigar.apk
/hdfc.apk
/HDFC_Credit_Card.apk
/HDFC%20Bank.apk
/hdfc%20reward.apk
/HDFC%20Redeem%20Points.apk
/hdfc-card-app.apk
/hdfc-offer.apk
/hdfc-offers.apk
/hdfc-offer-app.apk
/hdfc-points.apk
/HDFC-Rewards.apk
/HdfcBank.apk
/iAssist.apk
/ICICI%20Bank%20Credit%20Card.apk
/lClCl-BANK.apk
/lClCl-BANK-2.apk
/ICICI-KYC.apk
/ICICI_Cradit_Card.apk
/ICICI_Offers.apk
/icici-points.apk
/Icici_rewards.apk
/icici%20reward.apk
/ICICIBANK.apk
/IMTBANK.apk
/indus-offer.apk
/IndusInd.apk
/Instagram_shared_2020v27904.apk
/Intesasanpaolo.apk
/IntesaSanpaolo-Aggiornamento.apk
/IOSICURO.apk
/kakaobank.apk
/KasperskyAntivirus.apk
/KBANK.apk
/KBbank.apk
/KBank3.0.apk
/KBS2.0.apk
/koreabam.apk
/Kurulum.apk
/KYC.apk
/Liberomail.apk
/lotte.apk
/McAfee_Security.apk
/maidacall.apk
/messaggi.apk
/mgbank.apk
/MiCaixa.apk
/MicrosoftWord.apk
/Modulo-NU.apk
/Modulonubank.apk
/my-card.apk
/MyBNL.apk
/mymaid_beta_v7.0.5.2.apk
/nhbank.apk
/nhc2.0.apk
/ok.apk
/OKmall.apk
/One-Store-Today.apk
/onlyfansAnitta.apk
/OnlyFansV57RU.apk
/parler_update.apk
/PaySend.apk
/play%20protect.apk
/polarisbank.apk
/Post%20AG.apk
/Postbank.apk
/Postesicure.apk
/Promobuys.apk
/Protezione-Cliente.apk
/Prototipo_Segurança.apk
/Purolator.apk
/Rastreador.apk
/rblcard.apk
/Redeem.apk
/Reklam_engelleyici.apk
/reward-icici.apk
/Reward%20Points.apk
/royalfashion.apk
/ruralvia-seguridad.apk
/S.B.I.-KYC.apk
/sadsadfasf.apk
/safe.apk
/sal1000tl.apk
/Santander_Certificado.apk
/santander_seguridad.apk
/sasala.apk
/SBI.apk
/sbibank.apk
/SbiCard.apk
/SBI_Complaint.apk
/sbi-kyc.apk
/sbi-kyc-xyv3.apk
/SBI-Rewards.apk
/SBI-Rewardz.apk
/SBI-Reward-Point.apk
/scoins.apk
/secretalbum.apk
/secureapp.apk
/selcuknotenc_flow_anti.apk
/shinvest2.0.apk
/shsaving2.0.apk
/sicurezza.apk
/sicurezzabanca.apk
/SicurezzaInBank.apk
/sicurezzaweb.apk
/sincronizador.apk
/Sparkasse_Chrome_AntiVirus.apk
/SCRIGNO2.0.apk
/tejarat.apk
/tiktok.apk
/TradingView_obf.apk
/TRENDYOL.apk
/TURK-IFSA-VIDEOLARI.apk
/Uco_Bank.apk
/ucretsizizle.apk
/Union%20Bank%20Aadhar%20update.apk
/Update11.7.apk
/UpdateFlashPlayer_0g1t15jph0s85djlqye0msgvj22uw4jzleef6860.apk
/UpdateGoogleMarket_bbakwsw9zvyipi9uj7zkmsipch0umpetepv66hfj.apk
/UpdateWhatsApp_cka9bubxmlrkvhzy2msu5o8tjwh7db34p8va9voo.apk
/UPS101.apk
/UPS449.apk
/vatandaso.apk
/verificationcard.apk
/versionnew.apk
/VisaSecure.apk
/vizualizarpedido30543.apk
/vn84app.apk
/wooribank.apk
/Wooriib2.0.apk
/YZXL_14557.apk
/YZXL_14558.apk
/YZXL_14559.apk
/YZXL_14560.apk
/YZXL_14561.apk
/YZXL_14562.apk
/YZXL_14563.apk
/YZXL_14564.apk
/YZXL_14565.apk
/YZXL_14566.apk
/YZXL_14567.apk
/YZXL_14568.apk
/YZXL_14569.apk
/YZXL_14570.apk
/YZXL_14571.apk
/YZXL_14572.apk
/YZXL_14573.apk
/YZXL_14574.apk
/YZXL_14575.apk
/YZXL_14576.apk
/YZXL_14577.apk
/YZXL_14578.apk
/YZXL_14579.apk
/YZXL_14580.apk
/YZXL_14581.apk
/YZXL_14582.apk
/YZXL_14583.apk
/YZXL_14584.apk
/YZXL_14585.apk
/YZXL_14586.apk
/YZXL_14587.apk
/YZXL_14588.apk
/YZXL_14589.apk
/YZXL_14590.apk
/YZXL_14591.apk
/YZXL_14592.apk
/YZXL_14621.apk
/YZXL_14622.apk
/YZXL_14623.apk
/YZXL_14624.apk
/YZXL_14625.apk
/YZXL_14661.apk
/YZXL_14662.apk
/YZXL_14663.apk
/YZXL_14669.apk
/YZXL_14670.apk
/YZXL_14671.apk
/YZXL_14672.apk
/YZXL_14673.apk
/YZXL_14674.apk
/YZXL_14675.apk
/YZXL_14676.apk
/YZXL_14677.apk
/YZXL_14678.apk
/YZXL_14679.apk
/YZXL_14680.apk
/YZXL_14681.apk
/YZXL_14682.apk
/YZXL_14683.apk
/YZXL_14689.apk
/YZXL_14690.apk
/YZXL_14691.apk
/YZXL_14692.apk
/YZXL_14693.apk
/YZXL_14694.apk
/YZXL_14695.apk
/YZXL_14696.apk
/YZXL_14697.apk
/YZXL_14698.apk
/YZXL_14709.apk
/YZXL_14710.apk
/YZXL_14711.apk
/YZXL_14712.apk
/YZXL_14713.apk
/YZXL_14715.apk
/YZXL_14716.apk
/YZXL_14717.apk
/YZXL_14718.apk
/YZXL_14719.apk
/YZXL_14720.apk
/YZXL_14721.apk
/YZXL_14722.apk
/YZXL_14723.apk
/YZXL_14724.apk
/YZXL_14725.apk
/YZXL_14726.apk
/YZXL_14727.apk
/YZXL_14728.apk
/YZXL_14729.apk
/YZXL_14730.apk
/YZXL_14731.apk
/YZXL_14732.apk
/YZXL_14733.apk
/YZXL_14734.apk
/YZXL_14735.apk
/YZXL_14736.apk
/YZXL_14737.apk
/YZXL_14738.apk
/YZXL_14739.apk
/YZXL_14740.apk
/YZXL_14741.apk
/YZXL_14742.apk
/YZXL_14743.apk
/YZXL_14744.apk
/YZXL_14752.apk
/YZXL_14753.apk
/YZXL_14754.apk
/YZXL_14755.apk
/YZXL_14756.apk
/YZXL_14757.apk
/YZXL_14758.apk
/YZXL_14759.apk
/YZXL_14760.apk
/YZXL_14761.apk
/YZXL_14785.apk
/YZXL_14786.apk
/YZXL_14787.apk
/YZXL_14788.apk
/YZXL_14789.apk
/YZXL_14790.apk
/YZXL_14791.apk
/YZXL_14792.apk
/YZXL_14793.apk
/YZXL_14794.apk
/YZXL_14795.apk
/YZXL_14796.apk
/YZXL_14797.apk
/YZXL_14798.apk
/YZXL_14799.apk
/YZXL_14800.apk
/YZXL_14801.apk
/YZXL_14802.apk
/YZXL_14803.apk
/YZXL_14804.apk
/YZXL_14805.apk
/YZXL_14806.apk
/YZXL_14807.apk
/YZXL_14808.apk
/YZXL_14809.apk
/YZXL_14811.apk
/YZXL_14812.apk
/YZXL_14813.apk
/YZXL_14814.apk
/YZXL_14815.apk
/YZXL_14816.apk
/YZXL_14817.apk
/YZXL_14818.apk
/YZXL_14819.apk
/YZXL_14820.apk
/YZXL_14821.apk
/YZXL_14822.apk
/YZXL_14855.apk
/YZXL_14856.apk
/YZXL_14857.apk
/YZXL_14858.apk
/YZXL_14859.apk
/YZXL_14873.apk
/YZXL_14874.apk
/YZXL_14875.apk
/YZXL_14876.apk
/YZXL_14877.apk
/YZXL_14878.apk
/YZXL_14879.apk
/YZXL_14880.apk
/YZXL_14881.apk
/YZXL_14882.apk
/YZXL_14883.apk 
/YZXL_14884.apk 
/YZXL_14885.apk 
/YZXL_14886.apk 
/YZXL_14887.apk 
/YZXL_14888.apk 
/YZXL_14910.apk
/YZXL_14911.apk
/YZXL_14912.apk
/YZXL_14913.apk
/YZXL_14914.apk
/YZXL_14915.apk
/YZXL_14916.apk
/YZXL_14917.apk
/YZXL_14918.apk
/YZXL_14919.apk
/YZXL_14920.apk
/YZXL_14921.apk
/YZXL_14922.apk
/YZXL_14923.apk
/YZXL_14924.apk
/YZXL_14925.apk
/YZXL_14926.apk
/YZXL_14927.apk
/YZXL_14928.apk
/YZXL_14929.apk
/YZXL_15028.apk
/YZXL_15029.apk
/YZXL_15030.apk
/YZXL_15031.apk
/YZXL_15032.apk
/YZXL_15033.apk
/YZXL_15065.apk
/YZXL_15066.apk
/YZXL_15067.apk
/YZXL_15068.apk
/YZXL_15069.apk
/YZXL_15070.apk
/YZXL_15071.apk
/YZXL_15072.apk
/YZXL_15075.apk
/YZXL_15076.apk
/YZXL_15077.apk
/YZXL_15078.apk
/YZXL_15079.apk
/YZXL_15080.apk
/YZXL_15082.apk
/YZXL_15083.apk
/YZXL_15084.apk
/YZXL_15085.apk
/YZXL_15086.apk
/YZXL_15105.apk
/YZXL_15106.apk
/YZXL_15107.apk
/YZXL_15108.apk
/YZXL_15109.apk
/YZXL_15110.apk
/YZXL_15111.apk
/YZXL_15112.apk
/YZXL_15113.apk
/YZXL_15114.apk
/YZXL_15480.apk
/YZXL_15481.apk
/YZXL_15482.apk
/YZXL_15483.apk
/YZXL_15484.apk
/YZXL_15485.apk
/YZXL_15486.apk
/YZXL_15487.apk
/YZXL_15488.apk
/YZXL_15489.apk
/YZXL_15490.apk
/YZXL_15491.apk
/YZXL_15492.apk
/YZXL_15493.apk
/YZXL_15494.apk
/YZXL_15495.apk
/YZXL_15496.apk
/YZXL_15497.apk
/YZXL_15498.apk
/YZXL_15499.apk
/YZXL_15518.apk
/YZXL_15519.apk
/YZXL_15520.apk
/YZXL_15521.apk
/YZXL_15522.apk
/YZXL_15523.apk
/YZXL_15524.apk
/YZXL_15525.apk
/YZXL_15526.apk
/YZXL_15527.apk
/YZXL_15528.apk
/YZXL_15529.apk
/YZXL_15530.apk
/YZXL_15531.apk
/YZXL_15532.apk
/YZXL_15533.apk
/YZXL_15534.apk
/YZXL_15535.apk
/YZXL_15536.apk
/YZXL_15537.apk
/YZXL_15863.apk
/YZXL_15864.apk
/YZXL_15865.apk
/YZXL_15866.apk
/YZXL_15867.apk
/YZXL_15868.apk
/YZXL_15869.apk
/YZXL_15870.apk
/YZXL_15871.apk
/YZXL_15872.apk
/YZXL_15873.apk
/YZXL_15874.apk
/YZXL_15875.apk
/YZXL_15876.apk
/YZXL_15877.apk
/YZXL_15899.apk
/YZXL_15900.apk
/YZXL_15901.apk
/YZXL_15902.apk
/YZXL_15903.apk
/YZXL_15904.apk
/YZXL_15905.apk
/YZXL_15906.apk
/YZXL_15907.apk
/YZXL_15908.apk
/YZXL_15909.apk
/YZXL_15910.apk
/YZXL_15911.apk
/YZXL_15912.apk
/YZXL_15913.apk
/YZXL_15914.apk
/YZXL_15915.apk
/YZXL_15916.apk
/YZXL_15917.apk
/YZXL_15918.apk
/YZXL_15949.apk
/YZXL_15950.apk
/YZXL_15958.apk
/YZXL_15959.apk
/YZXL_15960.apk
/YZXL_15961.apk
/YZXL_15962.apk
/YZXL_15963.apk
/YZXL_15964.apk
/YZXL_15965.apk
/YZXL_15966.apk
/YZXL_15967.apk
/YZXL_15968.apk
/YZXL_15969.apk
/YZXL_15970.apk
/YZXL_16069.apk
/YZXL_16070.apk
/YZXL_16071.apk
/YZXL_16072.apk
/YZXL_16073.apk
/YZXL_16074.apk
/YZXL_16075.apk
/YZXL_16076.apk
/YZXL_16077.apk
/YZXL_16078.apk
/YZXL_16171.apk
/YZXL_16172.apk
/YZXL_16173.apk
/YZXL_16174.apk
/YZXL_16175.apk
/YZXL_16178.apk
/YZXL_16179.apk
/YZXL_16180.apk
/YZXL_16181.apk
/YZXL_16182.apk
/YZXL_16183.apk
/YZXL_16184.apk
/YZXL_16185.apk
/YZXL_16186.apk
/YZXL_16187.apk
/YZXL_16188.apk
/YZXL_16189.apk
/YZXL_16190.apk
/YZXL_16193.apk
/YZXL_16232.apk
/YZXL_16233.apk
/YZXL_16234.apk
/YZXL_16235.apk
/YZXL_16236.apk
/YZXL_16237.apk
/YZXL_16238.apk
/YZXL_16239.apk
/YZXL_16240.apk
/YZXL_16241.apk
/YZXL_16358.apk
/YZXL_16359.apk
/YZXL_16360.apk
/YZXL_16361.apk
/YZXL_16362.apk
/YZXL_16363.apk
/YZXL_16364.apk
/YZXL_16365.apk
/YZXL_16366.apk
/YZXL_16367.apk
/YZXL_16368.apk
/YZXL_16369.apk
/YZXL_16370.apk
/YZXL_16371.apk
/YZXL_16372.apk
/YZXL_16373.apk
/YZXL_16374.apk
/YZXL_16375.apk
/YZXL_16376.apk
/YZXL_16377.apk
/YZXL_16378.apk
/YZXL_16379.apk
/YZXL_16380.apk
/YZXL_16381.apk
/YZXL_16382.apk
/YZXL_16383.apk
/YZXL_16384.apk
/YZXL_16385.apk
/YZXL_16386.apk
/YZXL_16387.apk
/YZXL_16388.apk
/YZXL_16389.apk
/YZXL_16390.apk
/YZXL_16391.apk
/YZXL_16392.apk
/YZXL_16393.apk
/YZXL_16394.apk
/YZXL_16395.apk
/YZXL_16396.apk
/YZXL_16397.apk
/YZXL_16398.apk
/YZXL_16399.apk
/YZXL_16400.apk
/YZXL_16401.apk
/YZXL_16402.apk
/YZXL_16403.apk
/YZXL_16404.apk
/YZXL_16405.apk
/YZXL_16406.apk
/YZXL_16407.apk
/YZXL_16423.apk
/YZXL_16424.apk
/YZXL_16425.apk
/YZXL_16426.apk
/YZXL_16427.apk
/YZXL_16428.apk
/YZXL_16429.apk
/YZXL_16430.apk
/YZXL_16431.apk
/YZXL_16432.apk
/YZXL_16433.apk
/YZXL_16434.apk
/YZXL_16435.apk
/YZXL_16436.apk
/YZXL_16437.apk
/YZXL_16438.apk
/YZXL_16439.apk
/YZXL_16440.apk
/YZXL_16441.apk
/YZXL_16457.apk
/YZXL_16458.apk
/YZXL_16459.apk
/YZXL_16460.apk
/YZXL_16461.apk
/YZXL_16462.apk
/YZXL_16463.apk
/YZXL_16464.apk
/YZXL_16465.apk
/YZXL_16466.apk
/YZXL_16467.apk
/YZXL_16468.apk
/YZXL_16469.apk
/YZXL_16470.apk
/YZXL_16471.apk
/YZXL_16488.apk
/YZXL_16489.apk
/YZXL_16490.apk
/YZXL_16491.apk
/YZXL_16492.apk
/YZXL_16493.apk
/YZXL_16494.apk
/YZXL_16495.apk
/YZXL_16496.apk
/YZXL_16497.apk
/YZXL_16498.apk
/YZXL_16499.apk
/YZXL_16500.apk
/YZXL_16501.apk
/YZXL_16502.apk
/ZorunluAndoridGuncellemesi.apk

# Reference: https://twitter.com/MrCl0wnLab/status/1745243191815635274

app-codigo-bbva.com

# Reference: https://twitter.com/luc4m/status/1745475786948145380

app-nuova.com
completar-aqui.com
descarga-aqui.com
descargar-nueva-app.com
formulario-personal.com
nuova-app-token.com

# Reference: https://twitter.com/malwrhunterteam/status/1746830258693710202
# Reference: https://twitter.com/midnight_comms/status/1747012719339778217
# Reference: https://www.virustotal.com/gui/file/c5e3ece0126eff00c3179d7d4376dd76af666e2dcbfd10bd0684dd2d0b7deba6/detection

maaaarts.in

# Reference: https://twitter.com/malwrhunterteam/status/1747651173534884268
# Reference: https://www.virustotal.com/gui/file/7b9723b877ab4070813979700c53ffb174985f48e70dfc406ee19ff6281d294f/detection
# Reference: https://www.virustotal.com/gui/file/da5bd7e2726405722f95dea19049fedaea4cb9b4d95f877167ecfea08aa4eb78/detection
# Reference: https://www.virustotal.com/gui/file/d8c8273f5bf44bb6325984c1d8b43914270efecca2ad2f2fb0fabec136656458/detection
# Reference: https://www.virustotal.com/gui/file/6d87f74477b91cc12998819e7191f064cbe9edbee76bcd90f0f92772fac471c4/detection

yadongrec.com
broler.shop
api.broler.shop

# Reference: https://unit42.paloaltonetworks.com/malicious-apks-steal-pii-from-chinese-users/
# Reference: https://www.virustotal.com/gui/file/2cf117abf5ced6d37e98068d1961b85f400ecede4c11ebd69cc5cc9629aaaacd/detection
# Reference: https://www.virustotal.com/gui/file/6e43d2d4f14b26a75b9094eb1bd509b0f63e069a3c97867bfb0ac6c2a154dcd6/detection
# Reference: https://www.virustotal.com/gui/file/0243e5090590c89af6b7534de5d7ef711ca0d1f7a587170a493ceada7b54522b/detection

http://13.250.172.152
http://18.143.192.34
http://18.166.72.58
http://52.221.181.208

# Reference: https://twitter.com/malwrhunterteam/status/1750590052001026402
# Reference: https://twitter.com/midnight_comms/status/1750858457618497877
# Reference: https://www.virustotal.com/gui/file/86774e6b5f6e155c98231010a1a93fbc9d9a629a3e7dbfbd62db3e898c9a33b0/detection
# Reference: https://www.virustotal.com/gui/file/dd70fd67cc25ba05eeefeb56a6f684d7f07c6b7c593e4224e4af26cd3d464c8f/detection
# Reference: https://www.virustotal.com/gui/file/dac8801640f21930748fab5f7b05ada2185c1f12cc813e59e0c028090746beed/detection
# Reference: https://www.virustotal.com/gui/file/15ed388cd62291d1740742f49157a40f8d8ed97532fa280f078aaae94779ca3b/detection
# Reference: https://www.virustotal.com/gui/file/bced48f492f1c9c38fbb81fde264e12585ea0bf5b4a986c6beaa59af3f7d19d9/detection

149.13.5.167:8080
185.255.95.13:25432
212.224.93.193:8080
95.217.157.143:25432

# Reference: https://www.virustotal.com/gui/file/2158d691fc832d2a101e263a22893ea0836d12cf2d5f9ff3a31f765cbdeb5cd8/detection

141.255.144.136:1177
141.255.144.194:1177
141.255.145.162:1177
141.255.147.235:1177
barkabarkabarka.ddns.net

# Reference: https://www.virustotal.com/gui/file/121e4e25911f4744fd079c15f46213561c75f62a6ee9a3e213e6c04449f88996/detection

141.255.144.84:1337

# Reference: https://www.virustotal.com/gui/file/14c67f723b36c724a79b7ef657a74fe8aec20bbce3c06779fde11006dcb9165f/detection
# Reference: https://www.virustotal.com/gui/file/2b3462925a9cf377b7af08fd6155dd1d2dfe94fd3614c22acf7b33ef293406fd/detection

141.255.144.195:4434
141.255.144.219:4434
141.255.144.84:4434
141.255.147.51:4434
217.20.209.16:4434
a7laax0.hopto.org

# Reference: https://www.virustotal.com/gui/file/f55a5adc413407f486d17a2d09d53dbc8fadeb7eb9d32ab0b50aaaecbf680a0d/detection
# Reference: https://www.virustotal.com/gui/file/d8711d26c3e4069328f13f93303d925d1dda2a80b56bed73615424fca83ec8b5/detection
# Reference: https://www.virustotal.com/gui/file/cc9ba13a425a187d522c881a3d9648fff6ecff269d499d19960f8abcfb3321b0/detection
# Reference: https://www.virustotal.com/gui/file/9315c1581dd74aee6a4f9ee944f4ba0ee083e61c33b601a41a6ab2876e949f53/detection
# Reference: https://www.virustotal.com/gui/file/5ee1448c14686743dc501a0c5c14edc95a1d9e9fa9cded549e5845d85e6cd305/detection
# Reference: https://www.virustotal.com/gui/file/533bdda8eccdeb4f1434e3bd816a33dcdb60808c6664003b29535832f341aca9/detection
# Reference: https://www.virustotal.com/gui/file/4bcc666c10c48ed2a0c227e96a49d02e760091634d3237fb4df54020b0f98abe/detection
# Reference: https://www.virustotal.com/gui/file/2278fd7235bf09bf08c9a81c06076240b144875dc28f44997eb7633b687078d2/detection
# Reference: https://www.virustotal.com/gui/file/0787f0df258e7111c6e0060e24d27de57ff3f59885020a5f4f56540bca084a12/detection

dbdb.addea.workers.dev

# Reference: https://www.virustotal.com/gui/file/0b482f807278eada7076a922a2dd8610244049e6aa31e9fdda59b8c66bf329e1/detection

79.137.205.212:8080

# Reference: https://twitter.com/malwrhunterteam/status/1752366951593021747
# Reference: https://www.virustotal.com/gui/file/ee3f7edc721a391a3dd14c72b2e8b5060261cdd5b31e87a29aed4ecf935143b2/detection
# Reference: https://www.virustotal.com/gui/file/b41b0912889b4b29127623dfba72f0402bfaca40ce0aad92e0077f9034782383/detection
# Reference: https://www.virustotal.com/gui/file/b217d64c0069c7c85edf120ae6b8401914ad343bfe02fd151b86208e17d84661/detection
# Reference: https://www.virustotal.com/gui/file/5583543b81a796986007951bda29a2bb5593aa7dcadcc6bcca5319b9fb22d20e/detection
# Reference: https://www.virustotal.com/gui/file/01d2e1a0c8091b8ec2cae47bbfefcf0bfb7264d7d3d5a95d364805a67adaf64a/detection

shineinterview.online
connect.shineinterview.online

# Reference: https://twitter.com/malwrhunterteam/status/1753059970508063040
# Reference: https://twitter.com/noexceptcpp/status/1753099339092918552
# Reference: https://www.virustotal.com/gui/file/6b23da94dd27bb077274ffd83f2e0cbd27c2ba9e390db8b2dcb32cee0e254c61/detection

filipkatrt.in
billupdateff-default-rtdb.firebaseio.com

# Reference: https://www.virustotal.com/gui/file/a3ed5d56be29901386547731d68d7b70fe00ffa52c4c442db8fc70725c0fa891/detection

sembrano.store
api.sembrano.store

# Reference: https://twitter.com/malwrhunterteam/status/1752662267764600873
# Reference: https://www.virustotal.com/gui/file/ea1834a3614a871f3d071413015637b9cc246b915a2a536ebdbbdd3e692bb8b6/detection
# Reference: https://www.virustotal.com/gui/file/e958a635a0e27edf2c4e1f812d2e2115525503b04391da362f2db5c28f8f1ea5/detection
# Reference: https://www.virustotal.com/gui/file/d1b4b154b4975284903a0268cb04e87578828dd40e1e970791be45a701dfb6ac/detection
# Reference: https://www.virustotal.com/gui/file/7fcc47b964af5bf878ad0b2661f7d1be51555decacb822595d0463f6c4a0a1bb/detection
# Reference: https://www.virustotal.com/gui/file/7407554ad598e66e81b011a050e75efc5d1589252080bd70fb04d15e18732517/detection
# Reference: https://www.virustotal.com/gui/file/536fa04377151c285a0ad8ecdd3565046167eca03e675c8835f3f56a62bd9c92/detection

quacklypay.online
urdu-jor-tor-default-rtdb.firebaseio.com

# Reference: https://twitter.com/malwrhunterteam/status/1753705453505090036
# Reference: https://www.virustotal.com/gui/file/e97258fc999c3f0441fd16a0e0ddb0d04fb6d49744d6b917913bd3c9d04cc10d/detection
# Reference: https://www.virustotal.com/gui/file/59b7ef53c39b1d2dff414b6a737fd1a3cff17893020f78f66d4709765376ece4/detection

156.251.25.66:5963
156.251.25.66:8873

# Reference: https://twitter.com/malwrhunterteam/status/1753750269966405670
# Reference: https://www.virustotal.com/gui/file/1320f3f84f553c78844fb07bf851cc3c626d6c7a2e5e534bc8de3de5667e5c73/detection

http://109.107.182.49

# Reference: https://twitter.com/malwrhunterteam/status/1754986869241065693
# Reference: https://www.virustotal.com/gui/file/41d7aa06c21bd1b06536243666619f116747b55e978b4a0a38dd582e094a5f82/detection

photos.salerozana.com

# Reference: https://twitter.com/ReBensk/status/1767564399781327123
# Reference: https://www.virustotal.com/gui/ip-address/185.16.39.47/relations
# Reference: https://www.virustotal.com/gui/file/65bbfa625aa4bed8889eeaebd086f0370ec48a4f8b14f6b76564d0ec6c3858fc/detection

app-login.top
app-open.online
app-update.download
app-update.online
black-sms.co
egh-apps.site
galaxytvapp-api.site
open-app.site
payload-sms.online
playstore-update.info
playstore-update.online
playstore-update.site
playstore-update1.online
sk-group-api.site
ultimate-sms.online

# Reference: https://www.virustotal.com/gui/file/d750850dccc45ece2603bdaa29b7d385df6eaa44b7999dcc115d270ce789819a/detection

015lja.gq

# Reference: https://www.virustotal.com/gui/file/d69d0a8e763a40fadc22b0e1891e9fa4e192538fedc69a9ef92e89e6c7a65126/detection

robomap.ml

# Reference: https://www.virustotal.com/gui/file/6cc5336ba16336d53ad36b5dbcab24fe99b43160683ebe47431616fe4a7147f0/detection

http://147.45.45.83

# Reference: https://www.virustotal.com/gui/file/00e9828f3e5043f826d98ed9088d2fb681385e72712e31f68fb02eee8509dea5/detection
# Reference: https://www.virustotal.com/gui/file/60bd7541256d68721e2165c0df1be03c5bdb55489e3f4a65cc1016495d9a9f07/detection

diginspire.in
just-stick.xyz

# Reference: https://www.virustotal.com/gui/file/00608dbf2156d8d8285bf7f072c2cb28f845a51370231aa24da14bb96ff5125b/detection

works.diginspire.in

# Reference: https://twitter.com/malwrhunterteam/status/1770514848859787266
# Reference: https://www.virustotal.com/gui/file/d4ef7a894cab80a8c5ad08c892489a86a54cc94518bb845e235105a4787e1b8e/detection

onicsimbh.com

# Reference: https://twitter.com/Merlax_/status/1772815651154935896

http://5.181.156.150
5.181.156.150:443

# Reference: https://www.virustotal.com/gui/file/e5074729a121c7308e207d22083b3e6cc6871585cb6e1dcaca659607f10269b2/detection
# Reference: https://www.virustotal.com/gui/file/1cba39fe25c4c16f35e3ed835bb0dc4b4429414ed4e4a0bb474f7ffa76927a40/detection

onlyfans-live.online

# Reference: https://www.virustotal.com/gui/file/b6cc64406310ad7b34c08f1dde36f8c456e752aab9c0697b3ab29695124152db/detection
# Reference: https://www.virustotal.com/gui/file/55742d15d2e4b88f5abf5c0a223cd028cba1bceaf030caa4d8278c48b8f3a98f/detection

http://185.209.28.250
185.209.28.250:443

# Reference: https://www.virustotal.com/gui/file/4fbdcceddeed4fc7ee7fbd9a27bb3fabcf066237ee3a79f9273637f1ea574a70/detection

myrattest-dd4df-default-rtdb.firebaseio.com

# Reference: https://www.virustotal.com/gui/file/6e4b34102b88e7e8bc677005ab63c6110b8d4fc67eff7a2ded99845a5c37b3ca/detection

billnew3-ccb27-default-rtdb.firebaseio.com

# Reference: https://www.virustotal.com/gui/file/1c86296c1934d8697a5c0770aef3fe391e503b9d031926fc0f19b55442b5f44a/detection

server21201g.onrender.com

# Reference: https://twitter.com/malwrhunterteam/status/1778364515001790818
# Reference: https://www.virustotal.com/gui/file/8e7ccb749f1e73b52c7d3ec844435b339efcf0eb0da6c40f4ef0784be57ac724/detection

5tr45ff4wg.000webhostapp.com

# Reference: https://twitter.com/malwrhunterteam/status/1779805653281730608
# Reference: https://www.virustotal.com/gui/ip-address/46.175.145.67/relations
# Reference: https://www.virustotal.com/gui/file/e19a7c8e4994ea4ed680136c9e3a6fff7b82c72f5743952821a446b6cb830f06/detection
# Reference: https://www.virustotal.com/gui/file/ddd9e5cfa9e1ddd8d849baef2b487a1608d1695f44c70f246c101de1275887dd/detection
# Reference: https://www.virustotal.com/gui/file/1d126e5904dde3b46175a4aae89eec1fb8a6b80e35b1f473878e5dd288f8aae6/detection
# Reference: https://www.virustotal.com/gui/file/17a16f08108e25af1c8b058adbaca2cada6a93c2d38c9854148f9e9caac76ac3/detection
# Reference: https://www.virustotal.com/gui/file/162f8c6bafe0c343c37f173344c4f6880eaec0aea7b491565db874366b161784/detection

1q2w.shop
hide-me.online
tbc-app.life
2f1c0b7d.tbc-app.life
csob-98.1q2w.shop
geo-4bfa49b2.tbc-app.life
george.tbc-app.life
rb-62d3a.tbc-app.life
rb.2f1c0b7d.tbc-app.life
rb.hide-me.online

# Reference: https://twitter.com/malwrhunterteam/status/1779771892607463661
# Reference: https://www.virustotal.com/gui/file/913f63b805c087563e2c516d48f890d89570237fac9b63e55dcea1a50c312e30/detection

cardmacdehsbc-apply-new-cards.online
cardsmacdehsbc-apply-new-card.online

# Reference: https://www.virustotal.com/gui/file/5cfafafc175d858e3fd886801458193a9577fa909ed5f2f19bf077a9a262b722/detection

iol0lio0liollliolio0ii0olli0.cc
easybackend.iol0lio0liollliolio0ii0olli0.cc

# Reference: https://twitter.com/malwrhunterteam/status/1781293030386839740
# Reference: https://www.virustotal.com/gui/file/19520556143759f2f68253b0f4a558a924ec3dba32e202c137bc500fba5bef7b/detection

mulatiserveraap0090.onrender.com

# Reference: https://securelist.com/soumnibot-android-banker-obfuscates-app-manifest/112334/

kt9.site
google.kt9.site

# Reference: https://www.virustotal.com/gui/ip-address/185.199.53.63/relations
# Reference: https://www.virustotal.com/gui/file/25fa9cbd3118111d31875a054d8a5a2a2c7254ae11bbc2b57df2c434375f66a2/detection

p4ni.cloud

# Reference: https://x.com/malwrhunterteam/status/1791566436936118557
# Reference: https://www.virustotal.com/gui/ip-address/185.199.53.63/relations
# Reference: https://www.virustotal.com/gui/file/ca7dfd2b264409710f84210af0f70af607624a871714b6e13f908fe0877fa6a1/detection
# Reference: https://www.virustotal.com/gui/file/bbc158917ecfa2b24b7373883f4490897635dd76d00119cd8f31f9e665118b02/detection

forwarding.live
p4niapi.forwarding.live

# Reference: https://www.virustotal.com/gui/file/4c50ea3d40b29724614727af9213a96e363a31595b6da289a4b6b5a6a0ba5eb3/detection

delivery-top.ru
/AvitoTracker.apk
/BlablaTracker.apk
/YandexDostavkaTracker.apk
/YandexUslugiTracker.apk
/YouDoTracker.apk

# Reference: https://twitter.com/banthisguy9349/status/1782455070279315645
# Reference: https://www.virustotal.com/gui/file/4db089fa45c1020a1afbccb6cc3b6d6787cf2ea0915cee8c30511a6bd442fdea/detection
# Reference: https://www.virustotal.com/gui/file/4170a728a436b2755e0751f8392309a0149996b5d48a27c04127a738b8c12cd2/detection

http://91.92.241.192
91.92.241.192:4444
lolamicene.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/dad9e0976d663f0b75e5913c8debcd2f55609f4064cbfaafb538ca056f876f76/detection

billupdate-b2a79-default-rtdb.firebaseio.com

# Reference: https://twitter.com/malwrhunterteam/status/1785307909263372759
# Reference: https://www.virustotal.com/gui/file/3fc0b858a342c470770daaccaa55bf6f4e49ea4a51cf0ff38ed8a2ffe2e1d96a/detection

sbdata-a6e34-default-rtdb.firebaseio.com
zero-a4c52-default-rtdb.firebaseio.com

# Reference: https://twitter.com/malwrhunterteam/status/1789014056986124765
# Reference: https://www.virustotal.com/gui/file/8ef518ee42217f4f84573f707e810b29c406402612ceb2773e00bb7edfbdb922/detection

sbd2sms-default-rtdb.firebaseio.com

# Reference: https://twitter.com/RacWatchin8872/status/1786023651726307398

60.18.118.119:88

# Reference: https://twitter.com/DaveLikesMalwre/status/1771505309153890553
# Reference: https://www.virustotal.com/gui/file/f4743556c5040fc790e3357b01a3f13633cd1849134879718f8b726fe5f76598/detection
# Reference: https://www.virustotal.com/gui/file/3f1caa8d3e56806547e03f6f4512c5aeef6b563984148cd3a7a1de3d137738d5/detection

vietgovca.com
vietnamtctgooc.com
vitegov.com

# Reference: https://twitter.com/malwrhunterteam/status/1788493794511397268
# Reference: https://www.virustotal.com/gui/file/33248337303ba86af033006546f3c0109114e8db755abbdf584cb72c4635d737/detection

94.156.79.207:8000

# Reference: https://twitter.com/malwrhunterteam/status/1789263341019451417
# Reference: https://www.virustotal.com/gui/file/025b806be9ea1b853d03c3a72502800599788e6e8f944a084a7de7ff56347e68/detection

complaintresolvers.com
resolvecomplaint9.complaintresolvers.com

# Reference: https://twitter.com/malwrhunterteam/status/1789258096071622905
# Reference: https://www.virustotal.com/gui/file/e60393a322b0d4f65495c0820e47ffbcb3319b0375bf04f45f98f0ef15b7a84a/detection

154.211.15.72:8324
/api/uploads/apisms

# Reference: https://twitter.com/malwrhunterteam/status/1789230789642670283
# Reference: https://www.virustotal.com/gui/file/e01d2ab0f3c21f6c0b8449476bf8ee7cec0ebc0b7f2f8c9c3398807ea0d68639/detection

apknew-39a2a-default-rtdb.firebaseio.com

# Reference: https://twitter.com/malwrhunterteam/status/1789420916989931991
# Reference: https://www.virustotal.com/gui/file/0598f1cda284ca08c37b280d4748c137f544aaca26f655658c86a46a22b12c5d/detection

ahas80186.pythonanywhere.com

# Reference: https://twitter.com/NDA0E/status/1789712209301352640

202.79.165.160:9080
202.79.165.162:9080
202.79.165.170:9080

# Reference: https://twitter.com/malwrhunterteam/status/1790486723689939219
# Reference: https://www.virustotal.com/gui/file/70749c5688a17f70ff840e7f411397bf2ee35cce7600862e4f8fd14bfbc3a9b9/detection

http://38.177.48.154
/obituary/index.php?phone/requestimage
/obituary/index.php?phone/savephone

# Reference: https://www.virustotal.com/gui/file/0000f15a002a7a5e966daa0aa6318c16d30341c9a97285e6360594002d64a01f/detection

104.255.152.61:7779
0djedia.duckdns.org

# Reference: https://www.virustotal.com/gui/file/00012ab343c3c77450eee6695fb53c9e4a61a8991fffab0bf36d142aad02de66/detection

104.255.152.61:7775
2118888.xyz
d.2118888.xyz

# Reference: https://x.com/malwrhunterteam/status/1791568003248627922
# Reference: https://x.com/banthisguy9349/status/1793675277261853153
# Reference: https://www.virustotal.com/gui/file/0e4d279cbbe4ad91c74404c21cff5e209249760fede4ba9d6d25fb90a154c1ec/detection
# Reference: https://www.virustotal.com/gui/file/55b3f96c6b675abefb16aaef41ac3572f99af3fc4e27bf2cc78414ec51ccb09a/detection
# Reference: https://www.virustotal.com/gui/file/e4c5323adb55426e3d1513422a7a4a98321d722ead406c7157ad88d9c88bc3ff/detection

77.91.124.14:173
77.91.124.14:200
77.91.124.14:201
77.91.124.14:250

# Reference: https://x.com/malwrhunterteam/status/1791921100923826212
# Reference: https://www.virustotal.com/gui/file/3ef56c613c6d4e6091be21b2dce376716ae520b3696a3ad3ecb2e9c477ffcea0/detection

helplinenumber83.com
canara-bank-407ce-default-rtdb.firebaseio.com

# Reference: https://www.virustotal.com/gui/file/02431074582ccb0c93f1a169b3a1f0a74730c222a3de5178bae48dfaaa801a94/detection

findutroeut.club

# Reference: https://x.com/malwrhunterteam/status/1792914705368879365
# Reference: https://www.virustotal.com/gui/file/8f888ebfedf14aa9906c2e1720093ab585fc4663be3d75ef0d8c03a2c39b1b78/detection

teserver007.onrender.com

# Reference: https://x.com/malwrhunterteam/status/1793208394376999219
# Reference: https://www.virustotal.com/gui/file/07ea0a73b6d33249f26a5393d30dca8977a1775439253d1b98cf4c157f402f88/detection

semakpdfcom.taplink.ws

# Reference: https://x.com/malwrhunterteam/status/1793282269978730801
# Reference: https://www.virustotal.com/gui/ip-address/195.35.22.89/relations
# Reference: https://www.virustotal.com/gui/file/81e4c4e2619be77ac489fe4dd6de901472eca6250509ed55a5df2bf16487564f/detection
# Reference: https://www.virustotal.com/gui/file/6209d11302c8cb08ffbc0edb60d222e8b15595c87502bd9032db9dbebd49c997/detection

comolain.info
sallu.info

# Reference: https://x.com/malwrhunterteam/status/1793644749167182151
# Reference: https://www.virustotal.com/gui/file/a8c7b80b6f08e76f22024f4a22ccd18cf81ad50a15ba058bf7dbd307de29bcf2/detection

canarra545-default-rtdb.firebaseio.com

# Reference: https://x.com/malwrhunterteam/status/1794500173839610239
# Reference: https://www.virustotal.com/gui/file/f61f0fb8b8f8ddfacbc4b1fa9713583f39fe3e3e70db23b801b39ee7b47be479/detection
# Reference: https://www.virustotal.com/gui/file/dca6fef201d670e9e94b45d4ddd8b99b624d68dfae4d824953bfa2418b47548f/detection
# Reference: https://www.virustotal.com/gui/file/c65de62d646dcfbee56740063fc607d60ab271e15d8feafe7fad73b81a09c288/detection
# Reference: https://www.virustotal.com/gui/file/72e8628eff093f88b60305801b821624561c810997285bac7017933d251629e9/detection

77.91.124.56:250
77.91.68.217:250

# Reference: https://x.com/malwrhunterteam/status/1795103148781994246
# Reference: https://www.virustotal.com/gui/file/ec2f59973066508a4e5d6b962e86e847b1686205e9ee1585b150f3d210fc97df/detection

update-ua3-default-rtdb.firebaseio.com

# Reference: https://x.com/malwrhunterteam/status/1795553624975720644
# Reference: https://www.virustotal.com/gui/file/56d3c161bd3919e6be9c073d2f02f30737d160e78372f226fe62fa0526ef9728/detection

200.9.154.202:8080
bnbempresta.fun
tst.bnbempresta.fun

# Reference: https://x.com/malwrhunterteam/status/1795786999158190222
# Reference: https://www.virustotal.com/gui/file/c2aa215dac0c7641b8c1452d9e30db4b4acdcb4c3f7d673440d69e3d6936ac06/detection

shine-interview-5b6c6-default-rtdb.firebaseio.com

# Reference: https://www.virustotal.com/gui/file/ad6ac0753455d5cdaff2324e98c4ee5df1b009a9f022555fb9941a529eacec6e/detection

lkcxkiu.xyz
lkgulidjnh2.xyz
lknuredvac.xyz
lksenopisua.xyz
lkvhshocjha.xyz
lkvivanidua.xyz
oodollert5va.xyz

# Reference: https://www.virustotal.com/gui/ip-address/198.98.62.145/relations
# Reference: https://www.virustotal.com/gui/file/002ee0f1368a03a9e2f72d7f2041c3d74ac5dd45f9f96236697eee5a7f305873/detection

cdkaq200.top
ngnwenh.top
a.cdkaq200.top
a.ngnwenh.top
3jqa0awh.duckdns.org
6thotml.duckdns.org
7jbockzc.duckdns.org
asc47hr6.duckdns.org
cvfb7d6.duckdns.org
gmyj4e7.duckdns.org
hhrhrsd.duckdns.org
sdgsahha.duckdns.org

# Reference: https://x.com/raghav127001/status/1798603167497928833
# Reference: https://www.virustotal.com/gui/file/6d47519034a8b145e2ab0dce85026b9b99ca02a82aa1dfd83ffec08118d65ff6/detection

bizgrit.online
ch00057.tw1.ru
sh5080551.c.had.su

# Reference: https://x.com/0x6rss/status/1799141355739808231

lxhaz.top
kef.lxhaz.top
rpc.lxhaz.top

# Reference: https://x.com/0x6rss/status/1800545200957530162
# Reference: https://x.com/9823f_/status/1800575871058870587
# Reference: https://x.com/0x6rss/status/1800853348469633415
# Reference: https://x.com/h4kb4n/status/1801050386952077509
# Reference: https://www.virustotal.com/gui/file/7b153be55e372db36a20534f8c484801a3acde6ef6bf030288493004c13a5e22/detection

16.163.253.122:8020
43.198.123.12:8010
43.198.123.12:8020
45.207.44.134:8092
a8b3rio.top
m9xszj6dla2q.top
pk6gb3.top
binance.pk6gb3.top
c205caomei.m9xszj6dla2q.top
c60pkex.a8b3rio.top
c999testdemo.pk6gb3.top
r90zing02.pk6gb3.top
r90zing06.pk6gb3.top
r999testdemo01.pk6gb3.top
r999testdemo02.pk6gb3.top
r999testdemo03.pk6gb3.top
r999testdemo05.pk6gb3.top
r999testdemo06.pk6gb3.top

# Reference: https://x.com/RacWatchin8872/status/1800569625975177582

caixa-geralp.com

# Reference: https://x.com/ReBensk/status/1800579670423011754
# Reference: https://www.virustotal.com/gui/file/bf5f20140bcb03cda537b605432d56d452b47d16630301d1c829704e29053eda/detection

mycreditpoint.online
mail.mycreditpoint.online

# Reference: https://x.com/ValidinLLC/status/1801690641774297502

hlkw2txo12ai.cyou
hlkw4523.icu
imgfafafa.com
maotaitp.cc
maotaitp.me
maotaitp.net
sljttpkj.com
sljttpkj.me
testnewline.info
tututu666.com
wlyimg.cc
wlyimg.com
wlytpkj.me
yanghetp.vip
fn1000mhk001.testnewline.info
mt.imgfafafa.com
mt.maotaitp.cc
mt.maotaitp.me
mt.maotaitp.net
tu.sljttpkj.com
tu.sljttpkj.me
vhdapc.i234.me
vhdapc.i234.me
yh.yanghetp.vip
yy.tututu666.com
yy.wlyimg.cc
yy.wlyimg.com
yy.wlytpkj.me

# Reference: https://x.com/maulikl/status/1811120958943453314
# Reference: https://app.validin.com/detail?find=390a6ad8c43e9f6c67a80649c184f509&type=hash&ref_id=1983492a2f3#tab=host_pairs_v2

http://91.92.240.200
http://91.92.241.3
g00gl0e.com
updateservice.digital
fctopenchoruser.tftpd.net
sdoschorsfacts.tftpd.net
swr0729008320.tftpd.net
swr0765009509.tftpd.net

# Reference: https://x.com/ReBensk/status/1813246450614116718
# Reference: https://app.validin.com/detail?find=184.168.122.142&type=ip4&ref_id=7f133b0ffe5#tab=resolutions
# Reference: https://www.virustotal.com/gui/file/c0658d5666af950992e762606105831505ee877948f2e24df41d059209bab17f/detection
# Reference: https://www.virustotal.com/gui/file/5e592d07e7084394a501fb2d74106cdb90e2550ae6d48a26d8a0cda63d18e1cf/detection

axiservices.com
cards-application.com
creditcard-app.com
indusserve.com
the-cards.in
axis.the-cards.in
axis-apply-now.the-cards.in
axis-service.the-cards.in
indus.the-cards.in

# Reference: https://x.com/malwrhunterteam/status/1813646246923387189
# Reference: https://www.virustotal.com/gui/file/d71a7fd52389d30837ce7c46b7c32da137746558148f43327582027f87ef0a6e/detection
# Reference: https://www.virustotal.com/gui/file/6252e1e668d53a48c4128b1096f2937508cdad3fa25382eda6fb9a66a61a9e34/detection

77.105.133.17:8080

# Reference: https://x.com/Zimperium/status/1818643598205706745
# Reference: https://x.com/9823f_/status/1818697817868693965
# Reference: https://www.zimperium.com/blog/unmasking-the-sms-stealer-targeting-several-countries-with-deceptive-apps/
# Reference: https://www.virustotal.com/gui/ip-address/37.77.107.18/relations
# Reference: https://github.com/Zimperium/IOC/blob/master/2024-07-OTP-Stealer/C2.txt

209.58.160.196:9082
fastsms2.su
huisadomen.su
2.proxicoin.org
giga4.campriority.org
giga6.campriority.org
giga8.campriority.org
giga10.campriority.org
s.6srvfcm.com
s.dt6remosa.org
s.greendeff.org
s.grobrothers.org
s.ht7joxar.org
s.jr2mutef.org
s.pingsafe.org
s.sh2gote.org
s.vi6jolifd.org
tg3.proxicoin.org

# Reference: https://www.virustotal.com/gui/file/808306d47ede3154baa562d37a5cd04bba2d5c194e214fca03238503afd77385/detection

brd.serveirc.com

# Reference: https://www.virustotal.com/gui/file/270b940322eed96cce371f85d265fb867f4bc667258404710fed7dca8a30e77e/detection

korea.onedumb.com

# Reference: https://www.virustotal.com/gui/file/7ada3a3db996925531e3f680957d5de902cedfc71ff6e8c576f9b6419820e761/detection

koarea.itemdb.com

# Reference: https://www.virustotal.com/gui/file/b91ecb4a73fcec31cb00f87815915522b4e7cb98f9d916cb9bd0a4b7f4b57c9c/detection

daliangdaliang.itemdb.com
daliangdaliang.onedumb.com

# Reference: https://www.virustotal.com/gui/file/f2e54a0ce9ccd4f1f8e10a065daf248a244e02fe21d60e5c1e9b49aa491218aa/detection

stk.itemdb.com

# Reference: https://www.virustotal.com/gui/file/df75a72225d2c2752a9d93462c2784960fc93a476768f94e65d316f7a6369ea1/detection

hhh.itemdb.com

# Reference: https://www.virustotal.com/gui/file/734738935835dd41050e3071976e93366db24ebd2d9414c2f051424609248fb2/detection

http://204.16.169.54

# Reference: https://x.com/NDA0E/status/1827043755385630958

106.7.94.109:9718
106.7.94.124:9718
106.7.94.175:9718
106.7.94.48:9718
106.7.94.61:9718
106.7.94.72:9718
106.7.94.73:9718
106.7.94.76:9718
106.7.95.133:9718
106.7.95.163:9718
106.7.95.199:9718
106.7.95.3:9718
106.7.95.44:9718
115.148.124.21:9718
115.148.124.241:9718
115.150.107.140:9718
115.150.107.209:9718
115.150.107.253:9718
115.150.107.83:9718
115.150.112.147:9718
115.150.112.231:9718
115.150.112.37:9718
115.150.112.92:9718
115.150.37.166:9718
182.101.150.111:9718
182.101.150.211:9718
182.101.150.212:9718
182.101.150.83:9718
182.98.1.195:9718
220.177.90.147:9718
220.177.90.179:9718
220.177.90.28:9718
220.177.90.59:9718

# Reference: https://x.com/malwrhunterteam/status/1828168553901756844
# Reference: https://www.virustotal.com/gui/ip-address/91.202.233.150/relations
# Reference: https://www.virustotal.com/gui/file/9314649d50d50031d23a1f8cee8dae7502e965adb3f5721398e89fb7f83428af/detection

banazaraka.top
tavako.top

# Reference: https://x.com/MichalKoczwara/status/1828858323627626913
# Reference: https://app.validin.com/detail?find=45.143.166.88&type=ip4&ref_id=e294b849cc0#tab=resolutions
# Reference: https://app.validin.com/detail?type=ip&find=45.59.120.20#tab=resolutions
# Reference: https://app.validin.com/detail?type=ip&find=45.86.229.248#tab=resolutions
# Reference: https://www.virustotal.com/gui/file/9d57217b740a9dba870e96db446745bc008e57a7356d6ace1f3c5c7059a22200/detection

bnp-fluvius.com
coinsph-secure.com
veri-info-auth.com
alpha.gr.veri-info-auth.com
gov.pl.veri-info-auth.com
itsme-id.com.veri-info-auth.com
itsme-veilig.id.veri-info-auth.com
itsme.id.veri-info-auth.com
itsme.veri-info-auth.com
myluxtrustlogin.lu.veri-info-auth.com
payconiq.be.veri-info-auth.com
safetycheck.veri-info-auth.com

# Reference: https://x.com/malwrhunterteam/status/1829260444697276839
# Reference: https://www.virustotal.com/gui/file/a09e67202c6527a5063beff64672f6a93ef318f057dd33d080511f9b604d8499/detection

institutoliterario.edu.mx
06b5dc89897a611c7efba30de3253491.lat
4aec4c9c981a00a790504f992c057986.mx
5ca2b920bb806eb148999f0a92080b6f.click
64a2ec701401bbd0dc01b679153af1de.xyz
ca4dabe904e25fce5f7bcb33d4028bff.pro
f21e155d4a3d68da99f40e8e6d0fad5e.info

# Reference: https://x.com/malwrhunterteam/status/1829627215648342054
# Reference: https://www.virustotal.com/gui/file/67db432ad914758488641bc4cd995edf5a443ada294b66c6ee7a0f1f110ceb4a/detection

http://208.115.109.246
thesshh.online

# Reference: https://www.virustotal.com/gui/file/2ec799b356ebedc807f294549cafae3b39b0a3fcb9ce86a77987c572dbae6c51/detection

affiliates-cruises-explicit-assure.trycloudflare.com
wellknownbyme-default-rtdb.firebaseio.com

# Reference: https://x.com/malwrhunterteam/status/1831569064268816604
# Reference: https://www.virustotal.com/gui/file/9c9b305f8fd31fc9db2f53a73668e5049de4e899bf436e5be9758940ca1c963f/detection

154.216.19.19:8000

# Reference: https://x.com/malwrhunterteam/status/1831692556771504426
# Reference: https://app.validin.com/detail?type=dom&find=google-download.one#tab=host_pairs_v2
# Reference: https://www.virustotal.com/gui/file/30afff95d7a4c4af2a82682ecc02ea4a41772ace88f2ddb7af37466813f24dd8/detection

google-download.one
umniydom.online

# Reference: https://x.com/malwrhunterteam/status/1832052086336348208
# Reference: https://www.virustotal.com/gui/file/027014be763384f64f2720dc1edecc2eae76025e4bfa6b90a8ec977d2d43e92f/detection

alinmaexchange.com

# Reference: https://x.com/malwrhunterteam/status/1833614493873516715
# Reference: https://www.virustotal.com/gui/file/d2aa3bda11d2bb9c965e330aed098515a3ba93ce40abc152c8e4f88af011fcff/detection

protonvpns.com

# Reference: https://x.com/malwrhunterteam/status/1835784614947770509
# Reference: https://www.virustotal.com/gui/file/e9e10601bf28c7cd7cbcb5c6b5d645497d1df88ff5847712865d04d7f0300d77/detection

keitoralo.top
download.keitoralo.top
four.keitoralo.top
id.keitoralo.top
three.keitoralo.top
two.keitoralo.top

# Reference: https://x.com/malwrhunterteam/status/1836043781595938909
# Reference: https://www.virustotal.com/gui/file/87f4a67542a8cbe3945f0056aaf68f2320c49fdb9fbeb7fc933cc41fccd90066/detection

new-bahrainn-default-rtdb.asia-southeast1.firebasedatabase.app

# Reference: https://x.com/malwrhunterteam/status/1836371609294180810
# Reference: https://x.com/ni_fi_70/status/1836753332699897883
# Reference: https://www.virustotal.com/gui/file/2b7b7681c4741966eeff8df1badc57e1c36cb972577f6b92e6461f9c727a39c5/detection

apijson.xyz
union-abhishek1-default-rtdb.firebaseio.com

# Reference: https://x.com/RakeshKrish12/status/1837417348283703355
# Reference: https://app.validin.com/detail?find=ICICI%20Bank&type=raw&ref_id=6d3248c8144#tab=host_pairs_v2
# Reference: https://www.virustotal.com/gui/ip-address/77.37.34.191/relations
# Reference: https://app.validin.com/detail?find=118.139.177.174&type=ip4&ref_id=8f6f8179306#tab=resolutions
# Reference: https://tria.ge/241013-jsnp3azgmp/static1
# Reference: https://www.virustotal.com/gui/file/cd89b4cc7dc155f30db39e31b30894ed11f3fb6ad0fe5b2d014b123e333084c6/detection
# Reference: https://www.virustotal.com/gui/file/e0631f4b6ea80583493f892448784695956dc42eaec9bf2a7a897c8d8aadd147/detection

ccpplan.info
cppcard.in
cppcard.info
cppcare.info
cppcc.info
cppcccare.com
cppdesk.info
cppdesk.online
cppicicicare.help
cpponcard.info
cpponcc.com
cpponcc.online
echallan.xyz
ibcppdesk.info
icicicardaapp.in
iciciccaard.xyz
icicicreditcard.in
iciciicard.in
imobilecard.co
manageaxis.online
myapponline.in
rbllcard.in
asdgdsgs.pages.dev
au.ccpplan.info
ftp.cppcccare.com
mail.iciciicard.in
icici-backup-default-rtdb.firebaseio.com
newax-d7dc6-default-rtdb.firebaseio.com

# Reference: https://app.validin.com/detail?find=82.112.229.220&type=ip4&ref_id=af61b1d9735#tab=resolutions

77aviator.net
accueil.mobili-juice.io
aetherway.in
aikawaz.pk
aikawaz.site
anudha.in
astrodpdubey.in
best.insureandsell.in
blogs.gstwada.xyz
bmw1.online
cjcea.in
colbay.online
crc2.online
cri1.online
cric.es
cricaa.online
criic.online
criir.online
deepankar.xyz
digimart.org.in
emailauth.online
geeeo.online
glora.life
gstwada.xyz
gurunanakdigitalagency.in
happinesscoachvasantha.in
hdfcergorenewalinsurancepolicys.in
heartfullblessings.org
inclarity-82-112-229-220.inclarity.net
inlie.online
insureandsell.in
interiorfix.in
ishashutter.in
job.jobonphone.in
jobonphone.in
jobs.techatphone.in
jrdinternational.in
kfc.restaurantfranchiseltd.in
kiyansh.org
malik1.cloud
manageaxis.online
manageicici.yonosbi.site
masterseng.org
mobili-juice.io
modei.cloud
mokhdom.cloud
namakkalactingdrivers.in
nasibo.online
newsdw.online
omsrivelavanjothidam.in
parivahan.echallan.xyz
parveenhub.online
playstore.echallan.xyz
rangoon.pk
rawnarajputjagrat.online
readbusiness.in
restaurantfranchiseltd.in
restaurantsfranchise.online
sdesheet.techatphone.in
shop.anudha.in
shop.zoonshop.me
smartkids.smartkidsghy.in
smartkidsghy.in
smdm.online
studiohue.in
sudai.cloud
sunandasathe.in
targettribe.in
task.kiyansh.org
techatphone.in
telugu.anudha.in
thilakb.thrivetechnologies.in
thrivetechnologies.in
tkelectrical.co.in
vahanparivahan.echallan.xyz
vdies.online
verify.emailauth.online
vinayaktextiles.in
vodies.online
wideangles.org
wonderjoy.in
yonosbi.site
zoonshop.me

# Reference: https://x.com/malwrhunterteam/status/1841005555713786003
# Reference: https://www.virustotal.com/gui/file/8de0a9cfd8daf3ff6d9e4c15eee38e0f5deb5aebdd1f23a5e6ca22a0002966c1/detection

idfc-4f54a-default-rtdb.firebaseio.com

# Reference: https://x.com/Cazandophishing/status/1841099527379451946

app-caixa.cc

# Reference: https://x.com/malwrhunterteam/status/1841216411970257118
# Reference: https://www.virustotal.com/gui/file/1006277747fcc576c0807ca64db860baf73afa9676ec7d015e1ccad9cf59ad6a/detection

axisallversions-default-rtdb.firebaseio.com

# Reference: https://x.com/malwrhunterteam/status/1845192740121846049
# Reference: https://www.virustotal.com/gui/file/437f2dd12f69964d11be12a5a1f0df844f410faa4d4972927bf89dd5301be9db/detection

http://173.0.49.20
http://216.244.76.20

# Reference: https://www.virustotal.com/gui/file/e101bf93a37fecd558e7f8bd10af207c9d2a962a19b3014daa0a0c50e7d9735e/detection

http://173.0.49.19
http://216.244.76.19
http://216.244.76.22

# Reference: https://app.validin.com/detail?find=SMS%E7%AE%A1%E7%90%86%E7%99%BB%E5%BD%95&type=raw&ref_id=836f1038457#tab=host_pairs_v2

http://104.247.194.46
http://104.247.197.194
http://104.247.197.195
http://104.247.197.196
http://104.247.197.197
http://104.247.197.198
http://104.247.197.199
http://104.247.197.200
http://104.247.197.201
http://104.247.197.202
http://104.247.197.203
http://104.247.197.204
http://104.247.197.205
http://104.247.197.206
http://107.148.132.134
http://107.148.20.227
http://107.148.89.140
http://107.149.212.54
http://107.149.212.92
http://137.175.84.22
http://137.175.84.29
http://137.175.84.75
http://137.175.88.150
http://137.175.88.157
http://137.175.96.59
http://137.175.96.60
http://137.175.96.61
http://141.164.49.172
http://158.247.195.35
http://162.245.239.170
http://162.245.239.171
http://162.245.239.172
http://162.245.239.173
http://162.245.239.174
http://162.245.239.194
http://162.245.239.195
http://162.245.239.196
http://162.245.239.197
http://162.245.239.198
http://162.245.239.202
http://162.245.239.203
http://162.245.239.204
http://162.245.239.205
http://162.245.239.206
http://162.245.239.250
http://162.245.239.251
http://162.245.239.252
http://162.245.239.253
http://162.245.239.254
http://173.0.49.10
http://173.0.49.11
http://173.0.49.12
http://173.0.49.13
http://173.0.49.14
http://173.0.49.34
http://173.0.49.36
http://173.0.49.37
http://173.0.49.38
http://173.0.49.51
http://173.0.49.52
http://173.0.49.53
http://198.251.82.109
http://198.251.82.226
http://198.251.82.33
http://198.98.49.128
http://198.98.49.250
http://198.98.52.245
http://198.98.53.112
http://198.98.55.165
http://198.98.60.99
http://198.98.61.39
http://199.195.251.52
http://199.195.253.173
http://199.195.254.188
http://205.185.116.162
http://205.185.118.108
http://205.185.122.131
http://205.185.125.109
http://206.119.170.57
http://206.119.170.61
http://206.119.170.71
http://206.119.170.77
http://206.119.170.83
http://208.115.109.242
http://208.115.109.243
http://208.115.109.244
http://208.115.109.245
http://208.115.125.178
http://208.115.125.179
http://208.115.125.180
http://208.115.125.181
http://208.115.125.182
http://209.141.32.233
http://209.141.35.124
http://209.141.45.249
http://209.141.48.188
http://209.141.58.188
http://216.244.74.178
http://216.244.74.179
http://216.244.74.180
http://216.244.74.181
http://216.244.74.182
http://216.244.76.18
http://216.244.76.21
http://23.179.32.16
http://23.179.32.17
http://23.179.32.18
http://23.179.32.19
http://23.179.32.20
http://38.12.202.194
http://38.12.202.195
http://38.12.202.196
http://38.12.202.197
http://38.12.202.198
http://38.12.202.199
http://38.12.202.200
http://38.12.202.201
http://38.12.202.202
http://38.12.202.203
http://38.12.202.204
http://38.12.202.205
http://38.12.202.206
http://38.12.202.207
http://38.12.202.208
http://38.12.202.209
http://38.12.202.210
http://38.12.202.211
http://38.12.202.212
http://38.12.202.213
http://38.12.202.214
http://38.12.202.215
http://38.12.202.216
http://38.12.202.217
http://38.12.202.218
http://38.12.202.219
http://38.12.202.220
http://38.12.202.221
http://38.14.90.65
http://38.14.90.66
http://38.14.90.67
http://38.14.90.68
http://38.14.90.69
http://38.14.90.70
http://38.14.90.71
http://38.14.90.72
http://38.14.90.73
http://38.14.90.74
http://38.14.90.75
http://38.14.90.76
http://38.14.90.77
http://38.14.90.78
http://38.14.90.79
http://38.14.90.80
http://38.14.90.81
http://38.14.90.82
http://38.14.90.83
http://38.14.90.84
http://38.14.90.85
http://38.14.90.86
http://38.14.90.87
http://38.14.90.88
http://38.14.90.89
http://38.14.90.90
http://38.14.90.91
http://38.14.90.92
http://38.14.90.93
http://38.33.209.1
http://38.33.209.10
http://38.33.209.11
http://38.33.209.12
http://38.33.209.13
http://38.33.209.14
http://38.33.209.15
http://38.33.209.16
http://38.33.209.17
http://38.33.209.18
http://38.33.209.19
http://38.33.209.2
http://38.33.209.20
http://38.33.209.21
http://38.33.209.22
http://38.33.209.23
http://38.33.209.24
http://38.33.209.25
http://38.33.209.26
http://38.33.209.27
http://38.33.209.28
http://38.33.209.29
http://38.33.209.3
http://38.33.209.4
http://38.33.209.5
http://38.33.209.6
http://38.33.209.7
http://38.33.209.8
http://38.33.209.9
http://38.33.213.65
http://38.33.213.66
http://38.33.213.67
http://38.33.213.68
http://38.33.213.69
http://38.33.213.70
http://38.33.213.71
http://38.33.213.72
http://38.33.213.73
http://38.33.213.74
http://38.33.213.75
http://38.33.213.76
http://38.33.213.77
http://38.33.213.78
http://38.33.213.79
http://38.33.213.80
http://38.33.213.81
http://38.33.213.82
http://38.33.213.83
http://38.33.213.84
http://38.33.213.86
http://38.33.213.87
http://38.33.213.88
http://38.33.213.89
http://38.33.213.90
http://38.33.213.91
http://38.33.213.92
http://38.33.213.93
http://38.33.217.65
http://38.33.217.66
http://38.33.217.67
http://38.33.217.68
http://38.33.217.69
http://38.33.217.70
http://38.33.217.71
http://38.33.217.72
http://38.33.217.73
http://38.33.217.74
http://38.33.217.75
http://38.33.217.76
http://38.33.217.77
http://38.33.217.78
http://38.33.217.79
http://38.33.217.80
http://38.33.217.81
http://38.33.217.82
http://38.33.217.83
http://38.33.217.84
http://38.33.217.85
http://38.33.217.86
http://38.33.217.87
http://38.33.217.88
http://38.33.217.89
http://38.33.217.90
http://38.33.217.91
http://38.33.217.92
http://38.33.217.93
http://38.33.236.33
http://38.33.236.34
http://38.33.236.35
http://38.33.236.36
http://38.33.236.37
http://38.33.236.38
http://38.33.236.39
http://38.33.236.40
http://38.33.236.42
http://38.33.236.43
http://38.33.236.44
http://38.33.236.45
http://38.33.236.46
http://38.33.236.47
http://38.33.236.48
http://38.33.236.49
http://38.33.236.50
http://38.33.236.51
http://38.33.236.52
http://38.33.236.53
http://38.33.236.54
http://38.33.236.55
http://38.33.236.56
http://38.33.236.57
http://38.33.236.58
http://38.33.236.59
http://38.33.236.60
http://38.33.236.61
http://38.33.26.1
http://38.33.26.10
http://38.33.26.11
http://38.33.26.12
http://38.33.26.13
http://38.33.26.14
http://38.33.26.15
http://38.33.26.16
http://38.33.26.17
http://38.33.26.18
http://38.33.26.19
http://38.33.26.2
http://38.33.26.20
http://38.33.26.21
http://38.33.26.22
http://38.33.26.23
http://38.33.26.24
http://38.33.26.25
http://38.33.26.26
http://38.33.26.27
http://38.33.26.28
http://38.33.26.29
http://38.33.26.3
http://38.33.26.4
http://38.33.26.5
http://38.33.26.6
http://38.33.26.7
http://38.33.26.8
http://38.33.26.9
http://38.33.36.1
http://38.33.36.10
http://38.33.36.11
http://38.33.36.12
http://38.33.36.13
http://38.33.36.14
http://38.33.36.15
http://38.33.36.16
http://38.33.36.17
http://38.33.36.18
http://38.33.36.19
http://38.33.36.2
http://38.33.36.20
http://38.33.36.21
http://38.33.36.22
http://38.33.36.23
http://38.33.36.24
http://38.33.36.25
http://38.33.36.26
http://38.33.36.27
http://38.33.36.28
http://38.33.36.29
http://38.33.36.3
http://38.33.36.4
http://38.33.36.5
http://38.33.36.6
http://38.33.36.7
http://38.33.36.8
http://38.33.36.9
http://38.33.50.193
http://38.33.50.194
http://38.33.50.195
http://38.33.50.196
http://38.33.50.197
http://38.33.50.198
http://38.33.50.199
http://38.33.50.200
http://38.33.50.201
http://38.33.50.202
http://38.33.50.203
http://38.33.50.204
http://38.33.50.205
http://38.33.50.206
http://38.33.50.207
http://38.33.50.208
http://38.33.50.209
http://38.33.50.210
http://38.33.50.211
http://38.33.50.212
http://38.33.50.213
http://38.33.50.214
http://38.33.50.215
http://38.33.50.216
http://38.33.50.217
http://38.33.50.218
http://38.33.50.219
http://38.33.50.220
http://38.33.50.221
http://38.63.12.161
http://38.63.12.162
http://38.63.12.163
http://38.63.12.164
http://38.63.12.165
http://38.63.12.166
http://38.63.12.167
http://38.63.12.168
http://38.63.12.169
http://38.63.12.170
http://38.63.12.171
http://38.63.12.172
http://38.63.12.173
http://38.63.12.174
http://38.63.12.175
http://38.63.12.176
http://38.63.12.177
http://38.63.12.178
http://38.63.12.179
http://38.63.12.180
http://38.63.12.181
http://38.63.12.182
http://38.63.12.183
http://38.63.12.184
http://38.63.12.185
http://38.63.12.186
http://38.63.12.187
http://38.63.12.188
http://38.63.12.189
http://38.63.252.40
http://38.63.252.41
http://38.63.252.42
http://38.63.252.43
http://38.63.252.44
http://38.63.252.45
http://38.63.252.46
http://38.63.252.47
http://38.63.252.48
http://38.63.252.49
http://38.63.252.50
http://38.63.252.51
http://38.63.252.52
http://38.63.252.53
http://38.63.252.54
http://38.63.252.55
http://38.63.252.56
http://38.63.252.57
http://38.63.252.58
http://38.63.252.59
http://38.63.252.60
http://38.63.252.61
http://45.207.44.10
http://45.207.44.103
http://45.207.44.104
http://45.207.44.106
http://45.207.44.111
http://45.207.44.115
http://45.207.44.14
http://45.207.44.173
http://45.207.44.176
http://45.207.44.182
http://45.207.44.187
http://45.207.44.193
http://45.207.44.198
http://45.207.44.204
http://45.207.44.209
http://45.207.44.216
http://45.207.44.222
http://45.207.44.28
http://45.207.44.42
http://45.207.44.47
http://74.121.188.10
http://74.121.188.11
http://74.121.188.12
http://74.121.188.13
http://74.121.188.14
http://74.121.188.18
http://74.121.188.19
http://74.121.188.20
http://74.121.188.21
http://74.121.188.22
http://74.121.188.26
http://74.121.188.27
http://74.121.188.28
http://74.121.188.29
http://74.121.188.30
http://74.121.191.186
http://74.121.191.187
http://74.121.191.188
http://74.121.191.189
http://74.121.191.190
http://93.179.112.59

# Reference: https://x.com/malwrhunterteam/status/1847272780552679866
# Reference: https://www.virustotal.com/gui/file/894d9b6be5746e1e625022d805940b98aa0c0e3749bdbe7eb7776e9d69d6f826/detection

punjabb.weebly.com

# Reference: https://x.com/malwrhunterteam/status/1848352824087732312
# Reference: https://www.virustotal.com/gui/file/0093f96a8f9299b88cd15270d53ef4df11eaa97241b2a47178dccca72afbddef/detection

amscan.site

# Reference: https://x.com/malwrhunterteam/status/1848463016968544514
# Reference: https://x.com/malwrhunterteam/status/1509791580332380184
# Reference: https://x.com/malwrhunterteam/status/1848656091866923464
# Reference: https://www.virustotal.com/gui/file/e5c11c9c88690d915ae9c73882f6b4f01dbe4c0e9957eb569d1077e90d9c0dde/detection
# Reference: https://www.virustotal.com/gui/file/a557751cd3f618ce1d12aec29e33328f2398d6f5695da55786f62c16dc689b0a/detection

5.56.12.150:8443
89.46.67.218:8443
assistenza-mobile.com

# Reference: https://x.com/malwrhunterteam/status/1848677333986615508
# Reference: https://www.virustotal.com/gui/file/41dae6def7649e26c6361065072e8dacf5123104ccbaca9728946ce301525f00/detection

omneyoa.online

# Reference: https://x.com/malwrhunterteam/status/1848670930303631729
# Reference: https://www.virustotal.com/gui/file/34045996a2cf14014418941b071c8bff966b94399d4ebd48bd4b38301a2c3aa6/detection

89.23.100.62:5000

# Reference: https://x.com/malwrhunterteam/status/1848457633574875201
# Reference: https://app.validin.com/detail?find=Shine%20Connect&type=raw&ref_id=18f5afca533#tab=host_pairs_v2
# Reference: https://www.virustotal.com/gui/file/93efef6d37daba1a3553fdaab119ee8c0d39b8ca0c945c7583f55efd2d36bdac/detection
# Reference: https://www.virustotal.com/gui/file/41d6638af707097b1b2b66ec14ab7d728ec7d31f45f73e85f0e9548a86da5f75/detection
# Reference: https://www.virustotal.com/gui/file/d1a096ab23a253563977738150a76e56aa80a9a8a9e9d4948af68cf50d34a003/detection

shineinterview.co
shineconnect.co
shineconnect.co.in
shine.ap.loclx.io
shine.eu.loclx.io
mail.shineconnect.co
mail.shineconnect.co.in
mail.shineinterview.co

# Reference: https://app.validin.com/detail?find=pvcp.php&type=dom&ref_id=7ab8d544dba#tab=host_pairs_v2
# Reference: https://app.validin.com/detail?find=%20Swachha%20Banki%20%3A%3A%20Home%20&type=raw&ref_id=7ab8d544dba#tab=host_pairs_v2

http://118.139.177.116
http://118.139.177.220
http://184.168.102.60
http://184.168.104.162
http://184.168.104.225
http://192.124.249.139
http://68.178.148.179
betadine.hk
mybetadinestory.com
safasambalpur.in
swachhaathagarh.in
swachhabanki.in
25e.678.mytemp.website
admin.safasambalpur.in
admin.swachhabanki.in
ijr.31c.mytemp.website
mail.safasambalpur.in
mail.swachhabanki.in

# Reference: https://x.com/malwrhunterteam/status/1848984372231208988
# Reference: https://www.virustotal.com/gui/file/6aac02a20ac01e6500a0eb2dd7335e91bef2c9d694983a243f2e91f6c13c6bf2/detection

http://173.0.49.27
http://173.0.49.34
http://173.0.49.35

# Reference: https://x.com/malwrhunterteam/status/1849369200222998965
# Reference: https://x.com/ni_fi_70/status/1849378270518657176
# Reference: https://www.virustotal.com/gui/file/8ea0df6ca0bd90eaa4e7fbfaa99575b51a416e23ebdf3cbb17aa58429c421cdc/detection

nsbx-d71nxa.com
num09.nsbx-d71nxa.com

# Reference: https://x.com/malwrhunterteam/status/1851208830455066776
# Reference: https://www.virustotal.com/gui/file/d5a09f44383921c139355476cf2b6919ad5f35c7e4a3697c015e38333be930bd/detection

http://216.244.84.218
http://216.244.84.219
http://216.244.85.243

# Reference: https://x.com/raghav127001/status/1851461736769155082
# Reference: https://x.com/onyphe/status/1851666681212314100
# Reference: https://search.censys.io/search?q=services.ssh.server_host_key.fingerprint_sha256%3A+df2c7d23c16afbb21041613dc1fddc8a823bfb5edcb377db449f243ca35d9a66&resource=hosts

http://216.244.76.235
http://216.244.85.242
http://216.244.85.244
http://216.244.85.245
http://216.244.85.246

# Reference: https://x.com/raghav127001/status/1851888898382934138

http://173.0.49.50
http://173.0.54.26
http://173.0.54.27
http://173.0.54.28
http://173.0.54.29
http://173.0.54.30
http://173.0.54.34
http://173.0.54.35
http://173.0.54.36
http://173.0.54.37
http://173.0.54.38
http://216.244.84.220
http://216.244.84.221
http://216.244.84.222

# Reference: https://x.com/prashant_92/status/1851726138365575205

http://104.244.72.106
http://104.244.75.230
http://104.244.76.205
http://104.244.78.105
http://104.244.79.114
http://104.244.79.27
http://107.189.1.147
http://107.189.10.181
http://107.189.10.206
http://107.189.12.33
http://107.189.2.233
http://107.189.29.193
http://107.189.29.213
http://107.189.31.108
http://107.189.4.117
http://107.189.5.11
http://107.189.5.32
http://107.189.6.96
http://107.189.7.35
http://107.189.8.39
http://149.30.202.43
http://149.30.202.45
http://149.30.202.47
http://149.30.202.54
/apk/gov.apk

# Reference: https://x.com/raghav127001/status/1851875603592679452

a1ed.one
a1eh.icu
a1et.rest
a1fg.mom
a1gb.one
a1hn.icu
a1mn.work
a1wd.one
ab1f.one
ad5m.wiki
advertismentonlineappi.com
ae1g.one
ae1p.mom
ag1n.rest
as1d.work
as1e.fit
as1g.icu
autoconfig.initium.social
az1e.wiki
az1k.one
az1n.icu
az1t.rest
b2ds.mom
b2hy.one
b2kf.work
b2kh.sbs
b2nf.one
b2ns.rest
b2ya.icu
ba2s.one
backend.tan90.best
backup.bewaakmijnwebsite.nl
bd2s.mom
bd2s.one
be6p.wiki
bewaakmijnwebsite.nl
bg2h.one
bh2k.icu
billing.cloudintegral.com
bn2f.wiki
bn2s.rest
bn2s.work
bn2u.mom
bn2u.xyz
c3au.one
c3da.one
c3hu.icu
c3kd.mom
c3ma.rest
c3pe.icu
c3pz.one
c3yu.icu
ca3b.one
ca3e.fit
ca3e.one
ca7u.wiki
cd3a.wiki
cd3e.one
chromachamber.com
cp.academe.in
cv3a.rest
cz3a.mom
cz3e.rest
d4bm.work
d4cg.icu
d4ky.icu
d4ma.one
d4st.rest
d4ug.one
d4ut.one
d4uy.icu
d4zu.mom
de4u.one
de4y.wiki
df4h.rest
df4k.fit
df4m.one
df4n.mom
dg4k.mom
document2meet.com
document2meet.nl
document2meetnl.document2meet.com
ds4a.one
dt4n.icu
dz8m.wiki
e5be.one
e5gu.rest
e5hn.work
e5kg.mom
e5pu.work
e5rd.icu
e5tb.icu
ea5s.one
ed5u.one
eg5f.work
em5u.one
es5k.icu
et5a.xyz
et5d.rest
et5k.wiki
et5m.fit
et5m.mom
et5p.one
et9n.wiki
f6ed.mom
f6kp.one
f6my.one
f6ne.one
f6nk.work
f6pd.rest
f6pm.work
fa6y.icu
fa6z.work
fe0p.wiki
fe6k.one
fg6b.icu
fg6k.mom
fg6k.one
fg6n.rest
fg6n.wiki
fg6n.xyz
fs6v.one
ft6e.work
ft6u.rest
ft6y.one
fu6m.sbs
fz6u.fit
g7ez.work
g7kn.one
g7me.rest
g7ph.one
g7yu.mom
ga7e.rest
gb7n.sbs
ge7h.one
gh7u.wiki
gn7d.one
gov.gh7u.wiki
gov.tu8m.wiki
group34952post.xyz
gu7p.one
gy7p.mom
gz7d.rest
h8dc.icu
h8dc.mom
h8ed.work
h8gb.one
h8kn.rest
h8ms.work
h8pu.one
h8um.sbs
hb8z.one
hd8n.one
hg8d.mom
hm8g.sbs
hs8z.rest
ht8p.fit
hu8b.wiki
hu8m.rest
hu8z.xyz
hz8t.sbs
i9ba.work
i9fg.one
i9fs.one
i9gu.rest
i9mh.icu
i9se.mom
i9yd.icu
ie9a.one
ie9h.mom
ie9y.one
ie9y.sbs
ig9s.rest
ik9m.rest
ik9s.wiki
ilikeyou.work.gd
instantequityacquisitions.com
initium.social
iu9a.fit
iu9f.work
iu9m.icu
j0bt.one
j0df.one
j0hs.rest
j0ka.mom
j0mt.work
j0nz.icu
ja0s.sbs
jb0c.xyz
jg0b.rest
jg0c.one
jk0d.work
jk0s.fit
jn0z.wiki
jt0d.one
ju0t.work
jz0e.mom
k1ba.rest
k1ea.icu
k1fs.one
ka1z.rest
kb1a.one
kg1z.fit
kh1b.mom
kh1t.one
kkkkhome.com
kn1c.wiki
kn1m.work
koken.document2meet.com
koken.staringonline.nl
kt1n.one
kylerkuntz.net
las.qzu.in
lowendstuff.com
lux735.dd818.lol
m1tn.icu
m2bh.icu
m2bk.icu
m2cu.rest
m2dc.sbs
ma1u.icu
ma2s.mom
ma2s.wiki
md2e.fit
md2s.one
me2g.rest
media.yiffi.es
mk2n.work
ms2e.one
ms2t.rest
mta-sts.initium.social
mx.bewaakmijnwebsite.nl
n2uh.icu
n3cu.one
n3df.icu
n3fu.sbs
n3kg.rest
n3td.one
nb3k.mom
nd3s.rest
ne3u.fit
nf3d.one
ng3d.one
ng3u.mom
nl.document2meet.com
ns1.massacreisland.com
ns2.massacreisland.com
ns3.plasmarack.com
nt2g.icu
nu3d.rest
nu3k.wiki
p3da.icu
p4dz.one
p4fu.rest
p4gb.work
p4ne.icu
pa4c.one
pa4m.wiki
phrosthaus.com
pk5s.mom
pt4e.work
pu4n.rest
pu4t.sbs
pu4y.mom
q5dk.rest
q5ed.icu
q5mn.one
q5ra.icu
q5sa.work
qe5a.rest
qe5c.work
qe5g.icu
qe5h.rest
qe5t.one
qe5u.sbs
qe5z.sbs
qm5a.fit
qs5d.wiki
qt4a.icu
qu5h.one
qw5e.mom
qz5g.mom
r6pa.one
r6yg.icu
r6zm.rest
ra6b.icu
rb6a.one
rd6s.sbs
re6m.work
real0002s.nefle.org
real002.nefle.org
rg6f.one
rm6g.rest
robotiseringnieuws.nl
rt6b.one
rt6e.rest
rt6n.mom
rt6n.wiki
rt6p.sbs
rt6z.work
rvideotube.com
s7gv.one
s7pt.icu
s7py.rest
sa7c.one
sd7k.sbs
sd7s.fit
sd7u.rest
se7m.one
se7p.wiki
server.thespreadsheetfactory.com
sm7p.mom
staringonline.nl
t8bp.work
t8dm.icu
t8gb.one
t8zd.rest
tactical.nyrvconcept.com
tan90.best
te8g.rest
te8m.sbs
tg8b.one
th8e.one
th8n.one
thespreadsheetfactory.com
thespreadsheetfactory.document2meet.com
thespreadsheetfactory.nl
thespreadsheetfactory.nl.document2meet.com
tu8f.icu
tu8h.one
tu8m.wiki
ty8h.fit
ty8h.mom
ty8n.rest
ud9e.wiki
ue9c.one
ug9b.one
ug9d.fit
ug9k.icu
ug9k.one
um9n.icu
update.tan90.best
us9a.work
us9c.mom
uy9d.sbs
uy9t.rest
v0bs.rest
v0fs.one
v0ut.icu
va0g.wiki
va0g.work
vb0p.one
vb0s.one
vd0e.fit
vd0t.one
ve0h.sbs
ve0s.mom
vegas.codeme.in
vegas.pathram.in
vg0p.mom
vg0t.icu
vs0b.rest
wa0t.icu
wa1n.wiki
xe2m.wiki
yiffi.es
yu3g.wiki
ze4k.wiki

# Reference: https://x.com/raghav127001/status/1851388048803823848
# Reference: https://www.virustotal.com/gui/file/36f940c5bc5cb0f50724a106d0263f68a624bc97f4f1a34b7a8736de6a976ec0/detection

rbllogin.com
rblcardsupport.com
rblloginsupport.com

# Reference: https://x.com/malwrhunterteam/status/1852769111123583142
# Reference: https://www.virustotal.com/gui/file/ee2719ac485107c213cfaaee014228ca7eaa28be7c8c06ef1cf8737d03b7f58f/detection
# Reference: https://www.virustotal.com/gui/file/7e34c34e155bb923df1a829a82f6b465265e18dace56df7fe9aaf2f179d86504/detection

http://47.238.224.247

# Reference: https://x.com/malwrhunterteam/status/1852791814832390647
# Reference: https://app.validin.com/detail?find=hakika.apk&type=dom&ref_id=79d00cb4d4c#tab=host_pairs
# Reference: https://www.virustotal.com/gui/file/b3c894b92e7c3a685695b51384997f349fcb4b80e5681c35a0489478c33946fb/detection

hakikaapp.com
hakikaapp.pages.dev
/Hakika.apk

# Reference: https://x.com/malwrhunterteam/status/1854287161589424207
# Reference: https://www.virustotal.com/gui/file/4d015bbac7e3f24ca6b0a29b8470a74d5b1ebd31710c5c02c7b068e5f94408e9/detection

igmsindia-ind.in
/IGMS-INDIA.apk

# Reference: https://x.com/malwrhunterteam/status/1856809492253495385
# Reference: https://tria.ge/241114-jeqbqswbma/behavioral2

89.23.102.250:8000

# Reference: https://x.com/malwrhunterteam/status/1859230204440236377
# Reference: https://www.virustotal.com/gui/file/c6d701287fa8b065989ef6f157b47249866d56ad857f296ccfa2c3745a3fe4a8/detection

onlinemeeting.online
shaadi.onlinemeeting.online

# Reference: https://x.com/malwrhunterteam/status/1860050944685408523
# Reference: https://tria.ge/241123-jgdqqa1mfy/behavioral3
# Reference: https://www.virustotal.com/gui/file/8b6d047c9a1985c0c15ef0452828e8a77270fe122f51b953d16f0d81c507cce3/detection
# Reference: https://www.virustotal.com/gui/file/8b0fe7267e752b5e2ae7c4981e174f34d7dde5b4fb2b8d662d2c1806432ce0f4/detection
# Reference: https://www.virustotal.com/gui/file/77a4a501302e6550cf97370534ba0b9258ed1716c15d748fb5a2f99936e9a177/detection

92.255.85.200:52997

# Reference: https://x.com/malwrhunterteam/status/1861413917089497224
# Reference: https://www.virustotal.com/gui/file/ddc0cc7a99bda377dcefb5fe1cabde3ba05b5863f3c5be2af7fef8d6bb5c696e/detection

noxiou-kic4.surge.sh

# Reference: https://x.com/JAMESWT_MHT/status/1868998971336937729
# Reference: https://www.virustotal.com/gui/file/fda01795c625190d7220dc242389a42b51b224f6f7a167591aab75ef6821d6bf/detection

http://173.0.54.6

# Reference: https://x.com/JAMESWT_MHT/status/1869393446693446090
# Reference: https://www.virustotal.com/gui/file/0218b00cbf40573fcbb4b87fa2f63391b9ab977abe77d07bd188e95d62890aa2/detection

sexyhotvideo-4-a6715-default-rtdb.firebaseio.com

# Reference: https://x.com/0x6rss/status/1871162086224457979

besa.top

# Reference: https://x.com/GetWinEvent_/status/1876605223038550166
# Reference: https://www.virustotal.com/gui/file/785ca681eb5e6921f8de8a5f372ca7bac238f8289877df0e8afa24b673c0084c/detection

axuath.com

# Reference: https://x.com/DaveLikesMalwre/status/1877130113201938648

downloadbanny.b-cdn.net
hi-smile-teeth.live
hismile.sale
hismilelive.top
payment.hi-smile-teeth.live
payment.hismile.sale
payment.hismilelive.top

# Reference: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

androidscamru-default-rtdb.firebaseio.com
rustore-apk.github.io

# Reference: https://x.com/Root0ne/status/1881291049253187932
# Reference: https://www.virustotal.com/gui/file/8e6948e5bd4acc159790519be2f9d35b72274a560d4c62b8ca50d2d85b554911/detection

92.255.85.200:51144

# Reference: https://www.virustotal.com/gui/file/d42ed0c68fc3e49a4bf6c1ce093294cd9a8a1e6bcdcf023d5d3780f53cbbf56a/detection
# Reference: https://www.virustotal.com/gui/file/1c8da36f328904b342dc348bc679bccb4cb2263b12838e521ff2cc5fede71c04/detection

claim-reward.co.in

# Reference: https://www.virustotal.com/gui/file/1825679fb5840bd63002a28656a69bd6bac120cb3d0d2dee9c396b198b5db109/detection

rewardrecalaim.com

# Reference: https://x.com/idclickthat/status/1884482934414926059
# Reference: https://app.validin.com/detail?find=I94%20-%20Official%20Website&type=raw&ref_id=00bbafdc939#tab=host_pairs (# 2025-01-29)
# Reference: https://www.virustotal.com/gui/file/67d14c9fc08ee96a3a639127fcf5254a2ae90a2d8eb4f27623eafac247318134/detection

cbp-dhs-gov.com
cbp-i94.com
cbpi94.com

# Reference: https://x.com/malwrhunterteam/status/1886869679701922017
# Reference: https://www.virustotal.com/gui/file/d2e1674c6d7c56fc2152f38249ee3ab70e4804bc80bdce939607749dd7529c8b/detection
# Reference: https://www.virustotal.com/gui/file/84ce37da4f7793393c5919f012751113545f84f8cd8d04f59f91232f04a1870c/detection

178.255.126.38:300

# Reference: https://x.com/malwrhunterteam/status/1888320691629416951
# Reference: https://www.virustotal.com/gui/file/52537ae43cc20c6c408dffddb83cc785cd942f43282047c4e48448f6576a75bd/detection

176.65.142.20:8000
176.65.142.20:8001

# Reference: https://x.com/malwrhunterteam/status/1888333937111347593
# Reference: https://www.virustotal.com/gui/file/243a385f677d2a0feda68471ebc940a6a135bb7edd27fa22e760ff9fa8fe9e91/detection

crowd-yandex-markets.store

# Reference: https://x.com/malwrhunterteam/status/1888319042240524567
# Reference: https://x.com/malwrhunterteam/status/1892897448529428876
# Reference: https://www.virustotal.com/gui/file/a0da6c0ac1a6a8ca52d2f92cdc364832e49894d6965d61762f5d1249669f66ff/detection
# Reference: https://www.virustotal.com/gui/file/2b501895a80eaf0ec747714dee89d6d1abbbec9155798f785d3f8f2cbe940ffd/detection

jsnsnn.loclx.io
tskasls.loclx.io
tirupaticarrental.co.in

# Reference: https://x.com/malwrhunterteam/status/1888328434012840275
# Reference: https://www.virustotal.com/gui/file/47aae330d61bc71b8030a18674687985bbf092b0b6ef752a380970cc06eb9bd3/detection

cyberdefensetech.cc

# Reference: https://x.com/malwrhunterteam/status/1887985844503347414
# Reference: https://www.virustotal.com/gui/file/25979f5e1dd7fb7a03fcb7c3d6a85d1286199739254585b17ced93ca217930d6/detection

vpn-for-you.com

# Reference: https://app.validin.com/detail?find=SMS%E7%AE%A1%E7%90%86%E7%99%BB%E5%BD%95&type=raw#tab=host_pairs (# 2025-02-15)

http://104.244.72.135
http://104.244.77.80
http://107.189.1.153
http://107.189.14.166
http://107.189.2.124
http://107.189.31.22
http://107.189.4.210
http://107.189.6.196
http://107.189.7.208
http://107.189.7.65
http://108.181.94.140
http://173.0.54.106
http://173.0.54.107
http://173.0.54.108
http://173.0.54.109
http://173.0.54.110
http://173.0.54.162
http://173.0.54.163
http://173.0.54.164
http://173.0.54.165
http://173.0.54.166
http://173.0.54.186
http://173.0.54.187
http://173.0.54.188
http://173.0.54.189
http://173.0.54.190
http://173.0.54.218
http://173.0.54.219
http://173.0.54.220
http://173.0.54.221
http://173.0.54.222
http://173.0.54.242
http://173.0.54.243
http://173.0.54.244
http://173.0.54.245
http://173.0.54.246
http://173.0.56.50
http://173.0.56.51
http://173.0.56.52
http://173.0.56.53
http://173.0.56.54
http://173.0.58.218
http://173.0.58.219
http://173.0.58.220
http://173.0.58.221
http://173.0.58.222
http://192.154.241.164
http://192.154.241.165
http://192.154.241.166
http://192.154.241.167
http://192.154.241.168
http://205.185.117.21
http://205.185.120.87
http://205.185.122.121
http://205.185.123.3
http://208.115.109.250
http://208.115.109.251
http://208.115.109.252
http://208.115.109.253
http://208.115.109.254
http://209.141.36.142
http://209.141.37.29
http://209.141.48.252
http://209.141.49.205
http://209.141.49.63
http://209.141.60.84
http://216.244.76.178
http://216.244.76.179
http://216.244.76.180
http://216.244.76.181
http://216.244.76.182
http://216.244.79.162
http://216.244.79.163
http://216.244.79.164
http://216.244.79.165
http://216.244.79.166
http://216.244.81.106
http://216.244.81.107
http://216.244.81.108
http://216.244.81.109
http://216.244.81.110
http://216.244.86.218
http://216.244.86.219
http://216.244.86.220
http://216.244.86.221
http://216.244.86.222
http://216.244.86.58
http://216.244.86.59
http://216.244.86.60
http://216.244.86.61
http://216.244.86.62

# Reference: https://x.com/malwrhunterteam/status/1890875688699171060
# Reference: https://www.virustotal.com/gui/file/a84653ebd7adbd498b267b83b4fc61824591774e5edbedca992bd2bc08589a5d/detection

89.19.214.205:6785

# Reference: https://x.com/malwrhunterteam/status/1892681604809531538
# Reference: https://tria.ge/250221-gpshqswrw6
# Reference: https://www.virustotal.com/gui/file/5bea82b0c2b0104c906a5fced2dc16771ce3c624578a81d88ecc454c577158c1/detection
# Reference: https://www.virustotal.com/gui/file/afd3227c4fb790a2033f99857417061be8eb1c3c1db0cc2910f252ed0959a3cc/detection

lapsclaim.co.in
lapsclaim.com
hdfclifeproject-default-rtdb.firebaseio.com

# Reference: https://x.com/malwrhunterteam/status/1894032187277586671
# Reference: https://app.validin.com/detail?find=God%20Panel%20-%20Login&type=raw&ref_id=4e3beb3885b#tab=host_pairs (# 2025-02-25)
# Reference: https://www.virustotal.com/gui/file/d7f2156eb4680fbc27d4421085996862a639412a03b34c0c1a73294ade68592b/detection

185.84.162.91:5000
62.60.226.104:5000
62.60.226.107:5000
62.60.226.108:5000
62.60.226.130:5000
62.60.226.133:5000
62.60.226.138:5000
62.60.226.62:5000
62.60.226.97:5000
62.60.226.98:5000
185.84.162.91:8000
62.60.226.104:8000
62.60.226.107:8000
62.60.226.108:8000
62.60.226.130:8000
62.60.226.133:8000
62.60.226.138:8000
62.60.226.62:8000
62.60.226.97:8000
62.60.226.98:8000

# Reference: https://x.com/illegalFawn/status/1896936202949017797

scrigno-popsologin.com

# Reference: https://x.com/dimitribest/status/1897046755939958921
# Reference: https://www.virustotal.com/gui/file/4d2ef8f7dcc4b39436062e5666cbf5e3d41f990a272b16660418ee60bde6cdd1/detection

154.216.19.131:8000
154.216.19.131:8001

# Reference: https://x.com/malwrhunterteam/status/1897623971589202076
# Reference: https://www.virustotal.com/gui/file/013499796241d6edc6ac22fc877962e7652934a8d7831041bbeee8e5bd0a8d46/detection

sha11.digitalbrands.live

# Reference: https://x.com/illegalFawn/status/1899031814276084174

aggiornamentoapp.com

# Reference: https://x.com/malwrhunterteam/status/1899735606755831848
# Reference: https://www.virustotal.com/gui/file/0ff4bf4f19faf11a1af76f759982eee3a70a80c6253085433c1dd243691dabb8/detection
# Reference: https://www.virustotal.com/gui/file/1abf1fe86e12e7364d39206334fc112db7d7f6a1e96e593cb5de90c1dafca968/detection

requestservice74.wixsite.com

# Reference: https://www.virustotal.com/gui/file/5560a09a5fc54dfc540800ba2a380444ab626de7fd938a14e5bdd53574e5593b/detection

89.23.102.235:400

# Reference: https://x.com/malwrhunterteam/status/1901571094059843880
# Reference: https://www.virustotal.com/gui/file/f923d33a841ab30ed66ce4fc07d4841f73560ddc74fc3e5f984dc65b7fac1d25/detection

dive-dm-zoning-terminal.trycloudflare.com

# Reference: https://x.com/malwrhunterteam/status/1901970918357733833
# Reference: https://www.virustotal.com/gui/file/c55a6cc4db0167c165af15867194045c04faa68896c245f8582302b69c822ec4/detection
# Reference: https://www.virustotal.com/gui/file/54ba99fe3575b011375c59d005608c9dec6add59ebd467f0a2732e1c43dab851/detection
# Reference: https://www.virustotal.com/gui/file/2501f5bd699fb58cd79d3f3490b57820464384b57de32daae994de2d82cd9d19/detection

185.100.157.240:8000
budeoplayer.live
onlyfans.ac
tradexsell.online
videoplayer.run

# Reference: https://x.com/malwrhunterteam/status/1902820395536752807
# Reference: https://www.virustotal.com/gui/file/78bbecf95e6a849fef4dae5b7a2854e74e1b8482ee1da2714e8515c8d25a1942/detection

62.60.226.108:8000

# Reference: https://x.com/solostalking/status/1902945676063059987

62.60.226.141:5000
62.60.226.141:8000

# Reference: https://x.com/OwnerProcessID_/status/1903053049372827823

62.60.226.128:8000
62.60.226.129:8000
62.60.226.160:8000
62.60.226.161:8000
62.60.226.162:8000
62.60.226.163:8000
62.60.226.164:8000
62.60.226.18:8000
62.60.226.30:8000

# Reference: https://x.com/malwrhunterteam/status/1904610110762344452
# Reference: https://www.virustotal.com/gui/file/7b537b0a46cbe83af7ee82258a0325b84884b063ff004cb436b3615c2083b39d/detection
# Reference: https://www.virustotal.com/gui/file/7bf4e830e65f5439ec8f864c32cd6b81bca6552275bb7c021d9fd22010e6e3bf/detection

37.27.213.9:2780

# Reference: https://x.com/alberto__segura/status/1908096411473686625
# Reference: https://app.validin.com/detail?find=tuktakpay.com%2F&type=raw&ref_id=f57498ef7e4#tab=host_pairs (# 2025-04-05)

autopaysolution.com
autopaysolution.com.65-109-35-215.cprapid.com
arianapay.com
bongope.com
boostseba.top
coxyfox.shop
ctgpay.com
jonota.live
lobongo.xyz
sunpaybd.top
syncbd.xyz
technegic.net
tsrhoster.top
tuktakpay.com
txpay.site
dev.bdbetterpay.com
freeapk.coxyfox.shop
mail.boostseba.top
mail.ctgpay.com
mail.tuktakpay.com
pay.boostseba.top
pay.syncbd.xyz
pay.tsrhoster.top

# Reference: https://x.com/alberto__segura/status/1903782709555519921
# Reference: https://app.validin.com/detail?find=PlayStore&type=raw&ref_id=46b4070f0da#tab=host_pairs (# 2025-04-08)

213.136.72.244:8010
7seven.toptvoficial.app
acessototalstore.pds01.site
akcceal.click
allshop.geckobr.xyz
app.forexsmarttrade.info
apps.admpro.shop
apps.servidorvalete.fun
apps.vplaycard.net
appu.fun
arnstore.pds01.site
atlasstore.pds01.site
atvplay.site
atvplay.top
bb-ei0.pages.dev
blaze.upoficial.xyz
bokastore.pds01.site
bowserstore.pds01.site
brada-8rl.pages.dev
bullstore.pds01.site
ca-3d4.pages.dev
channelplay.max1.site
cineflix.me
cinetv.lojadosaplicativos.com.br
cod.admpro.shop
dazbox.xyz
digitaltv.top
dispositivosicre-protge.store
flixtododiastore.pds01.site
freeconectstore.pds01.site
gamestoretop.com
globalplay.pds01.site
goatcoffee.click
goldiptvstore.pds01.site
gvisiontvstore.pds01.site
hadesapp.megaapp.store
hercshop.ptbr.shop
horizontv.crn.re
hplay.in
ibobrs.geckobr.xyz
iptv.geckobr.xyz
iptvbrasilstore.pds01.site
jedflix.megaapp.shop
l.legendamax.com
lo-cyh.pages.dev
loja-de-aplicativos-bob-show.reptel.top
loja-de-aplicativos-king-tv.reptel.top
loja-sb.reptel.top
loja-wave.tvcr.online
loja-wood-cine.reptel.top
loja.akcceal.click
loja.alfa-tv.xyz
loja.alphanet4g.online
loja.appswebon.shop
loja.dnago.fun
loja.evostream.fun
loja.geckobr.xyz
loja.globalsistemasbr.com
loja.hptv.online
loja.hzplay.fun
loja.ittv.fun
loja.jplayer.megaapp.store
loja.mdigital.host
loja.mdstudio.fun
loja.optimus.megaapp.store
loja.rboys.online
loja.sonicstreming.com
loja.starpronto.xyz
loja.toptvoficial.app
loja.tvplaystreaming.com
loja.ultra.server.aplicativos.max1.site
loja.vortex10.xyz
loja.wareztv.com.br
loja1.s3dmidia.com.br
loja22.cssatnet.net
loja789.max1.site
lojaapkmobiplay.tellaplay.xyz
lojaaplicativos.zeroumplay.com.br
lojadeapp.xyz
lojadualsat.hpgt.cloud
lojagoldentv.hpgt.cloud
lojahass.magotech.com.br
lojainvictos.megaapp.store
lojanexus.xyz
lojaoficia.reptel.top
lojaoficial.tellaplay.xyz
lojapanda.xyz
lojapktvgolden.tellaplay.xyz
lojaplay.in
lojarstv.orgbr.xyz
lojasat.com
lojatech.xyz
lojatellaplus.tellaplay.xyz
lojatv.com
lojaveloxmais.hpgt.cloud
lojaveloxs.hpgt.cloud
lojawplay.com
lolaamostra.pds01.site
lovetv.megaapp.store
lucplay.xyz
geckobr.xyz
p2tv.com.br
tchay.com.br
ultramidia.xyz
maxxstore.pds01.site
mbentretenimentostor.pds01.site
mdplay.net
mkauto.pages.dev
mqctvstore.pds01.site
nextapps.online
nzplaystore.com
olympusstore.pds01.site
oneplus.fun
onexstore.pds01.site
onitronstore.pds01.site
p2satstore.pds01.site
p2server.praiatdboa.click
p2tv.com.br
p2tv.heryck.com.br
p2xloja.com
pbrstore.pds01.site
plamkauto.store
plastoappbrada.space
play.cplab.workers.dev
playapp.space
playappca.space
playapps.space
geckobr.xyz
player.geckobr.xyz
playfamylystore.cnxt.site
cnxt.site
playontv.shop
playstorapp.store
playstore.fi
playstorexplay.hpgt.cloud
protegexp.org
pulselojinha.vortex10.xyz
recadastramentonetempresa.store
royalplaystore.pds01.site
rpsat.xyz
rush.ninja
scripts.smartsollutions.com.br
server.forexsmarttrade.info
sharetvstore.pds01.site
shop.geckobr.xyz
sic-eym.pages.dev
sicredi-protege.pages.dev
sie-7wq.pages.dev
simpletv.lojadosaplicativos.com.br
starvizzionstore.pds01.site
store.resinos.com
store.suatv.xyz
store.turbotvonline.com
storeappflix.pds01.site
storecinevip.bpns.fun
storecinneflix.pds01.site
storelilly.dnnyl.site
storemultapps.pds01.site
storetvskyplay.bpns.fun
storewolf.pds01.site
strixtvs.xyz
super.loja.max1.site
tchay.com.br
tchay.heryck.com.br
techloja.xyz
teste.tvnext.top
toinstall.samokup.eu
topclienteloja.store
triboflixstore.pds01.site
tvmegaplay.online
tvshop.geckobr.xyz
ultramidia.xyz
uniomstore.dnnyl.site
unitv.geckobr.xyz
viptvstore.pds01.site
vulcanostore.pds01.site
web.painelnox.top
web.playonelojinha.com
webultramidia.xyz
webplayer.geckobr.xyz
webxc.warez.la
wow.lojadosaplicativos.com.br
xp-protec.pages.dev
xpapp.pages.dev
znewsstore.pds01.site

# Reference: https://x.com/alberto__segura/status/1909916860553789568
# Reference: https://app.validin.com/detail?find=47.130.24.136&type=ip4&ref_id=a2ca6773da0#tab=resolutions
# Reference: https://app.validin.com/detail?find=8.212.139.75&type=ip4&ref_id=9657ca629fc#tab=resolutions
# Reference: https://www.virustotal.com/gui/file/f89b1c35f7c122a152cf0eb1c70842115c7140508f6b3d6d550ba39db0e97a14/detection

applypor.com
bytehubs.net
cashbar-ph.com
dailyhub.net
easyjuan.com
epeso-ph.com
fastsyncr.net
loansbay.net
nepd.cc
pesocome.com
pesozone.com
polnewsbeat.com
shoplinke.com
v-peso.com
datafusionlabs.net
flow-click.net
pesocome.com
scale-up-global.net
shoplinke.com
d.applypor.com
d.bytehubs.net
d.cashbar-ph.com
d.dailyhub.net
d.fastsyncr.net
d.loansbay.net
d.pesozone.com
d.shoplinke.com
dd.epeso-ph.com
df.nepd.cc
dl.loansbay.net
dp.pesocome.com
hj.pesozone.com
jumpfinger.com
k.epeso-ph.com
k.nepd.cc
lk.v-peso.com
m.easyjuan.com
p.loansbay.net
p.shoplinke.com
pl.v-peso.com
pp.easyjuan.com

# Reference: https://x.com/malwrhunterteam/status/1910983401063981289
# Reference: https://www.virustotal.com/gui/file/cd4ab7c83e7d220b289741b45c452a54706cdae0531bdf9ee93b5cb22a9e68ba/detection

prime-continental.lat

# Reference: https://x.com/malwrhunterteam/status/1911179378769248632
# Reference: https://www.virustotal.com/gui/file/e16f93ed57e54696766d975e374c2c8a1c92376ec71149381dc087027fb31775/detection

earnm.net

# Reference: https://x.com/malwrhunterteam/status/1911775211747258662
# Reference: https://www.virustotal.com/gui/file/7df5e330786426f39f812a962bdc20d06c126ad002149d43835c6442f18c64e5/detection

info-myfin.online
test.info-myfin.online

# Reference: https://x.com/malwrhunterteam/status/1912792464475251086
# Reference: https://www.virustotal.com/gui/file/06b689964d5452d60ac4b2a27cb00da708aa08bf7df05d4d567fe53bdce9b30c/detection

http://108.181.94.138
http://108.181.94.139
http://108.181.94.141
http://108.181.94.142
http://108.181.95.234
http://108.181.95.235
http://108.181.95.236
http://108.181.95.237
http://108.181.95.238
http://173.0.54.90
http://173.0.54.91
http://173.0.54.92
http://173.0.54.93
http://173.0.54.94
http://205.185.117.13
http://205.185.117.230
http://205.185.120.157
http://205.185.120.32
http://205.185.123.194
http://205.185.124.172
http://205.185.125.200
http://209.141.34.158
http://209.141.40.218
http://209.141.44.215
http://209.141.47.126
http://209.141.47.96
http://209.141.49.234
http://209.141.49.74
http://209.141.53.81
http://209.141.58.98
http://216.244.81.130
http://216.244.81.131
http://216.244.81.132
http://216.244.81.133
http://216.244.81.134
http://216.244.83.130
http://216.244.83.131
http://216.244.83.132
http://216.244.83.133
http://216.244.83.134
http://216.244.84.202
http://216.244.84.203
http://216.244.84.204
http://216.244.84.205
http://216.244.84.206
http://216.244.86.211
http://216.244.86.212
http://216.244.86.213
http://216.244.86.214
http://216.244.86.75
http://216.244.86.76
http://216.244.93.66
http://216.244.93.67
http://216.244.93.68
http://216.244.93.69
http://216.244.93.70
http://74.121.190.218
http://74.121.190.219
http://74.121.190.220
http://74.121.190.221
http://74.121.190.222
http://74.121.191.82
http://74.121.191.83
http://74.121.191.84
http://74.121.191.85
http://74.121.191.86

# Reference: https://x.com/ReBensk/status/1912933199614976386
# Reference: https://x.com/aumnrasap/status/1913940312126591344
# Reference: https://app.validin.com/detail?find=103.30.77.154&type=ip4&ref_id=48cc4bc9751#tab=resolutions (# 2025-04-18)
# Reference: https://app.validin.com/detail?find=38.60.191.213&type=ip4&ref_id=3aa2dcec1c7#tab=resolutions (# 2025-04-20)
# Reference: https://app.validin.com/detail?find=43.255.158.227&type=ip4&ref_id=99766dc006d#tab=resolutions (# 2025-04-23)
# Reference: https://www.virustotal.com/gui/file/8aeb99d0b0a9e11edc3ea154e0007c6d2fc952afe518f6ddebfcf18208c83960/detection

androidgoogle.top
androidgoogleplays.top
goodkeeping.shop
indiagoogleplay.top
indianapplestore.top
nucreditcard.top
nucreditcards.top
playgoogleapp.top
unbkgoogledownload.top
unbkvirtualcard.top
virtualguide.top
yesbank.top
yesbankapps.top
yesbkcreditcard.top
yescommercialbankindia.top
yescreditcardindia.homes
yescreditcards.top
yescreditscard.xyz
a.yesbankapps.top
a.yescreditscard.xyz
a1.nucreditcard.top
a1.nucreditcards.top
a1.unbkvirtualcard.top
a1.yescreditcards.top
a1.yescreditscard.xyz
af.indianapplestore.top
aggre.yesbkcreditcard.top
api.virtualguide.top
api.yesbkcreditcard.top
apibak.virtualguide.top
b.yesbankapps.top
b.yescreditscard.xyz
b1.nucreditcard.top
b1.nucreditcards.top
b1.yescreditcards.top
b1.yescreditscard.xyz
baxi.virtualguide.top
c.yesbankapps.top
c.yescreditscard.xyz
c1.nucreditcard.top
c1.nucreditcards.top
c1.yescreditcards.top
c1.yescreditscard.xyz
d.yesbankapps.top
d.yescreditscard.xyz
down.androidgoogleplays.top
e.yesbankapps.top
e.yescreditscard.xyz
f.yesbankapps.top
f.yescreditscard.xyz
g.yesbankapps.top
g.yescreditscard.xyz
h.yesbankapps.top
h.yescreditscard.xyz
i.yesbankapps.top
i.yescreditscard.xyz
in.yescreditscard.xyz
j.yesbankapps.top
j.yescreditscard.xyz
k.yesbankapps.top
k.yescreditscard.xyz
l.yesbankapps.top
l.yescreditscard.xyz
nuvcc.playgoogleapp.top
y1.yescreditscard.xyz
yes.androidgoogle.top
yesbk.androidgoogle.top

# Reference: https://app.validin.com/detail?find=%ED%95%84%EC%9A%94%ED%95%9C%20%EC%A0%95%EB%B3%B4%EB%A5%BC%20%ED%95%9C%EB%B2%88%EC%97%90&type=raw#tab=host_pairs (# 2025-04-18)

http://107.189.11.118
http://149.30.202.56
http://205.185.113.37
http://205.185.115.228
http://205.185.117.56
http://205.185.117.86
http://205.185.117.88
http://205.185.119.172
http://205.185.120.35
http://205.185.120.67
http://205.185.121.13
http://205.185.121.153
http://205.185.121.84
http://205.185.121.90
http://205.185.122.254
http://205.185.122.39
http://205.185.123.177
http://205.185.123.197
http://205.185.123.37
http://205.185.124.143
http://205.185.125.131
http://205.185.125.183
http://205.185.126.114
http://205.185.126.32
http://205.185.126.56
http://205.185.126.89
http://205.185.127.209
http://205.185.127.27
http://209.141.32.203
http://209.141.34.112
http://209.141.34.245
http://209.141.34.58
http://209.141.36.104
http://209.141.37.135
http://209.141.37.218
http://209.141.37.241
http://209.141.40.122
http://209.141.40.47
http://209.141.42.78
http://209.141.43.40
http://209.141.43.78
http://209.141.44.218
http://209.141.45.140
http://209.141.45.198
http://209.141.46.43
http://209.141.48.120
http://209.141.48.155
http://209.141.48.181
http://209.141.48.214
http://209.141.49.26
http://209.141.50.163
http://209.141.50.99
http://209.141.52.125
http://209.141.54.144
http://209.141.55.241
http://209.141.58.47
http://209.141.59.37
http://209.141.60.206
http://209.141.60.225
http://209.141.60.90
http://209.141.61.13
http://209.141.61.88
http://209.141.62.139

# Reference: https://x.com/malwrhunterteam/status/1913526577880563744
# Reference: https://www.virustotal.com/gui/file/0618edaa8e62380a9ce54631a58af41223a393175014075a214dbf7c47e83a15/detection
# Reference: https://www.virustotal.com/gui/file/f5b18c92afa1694ede6a15e59551739e71e3af735831291c012b0e91577cd994/detection
# Reference: https://www.virustotal.com/gui/file/8d6ce8930dd29449f5d7e72d1a713e6d2172fe7ef47c400d5bd977ebab4f1ff6/detection
# Reference: https://www.virustotal.com/gui/file/75637a8eb3b560324646fdf8c67f285e17d7d4f8807d1945952f951bd9bd3324/detection

89.23.101.100:5000
89.23.98.36:5000
89.23.99.48:5000

# Reference: https://x.com/malwrhunterteam/status/1914307242720919806
# Reference: https://www.virustotal.com/gui/file/b383ed67a931a336f53e61740acc6450e5f789abfa0fa51c2b3762fa0a55fc82/detection
# Reference: https://www.virustotal.com/gui/file/1a5e4ad59ae9b8bba5a3898d5ea5284871988e739978b2d1a3d966115836ee5b/detection

safedomen.ru
mail.safedomen.ru

# Reference: https://x.com/malwrhunterteam/status/1914801567821111300
# Reference: https://www.virustotal.com/gui/ip-address/176.65.141.102/relations
# Reference: https://www.virustotal.com/gui/file/f7bb14bc07800d1b358be8c69c864e0bed9767ff0ec9ce9c546df470ae943a94/detection

mamontvirus.net
1.mamontvirus.net
cleo.mamontvirus.net
crew.mamontvirus.net
helloputin.duckdns.org
nix.mamontvirus.net

# Reference: https://x.com/banthisguy9349/status/1916105701828550813
# Reference: https://www.virustotal.com/gui/ip-address/185.39.17.22/relations
# Reference: https://www.virustotal.com/gui/ip-address/45.93.20.75/relations

axa-maj.app
banxo-av.app
banxo-maj.app
banxo.majav.app
lcl-maj.app
mabanque.app
maj-ca.app
maj-sg.app
majav.app
mondial-relay.app
mrelay-echec.com
particuliers-sg.app
postfinance-maj.app
reprog-bpost.app
reprogramation-bpost.com
service-sg.app
sg-maj.app
sg.majav.app
sgmaj.app
/banxo-maj.apk

# Reference: https://x.com/malwrhunterteam/status/1917521931961577917
# Reference: https://app.validin.com/detail?find=70a4a1a792ecdacc8378221fe51c5d88b6e72591&type=hash&ref_id=595d29611e3#tab=host_pairs (# 2025-04-29)
# Reference: https://www.virustotal.com/gui/file/be5224fe21c834cc2c179b795a86d00b4ff7902c2205e9f2d92f898b35ebe168/detection

hyper-n-panel.cfd
hyper-panel.space
hyper-system-service.site

# Reference: https://www.linkedin.com/posts/allwin-n_stealthmole-indian-cybersecurity-ugcPost-7323001437586604033-iSeZ
# Reference: https://app.validin.com/detail?find=PayX-Cashier&type=raw&ref_id=c64fd5a1b6c#tab=host_pairs (# 2025-04-30)
# Reference: https://app.validin.com/detail?find=4bbf3055a275cda81b60fe4f6dbfcfb5db399d30&type=hash&ref_id=3dddd760387#tab=host_pairs (# 2025-04-30)
# Reference: https://www.virustotal.com/gui/file/1c9ec41080518b48d0a1d8e48b70f48c3bd5d0dc367944d5b86afeb1e5aa9161/detection

http://139.84.215.27
gogoupipay.com
indian-pay.com
payx.top
payxpayment.com
safepay.vip
safepayapp.net
cashier.indian-pay.com
pay.payx.top
pay.payxpayment.com

# Reference: https://x.com/malwrhunterteam/status/1917925907446088075
# Reference: https://www.virustotal.com/gui/file/f92a7bd33546b922440c27e2d9ffaa2a4546a136f42fceda7dde1bc8943a9f76/detection
# Reference: https://www.virustotal.com/gui/file/d83edd5adc956f1c217250d5a7b32b3d515bf95358e1d0551b676db8edd6760e/detection
# Reference: https://www.virustotal.com/gui/file/230eebeb8b040472e96f5605a9efc996c85b95fc3b60849f05b94a91b9805d3b/detection

kutcat-rat.com

# Reference: https://threatfox.abuse.ch/user/4746/ (# 2025-05-04)

147.45.45.192:100
193.233.113.241:100
193.233.113.244:100
195.10.205.12:100
195.10.205.37:100
195.10.205.54:100
5.42.92.86:100

# Reference: https://x.com/malwrhunterteam/status/1925300720791613632

idfccard.com

# Reference: https://x.com/malwrhunterteam/status/1926345874549981393
# Reference: https://www.virustotal.com/gui/file/69a11c19b9feb619b37a38b24e7fae7bdc8da6144f83d9271f44f4760040f90d/detection

185.100.157.190:8000

# Reference: https://x.com/malwrhunterteam/status/1926369510325395606
# Reference: https://app.validin.com/detail?find=70a4a1a792ecdacc8378221fe51c5d88b6e72591&type=hash&ref_id=a1e8bfcc8e6#tab=host_pairs (# 2025-05-25)
# Reference: https://www.virustotal.com/gui/file/ebbd19240e340033feb9606419dd8ef03d8b0efa83f3f6344d3ddf662436a266/detection

jesko-hyper-panel.online
raffik-hyper-panel.store
incognitovpn.pro

# Reference: https://x.com/setThreatTitle/status/1926961613795385378
# Reference: https://www.virustotal.com/gui/file/1f8b90ceb13e0d9103d3adedf1eafb026c7223dd5bce4fae8d56d719e19f478f/detection
# Reference: https://www.virustotal.com/gui/file/f9ce651880785ef6e98693def081520d5563a2ee93731d26357f3746c37e90a6/detection
# Reference: https://www.virustotal.com/gui/file/08939135e6d24bcd4cd31d6276f6139217ea57d2629f75b61094480c2eb398a5/detection

http://185.100.157.222
http://31.129.109.217
card.website-app.info
cvv.website-app.info
infocard.website-app.info

# Reference: https://x.com/malwrhunterteam/status/1928051725962707110
# Reference: https://www.virustotal.com/gui/file/1944e5caada4ada9d40dc7deead204fec5ea7cabee55dba780e8744b06459e16/detection

creditreward.net

# Reference: https://x.com/malwrhunterteam/status/1928763644084367379
# Reference: https://www.virustotal.com/gui/file/b350d946b297d6226fa058b2d5edada413dfbc3268814ac58f0a8daec4494586/detection

pub-4d1a3d5d4cb64b33bb745e0e7f8c50af.r2.dev

# Reference: https://x.com/malwrhunterteam/status/1931084113471221881
# Reference: https://www.virustotal.com/gui/file/bd1f3a61e8635b8aea26806e0e1a3046b7946188baf406c7c4779ec2daf56b7d/detection

putin-pidor.org

# Reference: https://www.virustotal.com/gui/file/0407cf4b13eebae155632a3b439fe58544aff02638151c5522c8c12cb961a58c/detection

5.252.155.145:500

# Reference: https://blog.checkpoint.com/research/malicious-loan-app-removed-from-ios-and-google-play-app-store-posed-severe-risks-to-users/

dineroya.co
parkwaysas.co
rapiplata.co
rapiplata.pe
home.parkwaysas.co

# Reference: https://x.com/D3LabIT/status/1943586852281212999
# Reference: https://www.virustotal.com/gui/ip-address/38.180.195.62/relations

38.180.195.62:51997
myfriendsecuritypngkey.sbs
cock6.myfriendsecuritypngkey.sbs
cock7.myfriendsecuritypngkey.sbs
cock8.myfriendsecuritypngkey.sbs

# Reference: https://www.virustotal.com/gui/file/283294326a5fc69648588ce25c558cd6298e207bfbd5ef926dd07b60b8257780/detection

elineapp.myfr.xyz

# Reference: https://www.virustotal.com/gui/file/72054737dfdac09b4c148ec988b8a21fbe35d27fd7b5373dfad8a0e509ee6c6a/detection

app-danesh.myfr.xyz

# Reference: https://www.virustotal.com/gui/file/d16cb53596f1965cf690663ff01d3e613ba39605108581fd4318697ff324a208/detection

beli698.myfr.xyz
/in/st/Sms_txt_Sync.php

# Reference: https://thehackernews.com/2025/08/new-android-malware-wave-hits-banking.html

mycardcare.in
axis.mycardcare.in
icici.mycardcare.in
indusind.mycardcare.in
kotak.mycardcare.in
sbi.mycardcare.in

# Reference: https://x.com/ReBensk/status/1964341559333151028
# Reference: https://app.validin.com/detail?find=axis.apk&type=dom&ref_id=a3c36911e6c#tab=host_pairs (# 2025-09-06)
# Reference: https://app.validin.com/detail?find=Card%20Offers&type=raw&ref_id=a3c36911e6c#tab=host_pairs (# 2025-09-06)

axaaworksolution.online
axcard.store
axcardoffers.com
axcards.store
axcardservices.com
axis-services.instant-cc.com
axis-services.instant-now.com
axis.myexpertservicesapp.com
axis.mymanageapp.com
axis.mymanageapp.com.verfyloginapp.com
axis.myservicesmanage.com
axis.verfyloginapp.com
axisbankrewards.com
axiscardapp.co.in
axiscardoffers.com
axiscardonline.com
axiscardonline.in
axiscardpoint.com
axiscardpoints.com
axiscardreward.com
axiscardservices.com
axiscardspoint.com
axiscardspoints.com
axiscardsreward.com
axiscreditcardrewards.com
axismycard.co
axismypoint.com
axismyreward.com
axismyrewardpoint.com
axismyrewards.com
axispointcard.in
axispts.info
axisredeemstore.in
axisrewardpoint.com
axisrewardpoints.com
axisrewardspoint.com
axisrewardsstore.in
axisstorepoint.in
axisuserapp.com
axservice.in
cardoffers.ae
cardsaxis.com
hdfc.myexpertservicesapp.com
hdfc.mymanageapp.com
icicibankrewards.com
icicicardapp.in
icicicardonline.in
icicicards.co.in
icicicardstore.in
icicireward.com
icicirewardapp.com
icicirewardonline.com
icicirewardpoints.com
icicirewardsstore.com
icicirewardsstore.in
icicirewardstore.com
icicistorepoint.in
icireward.com
icirewardpoints.com
kotakcard.in
loginserviceapp.7sbt.shop
mail.axiscardpoint.com
mail.axiscardpoints.com
mail.axiscardreward.com
mail.axiscardservices.com
mail.axisrewardpoint.com
mail.axisrewardpoints.com
mail.axisrewardspoint.com
mail.myaxiscardsrewards.com
mail.myaxisrewardspoint.com
mail.myicicireward.com
mail.rewardspointaxis.com
myaxiscardreward.com
myaxiscardsrewards.com
myaxiscardsrewards.com.shinejobs.co
myaxisrewardpoint.com
myaxisrewards.com
myaxisrewardspoint.com
myaxisrewardspoint.in
myaxreward.com
myaxrewards.com
myaxservice.co.in
myaxservice.in
myaxservices.com
mycashreward.in
myicicireward.com
myicicireward.com.shinejobs.co
myopenrequest.in
myrewardaxis.com
myserviceapp.in
nowxis.co.in
openrequest.in
openxis.in
rbl.com.loginserviceapp.7sbt.shop
rblcardoffers.com
rblcardonline.in
rewardicici.com
rewardpointaxis.com
rewardsaxis.com
rewardsmyaxis.com
rewardspointaxis.com
sbicards.co.in
sbirewardstore.in
test.cardoffers.ae
verfyloginapp.com
wh1463247.ispot.cc

# Reference: https://x.com/SwitchToThread/status/1975334607064060235
# CLASS_0_HASH-HOST=4c2144c8b8d4afa629c617d949c9c016

atendimentonubank.site
avalaianubank.site
checkout-nubank.online
comprovantenubank.online
grab-trading.site
indeniza-nubank.site
indenizacaonubank.site
indenizacaonubankoficial.online
indenizanubank.online
indenizanubank.shop
indenizanubank.site
indenizanubankoficial.site
lernews.site
mikrotiktrading.site
newsij.site
nubank-consultaindeniza.com
nubank-consultaindeniza.online
nubank-consultando.com
nubank-consultesaldo.com
nubank-indeniza.online
nubank-oficial.com
nubank-pagamento.shop
nubank-trade.site
nubank-trade.website
nubankcartaofacil.online
nubankcompensa.site
nubankconsulta.site
nubankdigital.shop
nubankemprestimos.site
nubankindeniza.site
nubankliberarlimite.site
nubanklimitefacil.site
nubankmeunovolimite.site
nubankplc.com
nubankseguro.cfd
nubanktrading.site
scalapaytrading.site
singteltrading.website
telia-trading.site
teliatrading.site
timtrading.site
vintedtrading.site
xn--indenizaonubankoficial-k4b9g.online
