# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: nfcrelay

# Reference: https://x.com/ThreatFabric/status/1955928448402100456
# Reference: https://www.threatfabric.com/blogs/phantomcard-new-nfc-driven-android-malware-emerging-in-brazil
# Reference: https://app.validin.com/detail?type=hash&find=41abee029cc040b434564cce6158aa48f79747c3 (# 2025-08-14)
# Reference: https://www.virustotal.com/gui/file/a78ab0c38fc97406727e48f0eb5a803b1edb9da4a39e613f013b3c5b4736262f/detection
# Reference: https://www.virustotal.com/gui/file/cb10953f39723427d697d06550fae2a330d7fff8fc42e034821e4a4c55f5a667/detection

http://154.205.156.112
http://154.205.156.19
http://154.90.60.209
http://154.90.60.99
http://185.228.72.77
http://38.60.134.196
http://38.60.209.168
http://38.60.209.69
http://43.157.161.175
http://43.157.171.245
154.205.156.112:8080
154.205.156.19:8080
154.90.60.209:8080
154.90.60.99:8080
185.228.72.77:443
38.60.134.196:8080
38.60.209.168:8080
38.60.209.69:8080
43.157.161.175:8080
43.157.171.245:8080

# Reference: https://app.validin.com/detail?find=Prote%C3%A7%C3%A3o%20de%20Cart%C3%B5es%20%E2%80%93%20Apps%20no%20Google%20Play&type=raw&ref_id=2ef4daeb2bb#tab=host_pairs (# 2025-08-14)
# Reference: https://app.validin.com/detail?find=fdb976c0876ccd0a6eaae41b2cf1c228&type=hash&ref_id=bfbce515b1d#tab=host_pairs (# 2025-08-14)

104-218-52-170.cprapid.com
appsegurocartao.com
caixadirectacomunicaropen.com
cartaoseguroapp.com
cashbackdepontos.info
fabrikabeta.online
ip60.ip-142-44-207.net
mathbeta.online
meucartaoprotegido.com
meucartaoseguro.com
minhaprotecao.info
minhaseguranca.info
monitoreseucartao.com
protecaocartao.com
protejaseucartao.com
protetordenfc.com
reservalocaliza.app
resgatarmeuspontos.info
resgateway.info
santandercomunicarcliente.com
securecard.online
segurancadocartao.info
segurancanfc.com
segurancanoseucartao.shop
segurocartaoapp.com
segurocartaoprotegido.com
seucartaoprotegido.com
seucartaoseguro.com
seupedidoshopee.com
sicurezza-nex1-nfc.site
sicurezza-nfc.site
sicurezza-nfc24h.site
app.segurancadocartao.info
qw26.liaoqazqq.com
staging-app.clientpulse.ai
staging-backend.clientpulse.ai

# Reference: https://x.com/johnk3r/status/1956014820743926090

nfc8886.com
brazil.nfc8886.com

# Generic

/baxi/b/index-C80Dmdnl.js
/baxi/b/index-CT0URlgY.css
