# Copyright (c) 2014-2022 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Reference: https://news.sophos.com/en-us/2018/12/06/android-clickfraud-fake-iphone/ mobbt.com act.mobbt.com ads.mobbt.com sdk.mobbt.com exevents.nativeone.co # Reference: https://www.virustotal.com/gui/file/ec54dbb4c55b92df2113fb07ef1486a39bb5c752272230bb774018573f537132/detection bearclod.com # Reference: https://github.com/advanced-threat-research/IOCs/blob/master/2013/2013-04-09-one-click-fraud-variant-on-google-play-in-japan-steals-user-data/one-click-fraud-variant-on-google-play-in-japan-steals-user-data.csv /?neosp_nontop_eropne01 # Reference: https://github.com/advanced-threat-research/IOCs/blob/master/2016/2016-04-29-fake-android-update-delivers-sms-click-fraud-europe/fake-android-update-delivers-sms-click-fraud-europe.csv 6-androdid.ru alfabrong.eu bugstracking.xyz bugtracking.biz francia-apk.ru freeupgrade6.ru innotion.pw postway12.ru slidetracking.ru traff16.ru traffic2015.ru update-free-andr-6.ru # Reference: https://github.com/advanced-threat-research/IOCs/blob/master/2016/2016-05-04-android-malware-clicker-dgen-found-google-play/android-malware-clicker-dgen-found-google-play.csv update-sys-android.com # Reference: https://github.com/advanced-threat-research/IOCs/blob/master/2017/2017-09-12-android-click-fraud-app-repurposed-ddos-botnet/android-click-fraud-app-repurposed-ddos-botnet.csv ybosrcqo.us # Reference: https://news.drweb.com/show/?lng=en&i=13464&c=14 # Reference: https://www.virustotal.com/gui/file/8809ea2387e140002654da141745baf615964452c6f2e4fee6fa9c7be1be745f/detection # Reference: https://www.virustotal.com/gui/file/8a87f4ddb0b22c5f350029a1fb999ca058165eed05fa9dc79ab9dad9a6190e69/detection 161.117.8.243:8998 http://52.221.78.239 # Reference: https://research.checkpoint.com/2020/android-app-fraud-haken-clicker-and-joker-premium-dialer/ 13.250.34.16:80 13.56.233.20:80 52.77.249.152:80 # Reference: https://security.googleblog.com/2020/01/pha-family-highlights-bread-and-friends.html sabai5555.com /transaction/post_click # Reference: https://research.checkpoint.com/2020/google-play-store-played-again-tekya-clicker-hides-in-24-childrens-games-and-32-utility-apps/ api.banzinc.xyz api.chauxincaidomainnua.icu api.felinae.icu api.kaluga.xyz api.leopardus.xyz api.lulquid.xyz api.mantaalfredi.icu api.maygaiproduct.icu api.megapelagios.site api.molatecta.icu api.namekitchen9.xyz api.nhudomainuong.xyz api.pantanal.xyz api.royalchowstudio.xyz api.somniosus.xyz api.sundaclouded.host api.whitewhalestudio.host app.slardar.icu waws-prod-dm1-033.cloudapp.net # Reference: https://www.virustotal.com/gui/file/189e980b1d1a429cfbc0b2d78a265ae9833ba2a9a744c193cbdd309870ec238d/detection 2e70dwl6z-7cgfugryn.ru 65wir8v9w-hz0yev62id.ru b3jawfqky-c8kuscp3i.ru l7vx0ks0nbf-p21w20tju3.ru x2ibvdpbc49-0fzmpry32.ru /apk_main.php?get_hash= # Reference: https://www.virustotal.com/gui/file/ea44f01feeabd1eb1393af791d832c976c741c7374503f34f3fade15fa5454dc/detection d1lxhc4jvstzrp.cloudfront.net # Reference: https://www.virustotal.com/gui/file/d1e5d625e10c8cef8414e96bfac0edc9900a64af318c4ed2a099629c6eb18c16/detection http://43.252.37.141/mainld/?m= # Reference: https://www.virustotal.com/gui/file/93263869039c20a7b5c100d6499923c424891d9956302cd74c9ca6951817d9c4/detection hdxx.xyz # Reference: https://www.virustotal.com/gui/domain/jnd.txizd.cn/relations jnd.txizd.cn # Reference: https://www.virustotal.com/gui/domain/hezwl.cn/relations hezwl.cn # Reference: https://www.virustotal.com/gui/domain/servhost.xyz/relations # Reference: https://www.virustotal.com/gui/file/8233e24363796a3f558be6e8851e4f558d0f97f37e1c3a8a2828b8aa79e0e065/detection http://162.241.228.114 servhost.xyz # Reference: https://www.virustotal.com/gui/file/336a3f85c2a651c612ceda2fe621d02ca9680791c465fcfa78cd4243ae412444/detection mlebupesbuk.000webhostapp.com # Reference: https://www.virustotal.com/gui/file/03469801287e1330b94d58b4c33521d809f34420805297e67e40666e51f039d3/detection bbq.aalyun.cn # Reference: https://www.virustotal.com/gui/file/000b5894281cc9037b05fdac8be112f2b32f63b9a3845c76f77eeef404545db7/detection cuiliyan.herokuapp.com