# Copyright (c) 2014-2020 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://news.sophos.com/en-us/2018/12/06/android-clickfraud-fake-iphone/

mobbt.com
act.mobbt.com
ads.mobbt.com
sdk.mobbt.com
exevents.nativeone.co

# Reference: https://www.virustotal.com/gui/file/ec54dbb4c55b92df2113fb07ef1486a39bb5c752272230bb774018573f537132/detection

bearclod.com

# Reference: https://github.com/advanced-threat-research/IOCs/blob/master/2013/2013-04-09-one-click-fraud-variant-on-google-play-in-japan-steals-user-data/one-click-fraud-variant-on-google-play-in-japan-steals-user-data.csv

/?neosp_nontop_eropne01

# Reference: https://github.com/advanced-threat-research/IOCs/blob/master/2013/2013-07-31-japanese-one-click-scammers-abuse-mobile-traffic-exchange-service/japanese-one-click-scammers-abuse-mobile-traffic-exchange-service.csv

porn12345.com

# Reference: https://github.com/advanced-threat-research/IOCs/blob/master/2016/2016-04-29-fake-android-update-delivers-sms-click-fraud-europe/fake-android-update-delivers-sms-click-fraud-europe.csv

6-androdid.ru
alfabrong.eu
bugstracking.xyz
bugtracking.biz
francia-apk.ru
freeupgrade6.ru
innotion.pw
postway12.ru
slidetracking.ru
traff16.ru
traffic2015.ru
update-free-andr-6.ru

# Reference: https://github.com/advanced-threat-research/IOCs/blob/master/2016/2016-05-04-android-malware-clicker-dgen-found-google-play/android-malware-clicker-dgen-found-google-play.csv

update-sys-android.com

# Reference: https://github.com/advanced-threat-research/IOCs/blob/master/2017/2017-09-12-android-click-fraud-app-repurposed-ddos-botnet/android-click-fraud-app-repurposed-ddos-botnet.csv

ybosrcqo.us

# Reference: https://news.drweb.com/show/?lng=en&i=13464&c=14
# Reference: https://www.virustotal.com/gui/file/8809ea2387e140002654da141745baf615964452c6f2e4fee6fa9c7be1be745f/detection
# Reference: https://www.virustotal.com/gui/file/8a87f4ddb0b22c5f350029a1fb999ca058165eed05fa9dc79ab9dad9a6190e69/detection

161.117.8.243:8998
http://52.221.78.239

# Reference: https://research.checkpoint.com/2020/android-app-fraud-haken-clicker-and-joker-premium-dialer/

13.250.34.16:80
13.56.233.20:80
52.77.249.152:80

# Reference: https://security.googleblog.com/2020/01/pha-family-highlights-bread-and-friends.html

appflood.com
sabai5555.com
/transaction/post_click

# Reference: https://research.checkpoint.com/2020/google-play-store-played-again-tekya-clicker-hides-in-24-childrens-games-and-32-utility-apps/

api.banzinc.xyz
api.chauxincaidomainnua.icu
api.felinae.icu
api.kaluga.xyz
api.leopardus.xyz
api.lulquid.xyz
api.mantaalfredi.icu
api.maygaiproduct.icu
api.megapelagios.site
api.molatecta.icu
api.namekitchen9.xyz
api.nhudomainuong.xyz
api.pantanal.xyz
api.royalchowstudio.xyz
api.somniosus.xyz
api.sundaclouded.host
api.whitewhalestudio.host
app.slardar.icu
waws-prod-dm1-033.cloudapp.net