# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Reference: https://twitter.com/LukasStefanko/status/1116700836032331778 # Reference: https://koodous.com/apks/71038bed9175e2edfc1b24347e76a192b96845831410a481ace7e601ed65b19e # Reference: https://www.virustotal.com/gui/file/71038bed9175e2edfc1b24347e76a192b96845831410a481ace7e601ed65b19e/detection appboxlive.host/wakaji/start.html # Reference: https://www.welivesecurity.com/2019/05/23/fake-cryptocurrency-apps-google-play-bitcoin/ coinwalletinc.com # Reference: https://www.symantec.com/blogs/threat-intelligence/unofficial-telegram-app-malicious-sites /so/Android1S.php /so/Android2D.php /so/Android2M.php /so/Android4A.php /so/AndroidAF.php /so/AndroidAL.php /so/AndroidDL.php /so/AndroidLS.php /so/AndroidPA.php /so/AndroidPC.php /so/AndroidSH.php # Reference: https://www.welivesecurity.com/2019/07/19/faceapp-spotlight-scams-emerge/ spinwincash478.pro # Reference: https://github.com/advanced-threat-research/IOCs/blob/master/2018/2018-06-28-asiahitgroup-gang-again-sneaks-billing-fraud-apps-onto-google-play/asiahitgroup-gang-again-sneaks-billing-fraud-apps-onto-google-play.csv vilandsoft.com # Reference: https://twitter.com/ReBensk/status/1264931130530312194 tnisheng.xyz # Reference: https://twitter.com/DrStache_/status/1264949410162769920 http://154.209.241.184 http://154.209.241.185 http://154.209.241.186 http://154.209.241.187 http://154.209.241.188 # Reference: https://www.virustotal.com/gui/file/a7bffddcd815055c8e49df6a779503dcad16e6b351a64fcaf24961862b7014f0/detection brezzamobile.online # Reference: https://www.virustotal.com/gui/file/012404ebe25adaadd7e9b4b0d1ce6ffce46c62456f97710829c676fb789019a9/detection btc-unli.tk # Reference: https://www.virustotal.com/gui/file/774d58de7fc732a3eaac274e6dc454012260d8d111989834ac62e7f90c8dc467/detection octarine.soxx.us # Reference: https://twitter.com/ninoseki/status/1353128207923388416 # Reference: https://www.virustotal.com/gui/file/49634208f5fb8bcfc541da923ebc73d7670c74c525a93b147e28d535f4a07bf8/detection 103.85.25.165:7777 165.3.93.6:7777 r10zhzzfvj.feishu.cn # Reference: https://twitter.com/_bllvck/status/1366439474733924353 # Reference: https://www.virustotal.com/gui/file/d3487ab25a0e2c24996032458ff869eb3743eed39cf7c13e5c1a88084310c718/detection polkadot-support.com # Reference: https://www.virustotal.com/gui/file/d2d35805f157b0fe4df0cf5747cab08ba335b9cdc82453ab1a9f6271e8a484fc/detection paladits.bget.ru # Reference: https://twitter.com/malwrhunterteam/status/1379883017976614918 # Reference: https://www.virustotal.com/gui/file/c420052c96eff142e3836bd6cbe1ce61d86c23ac7a9b58a4dc81ffef7c98ab34/detection mobipaisarecharge.com /Ajax-request/get_mobile_info.php # Reference: https://research.checkpoint.com/2021/new-wormable-android-malware-spreads-by-creating-auto-replies-to-messages-in-whatsapp/ # Reference: https://otx.alienvault.com/pulse/606e2b839d8204cdd76a5476 netflixwatch.site # Reference: https://www.virustotal.com/gui/domain/amazingvideos.mobi/relations # Reference: https://www.virustotal.com/gui/domain/greatestapps.mobi/detection # Reference: https://www.virustotal.com/gui/file/fa40744c0e49f185b0604f44b7747b1fe5824b58223376d0b9a51451b905d1e5/detection amazingvideos.mobi greatestapps.mobi 7.tdslsd.ru tdslsd.ru # Reference: https://www.virustotal.com/gui/file/08797ac7926944304b8fae5647a1495aae9b69bb76ee9e052295111beab5042a/detection zestlark.000webhostapp.com # Reference: https://twitter.com/Cengiz86035319/status/1391502248962834446 aske-crudo.com # Reference: https://www.virustotal.com/gui/file/db91424bff23f9668398c3c0ae0fab05d6cd73a18676559c78c0f6c7e1b5ea90/detection wezzx.ru # Reference: https://www.welivesecurity.com/2021/07/20/url-shortener-services-android-malware-banking-sms-trojans/ # Reference: https://otx.alienvault.com/pulse/60f7eaafe05663ddea26b1b5 eaconhop.online emanalyst.biz fceptthis.biz fjobiwouldli.biz honeiwillre.biz mmunitedaw.info offeranda.biz oftongueid.online omeoneha.online ommunite.top ransociatelyf.info rycovernmen.club schemics.club sityinition.top ssedonthep.biz # Reference: https://twitter.com/ni_fi_70/status/922461098737045505 # Reference: https://www.welivesecurity.com/2017/10/23/fake-cryptocurrency-apps-google-harvesting-credentials/ # Reference: https://www.virustotal.com/gui/file/c5112e3a95bfa226bc2d524964364c61e0db9fe2824c20ca99521ab15367d678/detection # Reference: https://www.virustotal.com/gui/file/306a4fd41ce67784db399eced6531ac629bd9fe05d3347665bb935f1100e37f2/detection pooniex.com poloniÄ—x.com xn--polonix-y8a.com # Reference: https://www.virustotal.com/gui/file/156c98f1babd9de7f76a81fd7bcc81b03cb1415081a726dbf7707226b16f6db2/detection zzwx.ru d1lxhc4jvstzrp.cloudfront.net # Reference: https://www.virustotal.com/gui/file/04b74f3579b081b5af13299b3327b80c0e3f45daca556487b088d11716960c72/detection charter724.info # Reference: https://www.virustotal.com/gui/file/96dfea7f0050a0d453ffb61d5824ff820f75fd0e8c25a9f5b894812483432759/detection ucharter.ir # Reference: https://www.virustotal.com/gui/file/4d78c7980c938d5bf4b0dd4aeecc008dad3d9b9e14f3fe207b704301a2c0cbed/detection charter2162.ir # Reference: https://www.virustotal.com/gui/file/f9f86fd4c2979b1f41aeece06958aa6b7ddba130a66dbf7c78a3906c449d7dd0/detection clipestoon.ir # Reference: https://www.virustotal.com/gui/file/401b00dc8a2aa2e13e24859d1f89e244ed6c7f1d48a7d80f9d9200e0ba1b3ea8/detection sepehre360.com # Reference: https://www.virustotal.com/gui/file/f6574662f783b6a0f09561bfe8b0540508897e5383327168c4b778a2a9466a2a/detection mehrseir.ir # Reference: https://twitter.com/dubstard/status/1493875063971581956 android-beta.com # Reference: https://www.virustotal.com/gui/ip-address/137.175.56.119/relations # Reference: https://www.virustotal.com/gui/file/f7d412f93ed5f34de40b3a8e7653c34430e931ec2f615599e16dac607ad81985/detection dfnvkej.xyz njfohn.vip 2cmodh.dfnvkej.xyz 3kodin.dfnvkej.xyz 3kodin.njfohn.vip 6vjod.dfnvkej.xyz # Reference: https://twitter.com/malwrhunterteam/status/1507434232511139847 # Reference: https://www.virustotal.com/gui/ip-address/103.193.174.205/relations # Reference: https://www.virustotal.com/gui/file/6876e159a8e91091535c18cf59e517f3405145efd757d564b7dcf284cae990d5/detection imtokcn.org imtokrn.net imtokrn.pro mb-imtoken.com tokencenter.info tokenlon.im tongke.co tongke.top # Reference: https://www.welivesecurity.com/2022/03/24/crypto-malware-patched-wallets-targeting-android-ios-devices/ # Reference: https://otx.alienvault.com/pulse/6244300fee718397c862a21e # Reference: https://www.virustotal.com/gui/ip-address/45.116.163.65/relations 180.215.126.33:51148 2022mask.com app-coinbase.co ariodjs.xyz bitepie.club bitoken.com.cn bitpiecn.com.cn bitpiewallet.com.cn bitpiezh.cn bitpio.com cctptokenm.live cn-imtoken.com cryptojx.store im-token.one im-tokens.info imbbq.co imdt.cc imtken.cn imtoken.cn.com imtoken.net.im imtoken.porn imtoken.sx imtoken.tg imtokenep.com imtokens.money imttoken.org jabirs-xso-xxx-wallet.com jaxwalet.com jaxx.podzone.org jaxx.su jaxx.tf jaxxwalletinc.live jdzpfw.com lmtoken.org.cn lntokems.club master-consultas.com matemasks.date meta-mask.org.cn metamadk.com metamask-wallet.xyz metamask.hk metamaskey.com metamaskio.vip metamasks.me metemas.me metemasks.live mtokens.im one-key.org.cn onekeys.dev onekeys.mobi saaditrezxie.store shayu.la t0kenpocket.cn tipi21341.com tkdt.cc token-app.cc token-lon.me token2.club tokenp0cket.com tokenpockets.buzz tokenpockets.org tokenweb.online tptokenm.live trust-wallet.com.cn trustgame.cn trustwellat.cc walletrust.cn xdhbj.com xzxqsf.com zh-imtoken.com admin.metamaskio.vip admin.token2.club api.metamasks.me api.tipi21341.com appapi.imtoken.porn bh.imtoken.sx bp.tkdt.cc crp.jaxwalet.com ds-super-admin.imtokens.money ht.imtoken.cn.com imtokenss.token-app.cc jaxx.libertycryptowallet.ltd jaxx.podzone.org libertycryptowallet.ltd metamask.tptokenm.live mm.tkdt.cc ok.tkdt.cc spspring.herokuapp.com two.shayu.la update.imdt.cc update.xzxqsf.com wallet.cryptojx.store walletappforbit.web.app # Reference: https://www.virustotal.com/gui/domain/irkgsm.ru/relations # Reference: https://www.virustotal.com/gui/file/0397aa501c17f3d3e3d899a8324d2f38de4e72279e0664a60755ba5204d936a4/detection irkgsm.ru # Reference: https://twitter.com/malwrhunterteam/status/1520143923360014337 # Reference: https://www.virustotal.com/gui/ip-address/27.124.7.67/relations # Reference: https://www.virustotal.com/gui/ip-address/45.63.108.144/relations # Reference: https://www.virustotal.com/gui/file/b06c0e5560d89ee63a2fade2de08433b47dc5673131a98f75784eb2670d2da94/detection imtoken.fm tokem.cx token-im.life token-imc.cc token-imq.co token-imv.co ap.token-imv.co api.imtoken.fm api.token-imc.cc # Reference: https://twitter.com/BaoshengbinCumt/status/1521336416491667456 imt0ken.red imtoken.imt0ken.red /imtoken-intl-v2.apk # Reference: https://twitter.com/malwrhunterteam/status/1521562439564861440 # Reference: https://www.virustotal.com/gui/ip-address/193.84.248.9/relations # Reference: https://www.virustotal.com/gui/file/54b64d0808b795ffb48ef565b4a3a70ce7fedb2049be2010764e9466adc48ca6/detection imtokam.online imtoken.bz intoken.bet down.imtoken.bz /imToken.apk # Reference: https://twitter.com/BushidoToken/status/1522281784070791168 # Reference: https://otx.alienvault.com/pulse/627418f0445e08b473fe0ceb/ belinebit.com bimexbit.com bitbitox.com bitboxy.com bitglobalone.com bitlytrade.org btcgiran.com coincapbit.com dollar-crypto.com dotxbitz.com dotxswap.com frontbitex.com hoperbit.com incoinbit.com kaperbit.com keeperexbit.com lopexbit.com marexbit.com markexbit.com quxbit.com swapubit.com walletexbit.com walletmybit.com woxobit.com yayexbit.com # Reference: https://twitter.com/malwrhunterteam/status/1522488493083086848 # Reference: https://twitter.com/malwrhunterteam/status/1522488977088995328 # Reference: https://www.virustotal.com/gui/file/7eb2da308838683ab2e1cad270bbb68cdc3966f7add077e21f8aaf9324c9f5d9/detection coindase.xyz vip98881.xyz admin.coindase.xyz ht.coindase.xyz kf.coindase.xyz api.vip98881.xyz kf.vip98881.xyz sanduan.vip98881.xyz sd.vip98881.xyz web.vip98881.xyz wk.vip98881.xyz xiazai.vip98881.xyz xz.vip98881.xyz # Reference: https://twitter.com/malwrhunterteam/status/1526175132066234369 # Reference: https://www.virustotal.com/gui/file/b313bb1674a7ae62f6a13701c57394baa1efef1d955af6ba03692b01278422f4/detection metsmas.com # Reference: https://twitter.com/malwrhunterteam/status/1532652509717843968 # Reference: https://www.virustotal.com/gui/file/54e12d56f32bfe0e384677be2020db2723fd16d7a56758ef30c6c26716ac581c/detection bujamuwg.xyz coinoned.xyz jvkutqar.xyz # Reference: https://twitter.com/midnight_comms/status/1535448497813585921 # Reference: https://www.virustotal.com/gui/ip-address/182.16.49.3/relations tokenpocklet.pro tokenpockvet.pro tokenpockzet.pro tokenpoocbket.pro tokenpoochket.pro tokenpoocnket.pro tokenpoocsket.pro tokenpoocxket.pro trustwahllet.com trustwavllet.com # Reference: https://twitter.com/malwrhunterteam/status/1547664764247019520 # Reference: https://twitter.com/midnight_comms/status/1547667415583969283 # Reference: https://www.virustotal.com/gui/ip-address/8.45.52.228/relations # Reference: https://www.virustotal.com/gui/file/ca23a8e34b8fed2ae5548ce64f5d084f073f796009e14f15d61185275759c355/detection ebay6.net ebay7.net ebay8.net ebay9.net happyplay666.com ebayoss.oss-accelerate.aliyuncs.com # Reference: https://twitter.com/Iamdeadlyz/status/1554469649508892682 # Reference: https://twitter.com/Iamdeadlyz/status/1554480019925516289 # Reference: https://www.virustotal.com/gui/ip-address/20.187.88.188/relations # Reference: https://www.virustotal.com/gui/file/1b3ed3acbe5e18c90cc65a532e8ef5d7a4ddb738d9763494dabe1a58c2ca3654/detection trusrt-wallet.io trusrtwallet.app trusrtwallet.co trusrtwallet.in trusrtwallet.io trusrtwallet.vip trusrtwallets.co trusrtwallets.com trusrtwallets.io trusrtwallets.net trusrtwallets.org trusstwallet.site trustwallet.life trustwallets.io turstwallet.live taitanwallet.com admin.taitanwallet.com # Reference: https://vms.drweb.com/virus/?i=25394583&lng=en # Reference: https://www.virustotal.com/gui/file/fa322ed16b1c9654c112eba4f99992c8fae1492d813bc93736462db52b5a5075/detection # Reference: https://www.virustotal.com/gui/file/d9bdedb6e43f0fb54400b1953bc1211b202dcedc31d04230e54183b495b98063/detection http://106.184.5.78 http://112.124.58.101 http://47.254.145.86 139.162.104.130:10000 47.252.50.191:10000 47.89.190.227:10000 91.195.240.94:10000 statistics.flurrydata.com # Reference: https://twitter.com/Iamdeadlyz/status/1567811614682009600 # Reference: https://www.virustotal.com/gui/file/eef5e2525fb6671b9f8bc03a1643e0a7a06afcf85411c95a811ee3119a12cb47/detection fnybcdd.cn metaameesk.com shakna118.com p.fnybcdd.cn w6.shakna118.com w7.shakna118.com # Reference: https://www.virustotal.com/gui/file/00170e3673b73a58e79f6e7659735325566344266cc3b837e6b6143184d19b90/detection modobom.services # Reference: https://twitter.com/malwrhunterteam/status/1578867099627573248 # Reference: https://www.virustotal.com/gui/ip-address/112.213.120.69/relations # Reference: https://www.virustotal.com/gui/file/6126c347efb6d056b818c22e5d227142203287221a315d75e527d730b9346837/detection moonpark1.shop moonpark2.shop xinyidaijieru.info xinyidaijieru.shop xionpic.xyz # Reference: https://twitter.com/malwrhunterteam/status/1579576061905756160 islamia.app # Reference: https://www.virustotal.com/gui/file/1873215b0e1c28e92bef12d8e01d7f3f3ae22a7e045801772add42151699a2d7/detection 86.124.233.101:22005 # Reference: https://twitter.com/silentpush/status/1592202761961373696 # Reference: https://www.virustotal.com/gui/ip-address/3.36.198.106/relations downgo.xyz gh1vvvnaj94y.xyz iex.buzz iex168.com iex58.com iex88.com iexnec.top iexsze.xyz iexvxd.live iexykd.com iexzfu.live sulstar.com admin.iex168.com admin.iex88.com admin.iexnec.top admin.iexsze.xyz admin.iexvxd.live admin.iexykd.com admin.sulstar.com agent.iex168.com agent.iex58.com agent.iex88.com agent.iexnec.top agent.iexsze.xyz agent.iexvxd.live agent.iexykd.com agent.iexzfu.live agent.sulstar.com download.downgo.xyz # Reference: https://twitter.com/ecarlesi/status/1599833514081501205 # Reference: https://twitter.com/ecarlesi/status/1600776299592945664 # Reference: https://www.virustotal.com/gui/ip-address/3.33.172.47/relations 0422.cz 1051.cz 1066.cz 150297.com 16567.me 1828.cz 18896.me 2123.at 23614.se 2402.cz 2590.ca 28105.me 2820.credit 3092.cz 3607.cz 36289.st 36295.se 3864.cz 3915.voto 4095.cz 4096.at 4230.cz 4354.cz 4457.at 4506.cz 5031.cz 51299.cz 52659.se 5428.at 55065.se 55308.se 5726.voto 5795.at 5835.at 59122.st 5940.cz 6028.voto 62778.se 63083.mx 64901.se 66572.me 6840.cz 6872.cz 68911.me 7038.ca 7068.cz 70947.se 71688.me 73397.st 76647.cz 7808.cz 78720.me 79288.cz 79624.se 7967.software 8044.at 8106.cz 8150.at 8228.voto 8248.io 8341.cz 8393.at 8408.at 8487.voto 84873.se 85421.cx 8611.at 8620.at 86212.st 8763.cz 8783.credit 8819.cz 8929.at 8955.cz 9004.cz 90273.se 9031.at 9148.at 9317.credit 9768.cz 9841.voto 9904.at abcd1.careers abcd9.careers pfre5.finance pjlo.cz sdfr8.finance tygr3.finance uytd3.software yhts3.finance ytfr6.software zder6.software # Reference: https://twitter.com/ecarlesi/status/1601845957502582784 # Reference: https://www.virustotal.com/gui/ip-address/75.2.10.190/relations 0565.at 1019.cz 1031.cz 1057.voto 1172.cz 1174.cz 1215.voto 1218.football 1298.football 13186.mx 1373.cz 1460.cz 15072.at 1537.credit 15426.me 1570.voto 1660.voto 16735.se 1702.cz 1728.voto 17509.at 1774.football 1780.football 17870.se 18326.mx 187095.com 190388.com 11433.cx 17233.net 17915.cx 18722.cx 1873.credit 1912.voto 1962.voto 2029.voto 2056.credit 2079.at 20958.se 2101.cz 21386.se 21604.se 2172.voto 2194.at 2340.cz 2425.software 2432.credit 24280.net 25176.cx 25326.se 25412.mx 2580.at 2650.cz 26748.at 2739.voto 2750.football 25250.cx 2571.at 272504.com 27558.mx 2761.voto 28172.se 2883.voto 2890.voto 2911.voto 2933.cz 29374.at 3038.cz 30442.se 3066.cz 3140.software 31593.me 3171.credit 27851.net 2908.credit 3172.credit 32275.se 32704.at 3275.credit 334386.com 334792.com 35407.at 3626.voto 3677.football 3708.voto 3743.voto 3752.cz 3489.cx 35314.me 3561.credit 36278.cx 37584.se 37605.se 376101.com 3770.credit 3779.credit 38027.me 38591.se 38643.se 3877.credit 39074.at 3918.credit 392949.com 3931.football 394729.com 3884.credit 3971.credit 397805.com 4036.credit 4037.cz 4068.voto 4076.cz 4090.nl 4129.credit 4303.cz 4378.football 4380.cz 4399.credit 4405.cz 4450.cz 45334.se 4330.credit 45395.se 4546.credit 46099.net 4669.voto 4676.at 46869.at 4877.cz 4945.cz 4991.cz 4674.credit 47108.cx 4895.cx 5010.credit 5018.cz 50432.se 5049.cz 5061.cz 5078.voto 5056.credit 5129.credit 5195.credit 5195.voto 5257.football 5288.credit 5346.credit 538231.com 548056.com 52674.nl 52719.net 52787.cx 5348.credit 54764.net 5485.voto 5488.football 55097.at 5518.cz 5520.credit 5542.cz 5638.credit 56536.se 5672.credit 5674.credit 57024.at 5715.credit 57175.at 57480.at 5768.voto 5669.credit 5776.credit 5783.voto 58322.at 58458.at 5875.voto 5881.football 59258.se 59284.at 58061.net 5823.credit 5911.at 5950.at 59684.se 59818.mx 60121.se 6014.credit 6030.credit 60226.cx 6056.credit 6061.credit 6063.voto 60748.mx 6080.football 6090.credit 6094.cz 610786.com 613578.com 61497.se 6170.credit 61942.one 6216.football 6242.at 62880.at 628974.com 63342.at 6423.credit 6449.cz 62526.cx 63801.net 64540.se 6470.cz 6472.credit 64932.me 6508.credit 651601.com 6539.credit 65507.se 6574.credit 66029.at 6608.football 6645.cz 66546.se 6657.voto 6670.cz 66859.at 6705.cz 67251.in 6811.football 6829.credit 68377.mx 68384.se 68565.at 6864.credit 6865.cz 6671.voto 68680.at 686947.com 6882.voto 68902.net 69046.at 69079.at 69359.me 69503.at 69578.mx 6976.football 6987.voto 7031.cz 7045.cz 70581.at 706978.com 7076.voto 708512.com 7093.cz 7098.voto 7100.cz 7127.nl 7139.voto 7150.cz 71702.me 7180.voto 72038.me 7205.software 721310.com 7217.football 7239.software 72563.nl 7282.football 7307.voto 69826.cx 70196.net 7055.cz 7220.at 73103.voto 73168.mx 73393.se 7360.voto 738334.com 7402.football 7501.cz 7506.cz 7512.cz 7551.cz 75519.mx 7580.cz 76057.at 76079.mx 7514.credit 76651.mx 7693.football 7732.voto 7733.cz 7806.credit 76971.net 78426.me 7908.cz 7912.credit 79125.mx 79187.at 7924.voto 79355.at 79447.se 7983.voto 8029.voto 79402.cx 79761.cx 80317.cx 8038.credit 8052.cz 8056.cz 8099.cz 81042.at 8106.voto 8117.cz 81316.mx 8138.cz 8177.cz 8245.voto 8070.credit 8159.credit 82497.at 8287.credit 8300.cz 8304.cz 8326.cz 83482.at 8353.voto 83697.at 8440.cz 8445.voto 8492.cz 8515.voto 8538.credit 8548.credit 82948.net 8415.credit 85606.mx 857939.com 8587.football 85894.at 859701.com 86185.se 8705.cz 8717.voto 87624.se 8684.at 87047.cx 87394.net 87755.se 8802.cz 8807.voto 88337.cx 8834.cz 8850.cz 87941.net 88267.net 8874.credit 8901.cz 89322.at 8943.credit 8961.voto 89839.voto 8987.football 89784.net 8988.credit 8991.voto 90359.at 9091.cz 912610.com 9162.voto 90645.net 9089.at 92210.cx 9223.football 9303.at 93453.at 93609.se 9377.cz 93853.mx 9403.voto 9409.cz 94330.at 9440.cz 94407.se 9479.voto 9502.voto 95173.at 95258.se 9570.voto 9585.voto 9591.football 96174.mx 92755.cx 9506.at 9532.credit 96199.se 96341.me 9642.cz 9653.credit 967955.com 9686.cz 97209.net 9770.credit 97921.se 98062.mx 98558.at 9976.cz 9981.credit abqch.cz bxr.se byyws.cz dertr.cz dtyh2.finance ertfd.cz fescq.cz fpim.cz ghpk5.finance gtyh2.makeup hfrew.cz hzk.se iuytg.cz juhys.cz juyhf.cz klder.cz kpid.software ktpd.cz ktpns.cz ktyp.cz kuhj2.finance mmoo34.me nchj.cz opego88.vip ozh.se pfewq.cz pgew3.software pgtr9.report pjfr5.finance pkder.cz pkfr3.software pkfr5.finance pkfr6.software pkfx3.software pkse8.software pkuh3.software plhq9.software ptyst.cz puyer.cz qsdtg.cz rtfe6.finance rthu5.finance sngoe88.vip sxfr6.software tfrg5.finance totqc.cz trde5.finance tuhg2.finance tuhg3.studio tylp.cz tzy.se ujhr7.finance ukfrt.cz uydrt.cz uyjfg.cz uypk.cz vcku.cz xdert.cz yder5.careers yfm.se yfxz2.software yhdes.cz yphsd.cz yptd6.credit ypzd8.credit zatf7.software zcgp.cz zdfg3.software zdse7.careers zdtf5.finance zdwe1.software zdwqa.cz zfrew.cz zfwog.cz zidj.cz zmuj.cz zsdrt.cz zsed1.finance zser2.finance zsye8.software zzy.se # Reference: https://twitter.com/ecarlesi/status/1602502214731325446 # Reference: https://www.virustotal.com/gui/ip-address/35.71.131.1/relations # Reference: https://www.virustotal.com/gui/ip-address/52.223.50.163/relations 0669.at 1536.credit 1659.earth 1890.credit 1917.credit 1942.work 2022-12-13 2579.work 2595.earth 2885.earth 3039.credit 312925.com 3182.work 3334.credit 3701.earth 3837.credit 4158.credit 4909.earth 4937.credit 6130.earth 6132.earth 6345.earth 6448.earth 6469.credit 6771.work 6849.earth 6921.credit 6945.earth 7436.work 862017.com 8913.work 8985.credit 9487.earth 9520.credit sftg5.software # Reference: https://twitter.com/LukasStefanko/status/1600039301215035393 # Reference: https://www.virustotal.com/gui/file/02cfa159f85e15bd24808859d6cbf1b8e8d21352e7290ba5477744f711bb752b/detection firebaseconnections.com # Reference: https://twitter.com/malwrhunterteam/status/1600260295112335360 trustwallet-nft.web.app /ewfwef834r8f8we8f8we8r484234f.html # Reference: https://twitter.com/malwrhunterteam/status/1602217665183059968 # Reference: https://www.virustotal.com/gui/ip-address/156.236.71.16/relations # Reference: https://www.virustotal.com/gui/file/bd2e1836fa14734f65634711e85036b885fab18a3073a8dac3f95f0284a317bf/detection http://156.236.71.16 truskeiwawer.com truskiedf.com trustweta.com trustwetae.com # Reference: https://twitter.com/ecarlesi/status/1602507518793629696 # Reference: https://www.virustotal.com/gui/ip-address/45.136.118.189/relations 1286.cash 7562.cash puhr3.software sftr8.software tygr9.finance zdew5.finance # Reference: https://twitter.com/malwrhunterteam/status/1603315557385781249 # Reference: https://www.virustotal.com/gui/file/d6559a5ee4361c812d8f88e3de78b421a5e165cfac139cce92bd5cf8f2f63a2d/detection backthai.net # Reference: https://www.virustotal.com/gui/file/6c48e1ce4183ece7cb649d125317910cbe5f05ebac5b811c2e0c167e446f16d1/detection expertvipmall.com # Reference: https://twitter.com/malwrhunterteam/status/1603393311473008649 # Reference: https://www.virustotal.com/gui/file/7e77a9ed50fbe65e9e5f680c8313549d7a57f6844ac1cc316636ceadec806119/detection grooming-time.com # Reference: https://twitter.com/KesaGataMe0/status/1615239904728088576 # Reference: https://www.virustotal.com/gui/ip-address/206.238.115.110/relations # Reference: https://www.virustotal.com/gui/ip-address/206.238.123.38/relations # Reference: https://www.virustotal.com/gui/ip-address/207.148.25.11/relations binanace.net metamaske.pro metamasky.com metamaskt.io metamesk.info trustwallect.com trustwallett.rest # Reference: https://www.virustotal.com/gui/file/00008e83ec52647211a39ead81fc40a1655212002eb76923f10c60703ec63bd7/detection sppromo.ru ww82.sppromo.ru # Reference: https://www.virustotal.com/gui/file/2a81097ea1fd636a65c84a05f49d88b43c9826fcfc87c84b3b5c21249ce6c1d5/detection martianwallet.app # Reference: https://www.virustotal.com/gui/file/02b7ebee345d4c6d1147d6b06d53f6c0e2556443bd37a0e504a2358b20673c37/detection 147.185.221.223:14020 movie-pocket.at.playit.gg # Reference: https://www.virustotal.com/gui/file/46badfbf22dc28fb0550959616b78fc7702e9b97fa30c9691a9af8f7f7dde399/detection # Reference: https://www.virustotal.com/gui/file/8411c21c6586f9d96182610c6102cf098840bbc3c4aeb645b0335ea857cd2232/detection # Reference: https://www.virustotal.com/gui/file/d7dec088189c84ae16b18e9afe46f574e220daba640fb7f5e482e64652d9233c/detection sharechatofficial.000webhostapp.com # Reference: https://www.welivesecurity.com/2023/03/16/not-so-private-messaging-trojanized-whatsapp-telegram-cryptocurrency-wallets/ buchananapp.com coinfacai.com cqbblmy.com hao-telegram.com microsoftmiddlename.tk oktask88.com pic447.com pic6005588.com t-telegrm.com telegcn.com telegram-c.com telegram.farm telegram.gs telegram.land telegramnm.org telegramxs.com telegramzn.com telegrmam.org telegrms.com telegron.org telegrrom.com telezzh.com tevegram.com upload.buchananapp.com whotsapp.net x-telegram.app api.oktask88.com b.pic447.com department.microsoftmiddlename.tk j.pic6005588.com jk.cqbblmy.com token.jdy.me # Reference: https://www.virustotal.com/gui/file/bd4ea561b932adc106cb835bfcb8640a59a2fc9e17598768ffed3c6f4fa3c59f/detection 206.189.80.59:22645 # Reference: https://twitter.com/0xDanielLopez/status/1645040749589692416 # Reference: https://www.virustotal.com/gui/file/465e7ed3279c2d4964a6e1d5b3c0c9bca94e27824fee5bc849656c37694aad57/detection # Reference: https://www.virustotal.com/gui/file/3cd3d26c3477a26d0c2ed3da24b15a7055e9ce6e026cc7f5a4964df51b99bcb4/detection metamask6.pro metamcsk.com # Reference: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/fake-security-app-found-abuses-japanese-payment-system/ # Reference: https://www.virustotal.com/gui/file/5d29dd12faaafd40300752c584ee3c072d6fc9a7a98a357a145701aaa85950dd/detection ruboq.com # Reference: https://twitter.com/malwaretracekr/status/1650024334780698625 # Reference: https://www.virustotal.com/gui/ip-address/115.91.26.153/relations # Reference: https://www.virustotal.com/gui/file/f9ba21363bdd5c7a1624da5a4f51721323249085e6c31c41e8bb73e411dadc29/detection # Reference: https://www.virustotal.com/gui/file/289eb00c326c39b57fd9c72ca2ddc8d2723c763c44ccf2b03e9c41eb577a28d8/detection 103.214.68.12:6693 122.147.252.23:6693 asdvdfdfd.site dasdqcsaca.store dfgfhgfhfhg.online mashcgsd.bio mashcgsd.us mashcgsd.xyz nhisis.xyz nssnissshch.bio nssnissshch.gay nssnissshch.ink nssnissshch.life nssnissshch.shop nssnissshch.wiki nssnissshch.world nssnissshch.xyz xcvdfgdfgdfg.site yeelip.com axms.yeelip.com xms.yeelip.com # Reference: https://www.virustotal.com/gui/file/bbef5975a0483220cfec379c44a487ed4146e0af9205f00dbc0eb53de8a63533/detection 122.10.90.12:36986 # Reference: https://twitter.com/g0njxa/status/1652672867702587392 jotaaway1.es # Reference: https://twitter.com/malwrhunterteam/status/1661858200092651526 # Reference: https://www.virustotal.com/gui/file/6b80bbaec6504377de4723908b67760f7262107ff12ea6606553b2ba68679b64/detection ueprefd.xyz download.ueprefd.xyz # Reference: https://twitter.com/malwrhunterteam/status/1678865836449181700 # Reference: https://www.virustotal.com/gui/file/96f8c91090be18751661b1ad9f0e4f227eec568ffab130bb92ea5113f80c1a1d/detection topcallgirl2.com # Reference: https://twitter.com/malwrhunterteam/status/1683841326528462850 # Reference: https://www.virustotal.com/gui/file/883fe4e845841b51108a48c78220ee159743ba0ab5728d6aacdcc772e57f2720/detection http://58.229.206.107 # Reference: https://twitter.com/malwrhunterteam/status/1685920242105495552 # Reference: https://www.virustotal.com/gui/file/b50a1d6791e149c8437ef45a46978a3261b5f50765f22fec10574e57116951dc/detection mallmaster.top site111.mallmaster.top # Reference: https://twitter.com/malwrhunterteam/status/1687037935684669440 # Reference: https://www.virustotal.com/gui/file/f59e48f3b785fa2278e29d69591014cf59befe958223d6f3c196d61c42bfb174/detection itoken-apk.org # Reference: https://twitter.com/malwrhunterteam/status/1686851580111237121 # Reference: https://www.virustotal.com/gui/file/23592c781bd5cc9236fcb5b6d9c0804e084d9d9c894479a06da76c090421da35/detection tokenpocket-dl.co # Reference: https://www.virustotal.com/gui/file/f4413fde08a42f4ba3a20ab3abe4bf716c4c2dfaedfc63baa1e668777fa17f59/detection amasolo.com # Reference: https://www.virustotal.com/gui/file/c260dc27c6d40fe2a34f5bb917fdd0a04d7061fe47975130edb324b17cb47638/detection alpha-wallet.info # Reference: https://twitter.com/noexceptcpp/status/1701027496022433973 # Reference: https://securelist.com/trojanized-telegram-mod-attacking-chinese-users/110482/ # Reference: https://www.virustotal.com/gui/ip-address/103.148.186.32/relations http://96.30.198.123 103.148.186.32:58888 34.102.136.180:58888 telegrnm.org sg.telegrnm.org # Reference: https://twitter.com/0x6rss/status/1701880250697658816 # Reference: https://www.virustotal.com/gui/file/ead28c0a510b3b62dfdcadf1aed4b78c5c8d3aad703c84cc46e8028dde153811/detection # Reference: https://www.virustotal.com/gui/file/720cd99fa39399febd2c9e5d76b102187e596b882eced6fad08f65793d6beccd/detection 123.56.41.76:8899 availa.click eu.availa.click jump.availa.click sa.availa.click sg.availa.click sg1.availa.click us.availa.click uss.availa.click # Reference: https://twitter.com/karol_paciorek/status/1703697327058268188 # Reference: https://www.virustotal.com/gui/file/000c42bee6d10b30ffa9f2fd7d296d9c1b3c233a0d806457dcc028932bab05d8/detection http://47.241.47.12 ac1.dcloud.net.cn ac2.dcloud.net.cn s1.dcloud.net.cn s2.dcloud.net.cn # Reference: https://www.virustotal.com/gui/ip-address/185.135.73.19/relations # Reference: https://www.virustotal.com/gui/file/86e767054034e2d41ea5d19129512c0d911fbbd6522e97ffffc25117ad9e0e6f/detection 123app.cc 345app.cc 456app.cc # Reference: https://www.virustotal.com/gui/file/00fd4a63c468982631bbdb84b2d862aa704165a9a140729c14eb1185a9df4475/detection 00android.com oftu2t65dztf.pflexads.com # Reference: https://www.malwarebytes.com/blog/threat-intelligence/2023/10/hong-kong-residents-targeted-in-malvertising-campaigns-for-whatsapp-telegram # Reference: https://otx.alienvault.com/pulse/653aab5c3d41e1bf01f7513f # Reference: https://www.virustotal.com/gui/file/36d11b18d3345ff743f7b003d10a0820c8c1661dd7dc279434e436de798c3a4b/detection f8ddcc.com vvg2rt.top 119srv.lawrencework.com uaa.vvg2rt.top wss.f8ddcc.com kolunite.oss-ap-southeast-7.aliyuncs.com # Reference: https://blog.cloudflare.com/malicious-redalert-rocket-alerts-application-targets-israeli-phone-calls-sms-and-user-information/ # Reference: https://otx.alienvault.com/pulse/652e97f29e476b423d10aeae # Reference: https://www.virustotal.com/gui/file/5087a896360f5d99fbf4eb859c824d19eb6fa358387bf6c2c5e836f7927921c5/detection http://23.254.228.135 redalert.me redalerts.me # Reference: https://securelist.com/spyware-whatsapp-mod/110984/ 3ssem.com android-soft-store.com application-marketing.com goldnwhats.app omarwhats.app watsabplusgold.com whats-mate.com whats-mate.net whats-media.com whats-mydns.com whats-mydns.net whats-vpn.com whats-vpn.net whatsagold.app whatsgold.app whatsupdates.com # Reference: https://www.welivesecurity.com/en/eset-research/beware-predatory-fintech-loan-sharks-use-android-apps-reach-new-depths/ # Reference: https://otx.alienvault.com/pulse/657085f982e8bd03f9491513 ag.ahymvoxxg.com ahymvoxxg.com amorcash.com api.yumicash.com apitai.coccash.com bhvbhgvh.space cashwow.club coccash.com cy.amorcash.com easycredit-app.com eg.easycredit-app.com guayabacash.com hwpamjvk.whcashph.com iu.iuuaufbt.com iuuaufbt.com kk.softheartlend2.com la6gd.cashwow.club mpx.mpxoptim.com mpxoptim.com oy.oyeqctus.com pss.aakredit.in qt.qtzhreop.com qtzhreop.com rest.bhvbhgvh.space softheartlend2.com whcashph.com yumicash.com # Reference: https://twitter.com/banthisguy9349/status/1733450703853474102 # Reference: https://www.virustotal.com/gui/ip-address/66.29.132.194/relations apk1.shop apk4like.online apk4love.xyz apk4mobile.com follow4apk.com getmodapk.site nowtoapps.com # Reference: https://www.malwarebytes.com/blog/threat-intelligence/2023/12/malvertisers-zoom-in-on-cryptocurrencies-and-initial-access # Reference: https://otx.alienvault.com/pulse/65817e4c05cbf5d0fa336908 2311foreign.xyz info-zoomapp.com promoapp-zoom.com scheta.site windows-rars.shop winkos.net youstorys.com zoom-us.tech zoommaster.life zoomnewsonly.site api.huntingpanel.link huntingpanel.link z00nn.one-platform-to-connect.group one-platform-to-connect.group aksdquwrqr.onelink.me arnold.onelink.me desktop-client.onelink.me mmozl.onelink.me notetrest.onelink.me ntcrgfmmc3.onelink.me putin-777.onelink.me 169-zoona32.onelink.me slovo-pacana.onelink.me zoomus.onelink.me zoromonm.onelink.me # Reference: https://twitter.com/ybspro_official/status/1735180819323662398 imtokenx.cc # Reference: https://twitter.com/ybspro_official/status/1734449588852175224 imtokenx.life # Reference: https://www.virustotal.com/gui/ip-address/142.171.142.102/relations imtokean.info imtokenm.info imtokenn.top imtokenu.cc imtokken.top imtokken.vip imtooken.pro imttoken.xyz mathwallets.link mathwallets.top dl.imtokean.info dl.imtokenm.info dl.imtokenn.top dl.imtokenu.cc dl.imtokken.top dl.imtooken.pro dl.imttoken.xyz # Reference: https://www.virustotal.com/gui/domain/imtoken-td.org/relations imtoken-td.org # Reference: https://www.virustotal.com/gui/ip-address/103.149.92.3/relations imtokens.top cn.imtokens.top pay.imtokens.top py.imtokens.top trc.imtokens.top # Reference: https://www.virustotal.com/gui/ip-address/199.59.243.225/relations imtoken.gives imtoken.golf imtoken.pics imtoken-ap.plus imtoken-dt.org imtoken-iu.org imtoken-up.org imtoken-ya.top imtoken-yd.top # Reference: https://twitter.com/malwrhunterteam/status/1752675266852196600 # Reference: https://www.virustotal.com/gui/ip-address/103.94.235.26/relations # Reference: https://www.virustotal.com/gui/ip-address/45.150.55.10/relations # Reference: https://www.virustotal.com/gui/ip-address/50.117.71.245/relations # Reference: https://www.virustotal.com/gui/file/d2bc5752af31dd0078b4d4077d26df95014d261dd4ac1fe40cd8a089891bd653/detection 78dugo.vip ae82.icu aitou66.top aizhua8.top ak68.icu anba666.top ancien.vip anfu888.top anju666.top ankua88.top anmei88.top anpao66.top anshou6.top ap51.icu auto82.top av33.icu ba29.icu ba66666.top bamao88.top banun66.top bapei8.vip bed6666.top benxi8.vip bf21.icu bijie66.top bo92.icu brfwz8.vip bt88.icu build66.top by82.icu caban8.vip cadie8.vip camian.vip catie88.top catu888.top ccno888.top ce82.icu cefen8.vip cezuan.vip cezui8.vip cqkyst6.top cuilvd.vip cy021.icu cyber88.top dashei8.top dekai88.top derong8.top deruan8.top dete88.vip dx8888.vip dzc14.top eemmfm.vip exit888.top file88.vip ftaqwl.space gbs62.top gddx16.vip gexian8.top gz8888.vip haiche8.top hege888.top heliao8.top henao88.top hnxync.vip homepa.vip hun6666.top jackd.online jiu900.icu jkweb252.top jkweb255.top kangal.vip kcf56.top kljgs.icu launch8.top loans8.vip mi88888.top miss888.top mnz81.top moved88.top mws-ch.vip name8v.vip nkbvvy.vip nulltx.vip pack88.vip pifen88.top psc37.top qa8888.vip qiche9.top qpz86.top qxsvgq.vip rekan88.top runvip.vip rykdqh.vip scfqfp.vip sdbz666.top sdcxgs.icu sks64.top soccer8.top source6.top szlion.vip tempsstr.top three66.top toimken.im tqp88.top trust88.top uhuycz.vip vmy37.top vvrrfr.vip wcd26.top wspwsn.vip wvbftb.vip wxq59.top xiangx8.top xidesh.vip ybx48.top yfsvqg.vip yzuvzg.vip za8888.vip zgmcw8.vip ztk74.top api.jkweb255.top # Reference: https://www.virustotal.com/gui/file/e16e08a148ea96861c3b16d9183de25847c0b9641301acf6df8a3bf2bbed57ec/detection prime-official-app.com # Reference: https://www.virustotal.com/gui/file/f5411c21760c5b2e2564de72e433b8a32328c06e49de965cb3c090a000924d24/detection im-apk.net imtoken-m.net imtoken-oe.org imtoken.i98.xyz imtoken.la lmtokenapp.co matemank.io matemsak.com metamank.io metamask-dl.com metamask.i98.xyz metamask-cn.i98.xyz metamassk.cc metamesk.me metemesk.io metnmask.io super888.icu teltalkapps.com tokenim-n.com tokenpocknt.pro wallet.i98.xyz xl.super888.icu xsing.super888.icu # Reference: https://twitter.com/malwrhunterteam/status/1759715897952944310 # Reference: https://www.virustotal.com/gui/ip-address/47.245.10.81/relations # Reference: https://www.virustotal.com/gui/ip-address/47.74.27.168/relations # Reference: https://www.virustotal.com/gui/file/2b1dbeee83909e73ea42965278edf02ee6ed39cf479e4c68f6522599880d2753/detection 47.245.10.81:10900 47.245.10.81:8090 easy111.vip # Reference: https://www.virustotal.com/gui/ip-address/45.150.55.204/relations # Reference: https://www.virustotal.com/gui/file/1352ad4b728731180ba84efdecaf0bde6daa615f2b1795b9c23363f14b05724a/detection jepkjhgj.cyou api.jepkjhgj.cyou apk.jepkjhgj.cyou # Reference: https://www.virustotal.com/gui/file/0c756d8b33051e97877181047e1f953cf4d171b84e014d680bba4fe1f869d04d/detection 103.94.235.26:8282 # Reference: https://twitter.com/malwrhunterteam/status/1758920185929400671 # Reference: https://www.virustotal.com/gui/file/cea45e46102a95428a9807308a63fc71f0ac60654ba92e140a63a710e146c1c0/detection jackd.cc # Reference: https://twitter.com/banthisguy9349/status/1782462152894259585 # Reference: https://twitter.com/banthisguy9349/status/1782462798888337813 # Reference: https://twitter.com/banthisguy9349/status/1782465982507766263 http://103.150.8.126 http://107.148.56.145 http://172.93.188.25 http://18.167.192.37 http://18.167.228.144 http://185.200.64.156 http://194.41.59.28 http://20.249.58.107 http://47.238.177.190 http://47.238.201.200 http://47.242.79.154 http://47.243.63.221 http://91.92.243.122 http://91.92.243.123 http://91.92.243.124 http://91.92.243.183 http://91.92.243.184 # Reference: https://twitter.com/banthisguy9349/status/1782463327261819293 # Reference: https://twitter.com/banthisguy9349/status/1782462941121388860 http://91.92.247.240 http://91.92.247.241 # Reference: https://twitter.com/banthisguy9349/status/1782462941121388860 http://91.92.242.45 # Reference: https://twitter.com/androidmalware2/status/1782672040933114082 # Reference: https://www.virustotal.com/gui/file/f9d9a7bc29b66f62cec12fd276376d58e0a6731dc04268ffa4dc618e7a479f8b/detection immm.dev api.immm.dev # Reference: https://twitter.com/banthisguy9349/status/1782474404066136167 # Reference: https://urlhaus.abuse.ch/host/sportvision.app/ sportvision.app # APK /KDCA.apk /TrustWallet.apk