forked from stamparm/maltrail
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathandroid_roamingmantis.txt
18748 lines (17404 loc) · 315 KB
/
android_roamingmantis.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission
# Aliases: roamingmantis, xloader, fakecop, fakenocam, fakespy, moqhao, xighost
# Reference: https://securelist.com/roaming-mantis-uses-dns-hijacking-to-infect-android-smartphones/85178/
haoxingfu01.ddns.net
shaoye11.hopto.org
# Reference: https://securelist.com/roaming-mantis-part-iv/90332/
# Reference: https://otx.alienvault.com/pulse/5ca537055fe8d2200c37306e
# Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/new-version-of-xloader-that-disguises-as-android-apps-and-an-ios-profile-holds-new-links-to-fakespy/
# Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/a-look-into-the-connection-between-xloader-and-fakespy-and-their-possible-ties-with-the-yanbian-gang/
# Reference: https://securityaffairs.co/wordpress/83317/breaking-news/xloader-6-twitter.html
# Reference: https://twitter.com/NaomiSuzuki_/status/1139099288682635264
# Reference: https://twitter.com/sepi140/status/1144053834894864387
# Reference: https://twitter.com/ninoseki/status/1194033007008444418
ffakecg.com
files.spamo.jp
759383.com
711231.com
923525.com
923915.com
975685.com
1.169.203.48:28855
1.171.156.182:28844
104.160.191.190:8822
114.43.155.227:28855
118.168.130.236:28855
125.227.174.35:28855
171.244.33.162:28844
220.136.39.1:28855
220.136.47.169:28855
220.136.49.137:28855
61.230.204.87:28833
61.230.204.87:28855
61.230.205.122:28833
61.230.205.122:28844
61.230.205.122:28855
61.230.205.132:28833
61.230.205.132:28844
61.230.205.132:28855
61.230.204.87:28844
61.230.210.228:28855
http://38.27.99.11/xvideo/
# Reference: https://twitter.com/ninoseki/status/1115061669929992192
softbank-b.com
id-auone.com
# Reference: https://twitter.com/naomisuzuki_/status/1104603448580833281
174.139.10.106:81
# Reference: http://vxcube.com/tools/domain/nttdocomo-ki.com/relate_iocs
softbank-c.com
# Reference: http://vxcube.com/tools/domain/softbank-c.com/relate_iocs
a-sagawa.com
# Reference: https://twitter.com/JayTHL/status/1145181603259387904
# Reference: https://twitter.com/NaomiSuzuki_/status/1144905331337768961
# Reference: https://www.virustotal.com/gui/ip-address/23.234.51.104/relations
# Reference: https://www.virustotal.com/gui/ip-address/104.143.94.206/relations
# Reference: https://twitter.com/NaomiSuzuki_/status/1145172884379193344
# Reference: https://www.virustotal.com/gui/ip-address/104.194.219.46/relations
# Reference: https://www.virustotal.com/gui/ip-address/23.234.51.106/relations
# Reference: https://twitter.com/NaomiSuzuki_/status/1144461927193513985
# Reference: https://www.virustotal.com/gui/ip-address/104.143.94.203/relations
# Reference: https://www.virustotal.com/gui/ip-address/104.143.94.204/relations
# Reference: https://www.virustotal.com/gui/ip-address/23.234.51.110/relations
# Reference: https://www.virustotal.com/gui/ip-address/23.234.51.111/relations
# Reference: https://www.virustotal.com/gui/ip-address/23.234.51.113/relations
# Reference: https://www.virustotal.com/gui/ip-address/23.234.51.114/relations
# Reference: https://www.virustotal.com/gui/ip-address/23.234.51.119/relations
# Reference: https://www.virustotal.com/gui/ip-address/23.234.51.121/relations
# Reference: https://www.virustotal.com/gui/ip-address/23.234.51.127/relations
# Reference: https://www.virustotal.com/gui/ip-address/23.234.51.128/relations
# Reference: https://twitter.com/NaomiSuzuki_/status/1141595796762050560
# Reference: https://www.virustotal.com/gui/ip-address/66.11.117.67/relations
# Reference: https://www.virustotal.com/gui/ip-address/66.11.117.68/relations
# Reference: https://www.virustotal.com/gui/ip-address/66.11.117.69/relations
# Reference: https://www.virustotal.com/gui/ip-address/66.11.117.70/relations
# Reference: https://twitter.com/NaomiSuzuki_/status/1141332232214175744
# Reference: https://www.virustotal.com/gui/ip-address/45.58.61.5/relations
# Reference: https://www.virustotal.com/gui/ip-address/23.234.51.253/relations
# Reference: https://www.virustotal.com/gui/ip-address/23.234.51.75/relations
# Reference: https://twitter.com/NaomiSuzuki_/status/1140486071915962368
# Reference: https://www.virustotal.com/gui/ip-address/174.139.49.108/relations
# Reference: https://www.virustotal.com/gui/ip-address/67.229.196.130/relations
# Reference: https://www.virustotal.com/gui/ip-address/67.229.196.131/relations
# Reference: https://www.virustotal.com/gui/ip-address/67.229.196.132/relations
# Reference: https://www.virustotal.com/gui/ip-address/67.229.196.133/relations
# Reference: https://www.virustotal.com/gui/ip-address/67.229.196.134/relations
# Reference: https://www.virustotal.com/gui/ip-address/67.229.228.67/relations
# Reference: https://www.virustotal.com/gui/ip-address/67.229.228.68/relations
# Reference: https://www.virustotal.com/gui/ip-address/67.229.228.69/relations
# Reference: https://www.virustotal.com/gui/ip-address/67.229.228.70/relations
# Reference: https://www.virustotal.com/gui/ip-address/185.114.225.121/relations
# Reference: https://www.virustotal.com/gui/ip-address/192.236.200.43/relations
# Reference: https://www.virustotal.com/gui/ip-address/192.236.200.44/relations
# Reference: https://www.virustotal.com/gui/ip-address/192.236.200.46/relations
# Reference: https://twitter.com/NaomiSuzuki_/status/1145647256122482689
# Reference: https://twitter.com/NaomiSuzuki_/status/1145676619920470016
# Reference: https://twitter.com/NaomiSuzuki_/status/1147414997141577728
# Reference: https://twitter.com/NaomiSuzuki_/status/1147504563584294912
# Reference: https://twitter.com/NaomiSuzuki_/status/1150663929351135232
# Reference: https://twitter.com/NaomiSuzuki_/status/1150758062589743104
# Reference: https://twitter.com/NaomiSuzuki_/status/1132842777564180480
# Reference: https://twitter.com/NaomiSuzuki_/status/1151749950616698881
# Reference: https://twitter.com/NaomiSuzuki_/status/1151714965964906496
fril-jp.xyz
a-sagawa.cn
r-softbank.com
s-softbank.com
t-softbank.com
u-softbank.com
w-softbank.com
y-softbank.com
z-softbank.com
104.143.94.203:81
104.143.94.204:81
104.143.94.205:81
104.143.94.206:81
104.194.219.43:81
104.194.219.44:81
104.194.219.45:81
104.194.219.46:81
137.175.79.26:81
174.139.49.108:81
174.139.49.109:81
185.114.225.121:81
192.236.200.42:81
192.236.200.43:81
192.236.200.44:81
192.236.200.46:81
45.12.206.233:81
45.58.61.5:81
45.83.140.132:81
51.68.251.30:81
66.11.117.67:81
66.11.117.68:81
66.11.117.69:81
66.11.117.70:81
67.229.165.163:81
67.229.196.130:81
67.229.196.131:81
67.229.196.132:81
67.229.196.133:81
67.229.196.134:81
67.229.228.67:81
67.229.228.68:81
67.229.228.69:81
67.229.228.70:81
89.35.39.233:81
# Reference: https://twitter.com/NaomiSuzuki_/status/1148443453438611456
# Reference: https://twitter.com/NaomiSuzuki_/status/1149671856288305152
# Reference: https://twitter.com/NaomiSuzuki_/status/1150281094308044800
# Reference: https://twitter.com/NaomiSuzuki_/status/1190135139260518400
# Reference: https://twitter.com/NaomiSuzuki_/status/1192285001309573121
security[a-z]{3}\-[a-z]{3,5}\.top
# Reference: https://twitter.com/NaomiSuzuki_/status/1142112093765697536
softbank-if.com
# Reference: https://www.virustotal.com/gui/domain/myau-it.com/relations
myau-it.com
# Reference: https://twitter.com/NaomiSuzuki_/status/1152594740681924608
sagawa.online
# Reference: https://twitter.com/ninoseki/status/1153560258385600513
myau-pk.com
# Reference: https://twitter.com/papa_anniekey/status/1153275407107416064
id-securitys.com
myauaz.com
# Reference: https://twitter.com/ninoseki/status/1154187270443769856
myau-tk.com
mysoftbank-yd.com
# Reference: https://twitter.com/ninoseki/status/1155341234933682177
myau-iv.com
# Reference: https://twitter.com/ninoseki/status/1156053482400432129
myau-iej.com
# Reference: https://twitter.com/ninoseki/status/1158253859388526594
220.136.221.176:28866
220.136.221.176:38876
# Reference: https://twitter.com/ninoseki/status/1160454983885574145
starspacegames.com
# Reference: https://twitter.com/ninoseki/status/1160459178449625088
lhbd666.com
六合宝典666.com
xn--666-xw1e1b58vhor.com
# Reference: https://twitter.com/NaomiSuzuki_/status/1160890581180014595
a.bb-bb.top
# Reference: https://twitter.com/NaomiSuzuki_/status/1164491384939696128
a111a.top
# Reference: https://twitter.com/ninoseki/status/1165139382166147073
6666.sk
hd7669.com
jx668.com
bnbnyou.com
98238001.com
gqs1.com
yhkjjm.com
# Reference: https://twitter.com/NaomiSuzuki_/status/1166964963501432832
a12c.top
# Reference: https://twitter.com/NaomiSuzuki_/status/1167721457251569666
a12b.top
# Reference: https://twitter.com/ninoseki/status/1167670614968164355
88mu.cc
5975h.cc
# Reference: https://twitter.com/papa_anniekey/status/1171239626205302784
# Reference: https://twitter.com/NaomiSuzuki_/status/1168455483767738368
# Reference: https://twitter.com/NaomiSuzuki_/status/1168782925057290240
# Reference: https://twitter.com/NaomiSuzuki_/status/1169158271141326850
# Reference: https://twitter.com/papa_anniekey/status/1169138764033265674
# Reference: https://twitter.com/NaomiSuzuki_/status/1169520889152425984
# Reference: https://twitter.com/NaomiSuzuki_/status/1169885475089203201
# Reference: https://twitter.com/NaomiSuzuki_/status/1170316840851005441
# Reference: https://twitter.com/NaomiSuzuki_/status/1170624787258867712
# Reference: https://twitter.com/NaomiSuzuki_/status/1170943660994654208
# Reference: https://twitter.com/NaomiSuzuki_/status/1171333123168059392
# Reference: https://twitter.com/papa_anniekey/status/1171239629447520263
# Reference: https://twitter.com/NaomiSuzuki_/status/1154324406413352960
a123a.top
b123b.top
c123c.top
d123d.top
e123.top
e123e.top
f123f.top
g123g.top
h123h.top
i123i.top
j123j.top
k123k.top
l123l.top
m123m.top
n123n.top
o123o.top
p123p.top
q123q.top
r123r.top
s123t.top
t123t.top
u123u.top
v123v.top
w123w.top
x123x.top
y123y.top
z123z.top
# Reference: https://twitter.com/ninoseki/status/1168498290859507713
# Reference: https://twitter.com/ninoseki/status/1168692529937567744
http://172.247.209.5
http://23.224.190.99
# Reference: https://twitter.com/ninoseki/status/1172412415834611713
myaccount-w.com
# Reference: https://twitter.com/NaomiSuzuki_/status/1174222105141010437
a234a.top
b234b.top
c234c.top
d234d.top
e234e.top
f234f.top
g234g.top
h234h.top
i234i.top
j234j.top
k234k.top
l234l.top
m234m.top
n234n.top
o234o.top
p234p.top
q234q.top
r234r.top
s234t.top
t234t.top
u234u.top
v234v.top
w234w.top
x234x.top
y234y.top
z234z.top
# Reference: https://twitter.com/NaomiSuzuki_/status/1177142538022477824
a345a.top
b345b.top
c345c.top
d345d.top
e345e.top
f345f.top
g345g.top
h345h.top
i345i.top
j345j.top
k345k.top
l345l.top
m345m.top
n345n.top
o345o.top
p345p.top
q345q.top
r345r.top
s345t.top
t345t.top
u345u.top
v345v.top
w345w.top
x345x.top
y345y.top
z345z.top
# Reference: https://twitter.com/NaomiSuzuki_/status/1185808968980938752
a456a.top
b456b.top
c456c.top
d456d.top
e456e.top
f456f.top
g456g.top
h456h.top
i456i.top
j456j.top
k456k.top
l456l.top
m456m.top
n456n.top
o456o.top
p456p.top
q456q.top
r456r.top
s456t.top
t456t.top
u456u.top
v456v.top
w456w.top
x456x.top
y456y.top
z456z.top
# Reference: https://twitter.com/NaomiSuzuki_/status/1189438789845782529
a567a.top
b567b.top
c567c.top
d567d.top
e567e.top
f567f.top
g567g.top
h567h.top
i567i.top
j567j.top
k567k.top
l567l.top
m567m.top
n567n.top
o567o.top
p567p.top
q567q.top
r567r.top
s567t.top
t567t.top
u567u.top
v567v.top
w567w.top
x567x.top
y567y.top
z567z.top
a678a.top
b678b.top
c678c.top
d678d.top
e678e.top
f678f.top
g678g.top
h678h.top
i678i.top
j678j.top
k678k.top
l678l.top
m678m.top
n678n.top
o678o.top
p678p.top
q678q.top
r678r.top
s678t.top
t678t.top
u678u.top
v678v.top
w678w.top
x678x.top
y678y.top
z678z.top
a789a.top
b789b.top
c789c.top
d789d.top
e789e.top
f789f.top
g789g.top
h789h.top
i789i.top
j789j.top
k789k.top
l789l.top
m789m.top
n789n.top
o789o.top
p789p.top
q789q.top
r789r.top
s789t.top
t789t.top
u789u.top
v789v.top
w789w.top
x789x.top
y789y.top
z789z.top
# Reference: https://twitter.com/NaomiSuzuki_/status/1181460727422275584
pkn3.com
yas89.com
# Reference: https://twitter.com/papa_anniekey/status/1183609041374703616
appp.men
# Reference: https://twitter.com/NaomiSuzuki_/status/1187619101914451968
kma28.com
# Reference: https://twitter.com/NaomiSuzuki_/status/1188356983881007104
cmp357.com
# Reference: https://twitter.com/ninoseki/status/1191975992648187904
wpk35.com
202.36.56.16:28846
# Reference: https://twitter.com/NaomiSuzuki_/status/1197538545654624256
bc567b.top
# Reference: https://twitter.com/ninoseki/status/1199838741503692800
tks35.com
# Reference: https://twitter.com/ninoseki/status/1200548112160284672
# Reference: https://twitter.com/ninoseki/status/1201012987307253761
au-lo.com
au-lu.com
nttdocomo-lu.com
# Reference: https://twitter.com/malwaretracekr/status/1200331449414512640
21as61.club
6s55s.xyz
# Reference: https://twitter.com/malwaretracekr/status/1200367115875667968
3asd1f1h.monster
9s66f.xyz
# Reference: https://twitter.com/malwaretracekr/status/1199652183743950848
6s444.club
9s6g2.xyz
# Reference: https://twitter.com/Steam_Nostalgia/status/1198566148742103042
9s54h.club
9s55h.xyz
# Reference: https://twitter.com/ninoseki/status/1203938633905868801
au-ls.com
epos-ua.com
# Reference: https://twitter.com/ninoseki/status/1204971169658523649
# Reference: https://www.virustotal.com/gui/ip-address/1.171.162.250/relations
# Reference: https://www.virustotal.com/gui/ip-address/128.14.128.29/relations
1.171.162.250:33669
http://1.171.162.250
http://128.14.128.29
hanbokeji.cn
# Reference: https://twitter.com/ninoseki/status/1205096394991620096
asdf4y.xyz
# Reference: https://www.botconf.eu/wp-content/uploads/2019/12/B2019-Ishimaru-Niseki-Ogawa-Mantis.pdf
http://60.249.191.166
1.171.162.250:28844
45.32.29.33:11257
# Reference: https://twitter.com/ninoseki/status/1206885652119224320
jp-bankq.com
# Reference: https://twitter.com/ninoseki/status/1207532639814467585
au-xa.com
bank-securityw.com
# Reference: https://twitter.com/ninoseki/status/1208011887411023872
hsu3sg.xyz
# Reference: https://twitter.com/ninoseki/status/1208577085423308800
sty38.com
# Reference: https://www.virustotal.com/gui/ip-address/198.44.226.31/relations
198.44.226.31:80
# Reference: https://twitter.com/ninoseki/status/1210521775320137729
36ss5g.xyz
# Reference: https://twitter.com/NaomiSuzuki_/status/1211540720563056640
au-xk.com
# Reference: https://twitter.com/NaomiSuzuki_/status/1211183970043351041
au-xj.com
# Reference: https://twitter.com/io_sono_io_IT/status/1211919119836008448
au-xl.com
# Reference: https://twitter.com/NaomiSuzuki_/status/1213064251775913984
au-xz.com
# Reference: https://twitter.com/NaomiSuzuki_/status/1213399806883688448
au-xc.com
# Reference: https://twitter.com/NaomiSuzuki_/status/1213761825352769536
au-xv.com
# Reference: https://twitter.com/NaomiSuzuki_/status/1214140751296094208
au-xb.com
# Reference: https://twitter.com/ninoseki/status/1214748400588976128
au-xn.com
# Reference: https://twitter.com/NaomiSuzuki_/status/1214830731911819266
au-xm.com
# Reference: https://twitter.com/NaomiSuzuki_/status/1215536457508515840
au-os.com
# Reference: https://twitter.com/NaomiSuzuki_/status/1215900594365296641
au-od.com
# Reference: https://twitter.com/NaomiSuzuki_/status/1216256911399473154
au-of.com
# Reference: https://twitter.com/NaomiSuzuki_/status/1217321649353019396
au-oj.com
# Reference: https://twitter.com/NaomiSuzuki_/status/1218051566801784833
au-pk.com
# Reference: https://twitter.com/NaomiSuzuki_/status/1218418305607749632
au-pw.com
# Reference: https://twitter.com/NaomiSuzuki_/status/1218777939187093504
au-tqa.com
# Reference: https://twitter.com/ozuma5119/status/1215602022382047233
# Reference: https://otx.alienvault.com/pulse/5de7e1b56675ecc611a42504
support-01.info
# Reference: https://twitter.com/ninoseki/status/1197704676788985858
# Reference: https://www.virustotal.com/gui/ip-address/23.244.168.81/relations
# Reference: https://www.virustotal.com/gui/ip-address/23.245.238.121/relations
awn046.cn
bhe371.cn
dck347.cn
iya309.cn
mmp969.cn
tlt283.cn
vbe398.cn
zaf342.cn
# Reference: https://securelist.com/roaming-mantis-part-v/96250/
# Reference: https://otx.alienvault.com/pulse/5e580418c9e4bda93c1a013f
bk-securityo.com
jp-bankq.com
# Reference: https://twitter.com/ninoseki/status/1233167156163960832/photo/2
99qzw.com
# Reference: https://www.virustotal.com/gui/domain/cat-tw.top/relations
cat-tw.top
# Reference: https://twitter.com/papa_anniekey/status/1239430027768254466
# Reference: https://www.virustotal.com/gui/ip-address/216.198.66.107/relations
post-a.top
post-ch.top
upsp-us.top
# Reference: https://twitter.com/papa_anniekey/status/1196688209779908609
sagawae-xp.gnway.cc
sagawa-exp.gnway.cc
sagawajp.gnway.cc
sagawar.gnway.cc
sagawexp.gnway.cc
# Reference: https://twitter.com/papa_anniekey/status/1182330797887381504
post-c.top
# Reference: https://twitter.com/dhana93884812/status/1179719975046541313
kuronekoyamat.com
# Reference: https://twitter.com/ninoseki/status/1105743867725246464
saga-wa.jp
# Reference: https://twitter.com/ninoseki/status/1102147510728941568
sa-sagawa.com
# Reference: https://twitter.com/ninoseki/status/1244554701355372544
post-a.top
post-ch.top
swiz.club
# Reference: https://twitter.com/ReBensk/status/1169166828427309056
107474h.com
512000.top
# Reference: https://twitter.com/ReBensk/status/1168935195397017600
yuanchuang0088.com
# Reference: https://twitter.com/LukasStefanko/status/1253663677653438466
y-f.top
# Reference: https://twitter.com/ninoseki/status/1253965276678254594
nzpost-co.com
# Reference: https://www.virustotal.com/gui/ip-address/154.13.28.213/relations
http://154.13.28.213
# Reference: https://www.virustotal.com/gui/domain/royalmaill.top/relations
royalmaill.top
# Reference: https://www.virustotal.com/gui/domain/royamai.top/relations
royamai.top
# Reference: https://www.virustotal.com/gui/ip-address/216.198.66.107/relations
216.198.66.107:81
# Reference: https://twitter.com/ninoseki/status/1254654834315153408
smbccoj.pl
# Reference: https://twitter.com/NaomiSuzuki_/status/1255054752649375744
hasbetsx.tumblr.com
# Reference: https://twitter.com/ninoseki/status/1255081274760257538
genmaa.club
# Reference: https://twitter.com/NaomiSuzuki_/status/1255464330499416066
hsbpp.tumblr.com
# Reference: https://twitter.com/NaomiSuzuki_/status/1255753578381111296
haxsp.tumblr.com
# Reference: https://twitter.com/NaomiSuzuki_/status/1256103577237417985
hsneg.tumblr.com
# Reference: https://dev.re.kr/21 (Korean)
starbank-kb.com
# Reference: https://twitter.com/NaomiSuzuki_/status/1256864750878654464
hptbs.tumblr.com
# Reference: https://twitter.com/NaomiSuzuki_/status/1257242769937985536
rpxxs.tumblr.com
# Reference: https://twitter.com/malwaretracekr/status/1257923672808943617
hsnebgs.tumblr.com
# Reference: https://twitter.com/malwaretracekr/status/1257019568381235200
# Reference: https://www.virustotal.com/gui/ip-address/154.209.18.111/relations
cj-sep.com
cj-seq.com
cj-ser.com
cj-set.com
cj-sew.com
cj-sey.com
kr-hp.com
# Reference: https://twitter.com/ninoseki/status/1257468685758824448
# Reference: https://www.virustotal.com/gui/ip-address/154.223.51.111/relations
154.223.51.111:28866
# Reference: https://twitter.com/NaomiSuzuki_/status/1259808122295644160
rewrer.ddns.net
# Reference: https://twitter.com/NaomiSuzuki_/status/1260112681203167232
daswe.chickenkiller.com
sdawqe.myddns.rocks
# Reference: https://www.virustotal.com/gui/ip-address/154.223.144.251/relations
dsfsfew.duckdns.org
fgrrek.ddns.net
# Reference: https://twitter.com/ninoseki/status/1261124943854485504
# Reference: https://twitter.com/NaomiSuzuki_/status/1261196866739245057
# Reference: https://twitter.com/NaomiSuzuki_/status/1261232751182622721
# Reference: https://www.virustotal.com/gui/ip-address/154.202.14.80/relations
japan-001.xyz
jnb-sh.com
jnb-sk.com
jnb-sp.com
# Reference: https://twitter.com/NaomiSuzuki_/status/1261553440645279745
smbc-wa.com
# Reference: https://twitter.com/NaomiSuzuki_/status/1266615370292453376
smbc-wv.com
# Reference: https://twitter.com/NaomiSuzuki_/status/1268463902297186305
smbc-pa.com
# Reference: https://twitter.com/malwaretracekr/status/1264800587645779969
103.93.79.200:9418
http://116.89.240.171
i-cloudsbox.com
# Reference: https://twitter.com/ninoseki/status/1268839497598267392
jnb-ma.com
# Reference: https://twitter.com/malwaretracekr/status/1268867896140165120
meryse.net
tablew.net
# Reference: https://twitter.com/NaomiSuzuki_/status/1270243219716968448
jnb-md.com
# Reference: https://twitter.com/KesaGataMe0/status/1419901582322200578
nttdoc.info
smbc-co.live
smt-docomo.top
smt-ntt.club
smt-ntt.icu
smt-nttd.shop
smt-nttd.top
smt-doc.com
# Reference: https://twitter.com/KesaGataMe0/status/1420276787360145410
smbc.life
# Reference: https://twitter.com/KesaGataMe0/status/1420277166676135940
mufgdcep.com
# Reference: https://twitter.com/KesaGataMe0/status/1420277672450564097
nttdocomo.buzz
# Generic trails
^[a-z]{1}\-[a-z]{1,3}\.top$
^[a-z]{2}\-[a-z]{2,3}\.(top|club)$
www\.[a-z]{1}\-[a-z]{1,3}\.top$
www\.[a-z]{2}\-[a-z]{2,3}\.(top|club)$
apple\-icloud\.[a-z]{3}\-japan\.com
\b(au|cat|aegin|aiful|amazon|bkuses|bnk|cadillac|cegin|cfng|chengdu|cloudsbox|correos|dachang|davk|dkpos(r|t)|docmojp|docomo|epos|gdaida|gdc|guang|faa|hkpost|inuires|jibun|jnb|jpnbk|jpot|jppost|kinggate|kuroneko|kuronekoyamato|lakealsa|mailsa|manga|mizuho|mooma|myau|mydocomo|mu[fgwz]{1,3}|jibun|jpjt|neabk|nbetbk|nebbk|netbk|netatar|netctar|njfp|nittsu|nnissen|nttdocomo|b?post|post[e,i]|postfi|post-?nord|postonrd|postch|qiangmei|rakuten|nzpost|sa(g|w)a(g|w)a|samurai|sasekr|sepost|sgw|shizuokacity|sing-?post|smbc|smtb|smyoga|soiwgaw|srnbc|i?soft{0,1}b(a|o)nk|starbank|suyan|upsp|wygm|xinheli|yamato|yang|ydc|yunice|yxhs)\-[a-z0-9]{1,4}\.(buzz|cn|co|club|com|icu|live|me|one|shop|top|xyz)$
\b[a-z0-9]{1,3}\-(aegin|aiful|amazon|bkuses|bnk|cadillac|cegin|cfng|chengdu|cloudsbox|correos|dachang|davk|dkpos(r|t)|docmojp|docomo|epos|gdaida|gdc|guang|faa|hkpost|inuires|jibun|jnb|jpnbk|jpot|jppost|kinggate|kuroneko|kuronekoyamato|lakealsa|mailsa|manga|mizuho|mooma|myau|mydocomo|mu[fgzw]{1,3}|jibun|jpjt|neabk|nbetbk|nebbk|netbk|netatar|netctar|njfp|nittsu|nnissen|nttdocomo|nzpost|b?post|post[e,i]|postfi|post-?nord|postonrd|postch|qiangmei|rakuten|sa(g|w)a(g|w)a|samurai|sasekr|sepost|sgw|shizuokacity|sing-?post|smbc|smtb|smyoga|soiwgaw|srnbc|i?soft{0,1}b(a|o)nk|starbank|suyan|upsp|wygm|xinheli|yamato|yang|ydc|yunice|yxhs)\.(buzz|cn|co|club|com|icu|live|me|one|shop|top|xyz)$
/apk_b.php
/phoneyzm.php
/sg/phone.php
# APK trails
/apnlodswd.apk
/aubkewnbkm.apk
/bbvezcscub.apk
/brsvawbvly.apk
/C2021317.apk
/chatting.apk
/chromeapp.apk
/citibank.apk
/Correos.apk
/Correos-0.apk
/Correos-1.apk
/Correos-2.apk
/Correos-3.apk
/Correos-4.apk
/Correos-5.apk
/Correos-6.apk
/Correos-7.apk
/Correos-8.apk
/Correos-9.apk
/cyber.apk
/DHL_Paket.apk
/Die-Post.apk
/DiePost.apk
/depost.apk
/diepost.apk
/DOC2024.apk
/docomo.apk
/dYyTgV.apk
/epost.apk
/fakespy.apk
/fedex.apk
/funkybot.apk
/fwauwzlwq.apk
/G2021317.apk
/Goole_Service.apk
/Google%20Play.apk
/gp0330.apk
/gzgfzvdbwi.apk
/japanpost.apk
/jppost.apk
/jt.apk
/KB.apk
/KB2.0.apk
/kbmqvdwflf.apk
/kbstar.apk
/KDDI.apk
/KDDI2024.apk
/KDDI%20Security.apk
/KDDISecurity.apk
/kuronekoyamato.apk
/lineck.apk
/mabich.apk
/mfinqpnyimml.apk
/miruhlmrz.apk
/moa.apk
/mzykzru.apk
/nqfjfypfmj.apk
/nttdocomo.apk
/NTTsecurity.apk
/ohlrvyz.apk
/OmaPosti.apk
/photo.apk
/post.apk
/poste.apk
/Posti.apk
/PostNord.apk
/pqmahywx.apk
/qmfinqpnyimml.apk
/qkbdkhsxcdrqwiasmdo.apk
/rlpnylbluy.apk
/rosolhvtig.apk
/royal.apk
/RoyalMail.apk
/sagawa.apk
/sagawa1.apk
/sagawa0.0.0.apk
/sagawa3.5.9.apk
/sagawa3.6.2.apk
/sbqdkw.apk
/sguard.apk
/signed10317c.apk
/shinhan.apk
/SingPost.apk
/smartcat.apk
/Softbank2023.apk
/Softbank2024.apk
/Swiss%20Post.apk
/uuocrteytw.apk
/chrome.apk
/chrome_bate.apk
/chrome1.0.7.apk
/yamato.apk
/yjkrtyjhe.apk
/ykvfcdselh.apk
/zIMh1.apk
/英10文字.apk
/음성지원.apk
/갤러리.apk
/ファイル名不定.apk
/%E3%81%82%E3%82%93%E3%81%97%E3%82%93%E3%82%BB%E3%82%AD%E3%83%A5%E3%83%AA%E3%83%86%E3%82%A3.apk
# Rogue DNS servers
# Reference: https://securelist.com/roaming-mantis-part-iv/90332/
# Reference: https://twitter.com/ninoseki/status/1106842790351106048
# Reference: https://twitter.com/ninoseki/status/1150379897820332032
# Reference: https://twitter.com/ninoseki/status/1127109264877600768
# Reference: https://drive.google.com/file/d/12TaMKqqjkr_r3iq3LbPcGc6LKv2k1Hmw/view
# Reference: https://twitter.com/ninoseki/status/1156038231172894721