$TTL 300
@ SOA localhost. root.localhost. 1716041043211 43200 3600 259200 300
  NS  localhost.
;
; Various telemetry endpoints (hosts and domains) used by mobile location tracking libraries
; Contact: mobiletrackers [at] protonmail.ch
; See: https://github.com/craiu/mobiletrackers/
; Version 1.46 - 2024-02-07
;
; xmodesocial - e65912e897bd9e6f41865a8ab0eb9b15fef4bc0af68eb8217f5360fb1c53f423 - 13.1Trainer_95.19-.apk
amazonaws.com CNAME .
*.amazonaws.com CNAME .
; unknown, possibly xmodesocial - e65912e897bd9e6f41865a8ab0eb9b15fef4bc0af68eb8217f5360fb1c53f423 - 13.1Trainer_95.19-.apk
amazonaws.com CNAME .
*.amazonaws.com CNAME .
; unknowns - e65912e897bd9e6f41865a8ab0eb9b15fef4bc0af68eb8217f5360fb1c53f423 - 13.1Trainer_95.19-.apk
smartechmetrics.com CNAME .
*.smartechmetrics.com CNAME .
firebaseio.com CNAME .
*.firebaseio.com CNAME .
wirelessregistry.com CNAME .
*.wirelessregistry.com CNAME .
; unknowns - 010f7bb33f35cc650b7d6104b07102eb0dbaf79bcec1f1c6255fdcaffefe6b68 - com.davidsukhin.com.sukhin.snowdaycalculator.SnowDay
; URLs below stored as base64 and encrypted xor 0x09 ->
elephantdata.net CNAME .
*.elephantdata.net CNAME .
bearclod.com CNAME .
*.bearclod.com CNAME .
;pDNS data for the IPs associated with atb.bearclod.com ->
bearclod.com CNAME .
*.bearclod.com CNAME .
bearclod.com CNAME .
*.bearclod.com CNAME .
bearclod.com CNAME .
*.bearclod.com CNAME .
bearclod.com CNAME .
*.bearclod.com CNAME .
bearclod.com CNAME .
*.bearclod.com CNAME .
bearclod.com CNAME .
*.bearclod.com CNAME .
bearclod.com CNAME .
*.bearclod.com CNAME .
bearclod.com CNAME .
*.bearclod.com CNAME .
bearclod.com CNAME .
*.bearclod.com CNAME .
bearclod.com CNAME .
*.bearclod.com CNAME .
; crashlytics - 4711634730d5367756bba4d776d846b01b8d0373336ea877a2c20b1da0a95477 - com.sgiggle.production_5.2.229629_1538560344.apk
crashlytics.com CNAME .
*.crashlytics.com CNAME .
crashlytics.com CNAME .
*.crashlytics.com CNAME .
; starbolt - cb9b9de8616e55849b9140e7915b2ba237818625828acfa55b59f5268f589e91 - com.kellytechnology.Forecast_Now
starbolt.io CNAME .
*.starbolt.io CNAME .
starbolt.io CNAME .
*.starbolt.io CNAME .
starbolt.io CNAME .
*.starbolt.io CNAME .
; sense360 ? - cb9b9de8616e55849b9140e7915b2ba237818625828acfa55b59f5268f589e91 - com.kellytechnology.Forecast_Now
sense360eng.com CNAME .
*.sense360eng.com CNAME .
sense360eng.com CNAME .
*.sense360eng.com CNAME .
sense360eng.com CNAME .
*.sense360eng.com CNAME .
; appmeasurement - cb9b9de8616e55849b9140e7915b2ba237818625828acfa55b59f5268f589e91 - com.kellytechnology.Forecast_Now
app-measurement.com CNAME .
*.app-measurement.com CNAME .
; newrelic - 2d4c9c037db43704f52968c9c363cbdf382cbb6a4b9143825f6e8b523b7c0c01 - com.crowdcompass.appmQaIam3e7C.apk
newrelic.com CNAME .
*.newrelic.com CNAME .
newrelic.com CNAME .
*.newrelic.com CNAME .
; Xiao mi related telemetry endpoints - see https://twitter.com/hookgab/status/1255859289945780225
xiaomi.com CNAME .
*.xiaomi.com CNAME .
xiaomi.com CNAME .
*.xiaomi.com CNAME .
xiaomi.com CNAME .
*.xiaomi.com CNAME .
miui.com CNAME .
*.miui.com CNAME .
miui.com CNAME .
*.miui.com CNAME .
miui.com CNAME .
*.miui.com CNAME .
; from https://twitter.com/cybergibbons/status/1256703550954057729
miui.com CNAME .
*.miui.com CNAME .
miui.com CNAME .
*.miui.com CNAME .
miui.com CNAME .
*.miui.com CNAME .
; new xmodesocial - from https://mobile.twitter.com/guardianiosapp/status/1262545645941874689
myendpoint.io CNAME .
*.myendpoint.io CNAME .
; aggressive advertisers - https://securelist.com/in-app-advertising-in-android/97065/
; 1eeda6306a2b12f78902a1bc0b7a7961 – com.android.ggtoolkit_tw_xd
; 134283b8efedc3d7244ba1b3a52e4a92  – com.xprodev.cutcam
; 3aba867b8b91c17531e58a9054657e10 – com.powerd.cleaner
domainforlite.com CNAME .
*.domainforlite.com CNAME .
domainforlite.com CNAME .
*.domainforlite.com CNAME .
; pDNS resolutions for uu.domainforlite.com, hosting on 47.252.80.195
hahamobi.com CNAME .
*.hahamobi.com CNAME .
hahamobi.com CNAME .
*.hahamobi.com CNAME .
salmonads.com CNAME .
*.salmonads.com CNAME .
salmonads.com CNAME .
*.salmonads.com CNAME .
funheroic.com CNAME .
*.funheroic.com CNAME .
luckyforworlds.com CNAME .
*.luckyforworlds.com CNAME .
requestads.com CNAME .
*.requestads.com CNAME .
smardroid.com CNAME .
*.smardroid.com CNAME .
adywind.com CNAME .
*.adywind.com CNAME .
mobpowertech.com CNAME .
*.mobpowertech.com CNAME .
hahamobi.com CNAME .
*.hahamobi.com CNAME .
salmonads.com CNAME .
*.salmonads.com CNAME .
salmonads.com CNAME .
*.salmonads.com CNAME .
; mobile ads, 2020-07-07, additions from https://securelist.com/pig-in-a-poke-smartphone-adware/97607/
ywupscsff.com CNAME .
*.ywupscsff.com CNAME .
mzeibiyr.com CNAME .
*.mzeibiyr.com CNAME .
infourl.net CNAME .
*.infourl.net CNAME .
jueoxdr.com CNAME .
*.jueoxdr.com CNAME .
doesxyz.com CNAME .
*.doesxyz.com CNAME .
getapiv8.com CNAME .
*.getapiv8.com CNAME .
icecyber.org CNAME .
*.icecyber.org CNAME .
404mobi.com CNAME .
*.404mobi.com CNAME .
51ginkgo.com CNAME .
*.51ginkgo.com CNAME .
lbjg7.com CNAME .
*.lbjg7.com CNAME .
bigdata800.com CNAME .
*.bigdata800.com CNAME .
warnlog.com CNAME .
*.warnlog.com CNAME .
thunup.com CNAME .
*.thunup.com CNAME .
; mintegral, 2020-08-30, described at: https://snyk.io/research/sour-mint-malicious-sdk/
systemlog.me CNAME .
*.systemlog.me CNAME .
rayjump.com CNAME .
*.rayjump.com CNAME .
rayjump.com CNAME .
*.rayjump.com CNAME .
; from pDNS on n.systemlog.me ->
cleverjp.com CNAME .
*.cleverjp.com CNAME .
; from fake NEXTALIVE (moonfair) application - https://www.zdnet.com/article/google-removes-android-app-that-was-used-to-spy-on-belarusian-protesters/
roimaster.site CNAME .
*.roimaster.site CNAME .
roimaster.site CNAME .
*.roimaster.site CNAME .
roimaster.site CNAME .
*.roimaster.site CNAME .
roimaster.site CNAME .
*.roimaster.site CNAME .
roimaster.site CNAME .
*.roimaster.site CNAME .
roimaster.site CNAME .
*.roimaster.site CNAME .
; Joker download URLs / hosts as described by ZScaler - https://www.zscaler.com/blogs/security-research/joker-playing-hide-and-seek-google-play
aliyuncs.com CNAME .
*.aliyuncs.com CNAME .
aliyuncs.com CNAME .
*.aliyuncs.com CNAME .
aliyuncs.com CNAME .
*.aliyuncs.com CNAME .
aliyuncs.com CNAME .
*.aliyuncs.com CNAME .
aliyuncs.com CNAME .
*.aliyuncs.com CNAME .
aliyuncs.com CNAME .
*.aliyuncs.com CNAME .
aliyuncs.com CNAME .
*.aliyuncs.com CNAME .
aliyuncs.com CNAME .
*.aliyuncs.com CNAME .
aliyuncs.com CNAME .
*.aliyuncs.com CNAME .
aliyuncs.com CNAME .
*.aliyuncs.com CNAME .
aliyuncs.com CNAME .
*.aliyuncs.com CNAME .
; Cerberus C2s as described by BitDefender - https://labs.bitdefender.com/2020/09/apps-on-google-play-tainted-with-cerberus-banker-malware/
2fapass.club CNAME .
*.2fapass.club CNAME .
androidradio.life CNAME .
*.androidradio.life CNAME .
downdating.club CNAME .
*.downdating.club CNAME .
fitnessstrategy.xyz CNAME .
*.fitnessstrategy.xyz CNAME .
groovefitness.xyz CNAME .
*.groovefitness.xyz CNAME .
loversfinder.xyz CNAME .
*.loversfinder.xyz CNAME .
positivefitness.club CNAME .
*.positivefitness.club CNAME .
safeyourdata.xyz CNAME .
*.safeyourdata.xyz CNAME .
sport4ever.club CNAME .
*.sport4ever.club CNAME .
vipyoga.today CNAME .
*.vipyoga.today CNAME .
weatherclub.club CNAME .
*.weatherclub.club CNAME .
yoga4u.xyz CNAME .
*.yoga4u.xyz CNAME .
; unknown (?) telemetry receiving endpoints from:
; 066de93f181e9cbcb8611c675bbcb0fc - com.speedcamera.detector.radar.detector.direction
amazonaws.com CNAME .
*.amazonaws.com CNAME .
amazonaws.com CNAME .
*.amazonaws.com CNAME .
; venntel / gravy analytics from https://github.com/sociam/PROWISH/blob/master/data/200appsdynamic.csv
; venntel / gravy analytics from https://fil.forbrukerradet.no/wp-content/uploads/2020/01/2020-01-14-out-of-control-final-version.pdf
; gravy analytics docs - http://developers.findgravy.com/products/gold-api/docs/index2.html
findgravy.com CNAME .
*.findgravy.com CNAME .
findgravy.com CNAME .
*.findgravy.com CNAME .
findgravy.com CNAME .
*.findgravy.com CNAME .
findgravy.com CNAME .
*.findgravy.com CNAME .
gravyanalytics.com CNAME .
*.gravyanalytics.com CNAME .
; 51ec8159efb88a852005b94f0fd9891016b75f4b40d24608ee8a5c8d34826a3e - com.usatoday.android.news
findgravy.com CNAME .
*.findgravy.com CNAME .
foozor.com CNAME .
*.foozor.com CNAME .
foozor.com CNAME .
*.foozor.com CNAME .
; potentially related hosts on top of findgravy.com
findgravy.com CNAME .
*.findgravy.com CNAME .
findgravy.com CNAME .
*.findgravy.com CNAME .
findgravy.com CNAME .
*.findgravy.com CNAME .
findgravy.com CNAME .
*.findgravy.com CNAME .
; 51ec8159efb88a852005b94f0fd9891016b75f4b40d24608ee8a5c8d34826a3e - com.usatoday.android.news
localytics.com CNAME .
*.localytics.com CNAME .
localytics.com CNAME .
*.localytics.com CNAME .
localytics.com CNAME .
*.localytics.com CNAME .
; cuebiq location sdk from ->
; 2dc269d7237c97edefa653a379eca897a23f46adcf14705801041817bf5d1e7e - net.androgames.compass
cuebiq.com CNAME .
*.cuebiq.com CNAME .
cuebiq.ai CNAME .
*.cuebiq.ai CNAME .
; nodle.io sdk from ->
; 2dc269d7237c97edefa653a379eca897a23f46adcf14705801041817bf5d1e7e - net.androgames.compass
nodle.io CNAME .
*.nodle.io CNAME .
cloudfunctions.net CNAME .
*.cloudfunctions.net CNAME .
; unknown sdk from 2dc269d7237c97edefa653a379eca897a23f46adcf14705801041817bf5d1e7e - net.androgames.compass possibly xmode related
; more crashlytics hosts from 2dc269d7237c97edefa653a379eca897a23f46adcf14705801041817bf5d1e7e - net.androgames.compass
crashlytics.com CNAME .
*.crashlytics.com CNAME .
crashlytics.com CNAME .
*.crashlytics.com CNAME .
crashlytics.com CNAME .
*.crashlytics.com CNAME .
; 2dc269d7237c97edefa653a379eca897a23f46adcf14705801041817bf5d1e7e - net.androgames.compass ->
pixelprose.fr CNAME .
*.pixelprose.fr CNAME .
; appsflyer from b8ce13566a048108b4321f5277e4d95a5d5743da4f082fbca30074439acf5a15 - com.unacademyapp
onelink.me CNAME .
*.onelink.me CNAME .
onelnk.com CNAME .
*.onelnk.com CNAME .
aflink.com CNAME .
*.aflink.com CNAME .
appsflyer.com CNAME .
*.appsflyer.com CNAME .
; other various telemetry endpoints (not necessarily location related) from from b8ce13566a048108b4321f5277e4d95a5d5743da4f082fbca30074439acf5a15 - com.unacademyapp
mixpanel.com CNAME .
*.mixpanel.com CNAME .
mixpanel.com CNAME .
*.mixpanel.com CNAME .
optimizely.com CNAME .
*.optimizely.com CNAME .
optimizely.com CNAME .
*.optimizely.com CNAME .
truecaller.com CNAME .
*.truecaller.com CNAME .
truecaller.com CNAME .
*.truecaller.com CNAME .
webengage.com CNAME .
*.webengage.com CNAME .
webengage.com CNAME .
*.webengage.com CNAME .
branch.io CNAME .
*.branch.io CNAME .
bnc.lt CNAME .
*.bnc.lt CNAME .
branch.io CNAME .
*.branch.io CNAME .
intercomcdn.com CNAME .
*.intercomcdn.com CNAME .
intercom.io CNAME .
*.intercom.io CNAME .
; Clevertap's wzrkt.com - also see https://twitter.com/fs0c131y/status/977267255309463554
wzrkt.com CNAME .
*.wzrkt.com CNAME .
wzrkt.com CNAME .
*.wzrkt.com CNAME .
; subdomains from wzrkt.com - https://subdomainfinder.c99.nl/scans/2020-04-19/wzrkt.com
wzrkt.com CNAME .
*.wzrkt.com CNAME .
wzrkt.com CNAME .
*.wzrkt.com CNAME .
wzrkt.com CNAME .
*.wzrkt.com CNAME .
wzrkt.com CNAME .
*.wzrkt.com CNAME .
wzrkt.com CNAME .
*.wzrkt.com CNAME .
wzrkt.com CNAME .
*.wzrkt.com CNAME .
wzrkt.com CNAME .
*.wzrkt.com CNAME .
wzrkt.com CNAME .
*.wzrkt.com CNAME .
wzrkt.com CNAME .
*.wzrkt.com CNAME .
wzrkt.com CNAME .
*.wzrkt.com CNAME .
wzrkt.com CNAME .
*.wzrkt.com CNAME .
wzrkt.com CNAME .
*.wzrkt.com CNAME .
wzrkt.com CNAME .
*.wzrkt.com CNAME .
wzrkt.com CNAME .
*.wzrkt.com CNAME .
wzrkt.com CNAME .
*.wzrkt.com CNAME .
wzrkt.com CNAME .
*.wzrkt.com CNAME .
wzrkt.com CNAME .
*.wzrkt.com CNAME .
wzrkt.com CNAME .
*.wzrkt.com CNAME .
wzrkt.com CNAME .
*.wzrkt.com CNAME .
wzrkt.com CNAME .
*.wzrkt.com CNAME .
wzrkt.com CNAME .
*.wzrkt.com CNAME .
wzrkt.com CNAME .
*.wzrkt.com CNAME .
wzrkt.com CNAME .
*.wzrkt.com CNAME .
wzrkt.com CNAME .
*.wzrkt.com CNAME .
wzrkt.com CNAME .
*.wzrkt.com CNAME .
wzrkt.com CNAME .
*.wzrkt.com CNAME .
wzrkt.com CNAME .
*.wzrkt.com CNAME .
; from cb9f6bb72a9766ba8c805c25769b47c46751052706bb41ed333db0b42cd586ff - 	com.byjus.thelearningapp
; also see https://digitalwatchdog.org/wp-content/uploads/2020/09/IDAC-Ed-Tech-Report_AppendixB_SensitiveData.pdf
tllms.com CNAME .
*.tllms.com CNAME .
tllms.com CNAME .
*.tllms.com CNAME .
; from 09f5bcadde3351eb3f509f5a471cbd7bb00536292da560bcf8ee59eb73116f00 - luo.speedometergps
; teragence ->
teragence.net CNAME .
*.teragence.net CNAME .
teragence.net CNAME .
*.teragence.net CNAME .
; tutela ->
amazonaws.com CNAME .
*.amazonaws.com CNAME .
tutelatechnologies.com CNAME .
*.tutelatechnologies.com CNAME .
tutelatechnologies.com CNAME .
*.tutelatechnologies.com CNAME .
tutelatechnologies.com CNAME .
*.tutelatechnologies.com CNAME .
; huq (also from 9c53a29a7e6a871f57b20097185a09afd2ff818455a42792d502f1eb8f2e3679) ->
co.uk CNAME .
*.co.uk CNAME .
co.uk CNAME .
*.co.uk CNAME .
co.uk CNAME .
*.co.uk CNAME .
; IOCs from https://www.whiteops.com/blog/somewhere-over-the-rainbowmix
pythonexample.com CNAME .
*.pythonexample.com CNAME .
; Predicio - from Funny Weather - pl.lawiusz.funnyweather.release.apk - 6d23151e69a57f67111d4969594316576577ae8a2015aff336ab6ef0fb2a07b4
; see https://www.vice.com/en/article/epdpdm/ice-dhs-fbi-location-data-venntel-apps
predic.io CNAME .
*.predic.io CNAME .
; Kinesis endpoint from Funny Weather:
amazonaws.com CNAME .
*.amazonaws.com CNAME .
; Complementics endpoints from 4ba50272718c95af20940912c7968410d797fbc07dcce2bad8183b94887b0ab4
complementics.com CNAME .
*.complementics.com CNAME .
complementics.com CNAME .
*.complementics.com CNAME .
; Goontact from https://blog.lookout.com/lookout-discovers-new-spyware-goontact-used-by-sextortionists-for-blackmail
redvios.com CNAME .
*.redvios.com CNAME .
v-talk.top CNAME .
*.v-talk.top CNAME .
v-talk.vip CNAME .
*.v-talk.vip CNAME .
ladysizi.top CNAME .
*.ladysizi.top CNAME .
mmbox.top CNAME .
*.mmbox.top CNAME .
oncamera.top CNAME .
*.oncamera.top CNAME .
oncast.top CNAME .
*.oncast.top CNAME .
mimibox.top CNAME .
*.mimibox.top CNAME .
voicecontrol.top CNAME .
*.voicecontrol.top CNAME .
signaltalk.top CNAME .
*.signaltalk.top CNAME .
oncamera.vip CNAME .
*.oncamera.vip CNAME .
dalbam.vip CNAME .
*.dalbam.vip CNAME .
mimimsg.net CNAME .
*.mimimsg.net CNAME .
signal-live.vip CNAME .
*.signal-live.vip CNAME .
tele-gram.vip CNAME .
*.tele-gram.vip CNAME .
vtalk.vip CNAME .
*.vtalk.vip CNAME .
a-video.vip CNAME .
*.a-video.vip CNAME .
livetalk.vip CNAME .
*.livetalk.vip CNAME .
livetalk.top CNAME .
*.livetalk.top CNAME .
download-file.top CNAME .
*.download-file.top CNAME .
grd77.cn CNAME .
*.grd77.cn CNAME .
mimicwt.net CNAME .
*.mimicwt.net CNAME .
super-voice.vip CNAME .
*.super-voice.vip CNAME .
mimi18s.top CNAME .
*.mimi18s.top CNAME .
momomsg.top CNAME .
*.momomsg.top CNAME .
live-live.vip CNAME .
*.live-live.vip CNAME .
zerobyte.top CNAME .
*.zerobyte.top CNAME .
zerobt.net CNAME .
*.zerobt.net CNAME .
w-video.vip CNAME .
*.w-video.vip CNAME .
ser-chat.com CNAME .
*.ser-chat.com CNAME .
tocast.vip CNAME .
*.tocast.vip CNAME .
videosound.vip CNAME .
*.videosound.vip CNAME .
twi-tter.vip CNAME .
*.twi-tter.vip CNAME .
my-player.vip CNAME .
*.my-player.vip CNAME .
voicesupport.vip CNAME .
*.voicesupport.vip CNAME .
; Joker from https://research.checkpoint.com/2020/new-joker-variant-hits-google-play-with-an-old-trick/
myqcloud.com CNAME .
*.myqcloud.com CNAME .
; Related to: https://github.com/greatsuspender/thegreatsuspender/issues/1175
; and: https://www.theregister.com/2021/01/07/great_suspender_malware/
owebanalytics.com CNAME .
*.owebanalytics.com CNAME .
trckingbyte.com CNAME .
*.trckingbyte.com CNAME .
trckpath.com CNAME .
*.trckpath.com CNAME .
privacytrck.com CNAME .
*.privacytrck.com CNAME .
rctphvxwnjhx.pw CNAME .
*.rctphvxwnjhx.pw CNAME .
hanstrackr.com CNAME .
*.hanstrackr.com CNAME .
; Postlo spyware - https://twitter.com/ESETresearch/status/1374889857403785218?s=20
mainrepo.org CNAME .
*.mainrepo.org CNAME .
; EvilEye malware C2s mentioned at https://about.fb.com/news/2021/03/taking-action-against-hackers-in-china/
anayurt.net CNAME .
*.anayurt.net CNAME .
apkprue.info CNAME .
*.apkprue.info CNAME .
geo2ipapi.org CNAME .
*.geo2ipapi.org CNAME .
gotossl.ml CNAME .
*.gotossl.ml CNAME .
icptime.com CNAME .
*.icptime.com CNAME .
istiqlaihaber.com CNAME .
*.istiqlaihaber.com CNAME .
misran.org CNAME .
*.misran.org CNAME .
newyorkingsite.com CNAME .
*.newyorkingsite.com CNAME .
playgoog1e.com CNAME .
*.playgoog1e.com CNAME .
preservtyg.com CNAME .
*.preservtyg.com CNAME .
sslportservices.com CNAME .
*.sslportservices.com CNAME .
strunhvgpk.com CNAME .
*.strunhvgpk.com CNAME .
uhtpuerdfbnm.com CNAME .
*.uhtpuerdfbnm.com CNAME .
uyghur-news.com CNAME .
*.uyghur-news.com CNAME .
uyghur-soft-market.com CNAME .
*.uyghur-soft-market.com CNAME .
uyghurhaber.com CNAME .
*.uyghurhaber.com CNAME .
apkhl.pw CNAME .
*.apkhl.pw CNAME .
apkhl.pw CNAME .
*.apkhl.pw CNAME .
apkpure.bz CNAME .
*.apkpure.bz CNAME .
apkpure.bz CNAME .
*.apkpure.bz CNAME .
; Xcodespy - https://labs.sentinelone.com/new-macos-malware-xcodespy-targets-xcode-developers-with-eggshell-backdoor/
liveupdate.cc CNAME .
*.liveupdate.cc CNAME .
appmarket.co CNAME .
*.appmarket.co CNAME .
recentnews.cc CNAME .
*.recentnews.cc CNAME .
truckrental.cc CNAME .
*.truckrental.cc CNAME .
everestnote.com CNAME .
*.everestnote.com CNAME .
alinbox.co CNAME .
*.alinbox.co CNAME .
suppro.co CNAME .
*.suppro.co CNAME .
; APKPure compromise by Triada malware - https://securelist.com/apkpure-android-app-store-infected/101845/
seven1029.com CNAME .
*.seven1029.com CNAME .
foodin.site CNAME .
*.foodin.site CNAME .
; Triada from https://securelist.com/triada-trojan-in-whatsapp-mod/103679/
; Trojan.AndroidOS.Triada.ef b1aa5d5bf39fee0b1e201d835e4dc8de
c8xwor.com CNAME .
*.c8xwor.com CNAME .
c8xwor.com CNAME .
*.c8xwor.com CNAME .
; Tutela technologies - f9db002cbc6e5b6de37fb15aefaaf3934a700a7a2f9d5949f3cd6bb8c7dfc1bc - org.speedspot.speedanalytics
tutelatechnologies.com CNAME .
*.tutelatechnologies.com CNAME .
tutelatechnologies.com CNAME .
*.tutelatechnologies.com CNAME .
cloudfront.net CNAME .
*.cloudfront.net CNAME .
; speedspot - reports GPS location, other data - SpeedtestResultViews.java - inside f9db002cbc6e5b6de37fb15aefaaf3934a700a7a2f9d5949f3cd6bb8c7dfc1bc
speedspot.org CNAME .
*.speedspot.org CNAME .
speedcheck.org CNAME .
*.speedcheck.org CNAME .
etrality.com CNAME .
*.etrality.com CNAME .
etrality.com CNAME .
*.etrality.com CNAME .
etrality.com CNAME .
*.etrality.com CNAME .
etrality.com CNAME .
*.etrality.com CNAME .
etrality.com CNAME .
*.etrality.com CNAME .
etrality.com CNAME .
*.etrality.com CNAME .
etrality.com CNAME .
*.etrality.com CNAME .
etrality.com CNAME .
*.etrality.com CNAME .
etrality.com CNAME .
*.etrality.com CNAME .
etrality.com CNAME .
*.etrality.com CNAME .
edgecastcdn.net CNAME .
*.edgecastcdn.net CNAME .
netdna-cdn.com CNAME .
*.netdna-cdn.com CNAME .
speedspot5.com CNAME .
*.speedspot5.com CNAME .
speedspot1.com CNAME .
*.speedspot1.com CNAME .
speedspot7.com CNAME .
*.speedspot7.com CNAME .
speedspot2.com CNAME .
*.speedspot2.com CNAME .
speedspot3.com CNAME .
*.speedspot3.com CNAME .
speedspot4.com CNAME .
*.speedspot4.com CNAME .
speedspot6.com CNAME .
*.speedspot6.com CNAME .
;Kochava endpoints, from rugabunda https://beta.pithus.org/report/844aa271ef47f7807ab3ccc63952e2215298701a6851857c22456317927f08fd
akisinn.info CNAME .
*.akisinn.info CNAME .
dewrain.life CNAME .
*.dewrain.life CNAME .
vaicore.site CNAME .
*.vaicore.site CNAME .
vaicore.xyz CNAME .
*.vaicore.xyz CNAME .
akisinn.info CNAME .
*.akisinn.info CNAME .
akisinn.me CNAME .
*.akisinn.me CNAME .
akisinn.site CNAME .
*.akisinn.site CNAME .
dewrain.life CNAME .
*.dewrain.life CNAME .
dewrain.site CNAME .
*.dewrain.site CNAME .
dewrain.world CNAME .
*.dewrain.world CNAME .
vaicore.site CNAME .
*.vaicore.site CNAME .
vaicore.store CNAME .
*.vaicore.store CNAME .
vaicore.xyz CNAME .
*.vaicore.xyz CNAME .
vlancaa.site CNAME .
*.vlancaa.site CNAME .
vlancaa.fun CNAME .
*.vlancaa.fun CNAME .
vaicore.xyz CNAME .
*.vaicore.xyz CNAME .
vaicore.xyz CNAME .
*.vaicore.xyz CNAME .
ab-salute.com CNAME .
*.ab-salute.com CNAME .
smart.link CNAME .
*.smart.link CNAME .
; Adeco and inappertising - see https://www.occrp.org/en/investigations/how-a-russian-mobile-app-developer-recruited-phones-into-a-secret-ad-watching-robot-army
; Ultimate-Mortal-Kombat-3-v1-1.apk - https://www.virustotal.com/gui/file/dc078b004830ff03a27371bbc1c4a7b5882d5a0fb577a8477c09e8b3bfe0d6d3/details
inappertising.org CNAME .
*.inappertising.org CNAME .
inappertising.org CNAME .
*.inappertising.org CNAME .
net2share.com CNAME .
*.net2share.com CNAME .
net2share.com CNAME .
*.net2share.com CNAME .
adecosystems.com CNAME .
*.adecosystems.com CNAME .
adecosystems.com CNAME .
*.adecosystems.com CNAME .
; GriftHorse Android from - https://blog.zimperium.com/grifthorse-android-trojan-steals-millions-from-over-10-million-victims-globally/
hotofecro.com CNAME .
*.hotofecro.com CNAME .
alaiblompass.com CNAME .
*.alaiblompass.com CNAME .
heartratteandpulsetracker.com CNAME .
*.heartratteandpulsetracker.com CNAME .
icoonectedtrack.com CNAME .
*.icoonectedtrack.com CNAME .
ospocatracker.com CNAME .
*.ospocatracker.com CNAME .
laalaslirayeblection.com CNAME .
*.laalaslirayeblection.com CNAME .
iblompass.com CNAME .
*.iblompass.com CNAME .
smalllcalllrecorder.com CNAME .
*.smalllcalllrecorder.com CNAME .
anguaganslatast.com CNAME .
*.anguaganslatast.com CNAME .
oroscopemestry.com CNAME .
*.oroscopemestry.com CNAME .
blompascator.com CNAME .
*.blompascator.com CNAME .
leunoon.com CNAME .
*.leunoon.com CNAME .
arindocation.com CNAME .
*.arindocation.com CNAME .
rooitor.com CNAME .
*.rooitor.com CNAME .
mychattranslator.club CNAME .
*.mychattranslator.club CNAME .
rulapptoplan.com CNAME .
*.rulapptoplan.com CNAME .
rportranslator.com CNAME .
*.rportranslator.com CNAME .
muslimasauda.com CNAME .
*.muslimasauda.com CNAME .
martpolocator.com CNAME .
*.martpolocator.com CNAME .
wfupppx.com CNAME .
*.wfupppx.com CNAME .
scandocnotes.com CNAME .
*.scandocnotes.com CNAME .
freecoupon21.com CNAME .
*.freecoupon21.com CNAME .
ponyvideochat.com CNAME .
*.ponyvideochat.com CNAME .
ludamec.com CNAME .
*.ludamec.com CNAME .
chat-transa.com CNAME .
*.chat-transa.com CNAME .
soulscanneryh.com CNAME .
*.soulscanneryh.com CNAME .
d3cameraplan.com CNAME .
*.d3cameraplan.com CNAME .
qibla-ultima.com CNAME .
*.qibla-ultima.com CNAME .
zoofanimalm.com CNAME .
*.zoofanimalm.com CNAME .
ciaolvc.com CNAME .
*.ciaolvc.com CNAME .
heartrateproxhealthmonitor.com CNAME .
*.heartrateproxhealthmonitor.com CNAME .
bus-metrolis.com CNAME .
*.bus-metrolis.com CNAME .
truck-rouddrive.com CNAME .
*.truck-rouddrive.com CNAME .
locatinfind.com CNAME .
*.locatinfind.com CNAME .
camerdentifier.com CNAME .
*.camerdentifier.com CNAME .
locatorqiafindlocation.com CNAME .
*.locatorqiafindlocation.com CNAME .
cocachar.com CNAME .
*.cocachar.com CNAME .
squishyp.com CNAME .
*.squishyp.com CNAME .
antranslaro.com CNAME .
*.antranslaro.com CNAME .
ftphotom.com CNAME .
*.ftphotom.com CNAME .
lockul.com CNAME .
*.lockul.com CNAME .
fingerprihanger.com CNAME .
*.fingerprihanger.com CNAME .
locatorshar.com CNAME .
*.locatorshar.com CNAME .
kfcwsa.com CNAME .
*.kfcwsa.com CNAME .
gpsphonuetrackerfamilylocator.com CNAME .
*.gpsphonuetrackerfamilylocator.com CNAME .
cailrecorder.com CNAME .
*.cailrecorder.com CNAME .
tqiblacompas.com CNAME .
*.tqiblacompas.com CNAME .
kvprojectop.com CNAME .
*.kvprojectop.com CNAME .
pikchoeditor.com CNAME .
*.pikchoeditor.com CNAME .
streetprocarsracingss.com CNAME .
*.streetprocarsracingss.com CNAME .
nemaeovies.com CNAME .
*.nemaeovies.com CNAME .
aecodero.com CNAME .
*.aecodero.com CNAME .
ivlewepapallrbkragonucd.com CNAME .
*.ivlewepapallrbkragonucd.com CNAME .
heartrateandmealtracker.com CNAME .
*.heartrateandmealtracker.com CNAME .
phonecontrolblockspamcalls.com CNAME .
*.phonecontrolblockspamcalls.com CNAME .
etcotater.com CNAME .
*.etcotater.com CNAME .
canopoument.com CNAME .
*.canopoument.com CNAME .
locxfindxlocx.com CNAME .
*.locxfindxlocx.com CNAME .
mnesytrlatr.com CNAME .
*.mnesytrlatr.com CNAME .
huntcontactz.com CNAME .
*.huntcontactz.com CNAME .
intelgenttran.com CNAME .
*.intelgenttran.com CNAME .
facenalyer.com CNAME .
*.facenalyer.com CNAME .
fnbdeiegpslocoiatntcrkaer.com CNAME .
*.fnbdeiegpslocoiatntcrkaer.com CNAME .
trcalluecodr.com CNAME .
*.trcalluecodr.com CNAME .
qrreaderpro.com CNAME .
*.qrreaderpro.com CNAME .
itranstxtvoicepht.com CNAME .
*.itranstxtvoicepht.com CNAME .
qiberiblaon.com CNAME .
*.qiberiblaon.com CNAME .
iconylc.com CNAME .
*.iconylc.com CNAME .
lsepeanitor.com CNAME .
*.lsepeanitor.com CNAME .
fxkwboard.com CNAME .
*.fxkwboard.com CNAME .
dehcoveanager.com CNAME .
*.dehcoveanager.com CNAME .
tickeakhatsp.com CNAME .
*.tickeakhatsp.com CNAME .
phoneboster.com CNAME .
*.phoneboster.com CNAME .
phonfinbyclap.com CNAME .
*.phonfinbyclap.com CNAME .
aralaper.com CNAME .
*.aralaper.com CNAME .
qibdirctiowa.com CNAME .
*.qibdirctiowa.com CNAME .
islsrickers.com CNAME .
*.islsrickers.com CNAME .
feartranslator.com CNAME .
*.feartranslator.com CNAME .
vpnzfep.com CNAME .
*.vpnzfep.com CNAME .
snaplens-pt.com CNAME .
*.snaplens-pt.com CNAME .
qiblassirection.com CNAME .
*.qiblassirection.com CNAME .
easyvshow.com CNAME .
*.easyvshow.com CNAME .
qibla-quran.com CNAME .
*.qibla-quran.com CNAME .
qrcodesscan.com CNAME .
*.qrcodesscan.com CNAME .
hoolives.com CNAME .
*.hoolives.com CNAME .
burivingsim.com CNAME .
*.burivingsim.com CNAME .
coupongiftsnstashop.com CNAME .
*.coupongiftsnstashop.com CNAME .
fingdefend.com CNAME .
*.fingdefend.com CNAME .
projectormp.com CNAME .
*.projectormp.com CNAME .
forzahmobile.com CNAME .
*.forzahmobile.com CNAME .
artateulseonitor.com CNAME .
*.artateulseonitor.com CNAME .
sslasmr.com CNAME .
*.sslasmr.com CNAME .
bagscaner.com CNAME .
*.bagscaner.com CNAME .
phonecallerscreen.com CNAME .
*.phonecallerscreen.com CNAME .
datingappswmt.com CNAME .
*.datingappswmt.com CNAME .
lifeel-scan.com CNAME .
*.lifeel-scan.com CNAME .
colorizerset.club CNAME .
*.colorizerset.club CNAME .
expresscreditcash.com CNAME .
*.expresscreditcash.com CNAME .
ccallerx.com CNAME .
*.ccallerx.com CNAME .
transatitonneap.com CNAME .
*.transatitonneap.com CNAME .
lasouncherio.com CNAME .
*.lasouncherio.com CNAME .
claptfindzmphone.com CNAME .
*.claptfindzmphone.com CNAME .
mirrorscreencasttvv.com CNAME .
*.mirrorscreencasttvv.com CNAME .
ircleocatinder.com CNAME .
*.ircleocatinder.com CNAME .
mobleingsder.com CNAME .
*.mobleingsder.com CNAME .
proocallerr.com CNAME .
*.proocallerr.com CNAME .
frecalwolwid.com CNAME .
*.frecalwolwid.com CNAME .
allelpcoonmber.com CNAME .
*.allelpcoonmber.com CNAME .
faspulhearratmoni.com CNAME .
*.faspulhearratmoni.com CNAME .
fincconttact.com CNAME .
*.fincconttact.com CNAME .
uncherdroid.com CNAME .
*.uncherdroid.com CNAME .
iveilembercker.com CNAME .
*.iveilembercker.com CNAME .
lepamcker.com CNAME .
*.lepamcker.com CNAME .
lockaaocker.com CNAME .
*.lockaaocker.com CNAME .
onarchbylap.com CNAME .
*.onarchbylap.com CNAME .
secontranslatpr.com CNAME .
*.secontranslatpr.com CNAME .
tgscontakcs.com CNAME .
*.tgscontakcs.com CNAME .
callwhozdine.com CNAME .
*.callwhozdine.com CNAME .
perargero.com CNAME .
*.perargero.com CNAME .
mylocatorplus.club CNAME .
*.mylocatorplus.club CNAME .
comclap.club CNAME .
*.comclap.club CNAME .
callerids.club CNAME .
*.callerids.club CNAME .
instantspeechtranslation.club CNAME .
*.instantspeechtranslation.club CNAME .
photoeditorbest.club CNAME .
*.photoeditorbest.club CNAME .
piction.club CNAME .
*.piction.club CNAME .
driveriders.club CNAME .
*.driveriders.club CNAME .
skycoachgg.club CNAME .
*.skycoachgg.club CNAME .
ffitnesstrainer.club CNAME .
*.ffitnesstrainer.club CNAME .
racerscardriver.club CNAME .
*.racerscardriver.club CNAME .
fitnessdias.club CNAME .
*.fitnessdias.club CNAME .
meetingonlinechat.club CNAME .
*.meetingonlinechat.club CNAME .
fitnessgymup.club CNAME .
*.fitnessgymup.club CNAME .
editsbackground.club CNAME .
*.editsbackground.club CNAME .
cutcutpro.club CNAME .
*.cutcutpro.club CNAME .
drivingexpiriencesimulator.club CNAME .
*.drivingexpiriencesimulator.club CNAME .
clipbuddy.club CNAME .
*.clipbuddy.club CNAME .
horoscopefortune.club CNAME .
*.horoscopefortune.club CNAME .
ludospeakeasy.club CNAME .
*.ludospeakeasy.club CNAME .
fitnesspoint.club CNAME .
*.fitnesspoint.club CNAME .
wallvoluminousfourk.club CNAME .
*.wallvoluminousfourk.club CNAME .
cvectorart.club CNAME .
*.cvectorart.club CNAME .
ludospeakv2.club CNAME .
*.ludospeakv2.club CNAME .
callrecordpro.club CNAME .
*.callrecordpro.club CNAME .
carracer.club CNAME .
*.carracer.club CNAME .
slimesimulator.club CNAME .
*.slimesimulator.club CNAME .
offroaderssurvive.club CNAME .
*.offroaderssurvive.club CNAME .
lending-online.club CNAME .
*.lending-online.club CNAME .
controlcenterios.club CNAME .
*.controlcenterios.club CNAME .
streetracingg.club CNAME .
*.streetracingg.club CNAME .
checkheart.club CNAME .
*.checkheart.club CNAME .
keyboardthemes.club CNAME .
*.keyboardthemes.club CNAME .
whatsmesticker.club CNAME .
*.whatsmesticker.club CNAME .
batterychargingeffect.club CNAME .
*.batterychargingeffect.club CNAME .
luxoreditor.club CNAME .
*.luxoreditor.club CNAME .
lionflix.club CNAME .
*.lionflix.club CNAME .
amazingvideoeditor.club CNAME .
*.amazingvideoeditor.club CNAME .
zodiachand.club CNAME .
*.zodiachand.club CNAME .
zeusalmighty.club CNAME .
*.zeusalmighty.club CNAME .
pharaohsadventure.club CNAME .
*.pharaohsadventure.club CNAME .
batterylivewallpaperhd.club CNAME .
*.batterylivewallpaperhd.club CNAME .
comqubla.club CNAME .
*.comqubla.club CNAME .
safelock.club CNAME .
*.safelock.club CNAME .
heartrhythm.club CNAME .
*.heartrhythm.club CNAME .
easybassbooster.club CNAME .
*.easybassbooster.club CNAME .
comphotolab.club CNAME .
*.comphotolab.club CNAME .
; GriftHorse Second-Stage Domain
678ikmbtui.com CNAME .
*.678ikmbtui.com CNAME .
; GriftHorse Third-Stage Domains
safe-link.mobi CNAME .
*.safe-link.mobi CNAME .
gogameportal.club CNAME .
*.gogameportal.club CNAME .
activate-your-account-now.com CNAME .
*.activate-your-account-now.com CNAME .
continue-to-get-content-now.com CNAME .
*.continue-to-get-content-now.com CNAME .
your-access-here.com CNAME .
*.your-access-here.com CNAME .
buenosocial.club CNAME .
*.buenosocial.club CNAME .
crazymob.co CNAME .
*.crazymob.co CNAME .
denrok.space CNAME .
*.denrok.space CNAME .
com.br CNAME .
*.com.br CNAME .
moobig.com CNAME .
*.moobig.com CNAME .
get-your-access-now.com CNAME .
*.get-your-access-now.com CNAME .
mobzones.com CNAME .
*.mobzones.com CNAME .
mt-2.co CNAME .
*.mt-2.co CNAME .
whatabookmark.com CNAME .
*.whatabookmark.com CNAME .
shoopadoo.com CNAME .
*.shoopadoo.com CNAME .
mobiplus.me CNAME .
*.mobiplus.me CNAME .
123games.club CNAME .
*.123games.club CNAME .
startdownload.mobi CNAME .
*.startdownload.mobi CNAME .
startdownload.mobi CNAME .
*.startdownload.mobi CNAME .
appspool.net CNAME .
*.appspool.net CNAME .
trend-tech.net CNAME .
*.trend-tech.net CNAME .
chillaxgames.mobi CNAME .
*.chillaxgames.mobi CNAME .
hexilo.com CNAME .
*.hexilo.com CNAME .
; Suspected GriftHorse from pDNS 	185.255.179.131 / 185.255.179.132 ->
1g7kvrv.xyz CNAME .
*.1g7kvrv.xyz CNAME .
2fnoqifq.com CNAME .
*.2fnoqifq.com CNAME .
2g8cvdii.com CNAME .
*.2g8cvdii.com CNAME .
2oafxcbq.xyz CNAME .
*.2oafxcbq.xyz CNAME .
5rfvbnji9.com CNAME .
*.5rfvbnji9.com CNAME .
7lc6jc.xyz CNAME .
*.7lc6jc.xyz CNAME .
7nvdx0.xyz CNAME .
*.7nvdx0.xyz CNAME .
8sghnct.xyz CNAME .
*.8sghnct.xyz CNAME .
berf4o.xyz CNAME .
*.berf4o.xyz CNAME .
blfnf9y.com CNAME .
*.blfnf9y.com CNAME .
brlyp4pg.com CNAME .
*.brlyp4pg.com CNAME .
chulahfi.xyz CNAME .
*.chulahfi.xyz CNAME .
cmvkvncsse.xyz CNAME .
*.cmvkvncsse.xyz CNAME .
cophico.pw CNAME .
*.cophico.pw CNAME .
cwkjravqsj.xyz CNAME .
*.cwkjravqsj.xyz CNAME .
dhfvbsihjf.com CNAME .
*.dhfvbsihjf.com CNAME .
dsfhskln.com CNAME .
*.dsfhskln.com CNAME .
eksndtpf.org CNAME .
*.eksndtpf.org CNAME .
emraiyz.xyz CNAME .
*.emraiyz.xyz CNAME .
eok8wd5v.net CNAME .
*.eok8wd5v.net CNAME .
erbfzk.com CNAME .
*.erbfzk.com CNAME .
ersokbkj.com CNAME .
*.ersokbkj.com CNAME .
fdfjhks.com CNAME .
*.fdfjhks.com CNAME .
ffnbafc.xyz CNAME .
*.ffnbafc.xyz CNAME .
hrvxkxq.xyz CNAME .
*.hrvxkxq.xyz CNAME .
il0baz.com CNAME .
*.il0baz.com CNAME .
jduzuyd.com CNAME .
*.jduzuyd.com CNAME .
jsdfbhsa.com CNAME .
*.jsdfbhsa.com CNAME .
jydfoafcaf.xyz CNAME .
*.jydfoafcaf.xyz CNAME .
kgr0aixa.xyz CNAME .
*.kgr0aixa.xyz CNAME .
krkmyvlmdg.xyz CNAME .
*.krkmyvlmdg.xyz CNAME .
lgdzbch.com CNAME .
*.lgdzbch.com CNAME .
liahkhe.xyz CNAME .
*.liahkhe.xyz CNAME .
lljmbbk.com CNAME .
*.lljmbbk.com CNAME .
lmbbnrhiuj.xyz CNAME .
*.lmbbnrhiuj.xyz CNAME .
lwvurdsjk.org CNAME .
*.lwvurdsjk.org CNAME .
lxghjoxzns.com CNAME .
*.lxghjoxzns.com CNAME .
mnfbodivbv.com CNAME .
*.mnfbodivbv.com CNAME .
mt5vsuf1.net CNAME .
*.mt5vsuf1.net CNAME .
nfrmg1y.xyz CNAME .
*.nfrmg1y.xyz CNAME .
nwluoodzct.xyz CNAME .
*.nwluoodzct.xyz CNAME .
ocheyhv.xyz CNAME .
*.ocheyhv.xyz CNAME .
okjojihgv.com CNAME .
*.okjojihgv.com CNAME .
olimob.net CNAME .
*.olimob.net CNAME .
ortn13der.xyz CNAME .
*.ortn13der.xyz CNAME .
poiuwhejgr.com CNAME .
*.poiuwhejgr.com CNAME .
pwtgnp.pw CNAME .
*.pwtgnp.pw CNAME .
qtwjhuj.com CNAME .
*.qtwjhuj.com CNAME .
rfjdhxbz.com CNAME .
*.rfjdhxbz.com CNAME .
sjkfsdkg.com CNAME .
*.sjkfsdkg.com CNAME .
trfvbnji7.com CNAME .
*.trfvbnji7.com CNAME .
urtyhfds.com CNAME .
*.urtyhfds.com CNAME .
v9czaci.xyz CNAME .
*.v9czaci.xyz CNAME .
vortnomade.net CNAME .
*.vortnomade.net CNAME .
w9x7itu.xyz CNAME .
*.w9x7itu.xyz CNAME .
mnfbodivbv.com CNAME .
*.mnfbodivbv.com CNAME .
okjojihgv.com CNAME .
*.okjojihgv.com CNAME .
y0vvbm.xyz CNAME .
*.y0vvbm.xyz CNAME .
yq0z3d.xyz CNAME .
*.yq0z3d.xyz CNAME .
; additional suspected GriftHorse from pDNS - 2021-10-21
tracksz.co CNAME .
*.tracksz.co CNAME .
creativemobilemarketing.com CNAME .
*.creativemobilemarketing.com CNAME .
fastfinderworld.com CNAME .
*.fastfinderworld.com CNAME .
grandprizewinners.com CNAME .
*.grandprizewinners.com CNAME .
interlinkinternet.com CNAME .
*.interlinkinternet.com CNAME .
protectyoursearch.com CNAME .
*.protectyoursearch.com CNAME .
trackitalltheway.com CNAME .
*.trackitalltheway.com CNAME .
trackiteazy.com CNAME .
*.trackiteazy.com CNAME .
watchwiser.com CNAME .
*.watchwiser.com CNAME .
; TangleBot domains, research based on - https://www.cloudmark.com/en/blog/mobile/tanglebot-new-advanced-sms-malware-targets-mobile-users-across-us-and-canada-covid-19
covid19-ca.link CNAME .
*.covid19-ca.link CNAME .
hydro-ca.link CNAME .
*.hydro-ca.link CNAME .
godforgiveuss.live CNAME .
*.godforgiveuss.live CNAME .
hhhhrkanandda.xyz CNAME .
*.hhhhrkanandda.xyz CNAME .
nmnmnmfsamsfan.xyz CNAME .
*.nmnmnmfsamsfan.xyz CNAME .
ankatras.xyz CNAME .
*.ankatras.xyz CNAME .
vaccine-appointment.link CNAME .
*.vaccine-appointment.link CNAME .
; Donot / Origami Elephant / APT-C-35 IOCs from Amnesty - https://github.com/AmnestyTech/investigations/blob/master/2021-10-07_donot/domains.txt
bulk.fun CNAME .
*.bulk.fun CNAME .
ppadaolnwod.xyz CNAME .
*.ppadaolnwod.xyz CNAME .
endurecif.top CNAME .
*.endurecif.top CNAME .
getelements.xyz CNAME .
*.getelements.xyz CNAME .
fiddaz.club CNAME .
*.fiddaz.club CNAME .
lif0.top CNAME .
*.lif0.top CNAME .
fif0.top CNAME .
*.fif0.top CNAME .
chipp.pw CNAME .
*.chipp.pw CNAME .
mimestyle.xyz CNAME .
*.mimestyle.xyz CNAME .
mangasiso.top CNAME .
*.mangasiso.top CNAME .
retardrattle.website CNAME .
*.retardrattle.website CNAME .
domainoutlet.site CNAME .
*.domainoutlet.site CNAME .
whynotworkonit.top CNAME .
*.whynotworkonit.top CNAME .
spectronet.pw CNAME .
*.spectronet.pw CNAME .
naturalpercent.life CNAME .
*.naturalpercent.life CNAME .
mimeversion.top CNAME .
*.mimeversion.top CNAME .
rythemsjoy.club CNAME .
*.rythemsjoy.club CNAME .
lowlight.xyz CNAME .
*.lowlight.xyz CNAME .
inapturst.top CNAME .
*.inapturst.top CNAME .
forwardtoken.website CNAME .
*.forwardtoken.website CNAME .
loginshare.info CNAME .
*.loginshare.info CNAME .
seahome.top CNAME .
*.seahome.top CNAME .
imageview.xyz CNAME .
*.imageview.xyz CNAME .
flickry.xyz CNAME .
*.flickry.xyz CNAME .
qwertykeypad.host CNAME .
*.qwertykeypad.host CNAME .
userauthen.pw CNAME .
*.userauthen.pw CNAME .
officeframe.work CNAME .
*.officeframe.work CNAME .
tampotrust.agency CNAME .
*.tampotrust.agency CNAME .
loadingmessage.info CNAME .
*.loadingmessage.info CNAME .
; AbstractEmu hosts from https://blog.lookout.com/lookout-discovers-global-rooting-malware-campaign
illaewinstralinc.com CNAME .
*.illaewinstralinc.com CNAME .
abunddhighett.com CNAME .
*.abunddhighett.com CNAME .
illaryboucnc.com CNAME .
*.illaryboucnc.com CNAME .
nathompsstra.com CNAME .
*.nathompsstra.com CNAME .
dianmpsoathom.com CNAME .
*.dianmpsoathom.com CNAME .
ryboucoathom.com CNAME .
*.ryboucoathom.com CNAME .
naaronegya.com CNAME .
*.naaronegya.com CNAME .
ghetaldhighe.com CNAME .
*.ghetaldhighe.com CNAME .
joarteauxelb.com CNAME .
*.joarteauxelb.com CNAME .
; Cynos hosts from https://vms.drweb.com/virus/?i=24972842 - 46bc4c6c87fcb519a8f315c0010b949d682ac3abee62b33bd624b251a3521b19
sdkbalance.com CNAME .
*.sdkbalance.com CNAME .
sdkbalance.com CNAME .
*.sdkbalance.com CNAME .
sdkbalance.com CNAME .
*.sdkbalance.com CNAME .
sdkbalance.com CNAME .
*.sdkbalance.com CNAME .
sdkbalance.com CNAME .
*.sdkbalance.com CNAME .
; PhoneSpy hosts from https://blog.zimperium.com/phonespy-the-app-based-cyberattack-snooping-south-korean-citizens/ and pDNS related
kcpro.ga CNAME .
*.kcpro.ga CNAME .
kcpro.ga CNAME .
*.kcpro.ga CNAME .
kcpro.tk CNAME .
*.kcpro.tk CNAME .
freespy1.ml CNAME .
*.freespy1.ml CNAME .
freespy1.tk CNAME .
*.freespy1.tk CNAME .
freespy1.ml CNAME .
*.freespy1.ml CNAME .
freespy1.tk CNAME .
*.freespy1.tk CNAME .
kcpro.tk CNAME .
*.kcpro.tk CNAME .
kcpro.ga CNAME .
*.kcpro.ga CNAME .
freespy1.ml CNAME .
*.freespy1.ml CNAME .
freespy1.tk CNAME .
*.freespy1.tk CNAME .
kcpro.ga CNAME .
*.kcpro.ga CNAME .
freespy1.ml CNAME .
*.freespy1.ml CNAME .
kcpro.ga CNAME .
*.kcpro.ga CNAME .
kcpro.ga CNAME .
*.kcpro.ga CNAME .
freespy1.ml CNAME .
*.freespy1.ml CNAME .
freespy1.tk CNAME .
*.freespy1.tk CNAME .
freespy.cf CNAME .
*.freespy.cf CNAME .
freespy1.ml CNAME .
*.freespy1.ml CNAME .
freespy1.tk CNAME .
*.freespy1.tk CNAME .
freespy1.ml CNAME .
*.freespy1.ml CNAME .
freespy1.tk CNAME .
*.freespy1.tk CNAME .
kcpro.ga CNAME .
*.kcpro.ga CNAME .
freespy1.ml CNAME .
*.freespy1.ml CNAME .
freespy1.tk CNAME .
*.freespy1.tk CNAME .
freespy1.ml CNAME .
*.freespy1.ml CNAME .
freespy1.tk CNAME .
*.freespy1.tk CNAME .
freespy1.ml CNAME .
*.freespy1.ml CNAME .
freespy1.tk CNAME .
*.freespy1.tk CNAME .
kro.kr CNAME .
*.kro.kr CNAME .
freespy1.ml CNAME .
*.freespy1.ml CNAME .
freespy1.tk CNAME .
*.freespy1.tk CNAME .
freespy1.ml CNAME .
*.freespy1.ml CNAME .
freespy1.tk CNAME .
*.freespy1.tk CNAME .
kcpro.ga CNAME .
*.kcpro.ga CNAME .
kcpro.ga CNAME .
*.kcpro.ga CNAME .
freespy1.ml CNAME .
*.freespy1.ml CNAME .
freespy1.tk CNAME .
*.freespy1.tk CNAME .
freespy1.ml CNAME .
*.freespy1.ml CNAME .
freespy1.tk CNAME .
*.freespy1.tk CNAME .
kcpro.ga CNAME .
*.kcpro.ga CNAME .
freespy1.ml CNAME .
*.freespy1.ml CNAME .
freespy1.tk CNAME .
*.freespy1.tk CNAME .
kcpro.ga CNAME .
*.kcpro.ga CNAME .
kcpro.ga CNAME .
*.kcpro.ga CNAME .
kcpro.ga CNAME .
*.kcpro.ga CNAME .
kcpro.ga CNAME .
*.kcpro.ga CNAME .
kcpro.ga CNAME .
*.kcpro.ga CNAME .
; https://blog.appcensus.io/2022/04/06/the-curious-case-of-coulus-coelib/
measurelib.com CNAME .
*.measurelib.com CNAME .
measurelib.com CNAME .
*.measurelib.com CNAME .
ami0wned.com CNAME .
*.ami0wned.com CNAME .
amiowned.com CNAME .
*.amiowned.com CNAME .
arduous.work CNAME .
*.arduous.work CNAME .
attorney-client-privileged.com CNAME .
*.attorney-client-privileged.com CNAME .
attorney-client.org CNAME .
*.attorney-client.org CNAME .
attorneyclientprivileged.com CNAME .
*.attorneyclientprivileged.com CNAME .
beachhackerspace.com CNAME .
*.beachhackerspace.com CNAME .
cloudwatchtower.com CNAME .
*.cloudwatchtower.com CNAME .
consilio.lawyer CNAME .
*.consilio.lawyer CNAME .
consiliolaw.com CNAME .
*.consiliolaw.com CNAME .
darknetinfo.com CNAME .
*.darknetinfo.com CNAME .
dataillusionist.com CNAME .
*.dataillusionist.com CNAME .
easycalea.com CNAME .
*.easycalea.com CNAME .
extremeexploits.com CNAME .
*.extremeexploits.com CNAME .
extremeexploits.org CNAME .
*.extremeexploits.org CNAME .
fraudpreventionsys.com CNAME .
*.fraudpreventionsys.com CNAME .
gleancorp.com CNAME .
*.gleancorp.com CNAME .
idme.org CNAME .
*.idme.org CNAME .
indelibleblue.net CNAME .
*.indelibleblue.net CNAME .
indelibleblueinc.net CNAME .
*.indelibleblueinc.net CNAME .
internetcartography.com CNAME .
*.internetcartography.com CNAME .
internetcartography.net CNAME .
*.internetcartography.net CNAME .
internetcartography.org CNAME .
*.internetcartography.org CNAME .
littoralventures.com CNAME .
*.littoralventures.com CNAME .
marketinfo.tips CNAME .
*.marketinfo.tips CNAME .
measurementsys.com CNAME .
*.measurementsys.com CNAME .
mxout.net CNAME .
*.mxout.net CNAME .
myaddress.today CNAME .
*.myaddress.today CNAME .
ndagri.com CNAME .
*.ndagri.com CNAME .
networkcartography.com CNAME .
*.networkcartography.com CNAME .
networkcartography.net CNAME .
*.networkcartography.net CNAME .
networkcartography.org CNAME .
*.networkcartography.org CNAME .
newdulcina.com CNAME .
*.newdulcina.com CNAME .
opensourcecontext.com CNAME .
*.opensourcecontext.com CNAME .
oppleman.org CNAME .
*.oppleman.org CNAME .
oscontext.com CNAME .
*.oscontext.com CNAME .
pathanalyzer.com CNAME .
*.pathanalyzer.com CNAME .
pathanalyzerpro.com CNAME .
*.pathanalyzerpro.com CNAME .
precise.fit CNAME .
*.precise.fit CNAME .
pwhois.net CNAME .
*.pwhois.net CNAME .
pwhois.org CNAME .
*.pwhois.org CNAME .
quietquell.com CNAME .
*.quietquell.com CNAME .
trustcor.co CNAME .
*.trustcor.co CNAME .
vbchs.com CNAME .
*.vbchs.com CNAME .
vbchs.org CNAME .
*.vbchs.org CNAME .
vbhacker.space CNAME .
*.vbhacker.space CNAME .
vbhackerspace.com CNAME .
*.vbhackerspace.com CNAME .
vbhackerspace.org CNAME .
*.vbhackerspace.org CNAME .
vostrom.ventures CNAME .
*.vostrom.ventures CNAME .
whoisanalyzer.com CNAME .
*.whoisanalyzer.com CNAME .
whoisanalyzerpro.com CNAME .
*.whoisanalyzerpro.com CNAME .
measurelib.com CNAME .
*.measurelib.com CNAME .
measurelib.com CNAME .
*.measurelib.com CNAME .
; Telematicsdirect - from al-moazin-lite-prayer-times.apk - dcb56dc7b817dd65a1f5ebfe81cf36b85ad523990b8e4f69a4a1654d1cc8277c
telematicsdirect.com CNAME .
*.telematicsdirect.com CNAME .
; SafeGraph / OpenLocate
; https://github.com/pablobaxter/openlocate-android
; https://www.vice.com/en/article/m7vymn/cdc-tracked-phones-location-data-curfews
safegraph.com CNAME .
*.safegraph.com CNAME .
; daily-scratchers.apk / 22a80df1084af11129baef89bce0bafad0aaae41e58dc2bb6e7c27fd3f4bac49 /	me.actv8.tvwallet
actv8technologies.com CNAME .
*.actv8technologies.com CNAME .
actv8technologies.com CNAME .
*.actv8technologies.com CNAME .
actv8technologies.com CNAME .
*.actv8technologies.com CNAME .
; Joker - RelaxingMusicSootheYourBody_signed.apk - 14c35d1158cc47cfb605fdd686603b0929d38c046dce03fd6033fb8a31433798
aliyuncs.com CNAME .
*.aliyuncs.com CNAME .
; Joker - https://github.com/DoctorWebLtd/malware-iocs/tree/master/Android.Joker
; Note: domain offline since Feb 2022
mobnv.com CNAME .
*.mobnv.com CNAME .
; pDNS for 	161.117.252.102
mobnv.com CNAME .
*.mobnv.com CNAME .
fortunnecat.com CNAME .
*.fortunnecat.com CNAME .
; WhatsApp mod distributed through legitimate apps:
; https://securelist.com/malicious-whatsapp-mod-distributed-through-legitimate-apps/107690/?utm_source=everyonesocial&utm_medium=partner&utm_campaign=us_NA-newsletter_en0177&utm_content=sm-post&utm_term=us_everyonesocial_organic_an17748oyfteksz&es_id=cfde1a3994
zcnewy.com CNAME .
*.zcnewy.com CNAME .
rt14v.com CNAME .
*.rt14v.com CNAME .
rt14v.com CNAME .
*.rt14v.com CNAME .
; xnspy - 578a880848bc52bed83b2be817a148187fde129cc8ad50db49630c0ebf59102c - xnspyappv2.apk
; https://techcrunch.com/2022/12/12/xnspy-stalkerware-iphone-android/
xiz4me.com CNAME .
*.xiz4me.com CNAME .
xiz4me.com CNAME .
*.xiz4me.com CNAME .
xiz4me.com CNAME .
*.xiz4me.com CNAME .
xiz4me.com CNAME .
*.xiz4me.com CNAME .
mydwnd.com CNAME .
*.mydwnd.com CNAME .
firebaseio.com CNAME .
*.firebaseio.com CNAME .
appspot.com CNAME .
*.appspot.com CNAME .
; xnspy - 7e3930771370ed111cdb83397a04fa7ee89f1ea35b7f5306bb1522b82bc6d38d
bk128.com CNAME .
*.bk128.com CNAME .
bk128.com CNAME .
*.bk128.com CNAME .
bk128.com CNAME .
*.bk128.com CNAME .
bk128.com CNAME .
*.bk128.com CNAME .
; xnspy - 9114e561c42ea19b183ef5d8a36e743f2b873874e43d805b11e3753035c7900d
firebaseio.com CNAME .
*.firebaseio.com CNAME .
appspot.com CNAME .
*.appspot.com CNAME .
; Fleckpe - from https://securelist.com/fleckpe-a-new-family-of-trojan-subscribers-on-google-play/109643/
iprocam.xyz CNAME .
*.iprocam.xyz CNAME .
iprocam.xyz CNAME .
*.iprocam.xyz CNAME .
iprocam.xyz CNAME .
*.iprocam.xyz CNAME .
photoeffect.xyz CNAME .
*.photoeffect.xyz CNAME .
photoeffect.xyz CNAME .
*.photoeffect.xyz CNAME .
photoeffect.xyz CNAME .
*.photoeffect.xyz CNAME .
slimedit.live CNAME .
*.slimedit.live CNAME .
slimedit.live CNAME .
*.slimedit.live CNAME .
slimedit.live CNAME .
*.slimedit.live CNAME .
beautycam.xyz CNAME .
*.beautycam.xyz CNAME .
beautycam.xyz CNAME .
*.beautycam.xyz CNAME .
beautycam.xyz CNAME .
*.beautycam.xyz CNAME .
mveditor.xyz CNAME .
*.mveditor.xyz CNAME .
mveditor.xyz CNAME .
*.mveditor.xyz CNAME .
mveditor.xyz CNAME .
*.mveditor.xyz CNAME .
gifcam.xyz CNAME .
*.gifcam.xyz CNAME .
gifcam.xyz CNAME .
*.gifcam.xyz CNAME .
gifcam.xyz CNAME .
*.gifcam.xyz CNAME .
hdmodecam.live CNAME .
*.hdmodecam.live CNAME .
hdmodecam.live CNAME .
*.hdmodecam.live CNAME .
hdmodecam.live CNAME .
*.hdmodecam.live CNAME .
toobox.online CNAME .
*.toobox.online CNAME .
toobox.online CNAME .
*.toobox.online CNAME .
toobox.online CNAME .
*.toobox.online CNAME .
twmills.xyz CNAME .
*.twmills.xyz CNAME .
twmills.xyz CNAME .
*.twmills.xyz CNAME .
twmills.xyz CNAME .
*.twmills.xyz CNAME .
odskguo.xyz CNAME .
*.odskguo.xyz CNAME .
odskguo.xyz CNAME .
*.odskguo.xyz CNAME .
odskguo.xyz CNAME .
*.odskguo.xyz CNAME .
;AhRat - see https://www.welivesecurity.com/2023/05/23/android-app-breaking-bad-legitimate-screen-recording-file-exfiltration/
80876dd5.shop CNAME .
*.80876dd5.shop CNAME .
;AhRat - b2c1517e4b0e0b3286a5cde06310b2277da7333f5ab3c2828f08272e3f85b260 - iRecorder - Screen Recorder_2.0_apkcombo.com.apk
unity3d.com CNAME .
*.unity3d.com CNAME .
unitychina.cn CNAME .
*.unitychina.cn CNAME .
supersonicads.com CNAME .
*.supersonicads.com CNAME .
supersonic.com CNAME .
*.supersonic.com CNAME .
supersonicads.com CNAME .
*.supersonicads.com CNAME .
supersonicads.com CNAME .
*.supersonicads.com CNAME .
; uBlock telemetry endpoint - adblock-stats.js  inside a01ff7dac823f3666e7f38527739802e5a7ce3cb539b6a390ca99d423b5c9779
; data sent even if telemetry is disabled
ublocker-chrome.com CNAME .
*.ublocker-chrome.com CNAME .
; Cytrox Predator domains, see - https://citizenlab.ca/2023/09/predator-in-the-wires-ahmed-eltantawy-targeted-with-predator-spyware-after-announcing-presidential-ambitions/
almal-news.com CNAME .
*.almal-news.com CNAME .
chat-support.support CNAME .
*.chat-support.support CNAME .
cibeg.online CNAME .
*.cibeg.online CNAME .
notifications-sec.com CNAME .
*.notifications-sec.com CNAME .
wa-info.com CNAME .
*.wa-info.com CNAME .
whatssapp.co CNAME .
*.whatssapp.co CNAME .
wts-app.info CNAME .
*.wts-app.info CNAME .
sec-flare.com CNAME .
*.sec-flare.com CNAME .
verifyurl.me CNAME .
*.verifyurl.me CNAME .
betly.me CNAME .
*.betly.me CNAME .
betly.me CNAME .
*.betly.me CNAME .
whatssapp.co CNAME .
*.whatssapp.co CNAME .
wa-info.com CNAME .
*.wa-info.com CNAME .
wa-info.com CNAME .
*.wa-info.com CNAME .
t-bit.me CNAME .
*.t-bit.me CNAME .
; PEACHPIT and BADBOX, extended infrastructure (expansion by @craiu), see - https://www.humansecurity.com/hubfs/HUMAN_Report_BADBOX-and-PEACHPIT.pdf
flyermobi.com CNAME .
*.flyermobi.com CNAME .
ikmytech.com CNAME .
*.ikmytech.com CNAME .
flyermobi.com CNAME .
*.flyermobi.com CNAME .
dofunapps.com CNAME .
*.dofunapps.com CNAME .
dofunapps.com CNAME .
*.dofunapps.com CNAME .
flyermobi.com CNAME .
*.flyermobi.com CNAME .
apkcar.com CNAME .
*.apkcar.com CNAME .
flyermobi.com CNAME .
*.flyermobi.com CNAME .
ikmytech.com CNAME .
*.ikmytech.com CNAME .
cbphe.com CNAME .
*.cbphe.com CNAME .
cbpheback.com CNAME .
*.cbpheback.com CNAME .
dcylog.com CNAME .
*.dcylog.com CNAME .
flyermobi.com CNAME .
*.flyermobi.com CNAME .
flyermobi.com CNAME .
*.flyermobi.com CNAME .
dofunapps.com CNAME .
*.dofunapps.com CNAME .
apkcar.com CNAME .
*.apkcar.com CNAME .
flyermobi.com CNAME .
*.flyermobi.com CNAME .
ycxrl.com CNAME .
*.ycxrl.com CNAME .
apkcar.com CNAME .
*.apkcar.com CNAME .
apkcar.com CNAME .
*.apkcar.com CNAME .
apkcar.com CNAME .
*.apkcar.com CNAME .
; Unityads from https://github.com/Unity-Technologies/unity-ads-ios
unity3d.com CNAME .
*.unity3d.com CNAME .
unity3d.com CNAME .
*.unity3d.com CNAME .
unity3d.com CNAME .
*.unity3d.com CNAME .
unity3d.com CNAME .
*.unity3d.com CNAME .