Kryptowire announced on 2016-11-15 the discovery of malware in Android-based smart phones sold by, among others, Amazon US and BestBuy. The malware was allegedly created by Shanghai ADUPS Technology Co., Ltd. Kryptowire claims the malware sends all your text messages, all your contacts, all your call history, etc., to the domain names listed below. The ADUPS company issued a statement claiming its services are simply spam countermeasures.
Kryptowire claims these domain names resolved to the IP address 220.127.116.11.
Today, 2 days later, those domain names resolves to the IP address 18.104.22.168. The domain name rebootv5.adsunflower.com still resolves to the IP address 22.214.171.124. Be sure to adjust your ACLs if you have entered the previously known IP addresses.