# Title: The malicious website blocklist
# Homepage: https://github.com/iam-py-test/my_filters_001
# Expires: 1 day
# Last updated: 2026-3-7
# Version: 2026307.1
# Description: This list aims to protect against scams, phishing, malware, some stalkerware, and potentially unwanted programs (PUPs). It includes a version of vxvault.net's list, modified by me to work in adblockers.
# Issues url: https://github.com/iam-py-test/my_filters_001/issues
# GitLab issues url (not checked as often): https://gitlab.com/iam-py-test/my_filters_001/-/issues
# Special thanks to all of the people who have helped me maintain this list! Check out https://github.com/iam-py-test/my_filters_001/blob/main/CONTRIBUTORS.md
# Note: This list includes a version of VXVault.net's malware distribution url list, formatted for adblockers, which is at https://github.com/iam-py-test/vxvault_filter
# Note: This list includes a version of ThioJoe's YouTube spam blocklist, formatted for adblockers, which is at https://github.com/iam-py-test/thiojoe_yt_lists and was originally licensed under MIT
# ---- Malware and Phishing ----
# A Facebook phishing website
# https://www.siteadvisor.com/sitereport.html?url=xn--faebook-64a.com
# https://www.fortiguard.com/webfilter?q=xn--faebook-64a.com
# https://virustotal.com/gui/domain/xn--faebook-64a.com/detection
# https://safeweb.norton.com/report/show?url=xn--faebook-64a.com
0.0.0.0 xn--faebook-64a.com
# https://www.reddit.com/r/mildlyinfuriating/comments/nc9zpe/got_a_paypal_or_should_i_say_paypl_phishing_email/
# https://virustotal.com/gui/url/c0e5466cd2843f75d522093d93cf949259ca618ca2f00aa4952e7700cbf59384/detection
0.0.0.0 paypl.com
# https://virustotal.com/gui/url/4531df5b01e2c58f9307fabecc9a17b03c6157bafc8e9af736b278e95c182dc5/community
0.0.0.0 payapl.com
# https://virustotal.com/gui/url/91aecb78868044183cbe47614fb43a7e5aecd4b4ae89294a215354bdda2c3602/detection
# https://www.fortiguard.com/webfilter?q=paypaI.com
# https://www.mywot.com/en/scorecard/paypaI.com
# https://safeweb.norton.com/report/show?url=paypaI.com
0.0.0.0 paypai.com
# https://forum.mywot.com/reputation-discussions-f5/ridiculous-eth-bitcoin-giveaways-or-instant-invest-t86210.html
0.0.0.0 btc-promo.czweb.org
0.0.0.0 giveaway-eth-btc.webz.cz
# https://virustotal.com/gui/ip-address/104.236.14.145/relations
# https://www.mywot.com/en/scorecard/blogsopt.com
# https://virustotal.com/gui/url/6d9e9d347f3578fe8fea973820a40a0ab760165e613af323b4a025dee339c73e/detection
0.0.0.0 blogsopt.com
# https://virustotal.com/gui/url/f645599a31b833dcebbfec890361e28a5fb14ba86e6f730d74688d11cfe7f52f/details
# https://www.joesandbox.com/analysis/436433/0/html#deviceScreen
# https://www.mywot.com/scorecard/googe.com
# https://safeweb.norton.com/reviews?url=googe.com
0.0.0.0 googe.com
# https://forum.mywot.com/24626-whatsmyipaddress-com
# https://virustotal.com/gui/url/c8bc45a00aeb7be3ccc68a0cf17e4a6175db761393dee57de32a49338b77ca45/detection
# https://www.fortiguard.com/webfilter?q=appple.com&version=8
0.0.0.0 appple.com
0.0.0.0 ww1.appple.com
# https://twitter.com/gorhill/status/1293239879887970305
#   - via https://github.com/NanoAdblocker/NanoCore/issues/362#issuecomment-704235803
# https://virustotal.com/gui/url/085d0bd9451920bd97eb099fb14e42b8ceccadf79cdf70da0d29e31900262ce1/detection
# https://www.siteadvisor.com/sitereport.html?url=fly-analytics.com
# https://www.fortiguard.com/webfilter?q=fly-analytics.com
# https://safeweb.norton.com/report/show?url=fly-analytics.com
# https://sitecheck.sucuri.net/results/fly-analytics.com
0.0.0.0 fly-analytics.com
# https://www.bleepingcomputer.com/virus-removal/remove-toksearches.xyz-search-redirect
# https://virustotal.com/gui/url/f6e174e4f27f27f27b5f8c3516fcdbea555d9128d50d6e20f6ca2ca8fbf0d37f/detection
# https://www.fortiguard.com/webfilter?q=toksearches.xyz
0.0.0.0 toksearches.xyz
# https://www.bleepingcomputer.com/virus-removal/remove-smashappsearch.com-search-redirect
# https://www.bleepingcomputer.com/virus-removal/remove-smashapps.net-search-redirect
# https://www.bleepingcomputer.com/virus-removal/remove-bipapp-chrome-extension
0.0.0.0 smashapps.net
# https://www.bleepingcomputer.com/virus-removal/remove-please-allow-to-watch-the-video
# https://virustotal.com/gui/url/ef88006f1f5beab8ded6b8786870209c1651db831c19e4f49e5ef829c267cac1/detection
# https://www.siteadvisor.com/sitereport.html?url=new-message.live
# https://www.fortiguard.com/webfilter?q=new-message.live
# https://safeweb.norton.com/report/show?url=new-message.live
# https://sitecheck.sucuri.net/results/new-message.live
0.0.0.0 new-message.live
# https://virustotal.com/gui/url/098cc8fed90c43af3a4afb4df0d7da9c68b1b2c8a3c73fb9d4506c7f062547f1/detection
# https://virustotal.com/gui/ip-address/95.168.170.165/relations
# https://virustotal.com/gui/url/6a23b2b07941322f9ad5555d97bfd020c2681264d71b5ed6c621f0a6cad6277c/detection
# https://www.fortiguard.com/webfilter?q=private-message.live
# https://safeweb.norton.com/report/show?url=private-message.live
# https://www.mywot.com/scorecard/private-message.live
0.0.0.0 private-message.live
# https://virustotal.com/gui/user/Site.safetychecker
# https://virustotal.com/gui/url/7108cfe6953cab08696ae1f9ab2c777b749fb53e7beb5c003756ea522c880f17/detection
0.0.0.0 yotube.com
# https://forums.malwarebytes.com/topic/278209-removal-instructions-for-socialsearchconverter/
0.0.0.0 socialsearchconverter.com
0.0.0.0 install.socialsearchconverter.com
0.0.0.0 feed.socialsearchconverter.com
0.0.0.0 api.socialsearchconverter.com
0.0.0.0 notify-service.com
0.0.0.0 install.stream-all.com
0.0.0.0 stream-all.com
# https://blog.malwarebytes.com/threat-intelligence/2021/09/the-many-tentacles-of-magecart-group-8/
0.0.0.0 adaptivestyles.com
0.0.0.0 bootstrapmag.com
0.0.0.0 paypaypay.org
0.0.0.0 googletagmanages.com
0.0.0.0 gstaticx.com
0.0.0.0 googletagmaneger.com
# https://github.com/AdguardTeam/AdguardFilters/issues/95582
# https://virustotal.com/gui/url/3323920fe31aaa6724441edc7bd395232194c52967480a95039fb35bcb3d7ac2
# https://virustotal.com/gui/url/93011523cfdd4defbccbe5fff351acac2bb6fdddba6420cc69d81cc9f9dd7f61
# https://virustotal.com/gui/url/145c4bdadca86dfb9560668f2cec835f75c248af41b8842687ad89dce8d2aed0
# https://www.siteadvisor.com/sitereport.html?url=dlscord-app.info
0.0.0.0 dlscord-app.info
# https://github.com/DandelionSprout/adfilt/issues/287#issue-1013759704
0.0.0.0 youtuba.com
0.0.0.0 avprotectionoverview.com
# https://virustotal.com/gui/file/294b8db1f2702b60fb2e42fdc50c2cee6a5046112da9a5703a548a4fa50477bc/relations
# https://virustotal.com/gui/ip-address/160.202.163.100/relations
# https://virustotal.com/gui/url/3818bac5233b17d11c0744005712a5761596f33ac54c23565eb08b5496323d48
0.0.0.0 microsoftkernel.com
0.0.0.0 update.microsoftkernel.com
# https://virustotal.com/gui/url/7709e9dff92c359c920e31866268a04489a67fc2e415bbc8c20cea8604387121
# https://virustotal.com/gui/url/c8da0d48ea7be9444411840955f2a658c3f6fbfd3dcc87df29fe0c13a6b9b604
0.0.0.0 microsofthk.com
0.0.0.0 update.microsofthk.com
# https://github.com/DandelionSprout/adfilt/issues/63#issuecomment-944642656
0.0.0.0 allblock.net
# https://blog.malwarebytes.com/threat-intelligence/2021/10/q-logger-skimmer-keeps-magecart-attacks-going/
0.0.0.0 pinokio.online
0.0.0.0 sitetraffic.site
0.0.0.0 spacecom.site
# found when searching for "iam-py-test" on Google - starts at hxxpx[:]//google-yandex[.]info[/]iam-py-test
# https://github.com/iam-py-test/investigations/blob/main/2021/10/24/1.md
# https://github.com/DandelionSprout/adfilt/issues/63#issuecomment-950351144
0.0.0.0 google-yandex.info
# https://virustotal.com/gui/url/2e874f308e1202ce4deb4068d029675c8487bed465f3bd34aeefb4a84c6b767f
# https://virustotal.com/gui/url/859be64d71834dba1693b079ec85f77edcd06124031c65178838555fea31efd7
0.0.0.0 dliscord.com
# https://forums.malwarebytes.com/topic/280266-removal-instructions-for-search-streamly/
0.0.0.0 search-streamly.com
0.0.0.0 feed.search-streamly.com
0.0.0.0 api.search-streamly.com
# https://github.com/iam-py-test/investigations/blob/main/2021/11/3/1.md#domains
0.0.0.0 youutube.com
0.0.0.0 youvetube.com
0.0.0.0 www.youvetube.com
0.0.0.0 mediadlvr.com
0.0.0.0 safejokesearch.com
0.0.0.0 www.safejokesearch.com
# https://blog.malwarebytes.com/threat-intelligence/2021/11/credit-card-skimmer-evades-virtual-machines/
# https://virustotal.com/gui/url/229181849ae5d036ff997645e9cf708d4fe96337d6e68e780777aee382fdccf1
0.0.0.0 webflows.net
0.0.0.0 web.webflows.net
0.0.0.0 js.rawgit.net
0.0.0.0 rawgit.net
# https://github.com/iam-py-test/investigations/blob/main/2021/11/24/1.md
0.0.0.0 macsoftwarez.com
# https://scammer.info/t/quantum-ad-blocker-trojan/84204
0.0.0.0 quantumadblocker.com
# https://virustotal.com/gui/url/269d374b629d7896da1f9e7449bd5afecf6284a9a564244f96a71e5192363635
0.0.0.0 lowseelan.com
# https://forums.malwarebytes.com/topic/281264-malware-bytes-scam-number-1-315-996-0560/
# https://github.com/uBlockOrigin/uAssets/issues/11157
0.0.0.0 sideload.net
0.0.0.0 stcverify.com
0.0.0.0 verify.stc.tools
0.0.0.0 1980s.click
0.0.0.0 0x41414141.net
0.0.0.0 yatsura.0x41414141.net
0.0.0.0 ultimate-eraser.com
# VirusTotal typosquatt
0.0.0.0 virusttotal.com
# https://github.com/uBlockOrigin/uAssets/pull/11744
0.0.0.0 greencracks.com
0.0.0.0 procrackerz.com
0.0.0.0 crackfix.net
0.0.0.0 zcracked.com
0.0.0.0 cracksoftware.org
0.0.0.0 downloadpc.net
0.0.0.0 pcfullcrack.org
0.0.0.0 up4pc.com
0.0.0.0 cracktube.net
0.0.0.0 yourpcnotification.com
# https://github.com/uBlockOrigin/uAssets/issues/12194
0.0.0.0 fulptube.org
# https://bazaar.abuse.ch/sample/d7308dab0110ae3bc79fd15024f5ccfcbd6e676b7c42b27a0112506e8357a6dc/ --> https://app.any.run/tasks/bc53e7a9-5fd7-4682-894d-11e48e9ea89a#
0.0.0.0 pccrackworld.com
0.0.0.0 www.pccrackworld.com
# https://bazaar.abuse.ch/sample/7a1ac49143e4dc8d3e7f3d033b1b382b3120bfdebfbaf3a304ab2f086456a896/
# https://bazaar.abuse.ch/sample/fc03d6fa6787c0e6fee51af9c567bc1febf642bdfd6fd91ee99348b0a2cdf947/
# https://scammer.info/t/phishing-my-account-will-be-blocked/100783
# https://scammer.info/t/fake-discord-nitro-generator/99942
# https://bazaar.abuse.ch/sample/afc4c49625b8c888e7e4958ec95cf0a79baf48736d71b0cac2bb2fc5f1c99279/
0.0.0.0 importadoracandy.com
# YouTube video on a probably hacked channel --> https://bazaar.abuse.ch/sample/786947bd41f7be120bc82fd563b5658ff319bcb45f8e3a35e9e4c62a03ef103e/
# https://virustotal.com/gui/file/8014510ba4ca11285598396ec7f36058ce42b2fdd4fd80004c1f1c84933126f1/detection
# https://forums.malwarebytes.com/topic/287876-im-posting-a-malware-to-ask-if-anyone-know-the-type-of-this-malware/
# https://app.any.run/tasks/85cfa904-06c4-4603-82ec-7a3db8db8df9
0.0.0.0 rewards-giant.uk
0.0.0.0 www.rewards-giant.uk
# https://virustotal.com/gui/url/081c3fe5d843567d0b5a1f7b2efd6592eded82d8a6b0a4283760c53b06b9d009/community
0.0.0.0 coinbase-buysell-cryptocurrency.yolasite.com
# https://virustotal.com/gui/url/88c6f47ec835274fa193c5540a570dc53421fcfdc5d0408f8a8215ff9ec561bf/community
# someone shared this SMS with me --> https://web.archive.org/web/20220707215749/https://twitter.com/iam_py_test/status/1545164642346930176
0.0.0.0 amazon-security-info.lnk.to
# https://bazaar.abuse.ch/sample/b41a79633a38811e378ce4e3e05cbaf086791272ae55c87eafa845eb655994a9/
# https://bazaar.abuse.ch/sample/5c795e31f7130c2c15ed1fbcb300bea7266f64e10f68cfc9a2f139f2a25a9532/
0.0.0.0 crackload.net
# https://virustotal.com/gui/file/36d0988bbecc52a81edde05ecf40562ce878dcf4eb273691a134f825bbc16f34/detection
# https://virustotal.com/gui/file/de78cb6a65184a6011d7dee1dc1e48a60d936208718448158f656919c29856e4
# https://forums.malwarebytes.com/topic/289086-antivirus-keeps-telling-me-blocked-3523615979-and-cant-find-a-solution/
# https://forums.malwarebytes.com/topic/289935-hijackautoconfigurlprxysvrrst-backdoorfarfli-in-registre-key/
# https://bazaar.abuse.ch/sample/78bcb53e3e0bca3655038c80eb9339d94f4a52b614b2ae072c171925099bcca8/
# https://virustotal.com/gui/file/6679a9fafa55cd95f682e35649413de7d36e81d7eb77736f888d98e5ac4ccf91
# same malware?
0.0.0.0 ndandinter.hair
# https://virustotal.com/gui/url/277ab53e753d552ec350aa812bc94345c84346ce52ca03f89979bfbe9a1ae000/community
0.0.0.0 es-sign-caieyna-b65164.ingress-florina.ewp.live
# https://forums.malwarebytes.com/topic/289254-reoccuring-website-blocked-due-to-malwaretrojan-message/
# https://forums.malwarebytes.com/topic/289555-malwarebytes-reporting-riskware-and-trojan-through-powershell-every-second/
# https://twitter.com/MBThreatIntel/status/1567604533458780160
# https://virustotal.com/gui/file/fe3f662947b072546eea1183ff626e851cb99a50a406dbe28a520078f38a84df
# https://virustotal.com/gui/file/31172f3d213210267adccd9e625a15f9713006812a3e20538425fba996e8889a
# https://bazaar.abuse.ch/sample/a674c8d984fe21bdbf03a9cafabe8963f0b471155655943299ef9695b836c307/
# https://virustotal.com/gui/url/94532535b8591efdebf95cf3c463f4b6116c76a354320676d38ab1384d40d26f/community
0.0.0.0 sukudoanalytica.com
# https://twitter.com/UK_Daniel_Card/status/1573038624853082128
# https://twitter.com/MBThreatIntel/status/1571949584943054848
0.0.0.0 parrable.com
# https://twitter.com/MBThreatIntel/status/1573059941619081221
# https://bazaar.abuse.ch/sample/7205488fe5a1d3d05f0734af8b156d5c1603e9334b407845eb5545950e7b9acc/ (credit to https://bazaar.abuse.ch/user/1169961/)
# https://app.any.run/tasks/ed58332c-913b-4a8e-8d17-e55c4fb40b76 (my analysis)
# https://virustotal.com/gui/url/dff608d10ce1c5d441e7d3d9e848d81302e26dcce121f984f2d1c2e341852a82/community
# https://forums.malwarebytes.com/topic/290797-drive-by-typosquat/
0.0.0.0 login.mimecast.cm
# https://web.archive.org/web/20230604182346/https://twitter.com/iam_py_test/status/1578112473768644611
# new
# https://virustotal.com/gui/url/d56c2ac37804bb6016c6666697b34ed0e95ad1a36ca2bd8b9db78c1e13f8ae81/community
0.0.0.0 objectstorage.us-sanjose-1.oraclecloud.com
# https://virustotal.com/gui/url/cf647bc81b76bd4857b34fe9a6dbec1f695b3bb8910e8cd000fa16e48d8c0c4c/community
0.0.0.0 i4rry-tiaaa-aaaag-aaycq-cai.ic0.app
# https://bazaar.abuse.ch/sample/9d5e04f46fc4e4340b2d4c5f2044584826e016347388ec35cc9805d36c7546f1/
# https://tria.ge/221104-xnqwhsbhfp/behavioral1
0.0.0.0 clipper.guru
# https://forums.malwarebytes.com/topic/291771-facebook-hacked-and-suspicious-link-sent-out/
0.0.0.0 monkey.redirectmaster.com
# https://virustotal.com/gui/url/6a1435a75c9199af6c37df495fb6b05965e57ada5b617e0651efa13e51ae746b/community
# https://virustotal.com/gui/url/8425e5c13e3c0ee58fc0ed21cd3695ad4ef1962a32d90f2b3d34cc280e0c248b
0.0.0.0 chungwoo.futuroinfo.co.kr
# https://virustotal.com/gui/url/ca6883e44a103ed205b6225d866719bc51a9301aca937d336dc38610e46c7ea2/community
# a "Yahoo" email claiming I will be locked out if I don't "correct my email"
0.0.0.0 yahooo-mail-service.webflow.io
# https://app.any.run/tasks/1dafbc8d-84d8-4e42-a96a-fffdc9d644e7/
0.0.0.0 kmspico-official.xyz
# https://forums.malwarebytes.com/topic/292016-keep-getting-outbound-website-blocked-due-to-trojan-cant-find-threats/
0.0.0.0 humman.art
# https://www.fortinet.com/blog/threat-research/new-rapperbot-campaign-ddos-attacks
# I misspelled virtualbox's website, landed here
0.0.0.0 virutalbox.org
0.0.0.0 get.safety-search.com
0.0.0.0 safety-search.com
# https://app.any.run/tasks/2de64615-6df3-457f-bfb8-3e207b44667c
# https://forums.malwarebytes.com/topic/292218-malwarebytes-says-that-vbcexe-is-a-virus-please-help/
# https://threatfox.abuse.ch/ioc/840342/
# https://github.com/AdguardTeam/AdguardFilters/issues/134903
0.0.0.0 znakomy.club
0.0.0.0 smartlink.name
# https://app.any.run/tasks/2309c8ba-3e9f-41f2-8a5c-f15f7411ac58#
0.0.0.0 www.sadeempc.com
0.0.0.0 sadeempc.com
# https://www.youtube.com/watch?v=xwJJkvIsEJQ
0.0.0.0 torrent-protection.com
# https://app.any.run/tasks/e5ba6bf3-98ee-46bf-b9ee-406b1bbebe1f
# https://app.any.run/tasks/89b3e663-ea70-43fe-89f0-af05c1c9af2e
# https://github.com/AdguardTeam/AdguardFilters/issues/135924
# https://github.com/DandelionSprout/adfilt/commit/31a32bcef8cfef97a6403f308d64c1991c6b4e8b
# credit to https://github.com/DandelionSprout
0.0.0.0 abazelfan.com
0.0.0.0 abburmyer.com
0.0.0.0 abyamaskor.com
0.0.0.0 acelacien.com
0.0.0.0 adsvids.com
0.0.0.0 agaenteitor.com
0.0.0.0 ajestigie.com
0.0.0.0 almareepom.com
0.0.0.0 alspearowa.com
0.0.0.0 amexcadrillon.com
0.0.0.0 amgardevoirtor.com
0.0.0.0 amoddishor.com
0.0.0.0 arrlnk.com
0.0.0.0 arswabluchan.com
0.0.0.0 arwartortleer.com
0.0.0.0 arwhismura.com
0.0.0.0 aslaironer.com
0.0.0.0 aslaprason.com
0.0.0.0 asnoibator.com
0.0.0.0 astkyureman.com
0.0.0.0 astoecia.com
0.0.0.0 atgallader.com
0.0.0.0 attrapincha.com
0.0.0.0 audmrk.com
0.0.0.0 ausoafab.net
0.0.0.0 bechatotan.com
0.0.0.0 belickitungchan.com
0.0.0.0 benumelan.com
0.0.0.0 beskittyan.com
0.0.0.0 betalonflamechan.com
0.0.0.0 betimbur.com
0.0.0.0 betjoltiktor.com
0.0.0.0 betotodileon.com
0.0.0.0 bett2you.org
0.0.0.0 bigsport.today
0.0.0.0 breakingfeedz.com
0.0.0.0 businessenviron.com
0.0.0.0 byambipoman.com
0.0.0.0 cadbitff.com
0.0.0.0 chemitug.net
0.0.0.0 civadsoo.net
0.0.0.0 clicktracklink.com
0.0.0.0 consoupow.com
0.0.0.0 countriesnews.com
0.0.0.0 daizoode.com
0.0.0.0 desabrator.com
0.0.0.0 dfsdkkka.com
0.0.0.0 doflygonan.com
0.0.0.0 domakuhitaor.com
0.0.0.0 dugothitachan.com
0.0.0.0 dukirliaon.com
0.0.0.0 dulillipupan.com
0.0.0.0 duponytator.com
0.0.0.0 eyenider.com
0.0.0.0 faestara.com
0.0.0.0 fdiirjong.com
0.0.0.0 fiinann.com
0.0.0.0 fiinnancesur.com
0.0.0.0 finnnann.com
0.0.0.0 flymob.com
0.0.0.0 forlumineontor.com
0.0.0.0 forunfezanttor.com
0.0.0.0 fregtrsatnt.com
0.0.0.0 gdasaasnt.com
0.0.0.0 geedoovu.net
0.0.0.0 getsurv2youu.com
0.0.0.0 gfsdloocn.com
0.0.0.0 ggetsurveey.com
0.0.0.0 gggtrenks.com
0.0.0.0 gillynn.com
0.0.0.0 gkjoanks.com
0.0.0.0 glersakr.com
0.0.0.0 gloaphoo.net
0.0.0.0 goomaphy.com
0.0.0.0 groguzoo.net
0.0.0.0 growebads.com
0.0.0.0 gtoonfd.com
0.0.0.0 haunigre.net
0.0.0.0 higheurest.com
0.0.0.0 hoanoola.net
0.0.0.0 hrenbjkdas.com
0.0.0.0 inabsolor.com
0.0.0.0 inboldoreer.com
0.0.0.0 incorphishor.com
0.0.0.0 inkingleran.com
0.0.0.0 inpage-push.com
0.0.0.0 interdfp.com
0.0.0.0 intorterraon.com
0.0.0.0 itemolgaer.com
0.0.0.0 itgiblean.com
0.0.0.0 ittorchicer.com
0.0.0.0 itzekromom.com
0.0.0.0 jeehathu.com
0.0.0.0 koapsuha.net
0.0.0.0 kogutcho.net
0.0.0.0 lauhoosh.net
0.0.0.0 leezoama.net
0.0.0.0 loralana.com
0.0.0.0 lowdodrioon.com
0.0.0.0 lowdurantom.com
0.0.0.0 lowlatiasan.com
0.0.0.0 mauchopt.net
0.0.0.0 meagplin.com
0.0.0.0 meet4youu.com
0.0.0.0 mekstolande.com
0.0.0.0 moakaumo.com
0.0.0.0 moksoxos.com
0.0.0.0 mygtmn.com
0.0.0.0 newprofitcontrol.com
0.0.0.0 nieveni.com
0.0.0.0 oackoubs.com
0.0.0.0 oaphoace.net
0.0.0.0 offmachopor.com
0.0.0.0 omanala.com
0.0.0.0 omasatra.com
0.0.0.0 omchimcharchan.com
0.0.0.0 omnidokingon.com
0.0.0.0 onclickads.net
0.0.0.0 onclickrev.com
0.0.0.0 onclickserver.com
0.0.0.0 onelivetra.com
0.0.0.0 onwasrv.com
0.0.0.0 onxatutor.com
0.0.0.0 oodrampi.com
0.0.0.0 opcharizardon.com
0.0.0.0 opchikoritar.com
0.0.0.0 opclauncheran.com
0.0.0.0 osspalkiaom.com
0.0.0.0 ossrhydonr.com
0.0.0.0 outaipoma.com
0.0.0.0 outseylor.com
0.0.0.0 overonixa.com
0.0.0.0 overswaloton.com
0.0.0.0 overzoruaon.com
0.0.0.0 overzubatan.com
0.0.0.0 parumal.com
0.0.0.0 pipeschannels.com
0.0.0.0 propvideo.net
0.0.0.0 psaudous.com
0.0.0.0 qarewien.com
0.0.0.0 rhendam.com
0.0.0.0 rmndme.com
0.0.0.0 rndchandelureon.com
0.0.0.0 rndmusharnar.com
0.0.0.0 roduster.com
0.0.0.0 rouinfernapean.com
0.0.0.0 rtmark.net
0.0.0.0 rtrgt2.com
0.0.0.0 saimifoa.net
0.0.0.0 serconmp.com
0.0.0.0 shoubsee.net
0.0.0.0 show-review.com
0.0.0.0 sportevents.news
0.0.0.0 survey2you.org
0.0.0.0 tauvoojo.net
0.0.0.0 timecrom.com
0.0.0.0 toglooman.com
0.0.0.0 tosuicunea.com
0.0.0.0 totentacruelor.com
0.0.0.0 totogetica.com
0.0.0.0 touroumu.com
0.0.0.0 tovanillitechan.com
0.0.0.0 trads.io
0.0.0.0 trenhsmp.com
0.0.0.0 trewnhiok.com
0.0.0.0 ugroocuw.net
0.0.0.0 unampharostor.com
0.0.0.0 unbeedrillom.com
0.0.0.0 untimburra.com
0.0.0.0 uparceuson.com
0.0.0.0 uplucarioon.com
0.0.0.0 uponarticunoer.com
0.0.0.0 upregisteelon.com
0.0.0.0 urmavite.com
0.0.0.0 vamsoupowoa.com
0.0.0.0 vuftouks.com
0.0.0.0 wynather.com
0.0.0.0 yacurlik.com
0.0.0.0 yarlnk.com
0.0.0.0 yonabrar.com
0.0.0.0 zagtertda.com
0.0.0.0 zoawufoy.net
# https://forums.malwarebytes.com/topic/292537-phishing-x-3/ (account required, credit to https://forums.malwarebytes.com/profile/126832-bradraynor/)
0.0.0.0 13ee53.codesandbox.io
# https://forums.malwarebytes.com/topic/292570-malwarebytes-blocked-trojanexe-am-i-safe/
# https://threatfox.abuse.ch/ioc/1024382/
# https://forums.malwarebytes.com/topic/292568-ironmodalcom/
0.0.0.0 ironmodal.com
# https://app.any.run/tasks/fbb04c5d-ce57-4eaa-937b-20b014ed7c19#
0.0.0.0 rsmerchantservices.com
0.0.0.0 gcrpgqhhmf.com
0.0.0.0 bestsmartfind.com
# https://app.any.run/tasks/df07016b-df4a-47d2-8ef4-3764547ccb7b (website)
# https://app.any.run/tasks/30bb18a1-ea92-4208-91a1-e1b964930fa5 (file)
# https://threatfox.abuse.ch/ioc/1028938/
# https://app.any.run/tasks/82e6d95e-3fd5-4bf6-873e-3d7379d495e3
# https://app.any.run/tasks/25665331-97a5-49a8-9381-eda377347ee5
0.0.0.0 fitgirl-repacks-site.org
0.0.0.0 bluemediafiles.top
# https://forums.malwarebytes.com/topic/292840-file-detected-windowsmicrosoftnetframeworkv4030319aspnet_compileexe/
0.0.0.0 line.publicvm.com
# https://bazaar.abuse.ch/sample/a3cafe7d2d20180460c2e581b215d63519a691de2781a66349fd57ea3e5fcfdf/ (https://bazaar.abuse.ch/user/86185858/)
# https://github.com/uBlockOrigin/uAssets/issues/15990
0.0.0.0 vlcdownloads.com
# https://virustotal.com/gui/url/2eeeeba08305b13c205d66f7d9cd6a853bc491688d0e91c0381613066b2566a3/community
# https://github.com/AdguardTeam/AdguardFilters/issues/136390
0.0.0.0 glthub.org
# https://forums.malwarebytes.com/topic/293076-google-docs-extension-malware/
0.0.0.0 goodsearchez.com
0.0.0.0 goog.goodsearchez.com
# https://forums.malwarebytes.com/topic/293086-i-keep-getting-data-crypto-mining-trojans-in-my-chrome-extensions-folder/
0.0.0.0 daggerhashimoto.eu.nicehash.com
# https://bazaar.abuse.ch/sample/dd022ea963e777dec7fbb6c3f84893961c60a0b72fa26152416a9e75e9879c5d/
# https://virustotal.com/gui/file/9108e1d22d74bc5397b8886edc4f0a84b8906436a648ef8a86f30cf7e08978dd/detection
# https://virustotal.com/gui/file/8b526ce6c0637c72799d1f1944f5d77a821d896c2ffe01cd8c391ed37a175f76
# https://github.com/DandelionSprout/adfilt/discussions/163#discussioncomment-4502840 (with no adblocker, I got an ad which downloaded https://virustotal.com/gui/file/7c4c570fb381176736d956ee84c5fb01b6e4638fe122e7a2e1f7335d08edb1d6/detection)
0.0.0.0 ecomefuk.xyz
# https://app.any.run/tasks/f4e39100-c15b-4cd3-9a2c-3401df4435d4
# https://tria.ge/221227-3mk7jagg99
# https://www.hybrid-analysis.com/sample/f2e12223da0ae00323260f8dadbdd1596f7ce8fcd2e2520fde0aefc6fd19a88b
# https://tria.ge/221228-3ez1qabh74/behavioral2
# https://virustotal.com/gui/file/0814d32e07768c5387774d03108ea27ff132d4aee72d3f1fc98a6d78ab74d628
0.0.0.0 sigmarole.cyou
# https://threatfox.abuse.ch/ioc/847757/
# https://app.any.run/tasks/acb995d6-45ba-4680-8c39-b96b7a8574d8
# https://github.com/iam-py-test/investigations/blob/main/malware/oceanofgames.com.md
0.0.0.0 oceanofgames.com
0.0.0.0 easy-learn-tech.info
# https://virustotal.com/gui/url/25c1299a47deee16de446a1e984b668779afe55cd5429639a112fe8cb6509b68/community
0.0.0.0 colorflys.com
# https://app.any.run/tasks/5bdcb423-d8a6-4c4a-bee0-e4817415d96e
# https://virustotal.com/gui/file/f82251f78347ba9a0a0fe6efee7fdfb4a07ef133ec29d4fb816116b194c4f4a2/detection
# shared by https://github.com/JobcenterTycoon
0.0.0.0 funnycrack.com
# https://app.any.run/tasks/5f9ddba3-9d5d-45a6-8ab1-37eaca832b2a/
# https://tria.ge/230103-s79qhsfb2z/behavioral2
0.0.0.0 gigapurbalinggaa.com
0.0.0.0 stone10.xyz
# https://github.com/AdguardTeam/AdguardFilters/issues/139106 (credit to DandelionSprout)
0.0.0.0 loadingnow.me
0.0.0.0 gsecurecontent.com
0.0.0.0 pressizer.net
0.0.0.0 sapino.net
# https://tria.ge/230104-qdn6lsfh34/behavioral2
# https://tria.ge/230104-qcf4lsbb81/behavioral2
# https://www.hybrid-analysis.com/sample/a2f1e5de0f6a32a2b202a973b4deebb0f3f3fd0c16001a010594ced932b17a07
# https://virustotal.com/gui/file/a2f1e5de0f6a32a2b202a973b4deebb0f3f3fd0c16001a010594ced932b17a07/detection
# https://threatfox.abuse.ch/ioc/1064537/
# https://threatfox.abuse.ch/ioc/1064536/
# https://threatfox.abuse.ch/ioc/1064660/
# https://forums.malwarebytes.com/topic/293448-brute-force-password-attack-on-email-server-from-ip-address-9820013539/?do=findComment&comment=1547922 (account required)
# https://www.abuseipdb.com/check/68.60.77.128 
# delist once there have been no new reports in one week. Probably pointless to list in the first place
# https://app.any.run/tasks/37850881-daef-455e-a60d-7b1a11438955 (just a 7zip download???)
0.0.0.0 fitgirlrepack.games
0.0.0.0 losstub.icu
# https://app.any.run/tasks/bdf92208-3c4b-4673-b4f4-4d59299d1201
0.0.0.0 fitgirl-repacks.proxy2link.com
# https://github.com/hagezi/dns-blocklists/issues/166
0.0.0.0 milfme.com
0.0.0.0 track.findb.news
0.0.0.0 tracking.lovematchflirt.com
0.0.0.0 tracking.latedreamdate.com
# https://bazaar.abuse.ch/sample/971a53dd3d17c44c1f4b21e33c0c161aed411ebb8c4d7f5a47c3cc68849340a5/
0.0.0.0 skynetx.com.br
# https://app.any.run/tasks/45e3bc2d-8e87-47b6-b233-cf8bfecbd5b7
0.0.0.0 cdt2023.ddns.net
# https://app.any.run/tasks/425c595f-3f93-4d54-abaf-29b7d8c78e1b#
# https://github.com/uBlockOrigin/uAssets/pull/16283
0.0.0.0 galeden.cn
# https://virustotal.com/gui/url/ba238fade1efae3c4a22a777ea6d8e7876911ba2762a38e9068be025dae64642/community
# https://app.any.run/tasks/fc749190-7a49-4f62-bfcb-b4262ba6fe8b (my analysis)
# https://virustotal.com/gui/url/d53cb0004ee89defa498483920b97ff3b414748e05ce7a5af65136b06b19ef6f/community
0.0.0.0 tidy-mark.com
# https://forums.malwarebytes.com/topic/293729-help-please-a-file-trojan-keeps-coming-back-when-i-reboot-my-computer/
0.0.0.0 phtgnx.top
0.0.0.0 cdn.phtgnx.top
0.0.0.0 progriu.top
# https://tria.ge/230114-ra56dsch4w/behavioral2
# https://threatfox.abuse.ch/ioc/1068340/ and https://threatfox.abuse.ch/ioc/1068341/
# https://github.com/uBlockOrigin/uAssets/issues/16339
0.0.0.0 ormoredeta.xyz
# https://forums.malwarebytes.com/topic/293881-hijackautoconfigurlprxysvrrst-backdoorfarfli/
0.0.0.0 agametog.com
0.0.0.0 g.agametog.com
# https://blog.sucuri.net/2023/01/finding-removing-malware-from-weebly-sites.html
0.0.0.0 circuitingratitude.com
# https://forums.malwarebytes.com/topic/294335-repeated-blocked-website-trojan-compromised-logs/
0.0.0.0 dellenshop.top
# https://forums.malwarebytes.com/topic/294374-might-have-a-virus/
# https://forums.malwarebytes.com/topic/294372-suspicious-file/
# https://threatfox.abuse.ch/ioc/1073271/
# (my analysis) https://app.any.run/tasks/96fff8ad-199e-4a03-aea3-410214ed18f4
# https://github.com/uBlockOrigin/uAssets/issues/16558
# (my analysis) https://tria.ge/230130-pl42csac69/static1
0.0.0.0 driveusercontent.us
# https://forums.malwarebytes.com/topic/294473-malware-not-detected-in-malwarebytes/ (account required)
# (my analysis) https://app.any.run/tasks/14b9da67-7f1e-49ff-b73d-26a5d263efbf/
# https://github.com/DesktopECHO/T95-H616-Malware
0.0.0.0 ycxrl.com
0.0.0.0 cbphe.com
0.0.0.0 cbpheback.com
# from internal discussion
# https://urlhaus.abuse.ch/url/2524904/
# (my analysis) https://tria.ge/230201-nxx7hsda77/behavioral2
# https://threatfox.abuse.ch/ioc/1067729/
# https://forums.malwarebytes.com/topic/294558-google-customer-reward-program/
0.0.0.0 21bustqisw2.top
# https://forums.malwarebytes.com/topic/294619-trojan-hijack-browser/
# https://app.any.run/tasks/9cdd662f-9642-4406-8797-03f021ce6370
# https://tria.ge/230203-pmtl1saf9t/behavioral1
0.0.0.0 ccleaner-download.xyz
0.0.0.0 service-domain.xyz
# https://virustotal.com/gui/url/7edda570d0f8fae48fac53194950c93137721d5535829d88add851c9bf42a0e2
# (my analysis) https://app.any.run/tasks/1da745f3-0a79-44b4-9490-0ce55609f1e2
# NSFW: https://app.any.run/tasks/84fe2ec3-067b-4095-8a4f-e74636671351
0.0.0.0 okaynotification.com
0.0.0.0 message.okaynotification.com
0.0.0.0 notice.okaynotification.com
0.0.0.0 click.okaynotification.com
0.0.0.0 update.okaynotification.com
0.0.0.0 now.okaynotification.com
0.0.0.0 readnow.okaynotification.com
# https://app.any.run/tasks/04b2bc07-923b-4890-8587-02e360d01ae0
0.0.0.0 gamebee.club
# https://github.com/AdguardTeam/AdguardFilters/issues/142226
# https://app.any.run/tasks/91ca9115-952b-479f-8f9d-360e096e558b
0.0.0.0 qfdsq.inghesatin.com
0.0.0.0 wickedhumankindbarrel.com
0.0.0.0 videoadblockerpro.com
0.0.0.0 stop-adblocker.info
0.0.0.0 wheeshoo.net
0.0.0.0 justquiz39.pushalert.co
# https://forums.malwarebytes.com/topic/294740-trojans-will-not-disappear-and-mb-wont-stop-blocking-websites/
# https://threatfox.abuse.ch/ioc/1078147/
# https://www.malware-traffic-analysis.net/2023/02/03/index.html
0.0.0.0 yes2food.com
# https://threatfox.abuse.ch/ioc/1078856/
# https://twitter.com/1ZRR4H/status/1623067548781539339
# https://github.com/uBlockOrigin/uAssets/issues/16704
# https://app.any.run/tasks/dbfbbaca-9fd5-4466-8a29-9e0519b77589
# https://virustotal.com/gui/file/f202337f99c730eef56d3be2a7fb92d74c9b5adac799fb0564bc9264f2784f5c/relations
0.0.0.0 vserpg.ru
# https://app.any.run/tasks/bcd4633b-931e-4bfc-a874-24d04a136036
0.0.0.0 wlbss.inghesatin.com
0.0.0.0 xe5j8.inghesatin.com
0.0.0.0 ggjt8.inghesatin.com
# https://app.any.run/tasks/53948f39-666f-4083-aa4e-bd5f215d29e2
0.0.0.0 dykbo.inghesatin.com
# https://github.com/iam-py-test/my_filters_001/issues/109
0.0.0.0 en.firstgooal.com
0.0.0.0 0-4.top
0.0.0.0 bitly.email
0.0.0.0 cutlinks.ca
0.0.0.0 cuturls.net
0.0.0.0 d-ev.dev
0.0.0.0 g-l.gl
0.0.0.0 i-io.io
0.0.0.0 i-n-fo.info
0.0.0.0 i-s.is
0.0.0.0 ii-ii.ru
0.0.0.0 l-ol.lol
0.0.0.0 oo-o.co
0.0.0.0 psu.su
0.0.0.0 ufox.info
0.0.0.0 vvg.vg
0.0.0.0 w-ws.ws
# https://github.com/blocklistproject/Lists/issues/933
0.0.0.0 8narwi309.click
0.0.0.0 8ebtdbsjsu.click
# https://app.any.run/tasks/77b6a223-4c81-4798-9dc0-a747de6e0f6d
0.0.0.0 crackshash.com
0.0.0.0 czgovd.com
0.0.0.0 pufgilsofp.sbs
0.0.0.0 bstnwswrld.com
0.0.0.0 news-wobuda.com
0.0.0.0 ztzguv.com
0.0.0.0 thbstvd.com
0.0.0.0 notyfrom.info
0.0.0.0 flymylife.info
0.0.0.0 ms-82.flymylife.info
0.0.0.0 ms-52.flymylife.info
0.0.0.0 54trck.xyz
0.0.0.0 cxvfh.gesgloven.com
# https://app.any.run/tasks/f03aaba8-7c21-4316-a6db-cbb9bdbb1db6
# https://app.any.run/tasks/d142bf7d-0363-4bf2-9795-66423bbc9eac
0.0.0.0 origincrack.com
0.0.0.0 9bghqk3avg2gnh.click
# https://tria.ge/230216-sgsz3shg3w/behavioral2
# https://threatfox.abuse.ch/ioc/1077934/
# https://virustotal.com/gui/ip-address/77.73.134.35/relations
# https://twitter.com/TrackerC2Bot/status/1620944031030075392
# https://threatfox.abuse.ch/ioc/1077935/
# https://forums.malwarebytes.com/topic/295115-trojan-downloaders-not-detected-by-malwarebytes/ (account required)
# https://virustotal.com/gui/file/a0626a283b6e2cbcacfbcc06c21691aff5e3386d43a76909304b2b0bacf8f45a/relations
# fake tor browser - https://app.any.run/tasks/679e9afa-eb19-4414-a086-e280a779a448
# https://tria.ge/230217-xd8nksgc9x/behavioral2
# https://github.com/uBlockOrigin/uAssets/issues/15937
# https://github.com/uBlockOrigin/uAssets/issues/15937
# https://virustotal.com/gui/url/a70d88ffc974f8d9cc5c3561938e95435d20a12a555e8c10d638d2bee5292165
0.0.0.0 kochava.com
0.0.0.0 neptunclicks.com
0.0.0.0 arakusus.com
0.0.0.0 imgfil.com
0.0.0.0 urlcod.com
0.0.0.0 tiurll.com
0.0.0.0 startex3download.com
0.0.0.0 gowtos.com
0.0.0.0 lomogd.com
0.0.0.0 nosnou.com
# https://virustotal.com/gui/file/aaa1beed5908f05cd7e4dc405ec763deecd6177b0bf78f0faa9cd54eed14bc34/detection
0.0.0.0 mesoftwares.vip
# https://app.any.run/tasks/82180609-bf2b-4565-88cd-e3cb2c8e6456/ (someone else's anyrun, credit to them)
# https://app.any.run/tasks/1aa45c59-b90f-47a2-8fb9-7915a377055a/
# https://forums.malwarebytes.com/topic/295202-windows-powershell-keeps-popping-up-randomly-and-closing/
# https://virustotal.com/gui/file/d3c9371a1456fd7c4551e18b0c1172a597f86c97e2864bc0b1be632c48da9697/relations
0.0.0.0 ahoravideo-blog.com
0.0.0.0 ahoravideo-cdn.com
0.0.0.0 ahoravideo-endpoint.com
0.0.0.0 ahoravideo-endpoint.xyz
0.0.0.0 ahoravideo-schnellvpn.com
0.0.0.0 ahoravideo-schnellvpn.xyz
0.0.0.0 bideo-blog.com
0.0.0.0 bideo-cdn.com
0.0.0.0 bideo-chat.com
0.0.0.0 bideo-chat.xyz
0.0.0.0 bideo-endpoint.com
0.0.0.0 bideo-endpoint.xyz
0.0.0.0 bideo-schnellvpn.com
0.0.0.0 fairu-blog.com
0.0.0.0 fairu-cdn.com
0.0.0.0 fairu-chat.com
0.0.0.0 fairu-chat.xyz
0.0.0.0 fairu-endpoint.com
0.0.0.0 fairu-endpoint.xyz
0.0.0.0 fairu-schnellvpn.com
0.0.0.0 fairu-schnellvpn.xyz
0.0.0.0 privatproxy-blog.xyz
0.0.0.0 privatproxy-cdn.xyz
0.0.0.0 privatproxy-chat.com
0.0.0.0 privatproxy-endpoint.xyz
0.0.0.0 privatproxy-schnellvpn.com
0.0.0.0 wmail-blog.xyz
0.0.0.0 wmail-cdn.xyz
0.0.0.0 wmail-chat.xyz
0.0.0.0 wmail-endpoint.xyz
0.0.0.0 wmail-schnellvpn.com
0.0.0.0 wmail-schnellvpn.xyz
# https://forums.malwarebytes.com/topic/295239-unsure-if-anything-has-been-done/
0.0.0.0 tiktok.ti3fsaa.cloud
0.0.0.0 ti3fsaa.cloud
# https://app.any.run/tasks/fc4768ad-8cc8-4af7-bd44-d91f5d8c258e
0.0.0.0 polo.thegadgetguru.club
0.0.0.0 thegadgetguru.club
0.0.0.0 startd0wnload22x.com
0.0.0.0 burningpushing.info
# https://www.welivesecurity.com/2023/03/01/blacklotus-uefi-bootkit-myth-confirmed/
0.0.0.0 erdjknfweklsgwfmewfgref.com
0.0.0.0 harrysucksdick.com
0.0.0.0 egscorp.net
# https://forums.malwarebytes.com/topic/295534-rtp-outbound-connection-on-googlewikipedia/
0.0.0.0 eatablehelprut.com
# https://forums.malwarebytes.com/topic/295590-malwarebyes-blocks-webite/
0.0.0.0 mignished-sility.com
# https://forums.malwarebytes.com/topic/295631-blocked-website/
0.0.0.0 curvyalpaca.cc
# https://github.com/RPiList/specials/issues/948#issuecomment-1458739160
0.0.0.0 yuppdownload.com
# https://github.com/AdguardTeam/AdguardFilters/issues/145513
0.0.0.0 4b34eusvcxsdublb6f.runoj.click
0.0.0.0 runoj.click
# https://github.com/AdguardTeam/AdguardFilters/issues/145513#issuecomment-1468676678
0.0.0.0 agapios-gla.com
0.0.0.0 artax-evn.com
0.0.0.0 balor-ghn.com
0.0.0.0 ermin-oxj.info
0.0.0.0 gloos-zus.info
0.0.0.0 harib-eir.info
0.0.0.0 kuno-gae.com
0.0.0.0 orige-duo.com
0.0.0.0 redirect.newprogrammatic.click
# random malware
0.0.0.0 fuckbookmobile.org
0.0.0.0 theparlornextthef.com
0.0.0.0 dtsdr.theparlornextthef.com
0.0.0.0 bvnie.taitlastwebegan.com
0.0.0.0 taitlastwebegan.com
0.0.0.0 jikabotlan.click
0.0.0.0 trackyouswin.com
0.0.0.0 getnomadtblog.com
0.0.0.0 urhandups.xyz
0.0.0.0 qtgsr.taitlastwebegan.com
0.0.0.0 entry4hide.cyou
0.0.0.0 ovhoq.nkingwitheaam.com
0.0.0.0 nkingwitheaam.com
0.0.0.0 bigosext1s.com
# https://github.com/DandelionSprout/adfilt/issues/808
0.0.0.0 jonathanbartz.com
0.0.0.0 jp.imonitorsoft.com
0.0.0.0 junk-bros.com
0.0.0.0 kepw.org
0.0.0.0 kristinee.com
0.0.0.0 lakeside-fishandchips.com
# https://www.reddit.com/r/uBlockOrigin/comments/1204r6t/this_should_probably_be_blocked_if_i_must_say/
0.0.0.0 adblockers.b-cdn.net
0.0.0.0 pleasetrack.com
# malware
0.0.0.0 official-expert.org
0.0.0.0 file-uploud.site
# https://github.com/durablenapkin/scamblocklist/issues/31
0.0.0.0 balkeryswep.online
# https://github.com/durablenapkin/scamblocklist/issues/29
0.0.0.0 youtubee.com
0.0.0.0 youtunbe.com
0.0.0.0 twiiiter.com
0.0.0.0 twitterr.com
0.0.0.0 goglle.com
0.0.0.0 toyrube.com
0.0.0.0 yahhhoo.com
# https://forums.malwarebytes.com/topic/296944-malware-blocked-when-doing-a-google-search/
0.0.0.0 prodfliying.com
# https://threatfox.abuse.ch/ioc/1104536/
0.0.0.0 js.msedgeupdate.com
0.0.0.0 msedgeupdate.com
# https://app.any.run/tasks/00d5d80b-3924-4421-8780-7ba796d7b825
# https://tria.ge/230420-anfn8agb9z/behavioral1
0.0.0.0 portalproveedores.com.mx
# https://threatfox.abuse.ch/ioc/1063263/ https://threatfox.abuse.ch/ioc/1028975/
# https://github.com/durablenapkin/scamblocklist/issues/36
0.0.0.0 ledgerlivewallets.com
0.0.0.0 ledgers.network
# https://blog.morphisec.com/in2al5d-p3in4er
0.0.0.0 siamaster.com.mx
# https://www.reddit.com/r/uBlockOrigin/comments/1304khl/badware_sites/
0.0.0.0 actionclassicgames.com
0.0.0.0 allin1convert.com
0.0.0.0 allinonedocs.com
0.0.0.0 anytimeastrology.com
# https://github.com/uBlockOrigin/uAssets/blob/fc2d7bd065b3e79d945fcfdc0da73ff33f6ea089/filters/badware.txt#L3038-L3044 (hopefully I understood the license right, if not, I can delete this)
0.0.0.0 myway.com
# https://forums.malwarebytes.com/topic/297334-our-company-website-shows-riskware-from-a-different-domain/
0.0.0.0 life.judyfay.com
0.0.0.0 xjquery.com
# https://virustotal.com/gui/url/f68044fcf6f1a22b4b1d06cae0dddefa4bd7282377ba16a2a6222379414a6073/community
# https://app.any.run/tasks/ea625e50-b943-4e69-ae48-03231219b07f (my analysis)
# https://www.bleepingcomputer.com/news/security/new-atomic-macos-info-stealing-malware-targets-50-crypto-wallets/
0.0.0.0 amos-malware.ru
# https://app.any.run/tasks/5fddd235-4433-4376-9a75-39a28b018f6b
0.0.0.0 realtorstrust.com
# https://app.any.run/tasks/d40fc871-4942-4acd-8d6a-d8f4baae1f32
0.0.0.0 kuyhaa-me.id
# shared by ryan
0.0.0.0 updatefreecompletelytheproduct.vip
# https://github.com/hagezi/dns-blocklists/issues/1013
0.0.0.0 revanced.io
# https://www.reddit.com/r/uBlockOrigin/comments/139u3yf/malicious_domain_to_block_used_by_hacked_manga/
0.0.0.0 gdpr.web0.eu
# https://forums.malwarebytes.com/topic/297655-malware-and-popup-in-my-pc/?do=findComment&comment=1566331
0.0.0.0 threatdetect.org
# https://www.malwarebytes.com/blog/threat-intelligence/2023/05/fake-system-update-drops-new-highly-evasive-loader
0.0.0.0 xxxxxxxxxxxxxxx.ru
0.0.0.0 click7adilla.ru
# https://virustotal.com/gui/file/dd45a0f40e75b051871fefd4ddb1ce6dcf130d4e172010c0753e01c1a6523666/relations
0.0.0.0 zexeq.com
0.0.0.0 colisumy.com
# https://virustotal.com/gui/url/4cbb55b62fe8bc2acdaa79d3c4fd3a6d33c0d5eed287bbe655fc117c6bdeb0a3/community
# (my analysis) https://app.any.run/tasks/2de7c1a5-bfe4-4b48-a1e5-b7d8c059cbd0
# (my analysis) https://tria.ge/230512-xhsg6agd4v/static1
# https://tria.ge/230512-tj6jmadg34
# https://forums.malwarebytes.com/topic/297825-not-sure-if-i-am-being-hacked/?do=findComment&comment=1567599
0.0.0.0 redirection-to-the-offer.info
# https://github.com/uBlockOrigin/uAssets/issues/18115
0.0.0.0 needyscarcasserole.com
# https://github.com/durablenapkin/scamblocklist/issues/52
0.0.0.0 baltic79.wordpress.com
0.0.0.0 visoedifica.com
0.0.0.0 balticpipe.wordpress.com
0.0.0.0 finnews7.wordpress.com
0.0.0.0 fazpowerdenet.tumblr.com
# (my analysis) https://tria.ge/230519-1bgzmagd36/behavioral1
# (not my analysis) https://threatfox.abuse.ch/ioc/1115696/
# https://github.com/hagezi/dns-blocklists/issues/1071
0.0.0.0 hard-configurator.com
# https://github.com/uBlockOrigin/uAssets/issues/18206
0.0.0.0 fitgirl.cc
# https://github.com/uBlockOrigin/uAssets/issues/18205
0.0.0.0 fitgirlrepacksite.com
# https://tria.ge/230525-z8rpnacd92/behavioral2
# https://bazaar.abuse.ch/sample/a76c4f346a0f72cc1fcf8c471abb0ecd2e914c5863a4f4556d884212f8d3b2fb/
# spam on Malwarebytes forums (taken down)
# https://app.any.run/tasks/c084b570-6946-4878-ab48-8db1dc4ed659
# https://tria.ge/230530-m4zhgshb97/behavioral2
0.0.0.0 activatorscrack.com
0.0.0.0 mjko06yh.cfd
0.0.0.0 maper.info
# https://www.reddit.com/r/uBlockOrigin/comments/134b450/please_add_adblock_badware/
0.0.0.0 softronline.click
# https://github.com/mitchellkrogza/phishing/pull/232#issuecomment-1570214480
0.0.0.0 xajibur.ru
0.0.0.0 ponafet.ru
0.0.0.0 baarspo.ru
0.0.0.0 crophysi.ru
0.0.0.0 gimoguvi.ru
# https://github.com/uBlockOrigin/uAssets/issues/18332
0.0.0.0 goglel.com
# https://virustotal.com/gui/url/0ed4615c9ee045c652ae76001f55252a665cacbea0ed623909f8a780cbfd564d/community
# my analysis: https://app.any.run/tasks/0d2fac2a-6485-4d2d-941c-782acfddd966
0.0.0.0 mreilly.s3.eu-central-003.backblazeb2.com
0.0.0.0 zen-leakey.138-68-80-63.plesk.page
# https://tria.ge/230601-z9q5hsha6v/behavioral1
0.0.0.0 softwave.cc
# https://virustotal.com/gui/url/36a5536b1c4ca42b01b31bce4ec0be95192c7204cd83461c3dddff151266ba7b/community
# my analysis: https://tria.ge/230602-t1vhpach4z/behavioral1
0.0.0.0 jp6yze3jwx6462c537686e2.inetpr.ru
# https://palant.info/2023/06/02/how-malicious-extensions-hide-running-arbitrary-code/
0.0.0.0 tryimv3srvsts.com
# https://forums.malwarebytes.com/topic/298691-my-aspnet-website-infected-with-some-wired-malware/
0.0.0.0 usaday.biz
0.0.0.0 abu.usaday.biz
0.0.0.0 us.usaday.biz
0.0.0.0 c822c1b63853ed273b89687ac505f9fa.onepro.club
0.0.0.0 738aa8d3bc02eb8712acd0eb2cf6dfd5.onepro.club
0.0.0.0 241fe8af1e038118cd817048a65f803e.onepro.club
0.0.0.0 ba9bf05693b9fa202d922dd43a08f281.onepro.club
# https://tria.ge/230607-m9fmkaac6w/behavioral1
0.0.0.0 rewardarium.com
# malware on youtube - https://bazaar.abuse.ch/sample/4d152234f168692459b482981f469e96e4f933360295cd64f5089370a4b07118/
# https://tria.ge/230607-zarl1aff36/behavioral1
# more malware on YT - https://bazaar.abuse.ch/sample/bb02043cb749f91364f655b35404dc37e517d6aa7cdcbf474bee1fa6be5abe5f/
# https://tria.ge/230607-z5gqaaga69/behavioral2
# https://forums.malwarebytes.com/topic/298978-potential-threat-blocked-website-appears-malicious-scan-says-virus-free/
0.0.0.0 garuq.com
# https://bazaar.abuse.ch/sample/d41166f1c8bbd3c6bbac0f5c96c4dc867d501c3ce5aeb056686ffa28652facef/ (not my sample, credit to r3dbU7z)
# my analysis (dropped file): https://tria.ge/230611-paf56ahg4v/behavioral2
# my analysis (dropped file): https://app.any.run/tasks/e1f1f0fa-8d92-4270-b422-801cfe91d189
0.0.0.0 josemonila.ddnsfree.com
# https://github.com/badmojr/1Hosts/issues/1482
0.0.0.0 aoikerala.in
# https://virustotal.com/gui/file/7840cb8d12d3a20f265802531f19e7d58928167a37a58b631fa468d78e417a14/community
# my analysis: https://app.any.run/tasks/864669a8-c96e-4971-9810-1427b4343120
# https://tria.ge/230623-r72t8sfe33
# https://tria.ge/230623-25exssae3x/behavioral1
# https://app.any.run/tasks/036fbeb1-adc1-4f00-93ec-aa337f7b05dd
0.0.0.0 pejik.com
0.0.0.0 bthp.com.pk
0.0.0.0 dokumentasoluciones.com
# https://forums.malwarebytes.com/topic/299557-malware-sample-suspected-crypto-stealer/ (account required)
# my analysis: https://tria.ge/230629-tq712aeb59/behavioral1
0.0.0.0 infinitywallet-dapps.b-cdn.net
# https://github.com/uBlockOrigin/uAssets/pull/18686
0.0.0.0 roundyearfun.com
# https://github.com/uBlockOrigin/uAssets/issues/18678
0.0.0.0 imganalyze.hgspz.com
0.0.0.0 www.tellegrom.xyz
# https://forums.malwarebytes.com/topic/299589-suspicious-file/ (account required)
# my analysis: https://tria.ge/230630-tngfaseg9t/behavioral1
# https://forums.malwarebytes.com/topic/299435-help-with-redirects-on-my-google-browser/
0.0.0.0 searchokay.com
0.0.0.0 srvtrck.com
0.0.0.0 r.srvtrck.com
# malware infection:
# Edge Extension: (Apps) - C:\Users\User2\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pejhfhcoekcajgokallhmklcjkkeemgj [2023-06-24] [UpdateUrl:hxxps://extappupdate.com/crx/updates.xml] <==== ATTENTION
# Edge HKLM\...\Edge\Extension: [pejhfhcoekcajgokallhmklcjkkeemgj] - C:\\apps.crx [2022-11-27]
# CHR Extension: (Apps) - C:\Users\User2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pejhfhcoekcajgokallhmklcjkkeemgj [2023-06-24] [UpdateUrl:hxxps://extappupdate.com/crx/updates.xml] <==== ATTENTION
0.0.0.0 extappupdate.com
# CHR DefaultSearchURL: Profile 1 -> hxxps://find.fnavigate-now.com/results.aspx?d=092122&n=9998&q={searchTerms}&gd=RD1002806&searchsource=58
0.0.0.0 find.fnavigate-now.com
# https://tria.ge/230707-zfx1zacf4s/behavioral1
# https://tria.ge/230709-z9e29aga59/behavioral1
# https://tria.ge/230711-xsyf6abf3y/behavioral2
# https://virustotal.com/gui/url/ff883d9b80c27b78b2b303c12d3e57d5a2664ac35ccf41fdd6bbdbfbb97b613f/community (credit to IceFlame)
# my analysis: https://app.any.run/tasks/c386fa43-f566-4df4-a7d9-61f387da92f3
0.0.0.0 southbayleadgen.com
# https://app.any.run/tasks/2e736410-ed5d-4c7e-9eb2-79ee3c578f37
# https://tria.ge/230710-yhtkwsec9y/behavioral2
# https://github.com/AdguardTeam/AdguardFilters/issues/155936
0.0.0.0 truanet.com
# https://virustotal.com/gui/url/18581d709d6be180d2cd174b888202020b54b086aa1efc9365ea6ebf742d0217
# my analysis: https://app.any.run/tasks/827c21c1-e63b-4fad-9000-2955bc5b81e3
0.0.0.0 chijkkkll.pages.dev
# https://tria.ge/230711-tmceyshg22/behavioral2
0.0.0.0 tdamassoficial.com
0.0.0.0 /passwd_2023_thepcworldspublics.rar|
# https://github.com/uBlockOrigin/uAssets/issues/18963
0.0.0.0 fitgirl-repack.com
# https://forums.malwarebytes.com/topic/300219-outbound-traffic-alerts-from-malwarebytes/
# not my analysis: https://app.any.run/tasks/586f952d-141e-4dae-a4c4-73523cde2f5a/
# not my analysis: https://app.any.run/tasks/523b7f48-dae3-4854-b944-1facb01f8645/
# https://forums.malwarebytes.com/topic/301834-pretty-sure-i-have-a-nasty-rat-msbuild-outgoing-being-blocked-constantly/
0.0.0.0 spexjs.com
# https://app.any.run/tasks/1aabe39d-a1f9-41e4-81b3-9e84a174ffc5
# malware download
0.0.0.0 kellmda.click
# https://tria.ge/230717-phq1bscd4y/behavioral2
# https://www.bleepingcomputer.com/news/security/hackers-exploiting-critical-wordpress-woocommerce-payments-bug/
# https://github.com/hagezi/dns-blocklists/issues/1327
0.0.0.0 bgrfmi.com
0.0.0.0 eweukr.com
0.0.0.0 gycqna.com
0.0.0.0 hcafpg.com
0.0.0.0 jggjh.com
0.0.0.0 mnawew.com
0.0.0.0 nvcrcf.com
0.0.0.0 vgrcxa.com
0.0.0.0 udwuyw.com
# https://virustotal.com/gui/url/044d4e3d1e58f48e42cfb936d6ce3ab244bc85b8f0b1d5a84f3916584156bbd2/community
# my analysis: https://app.any.run/tasks/9ead09a0-6f56-477b-8a27-9a85c5a803e6
0.0.0.0 bafkreibm2c232v5uuz7vkxcdkwdjye6oaoasxg5zkye7y3oyodm6olulou.ipfs.dweb.link
0.0.0.0 lkalzzop.online
# https://virustotal.com/gui/url/1696219caa54a048bb1fa0c1e95aaf80b7336ddcbdcca5a2c24ae2847a62cd03/community
# https://app.any.run/tasks/bce8c275-c977-46ee-bf0b-df5b0d9b2386
# https://tria.ge/230720-29xy6sba84/behavioral1
# malware download: https://virustotal.com/gui/url/8d6014420a75e2f33b9a2c1c2e33984df5e6ce0a178c8275af498251f02f1500/detection
# https://tria.ge/230721-y239fahc9y/behavioral2
0.0.0.0 gstatic-node.io
# https://virustotal.com/gui/url/ad56257de36b1955113d7894423cc4d5b37d07ed5ade66b1fad5e73b830b1467/detection
0.0.0.0 freesoftonic.cc
# https://app.any.run/tasks/87d4e9bb-6697-4a2e-9323-fa5b403ed161/ (not my analysis)
# my analysis: https://tria.ge/230723-pzsv9aef9y/behavioral2
# not my analysis: https://tria.ge/230723-zxzacshc8y/behavioral1
# https://tria.ge/230724-w9z6mshb5t/behavioral1
0.0.0.0 gesmart.site
0.0.0.0 sanseemp.com
0.0.0.0 upgrade-phone.club
# https://virustotal.com/gui/ip-address/207.154.243.69/relations
0.0.0.0 update-smart.club
0.0.0.0 cleaner-update.club
0.0.0.0 speedupdate.club
0.0.0.0 good-update.club
# https://forums.malwarebytes.com/topic/300693-fake-steam-login/ (account required)
0.0.0.0 csgofloat.br.com
# https://virustotal.com/gui/file/48987d9c89542a8cb4f8d34eb34902a4762cc8643c0e491deb6115907db4887b/detection
# https://tria.ge/230730-23lybsbf53/behavioral2
0.0.0.0 hopvibestravel.co.za
# https://github.com/uBlockOrigin/uAssets/issues/19248
# https://www.reddit.com/r/uBlockOrigin/comments/15hxgnd/why_ublock_blocks_revanced/
0.0.0.0 revanced.net
# https://0xacab.org/my-privacy-dns/matrix/-/issues/648114
# https://tria.ge/230805-s5szzsde27/behavioral1
0.0.0.0 thehipsteragency.com
# https://github.com/uBlockOrigin/uAssets/issues/19287
0.0.0.0 keen-france.fr
0.0.0.0 keenfrance.fr
0.0.0.0 keen-fr.com
# https://github.com/hagezi/dns-blocklists/pull/1405
0.0.0.0 pnsys.info
0.0.0.0 drto.info
# https://forums.malwarebytes.com/topic/301391-can-you-check-if-im-infected/
# https://forums.malwarebytes.com/topic/301390-possible-malware-ransomware-targetting-digital-ads-managers/ (account required)
# https://tria.ge/230819-mm3htaaf9x/behavioral1
# https://github.com/hagezi/dns-blocklists/issues/1467
# https://tria.ge/230824-njm5dsdg2z/behavioral1
0.0.0.0 revanced.info
# https://www.bleepingcomputer.com/news/security/childrens-snack-recalled-after-its-website-caught-serving-porn/
0.0.0.0 appykidsco.com
# https://www.youtube.com/watch?v=DUbemJF_3zE
0.0.0.0 /wp-admin/install.exe|
# https://www.bleepingcomputer.com/news/security/evil-telegram-android-apps-on-google-play-infected-60k-with-spyware/
0.0.0.0 telegrnm.org
0.0.0.0 sg.telegrnm.org
# https://www.bleepingcomputer.com/news/security/free-download-manager-site-redirected-linux-users-to-malware-for-years/
0.0.0.0 fdmpkg.org
0.0.0.0 deb.fdmpkg.org
# https://github.com/hagezi/dns-blocklists/issues/1574
0.0.0.0 pdfviewer.app
0.0.0.0 zougla.news
# https://github.com/AdguardTeam/AdguardFilters/issues/161711
0.0.0.0 yourfirstfunnelchallenge.com
# https://github.com/libre-tube/LibreTube/issues/4409#issuecomment-1722268425
0.0.0.0 libretube.app
# https://virustotal.com/gui/url/51a5c613fa07f8301aa68fa16e7307dbf3bf0b0dcfa015632895d7ebf7ca36d3/community
# my analysis: https://tria.ge/230918-nj1eqagh7x/behavioral1
# https://github.com/hagezi/dns-blocklists/issues/1615
0.0.0.0 zlibrary-africa.se
# https://github.com/DandelionSprout/adfilt/discussions/779#discussioncomment-7137675
0.0.0.0 86pmafno21mst.com
# https://web.archive.org/web/20231002133931/https://forums.malwarebytes.com/topic/302965-rtp-detection-trojan/
# https://github.com/dhowe/AdNauseam/issues/2405
# my analysis: https://tria.ge/231002-r1qtdsbf71/behavioral1
# my analysis: https://tria.ge/231002-r3eh5sbf9y/behavioral1
0.0.0.0 torixibre.com
0.0.0.0 qyt8pi.torixibre.com
# my analysis: https://tria.ge/231002-r6zcqadd47/behavioral1
0.0.0.0 anybodyproper.com
0.0.0.0 violationphysics.click
# https://github.com/hagezi/dns-blocklists/issues/1652
0.0.0.0 scribdbook.top
0.0.0.0 dleggere.com
# https://urlhaus.abuse.ch/url/2716031/
# my analysis: https://tria.ge/231003-neebpaca39/behavioral1
0.0.0.0 meshitislaw.com
0.0.0.0 uploaddeimagens.com.br
# https://urlhaus.abuse.ch/url/2716407/
# my analysis: https://tria.ge/231004-va4t4sdb3x/behavioral1
# https://github.com/libre-tube/LibreTube/issues/4409
0.0.0.0 libretube.net
# https://securityintelligence.com/posts/x-force-uncovers-global-netscaler-gateway-credential-harvesting-campaign/
0.0.0.0 jscloud.live
0.0.0.0 cloudjs.live
# https://virustotal.com/gui/url/c7f655bd7dfc420f022a96a30214460372a6ab74d6ed24ada16809bb9bf3dfa8/community
# my analysis: https://web.archive.org/web/https://tria.ge/231008-w9akzsfb7v/behavioral1
0.0.0.0 weibo-b5game.com
# https://tria.ge/231009-m46lssed76/behavioral1 (cloudflared)
0.0.0.0 videocampaign.co
0.0.0.0 /fkb225bp9b03izhmtd-qv-njq3ibclf19brrgtaixfu/?cid=
0.0.0.0 /zslvdo9tazaam8czhxdhfhsjplrrnkjz1aolilflja8/?clck=*&sid=
0.0.0.0 instantgreenapp.com
0.0.0.0 free.instantgreenapp.com
0.0.0.0 secure.instantgreenapp.com
# https://github.com/uBlockOrigin/uAssets/issues/20036
0.0.0.0 v37870.com
# https://web.archive.org/web/20231010220704/https://tria.ge/231010-1rdl5sfg68/behavioral1
0.0.0.0 tiger.qnews.media
0.0.0.0 s8bet.com
# https://www.fortinet.com/blog/threat-research/Iz1h9-campaign-enhances-arsenal-with-scores-of-exploits
# https://tria.ge/231014-mgpprscc8y/behavioral1
0.0.0.0 beakerweedjazz.com
0.0.0.0 pcsafetysurvey.com
0.0.0.0 cadrctlnk.com
0.0.0.0 clickmint3.online
0.0.0.0 alleubreakyailb.click
0.0.0.0 karoon.xyz
0.0.0.0 eu.karoon.xyz
0.0.0.0 news-sitogi.com
# https://github.com/hagezi/dns-blocklists/issues/1703
0.0.0.0 ouisuamprert.com
0.0.0.0 nobistech.net
# https://github.com/durablenapkin/scamblocklist/issues/66
0.0.0.0 arduino.uk.eu.org
# https://infosec.exchange/@briankrebs/111261826129123343
# https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
# https://www.malwarebytes.com/blog/threat-intel/2023/10/clever-malvertising-attack-uses-punycode-to-look-like-legitimate-website
# dead but will keep as there remains potential for future abuse
0.0.0.0 xn--eepass-vbb.info
0.0.0.0 xn--eepass-vbb.info
# https://forums.malwarebytes.com/topic/303708-worried-about-drive-by-download-from-typoed-address/ (parked)
0.0.0.0 oldreddit.com
# https://forums.malwarebytes.com/topic/303710-caspolexe-causing-website-blocked-due-to-riskware-in-malwarebytes/
0.0.0.0 iniwork.4cloud.click
# https://github.com/hagezi/dns-blocklists/issues/1744
# https://github.com/uBlockOrigin/uAssets/pull/20247
0.0.0.0 magiskzip.net
0.0.0.0 magiskmanagerroot.com
# https://github.com/topjohnwu/Magisk/issues/3435
0.0.0.0 magisk.download
0.0.0.0 magiskmanager.com
# https://tria.ge/250131-plcxwavqgx/behavioral1
# https://tria.ge/250131-pm9m8sxnep/static1
0.0.0.0 magiskzip.pro
# something I found
0.0.0.0 magisk.info
# https://github.com/hagezi/dns-blocklists/issues/1743
0.0.0.0 /de-avira/?uclick=*&uclickhash=
# fake
0.0.0.0 /@100-legal-free-discord-nitro-generator-no-human-verification|
# https://github.com/durablenapkin/scamblocklist/issues/68
# https://tria.ge/231023-1xm3rsaa86/behavioral1
0.0.0.0 ninzatool.pw
0.0.0.0 powerboostup.com
0.0.0.0 www.ontajdu3js.com
0.0.0.0 arty2night.com
0.0.0.0 p.arty2night.com
0.0.0.0 /click?pid=*&sub1=
0.0.0.0 quiztionnaire.biz
0.0.0.0 iphone.quiztionnaire.biz
0.0.0.0 offer-select.com
0.0.0.0 app.rewardflux.com
# https://infosec.exchange/@iampytest1/111292640449421381
# https://tria.ge/231024-3lc5jace3w/behavioral1
0.0.0.0 herew-lmq.com
0.0.0.0 findbestop.com
0.0.0.0 /74dl/7.html?cep=
0.0.0.0 thefinanceadvice.com
0.0.0.0 adblock1.com
0.0.0.0 install.adblock1.com
0.0.0.0 /3-blck-thefinadv-2clks.html?kw=
0.0.0.0 newupdatesnow.com
# https://forums.malwarebytes.com/topic/303782-new-threat-it-downloads-two-rar-files/#comment-1596622 (account required)
# https://forums.malwarebytes.com/topic/303784-malicious-script/ (account required)
# my analysis: https://tria.ge/231025-ner8jsgh51/behavioral1
# https://tria.ge/231025-nk2zyagh81/behavioral1
0.0.0.0 goads.pro
# https://github.com/paulgb/BarbBlock/issues/41
0.0.0.0 ssl.bblck.me
# https://tria.ge/231027-2hkvjaae4w/behavioral1
0.0.0.0 dwnld-here.com
0.0.0.0 /74ib/7.html?cep=
# https://forums.malwarebytes.com/topic/303877-trojanbitcoinminer-cant-be-removed/
# https://virustotal.com/gui/file/1045127280b64e5d8e7af1efc347089f759860222f1373349d8c4aa1449918db/relations
0.0.0.0 stratum-eu.rplant.xyz
# https://tria.ge/231102-m8cjhsch24/behavioral1
0.0.0.0 walknotice.com
# https://virustotal.com/gui/url/6afece7c72420223ae6f1700d02c8bee4806a335d23ab120522accba5e45250d
# my analysis: https://tria.ge/231102-nctnlach68/behavioral1
0.0.0.0 synergyproz.com
0.0.0.0 apparaatbeheer-online-abnamro-icscards.codeanyapp.com
# https://bazaar.abuse.ch/sample/9fbd818dc28ea5561278e873bd9b6deb896d4fbaac86209903bdeaad55c6c31a/
# my analysis: https://tria.ge/231102-npbnjsda74/behavioral2
0.0.0.0 ddos.dnsnb8.net
# https://www.bitsight.com/blog/unveiling-socks5systemz-rise-new-proxy-service-privateloader-and-amadey
# https://github.com/durablenapkin/scamblocklist/issues/69
0.0.0.0 98kk89.com
0.0.0.0 42gixk.98kk89.com
0.0.0.0 9vzn29.98kk89.com
0.0.0.0 nzxsxn.98kk89.com
0.0.0.0 9vyzdk8.lvditoys.com
0.0.0.0 p8ydfra.lvditoys.com
0.0.0.0 qz94.com
# https://virustotal.com/gui/url/c80163bbcc0ddd2e27263730a2a2f65ab0f0ede295d8ce0d6c4dc012ca158e44/community
# my analysis: https://tria.ge/231108-15zfrsfd77/behavioral1
0.0.0.0 arzo.ge
# https://www.malwarebytes.com/blog/threat-intelligence/2023/11/malvertiser-copies-pc-news-site-to-deliver-infostealer
# https://github.com/hagezi/dns-blocklists/issues/1823
# https://github.com/uBlockOrigin/uAssets/issues/20553
# https://tria.ge/231110-pftcnsgg26/behavioral1
0.0.0.0 donwnaloadezzal.cfd
0.0.0.0 stopadblocker.pro
0.0.0.0 chaffewerbureaks.com
0.0.0.0 videoadblocker-pro.net
# https://github.com/avast/ioc/pull/56
0.0.0.0 bombay.com.ar
0.0.0.0 ultracomb.com.ar
0.0.0.0 limpiadorpucho.com.mx
0.0.0.0 coacalco.gob.mx
0.0.0.0 navarro.gob.ar
0.0.0.0 pruebasbonsai.com.ar
0.0.0.0 pnt.info.pl
0.0.0.0 chapasanpedro.com
0.0.0.0 calzadosiris.com
0.0.0.0 ingenieriainsitu.com
0.0.0.0 paolomorettifurs.com
0.0.0.0 www.fefoncrecer.com
0.0.0.0 autoscuola-momo.ch
0.0.0.0 tcastro.com
0.0.0.0 www.steadyrun.com
0.0.0.0 moussedanslabouche.com
# https://tria.ge/231112-pprv7sfb9v/behavioral1
0.0.0.0 .xyz/74kq/7.html?cep=
0.0.0.0 track.local-hotsite.com
# https://github.com/hagezi/dns-blocklists/issues/1825
0.0.0.0 youcineapp.com
0.0.0.0 magistv.video
0.0.0.0 tele-latino.com
0.0.0.0 telelatino.app
0.0.0.0 youcineapk.org
0.0.0.0 btvapp.net
0.0.0.0 youcine.one
0.0.0.0 youcinetv.app
0.0.0.0 fadfatest.pneydn.com
0.0.0.0 pandoramain-1794008345.us-west-2.elb.amazonaws.com
0.0.0.0 romatotti520.oicp.io
0.0.0.0 pandorabackup-1322908155.us-west-2.elb.amazonaws.com
0.0.0.0 pcn.panddna.com
0.0.0.0 ok3.mflve.com
0.0.0.0 apz.bsaldo.com
0.0.0.0 fadfa.gdalieyw.com
# https://github.com/hagezi/dns-blocklists/issues/1824
0.0.0.0 more-power-tool.com
0.0.0.0 ryzen-master.com
0.0.0.0 polaris-bios-editor.ru
0.0.0.0 techpowerup-gpu-z.com
0.0.0.0 sapphiretrixx.com
0.0.0.0 srbpolaris.ru
0.0.0.0 clockgen64.com
0.0.0.0 balena-etcher.com
0.0.0.0 nvidiainspector.ru
0.0.0.0 evga-precision.com
0.0.0.0 riva-tuner.com
0.0.0.0 atikmdagpatcher.com
# https://virustotal.com/gui/url/caf096b6a0f7abe29ad126a21545f49418cc003c298a56ac6c967053483d2748/community
# https://tria.ge/231118-wbk9tsfb86/behavioral1
# https://github.com/uBlockOrigin/uAssets/issues/20760
0.0.0.0 cloudtrck.com
# https://tria.ge/231119-pvcngaag41/behavioral2
0.0.0.0 badbull.pro
# https://virustotal.com/gui/url/009ab0b4a357017cb0c3f948c04f6a79e5252f4a91511ad28f8a411ec7f4adfb/community
# my analysis: https://tria.ge/231120-pn8gkagg71/behavioral1
0.0.0.0 server31.weebly.com
# https://www.eff.org/deeplinks/2023/11/low-budget-should-not-mean-high-risk-kids-tablet-came-preloaded-sketchyware
0.0.0.0 adups.com
0.0.0.0 fota5p.adups.com
# https://research.checkpoint.com/2023/malware-spotlight-into-the-trash-analyzing-litterdrifter/
0.0.0.0 decorous.ru
0.0.0.0 geminiso.ru
0.0.0.0 triticumos.ru
# https://virustotal.com/gui/file/e09af83cfccf4bcc8a51fda76e5fa10e9d0d838aededb6f339551f8363797dc2/community (credit to JaffaCakes118)
0.0.0.0 retghrtgwtrgtg.bounceme.net
0.0.0.0 datastream.myvnc.com
0.0.0.0 gservicese.com
0.0.0.0 center.onthewifi.com
# https://forums.malwarebytes.com/topic/304802-malware-affecting-chrome/
0.0.0.0 abyssalforge.top
# https://github.com/RPiList/specials/issues/1353
0.0.0.0 rt54erdfgh.pro
0.0.0.0 mjiu876tyh.pro
0.0.0.0 ki987yth.pro
0.0.0.0 mi5cr46kg.click
0.0.0.0 cvasdf.click
0.0.0.0 jgtek990e.click
0.0.0.0 juy6asert67.click
0.0.0.0 jnh4afbw7.click
0.0.0.0 xzr9uauq.cfd
0.0.0.0 crack4hit.com
0.0.0.0 hjdhhfdh.click
0.0.0.0 vablecable.click
0.0.0.0 huqiinxy.click
0.0.0.0 closerscopy.net
0.0.0.0 eyhdjyst.click
# missing from list
0.0.0.0 topkeygen.com
0.0.0.0 piratesfile.com
0.0.0.0 rootscrack.com
0.0.0.0 cracksmat.com
0.0.0.0 crackedsoft.org
0.0.0.0 crackerzpro.org
0.0.0.0 crackfinal.com
0.0.0.0 wazusoft.com
0.0.0.0 crackzoom.com
0.0.0.0 activators4windows.com
# not my analysis: https://tria.ge/231123-1wzp6sde7z/behavioral1
0.0.0.0 marinhoassessoria.com
# https://github.com/hagezi/dns-blocklists/issues/1864
0.0.0.0 revanced.to
# https://virustotal.com/gui/url/ecf1a475d84de38187831b4fb25167812117ea7b4ab22ce46dc6d36d822004fd/community
# https://virustotal.com/gui/url/fbc0e8828a4d86410e1c3fbf698bdda7e3e3c8d0ff1785adcfec181c967426ca/community
# https://virustotal.com/gui/url/f28bcf22fbd189fd87322da0b915ce32a700ed1bccd53f1e21552c04a8c2d229/community
0.0.0.0 servegame.com
# https://www.malwarebytes.com/blog/threat-intelligence/2023/11/associated-press-espn-cbs-among-top-sites-serving-fake-virus-alerts
0.0.0.0 octob.azureedge.net
0.0.0.0 lzi.azureedge.net
0.0.0.0 tinlc.azureedge.net
0.0.0.0 bm-rb.azureedge.net
0.0.0.0 foluo.azureedge.net
0.0.0.0 vpv-ger.azureedge.net
0.0.0.0 trackmaster.cc
0.0.0.0 threatdetectorhub.life
0.0.0.0 strike-it-lucky.space
0.0.0.0 golden-opportunity.xyz
0.0.0.0 system-security-scan.net
0.0.0.0 trk6.kokamedia.com
0.0.0.0 trackmenow.life
0.0.0.0 trackinghub.info
0.0.0.0 trkmyclk.xyz
0.0.0.0 xyzcreators.xyz
# https://github.com/AdguardTeam/AdguardFilters/issues/167470 (from ghajini)
0.0.0.0 hotkabachok.com
# https://github.com/durablenapkin/scamblocklist/issues/71
0.0.0.0 dbmobile-phototan.de
# account required: https://forums.malwarebytes.com/topic/305116-fake-software-homepage/
0.0.0.0 unikey.vn
# https://cert.gov.ua/article/6276584
# https://github.com/hagezi/dns-blocklists/issues/1893
0.0.0.0 register.akamaized.ca
# https://github.com/hagezi/dns-blocklists/issues/1899
0.0.0.0 online-cloud.info
#!! ||store5.gofile.io^$document - see https://github.com/iam-py-test/my_filters_001/issues/133
# https://github.com/RPiList/specials/issues/1372
0.0.0.0 marricoyes.online
# https://forums.malwarebytes.com/topic/305420-website-blocked-due-to-malware-microsoft-windows-as-stopped-responding/
# https://threatfox.abuse.ch/ioc/1140249/
# https://infosec.exchange/@iampytest1/111568435119045533
0.0.0.0 fraavy.com
# https://virustotal.com/gui/url/2670873ba07eea2c617ad3e34284bdea56730cd83ae70dd84b7c333b027f4ce7/community
# https://virustotal.com/gui/file/c9491f5eb282daf6b536f515cc9e1032af62919e727442c4e7ecbca2e9d8f8b0/community
# https://github.com/DandelionSprout/adfilt/discussions/932#discussioncomment-7872103
0.0.0.0 betzykrisesenter.no
0.0.0.0 citra2010oslo.no
0.0.0.0 digiter.no
0.0.0.0 easydisplay.no
0.0.0.0 kjaerra.no
0.0.0.0 kontrast1.no
0.0.0.0 norskmatkultur.no
0.0.0.0 norskoffroadteknikk.no
0.0.0.0 nyematoghelse.no
0.0.0.0 securmarksykkel.no
0.0.0.0 thecoolgirl.no
0.0.0.0 topshineauto.no
0.0.0.0 vossblues.no
0.0.0.0 yttersiden.no
# https://github.com/gchq/CyberChef/issues/1668
0.0.0.0 forensicswiki.xyz
# https://virustotal.com/gui/url/c367518781d3ec29f156e24ee04c24c0f54bd5c3467812f6cd56dc791f8beea8/community
0.0.0.0 thumbzoner.com
# https://tria.ge/231220-abydhaadfn/behavioral1
# https://tria.ge/231220-abydhaadfn/behavioral2
0.0.0.0 pushub.net
# https://github.com/RPiList/specials/issues/1398
0.0.0.0 deutschebank-kundendienst.comidrekt.net
# https://github.com/hagezi/dns-blocklists/issues/1977
0.0.0.0 energie-portal-24.de
# https://github.com/RPiList/specials/issues/1395
0.0.0.0 streamjumpstart.com
# https://github.com/RPiList/specials/issues/1396
0.0.0.0 thebeneclinic.com
# https://github.com/hagezi/dns-blocklists/issues/1986
0.0.0.0 energieausweis-online-erstellen.de
# https://tria.ge/231227-yrr4esfbh5/behavioral1 (cloudflared)
0.0.0.0 givelabs.monster
# https://www.bleepingcomputer.com/news/security/blockchain-devs-wallet-emptied-in-job-interview-using-npm-package/
0.0.0.0 flickthebean.onrender.com
# https://tria.ge/231228-w2dyfafadq/behavioral1
0.0.0.0 fitgirl-repacks.to
# https://github.com/RPiList/specials/issues/1405
0.0.0.0 casinos-austria.install-app.com
# https://tria.ge/231229-pvf1wshae9/behavioral1 (CloudFlared)
0.0.0.0 haxnode.net
# https://github.com/uBlockOrigin/uAssets/pull/21658
0.0.0.0 fitgirlrepackz.com
# https://threatfox.abuse.ch/ioc/1226308/
# https://tria.ge/231229-2sx8lscch5/behavioral2 (CloudFlared)
0.0.0.0 liwishacks.com
# https://github.com/RPiList/specials/issues/1411
0.0.0.0 sanityflash.mom
# https://virustotal.com/gui/url/c7677f1b43e9b266a4542936cd947e0ccc89cf59c6270aaf2baad4de47e3ae8f/community
# https://tria.ge/240106-v9k62secc5/behavioral1
# https://github.com/hagezi/dns-blocklists/issues/2017
# https://github.com/badmojr/1Hosts/issues/1655
# https://github.com/StevenBlack/hosts/issues/2552
0.0.0.0 duchessefit.com
# https://virustotal.com/gui/domain/booking.com-panel.com
# https://virustotal.com/gui/url/c81a065a1344395a7329764a30729280dfd01f6ccb18fedb692d1b21590e614c
# https://virustotal.com/gui/ip-address/158.160.5.182/relations
0.0.0.0 booking-admins.com
# https://github.com/RPiList/specials/issues/1420
0.0.0.0 galactiq.life
0.0.0.0 mediago.io
0.0.0.0 smartlifeguides.top
0.0.0.0 gesundheitleber.com
0.0.0.0 oe24.co
0.0.0.0 busterry.com
0.0.0.0 bullionbreeze.xyz
# https://github.com/avast/ioc/pull/57
# https://virustotal.com/gui/url/3828695bc16bb9d0bfab17eb5c15e5fe9e8b30bb6cb948655a6a55466b9dc187/community
# https://virustotal.com/gui/url/53efa35943a9b0bbcc4f966791e992052ac647a883c81a43bb86dd94bbbbd48d/community
# https://virustotal.com/gui/url/cf88de3dc23272e078a7412c64b12e038cd8b9dc1beb07be6ac3f017919aa09b/community
# https://github.com/hagezi/dns-blocklists/issues/2041
0.0.0.0 east-trading.shop
# https://github.com/Dogino/Discord-Phishing-URLs/pull/26
0.0.0.0 steamcommuniitny.club
# https://tria.ge/240120-1dgrmshdc6/behavioral2
0.0.0.0 mirfakpersei.top
0.0.0.0 alvsx.mirfakpersei.top
0.0.0.0 /ps/ps.js?&edg=true&sw=&fullscreen=true&pl=true&pp=false&id=*&sm=space-robot&click_id=*&sub_id=*&appspot=&d=
0.0.0.0 press-here-to-continue.com
# https://github.com/hagezi/dns-blocklists/issues/2077
0.0.0.0 22.imohub.workers.dev
# https://github.com/uBlockOrigin/uAssets/issues/22200
# https://github.com/hagezi/dns-blocklists/pull/2175
# https://github.com/AdguardTeam/AdguardFilters/issues/224264
0.0.0.0 privacyguides.io
0.0.0.0 poperblocker.com
# https://gist.github.com/GossiTheDog/f1079fe5486b2e7ac61d2e069caa67d4
0.0.0.0 pq.hosting
# https://github.com/hagezi/dns-blocklists/issues/2133
0.0.0.0 demolishabolish.com
# https://cyberplace.social/@GossiTheDog/111929647559740363
# https://github.com/hagezi/dns-blocklists/pull/2175
0.0.0.0 97tool.github.io
0.0.0.0 apkzpure.com
0.0.0.0 wattfo.com
0.0.0.0 networkpcigniter.com
0.0.0.0 cpmpri.com
0.0.0.0 manizx.com
0.0.0.0 ehallpasses.info
# https://github.com/hagezi/dns-blocklists/pull/2173
0.0.0.0 wtmbook.com
# https://github.com/hagezi/dns-blocklists/pull/2176
0.0.0.0 kmspico.de.download.it
0.0.0.0 dlhk.acehprov.go.id
0.0.0.0 softwared.click
0.0.0.0 kmsauto.org
0.0.0.0 kmsauto.pw
0.0.0.0 kmsavto-net.ru
0.0.0.0 kmsauto.xyz
# https://github.com/hagezi/dns-blocklists/pull/2184
0.0.0.0 safety-andro1d-n0tice.co
0.0.0.0 unhaka.com
0.0.0.0 safety-andr-sys.info
# https://github.com/hagezi/dns-blocklists/pull/2211
0.0.0.0 eyx092.github.io
0.0.0.0 davbuckgenerator.weebly.com
0.0.0.0 gemsforfree.com
0.0.0.0 hackzone.me
# https://github.com/hagezi/dns-blocklists/pull/2221
0.0.0.0 modyolo.com
0.0.0.0 googlesavedata.ru
# on url from https://github.com/easylist/easylist/issues/18489#issuecomment-1962261575, appears to be malvertising
0.0.0.0 thaudray.com
# https://github.com/xRuffKez/dns-blocklists/commit/9cf8a68e82a5fed10991a2e0a34bf84265960ce7
0.0.0.0 giveawayscord.xyz
# https://github.com/durablenapkin/scamblocklist/issues/76
# https://tria.ge/240224-zxewqafc9v/behavioral1
0.0.0.0 chat-o-live.com
# https://tria.ge/240224-1ygx5sgc8v/behavioral1
0.0.0.0 rozaholshouser.cfd
# https://tria.ge/240224-2lmtasgh3v/behavioral1
# https://tria.ge/240225-qwh3badf7t/behavioral1
# https://tria.ge/240227-njbflafh8z/behavioral1
0.0.0.0 bethanytunks.skin
0.0.0.0 localdatez.com
# https://tria.ge/240227-n4apssga94/behavioral1
# https://tria.ge/240229-bc1qpahg3t/behavioral1
# https://tria.ge/240229-pc7e5age5x/behavioral1
# https://tria.ge/240301-vmx74aaf67/behavioral1 (cloudflared)
0.0.0.0 alexiaurlanza.skin
# https://tria.ge/240402-nthmnagg5z/behavioral1
# fake users with profile pics stolen from porn site, payment required before contacting/replying to these users
0.0.0.0 40plusshag.com
0.0.0.0 delivery.40plusshag.com
# https://github.com/hagezi/dns-blocklists/pull/2251
0.0.0.0 pp.45-61-158-129.cprapid.com
0.0.0.0 globalserviceslogistics.com
0.0.0.0 luxurysgift.com
0.0.0.0 athletic-harmony.com
0.0.0.0 knkpublishingsoftware.com
# spam email -> https://tria.ge/240229-psnyqahe45/behavioral1
0.0.0.0 obses-sion.info
# https://github.com/braveinnovators/ukrainian-security-filter/pull/7
0.0.0.0 sportloto-1.co
0.0.0.0 parik24.win
0.0.0.0 oshad24.biz.ua
0.0.0.0 monoslot3.com
0.0.0.0 diamondclub.casino
# email spam
# https://tria.ge/240301-xm9x1abg6s/behavioral1
0.0.0.0 honey-love-here.com
# https://tria.ge/240305-nezbvsec94/behavioral1
0.0.0.0 naughty-webs.life
# https://tria.ge/240305-nq59jsef93/behavioral1
0.0.0.0 hookarts.life
0.0.0.0 mx2.hookarts.life
# https://tria.ge/240305-nyp8aseh65/behavioral1
# spam sending servers
# https://cyberplace.social/@GossiTheDog/112031492191698112
# https://github.com/uBlockOrigin/uAssets/issues/22757
0.0.0.0 jobs.trustaffingpartners.com
# https://github.com/hagezi/dns-blocklists/issues/2288
0.0.0.0 revancedapps.com
0.0.0.0 revancedapp.download
0.0.0.0 www.revancedapp.download
# https://github.com/uBlockOrigin/uAssets/issues/22765
0.0.0.0 free-service.hubside.fr
0.0.0.0 freezimail.hubside.fr
0.0.0.0 zimbrafreemail.hubside.fr
0.0.0.0 zimbra-inbox.hubside.fr
0.0.0.0 free-mobile241.hubside.fr
0.0.0.0 compte-free.hubside.fr
0.0.0.0 espacefidelitefree.fr
0.0.0.0 free-mob2584.hubside.fr
0.0.0.0 zimbra-free-com.hubside.fr
0.0.0.0 free-mobi20i2582.hubside.fr
0.0.0.0 zimbra-free-email.hubside.fr
0.0.0.0 freezimbra.hubside.fr
0.0.0.0 web0mail.hubside.fr
0.0.0.0 free-mobile0021547.hubside.fr
0.0.0.0 free-information.hubside.fr
0.0.0.0 mobiles.hubside.fr
0.0.0.0 freemailzimbra.hubside.fr
0.0.0.0 rivita3106felibgcom.hubside.fr
0.0.0.0 info-free.hubside.fr
0.0.0.0 emails-free.hubside.fr
0.0.0.0 freema.hubside.fr
0.0.0.0 free-zimbra.hubside.fr
0.0.0.0 free-mobile1540478.hubside.fr
0.0.0.0 acceder-a-mon-free.hubside.fr
0.0.0.0 my-acount-free.hubside.fr
# my analysis: https://tria.ge/240305-2bg53abb8x/behavioral1
0.0.0.0 shopflarehub.com
# https://github.com/RPiList/specials/issues/1500
0.0.0.0 casino-ice.fun
0.0.0.0 fortuneadvert.com
0.0.0.0 lalielynaualish.com
# https://github.com/hagezi/dns-blocklists/issues/2304
0.0.0.0 vast-conexxion.com
# https://tria.ge/240309-p8f8tagc55/behavioral1
0.0.0.0 www.arcanecheat.com
# https://github.com/hagezi/dns-blocklists/issues/2313
0.0.0.0 moddetail.com
0.0.0.0 liveinfo.xyz
0.0.0.0 ww3.weweekly.us
0.0.0.0 timesofeuropnews.com
0.0.0.0 cards2024.org
0.0.0.0 getaccess.w3spaces.com
0.0.0.0 re-captha-version-3-16.live
0.0.0.0 getspins.info
0.0.0.0 storage.canalblog.com
0.0.0.0 vbbv.store
0.0.0.0 vibuxion.top
0.0.0.0 qrcodes.pro
# https://blog.sucuri.net/2024/03/new-malware-campaign-found-exploiting-stored-xss-in-popup-builder-4-2-3.html
0.0.0.0 traveltraffic.cc
0.0.0.0 ttincoming.traveltraffic.cc
0.0.0.0 cloudsonicwave.com
0.0.0.0 host.cloudsonicwave.com
# https://github.com/hagezi/dns-blocklists/issues/2339
0.0.0.0 b.9-9-8.com
# https://infosec.exchange/@jeromesegura/112090382122783994
0.0.0.0 trelconf.com
# https://github.com/hagezi/dns-blocklists/issues/2341
# my analysis: https://tria.ge/240313-zf3apaac75/behavioral1
0.0.0.0 uk-news.pro
# https://github.com/hagezi/dns-blocklists/issues/2344
0.0.0.0 today.free.nf
0.0.0.0 nextmrolympia.com
0.0.0.0 an1.is
# https://github.com/hagezi/dns-blocklists/issues/2345
0.0.0.0 spacex-starship.org
# https://github.com/blocklistproject/Lists/issues/1199
0.0.0.0 steamcommumtiy.com
# https://github.com/uBlockOrigin/uAssets/issues/23084
0.0.0.0 fitgirltorrent.com
# https://tria.ge/240401-nwc5ysea52/behavioral1
0.0.0.0 doge-coin24.org
# https://github.com/hagezi/dns-blocklists/issues/2425
0.0.0.0 fling-trainer.com
# https://infosec.exchange/@jeromesegura/112214506870744443
# https://www.malwarebytes.com/blog/threat-intelligence/2024/04/bing-ad-for-nordvpn-leads-to-sectoprat
# https://github.com/durablenapkin/scamblocklist/issues/82
0.0.0.0 account-cfe.mx
# https://vid.puffyan.us/watch?v=h0_L4BApOdA
# my analysis: https://tria.ge/240409-2aenjsee49/behavioral1
# my analysis: https://tria.ge/240409-2bwnfsaa5z/behavioral1
0.0.0.0 gooq1e.com
0.0.0.0 apk.ecmokdtj.com
# https://unit42.paloaltonetworks.com/cve-2024-3400/
0.0.0.0 nhdata.s3-us-west-2.amazonaws.com
0.0.0.0 srgsd1f.842b727ba4.ipv6.1433.eu.org
0.0.0.0 edcjn.57fe6f5d9d.ipv6.1433.eu.org
0.0.0.0 srgsdf.842b727ba4.ipv6.1433.eu.org
# https://github.com/jarelllama/Scam-Blocklist/issues/314
0.0.0.0 dehoe.top
# https://infosec.exchange/@jeromesegura/112294111264356672
# my analysis: https://tria.ge/240418-zee4rsfe2x/behavioral1
0.0.0.0 sivaspastane.com
0.0.0.0 utm-adrooz.com
# from Ryan Brown
0.0.0.0 popupgoldblocker.net
0.0.0.0 popupsblocker.org
# https://github.com/hagezi/dns-blocklists/issues/2549
0.0.0.0 sadostic.pl
# see wiki\BEST ROBLOX EXECUTOR YouTube.png in the repo
# https://tria.ge/240427-1vhehahg3x/behavioral1 (CloudFlared)
# https://www.virustotal.com/gui/file/0f810bea02ae97cb015dc0de510892f3f83a9ddc969c1f261adf8a8bd5716862
# https://bazaar.abuse.ch/sample/0f810bea02ae97cb015dc0de510892f3f83a9ddc969c1f261adf8a8bd5716862/
# https://urlhaus.abuse.ch/url/2829815/
# https://infosec.exchange/@th3_protoCOL/112360917153667995
0.0.0.0 appauthentiflcator.digital
# from D4niloMR
0.0.0.0 redecanaistv.dev
# scam text: "Since the package does not have a house number, the package transportation is interrupted, please update  https[://]urgug[.]com"
0.0.0.0 urgug.com
# https://forums.malwarebytes.com/topic/311937-infected-by-a-game-sent-via-discord/
# CNAME
0.0.0.0 1b14e0ee42d5e195c9aa1a2f5b42c710.com
# https://community.snowflake.com/s/article/Communication-ID-0108977-Additional-Information (via https://cyberplace.social/@GossiTheDog/112536508653320169)
# https://github.com/hagezi/dns-blocklists/issues/2854
0.0.0.0 joathath.com
0.0.0.0 mp3y.info
# https://infosec.exchange/@jeromesegura/112577106338279545 (all credit to Jérôme Segura)
# ads created by "Richard L Riddle Jr", "Brian Hammes", and "Alexander Gubbens" respectively (all fake names)
0.0.0.0 angryip.paulistasolar.com.br
0.0.0.0 odvanced-ip-scanner.com
# https://infosec.exchange/@goretsky/112589441999545249 (all credit to Aryeh Goretsky)
0.0.0.0 lightssplash.shop
0.0.0.0 wildwestshine.com
# https://github.com/hagezi/dns-blocklists/issues/2908
0.0.0.0 newincomingmessage.com
0.0.0.0 zaz4o.securesolidlink.com
0.0.0.0 re-captha-version-3-277.buzz
0.0.0.0 inboxtext.com
# https://github.com/hagezi/dns-blocklists/issues/2936
0.0.0.0 midjourney.co
# https://github.com/hagezi/dns-blocklists/issues/2933
0.0.0.0 gameportal.casa
# https://github.com/hagezi/dns-blocklists/issues/2934
# https://www.hybrid-analysis.com/sample/df38db6d31b68f19714bfb27b591a1ad778840ac8182cc0c7dfb6405aeb47c6e
0.0.0.0 gimp.zendesk.com
# redirect
0.0.0.0 truefortnite.com
# https://tria.ge/240620-wcbf1szcle/behavioral1 (behind CloudFlare)
0.0.0.0 kmspico.io
# https://github.com/hagezi/dns-blocklists/issues/2955
0.0.0.0 kmspico.ws
0.0.0.0 kms-full.com
0.0.0.0 kms-tool.com
0.0.0.0 kmsauto.info
0.0.0.0 officialkmspico.com
0.0.0.0 ultrasonica.info
0.0.0.0 kmspicoofficial.com
0.0.0.0 kmspi.co
0.0.0.0 kms-pc.com
0.0.0.0 thewindowsactivator.com
0.0.0.0 get-kmspico.com
0.0.0.0 getkmspico.com
0.0.0.0 heukmsactivator.com
0.0.0.0 furykms.com
0.0.0.0 kmspico-official.org
0.0.0.0 yasir252.com
0.0.0.0 yasir-252.net
0.0.0.0 getintopc.today
# https://www.esentire.com/blog/adsexhaust-a-newly-discovered-adware-masquerading-oculus-installer
# https://github.com/esThreatIntelligence/iocs/blob/main/AdsExhaust/AdsExhaust_IOCs-6-16-2024.txt
# https://github.com/iam-py-test/my_filters_001/issues/135
0.0.0.0 oculus-app.com
0.0.0.0 us5.co
0.0.0.0 us11.org
0.0.0.0 life2vec.io
# https://github.com/hagezi/dns-blocklists/issues/2985
0.0.0.0 get-express-vpn.online
0.0.0.0 mfcewkrob.com
0.0.0.0 myfood.ltd
0.0.0.0 newtab.page
# https://tria.ge/240625-zxkrzatajh/behavioral1 (behind CloudFlare)
# https://forums.malwarebytes.com/topic/271891-removal-instructions-for-simple-malware-protector/
0.0.0.0 simplestar.com
0.0.0.0 www.simplestar.com
# https://sansec.io/research/polyfill-supply-chain-attack
0.0.0.0 polyfill.io
0.0.0.0 googie-anaiytics.com
# https://github.com/iam-py-test/my_filters_001/commit/8589c181964a28b11a9c735fb25e8469381aa8d7#commitcomment-143600813
# https://www.bleepingcomputer.com/news/security/polyfill-claims-it-has-been-defamed-returns-after-domain-shut-down/ (behind CloudFlare)
# https://www.bleepingcomputer.com/news/security/polyfillio-bootcdn-bootcss-staticfile-attack-traced-to-1-operator/ (behind CloudFlare)
0.0.0.0 bootcdn.net
0.0.0.0 bootcss.com
0.0.0.0 staticfile.net
0.0.0.0 staticfile.org
0.0.0.0 xhsbpza.com
0.0.0.0 union.macoms.la
# https://github.com/uBlockOrigin/uAssets/pull/24255#issuecomment-2198571468
# https://x.com/Polyfill_Global/status/1807333297326113015
# owned by polyfillio
0.0.0.0 polyfillcache.com
# https://www.bleepingcomputer.com/news/security/plugins-on-wordpressorg-backdoored-in-supply-chain-attack/ (behind CloudFlare)
# https://www.malwarebytes.com/blog/news/2024/06/poseidon-mac-stealer-distributed-via-google-ads
0.0.0.0 arcthost.org
# https://github.com/mitchellkrogza/phishing/pull/432
0.0.0.0 abcmueblesbogota.com
# my analysis (behind CloudFlare): https://tria.ge/240627-z9agrstgmp/behavioral1
0.0.0.0 click2kikc.xyz
0.0.0.0 adxproofcheck.com
# https://github.com/uBlockOrigin/uAssets/issues/24284
0.0.0.0 earth-ling.org
# TODO: investigate further
0.0.0.0 pambi.tech
# https://github.com/hagezi/dns-blocklists/issues/3019
0.0.0.0 hsuitehub.com
0.0.0.0 teslafond.io
# ||pump.fun^$document
0.0.0.0 ousd-vault.com
0.0.0.0 dash.pocketuniverse.app
0.0.0.0 uprising.kip.pro
0.0.0.0 app.jameswoof.com
# ||miles.plumenetwork.xyz^$document - https://github.com/hagezi/dns-blocklists/issues/4700
# https://github.com/hagezi/dns-blocklists/issues/3018
0.0.0.0 help.premium-x-notes.com
# https://github.com/mitchellkrogza/phishing/pull/433
0.0.0.0 dofuspourlesnoobs.com
# https://github.com/hagezi/dns-blocklists/issues/3028
0.0.0.0 padsims.com
0.0.0.0 pacmoonn.icu
# scam SMS: Since the package does not have a house number, the package transportation is interrupted, please update https://utpwk[.]com/i
0.0.0.0 utpwk.com
# https://www.bleepingcomputer.com/news/security/fake-it-support-sites-push-malicious-powershell-scripts-as-windows-fixes/ (behind CloudFlare)
0.0.0.0 pchelprwizardpro.com
0.0.0.0 pchelperwizard.com
# https://gist.github.com/iam-py-test/888d7170f9a7be6f2449d11962914fca
0.0.0.0 window-updates-service.com
0.0.0.0 www.google.com.859046247270372.window-updates-service.com
# https://github.com/mitchellkrogza/phishing/pull/435
0.0.0.0 reluzformaturas.com.br
# https://bazaar.abuse.ch/sample/dd9ec1c6a4be9bd962e1b1bd843d5750ef399c7c7cce60b368f627f5384e7a7c/
# https://www.joesandbox.com/analysis/1466504/0/html#domains
0.0.0.0 doddyfire.linkpc.net
# https://github.com/mitchellkrogza/phishing/pull/436
# my analysis (behind CloudFlare): https://tria.ge/240702-3e72bsvglc/behavioral1
# YouTube video titled "ROBLOX EXPLOIT - FREE DOWNLOAD | KRNL SCRIPT EXECUTOR | KEYLESS EXECUTOR [PC 2024]" -> https://tria.ge/240702-3bv8csvepf/behavioral1 (behind CloudFlare) & https://tria.ge/240702-3g8qmszcnp/behavioral1 (behind CloudFlare)
# see also: https://tria.ge/241228-qvenhayjfs/behavioral1
# https://github.com/mitchellkrogza/phishing/pull/437
0.0.0.0 detiktotocakep.com
# https://github.com/mitchellkrogza/phishing/pull/440
0.0.0.0 flyairprestige.com
# https://www.virustotal.com/gui/url/b9cb91ff67e9b16ab73b9b1801f046e3554605311d31ae052cc9f38758cc87e6/community
# my analysis (behind CloudFlare): https://tria.ge/240703-sdzy8avfml/behavioral1
0.0.0.0 midnightblue-lapwing-207108.hostingersite.com
# https://github.com/mitchellkrogza/phishing/pull/444
# my analysis (behind CloudFlare): https://tria.ge/240707-tstlesxelh/behavioral1
# my analysis (behind CloudFlare): https://tria.ge/240707-twydsavfmk/behavioral1
# https://github.com/mitchellkrogza/phishing/pull/445
# my analysis (behind CloudFlare): https://tria.ge/240707-3l4bqa1hrn/behavioral1
0.0.0.0 /lander/6cw/package_demo.exe^
0.0.0.0 crypto-wave.top
# https://github.com/mitchellkrogza/phishing/pull/446
0.0.0.0 karimgouss.ug
# https://github.com/hagezi/dns-blocklists/issues/3142
0.0.0.0 https.com
# https://github.com/uBlockOrigin/uAssets/issues/24486
# https://github.com/hagezi/dns-blocklists/issues/3278
0.0.0.0 upsbezorging.com
# https://github.com/mitchellkrogza/phishing/pull/466
0.0.0.0 cloudslimit.com
0.0.0.0 dailywebstats.com
0.0.0.0 hertrud.shop
0.0.0.0 hexcrippler.shop
0.0.0.0 hiltrunde.shop
0.0.0.0 iankian.shop
0.0.0.0 ironturner.shop
0.0.0.0 kloisa.shop
0.0.0.0 leopolfa.shop
0.0.0.0 liferacer.shop
0.0.0.0 commodityprocess.top
0.0.0.0 insights.today-time.sitefind.top
# https://github.com/hagezi/dns-blocklists/issues/3325
# https://github.com/uBlockOrigin/uAssets/issues/24719
# https://github.com/RPiList/specials/issues/1707
0.0.0.0 m-isist-emai-nmu-ne-yx8nu6hs7k.vercel.app
0.0.0.0 m-isist-emai-nmu-ne-6zft4bsbqh.vercel.app
0.0.0.0 m-isist-emai-nmu-ne-qefa68dvbd.vercel.app
0.0.0.0 thepatrones.blob.core.windows.net
0.0.0.0 xyzxyz55.xyz
# https://github.com/hagezi/dns-blocklists/issues/3331
# https://github.com/uBlockOrigin/uAssets/issues/24726
0.0.0.0 vah-cont-in-uou-slyle-com-ay7t6dbmag9vhg8srhj4.vercel.app
# https://github.com/hagezi/dns-blocklists/issues/3354
0.0.0.0 pr-ue-ba-de-lsa-bermu-ne-xre4pgczsk.vercel.app
# https://github.com/hagezi/dns-blocklists/issues/3354#issuecomment-2271411954
0.0.0.0 pr-ue-ba-de-lsa-bermu-ne-cp5iah7zlw.vercel.app
# https://github.com/hagezi/dns-blocklists/issues/3383
0.0.0.0 facebook-google-ygggvmvciad74v9lhi.vercel.app
0.0.0.0 facebook-google-vptyyny63pwfipshmm.vercel.app
0.0.0.0 facebook-google-15oqyxwtkremqyujsm.vercel.app
# https://github.com/hagezi/dns-blocklists/issues/3429
0.0.0.0 w0-eg-d12-de-yd-nka-ne-rklkyazwo0.vercel.app
# https://github.com/hagezi/dns-blocklists/issues/3338
0.0.0.0 nudepopsy71c.com
0.0.0.0 mamielournes.buzz
0.0.0.0 miahershberger.buzz
0.0.0.0 sanjuanitaliscano.click
0.0.0.0 viktoriadelenick.za.com
# https://github.com/uBlockOrigin/uAssets/issues/24734
0.0.0.0 btc24.info
# https://tria.ge/240802-p6fjha1gjd/behavioral1
0.0.0.0 allmostgone.life
# https://github.com/hagezi/dns-blocklists/issues/3352
# https://www.youtube.com/watch?v=_rCXxa5MDrE&t=599
# https://github.com/hagezi/dns-blocklists/issues/3374
0.0.0.0 softzspot.com
0.0.0.0 afiletoget.click
0.0.0.0 redis08.sbs
0.0.0.0 filexstorage.site
0.0.0.0 jourl.live
# https://github.com/hagezi/dns-blocklists/issues/3381
0.0.0.0 transiouratwat.com
0.0.0.0 undenentionin.com
# https://github.com/hagezi/dns-blocklists/issues/3417
# my analysis: https://tria.ge/240815-nm473szcjh/behavioral1
0.0.0.0 help.record-x-center.com
# https://github.com/hagezi/dns-blocklists/issues/3445
# todo: recheck soon
0.0.0.0 chromeweb-authenticators.com
# https://github.com/hagezi/dns-blocklists/issues/3453
0.0.0.0 microsoft-notifcation.com
# https://github.com/hagezi/dns-blocklists/issues/3468
0.0.0.0 3ab48a20-acaa-49ab-95cc-3eb16f1cda78-00-1a0l3yf6hw9aq.sisko.replit.dev
# https://github.com/hagezi/dns-blocklists/issues/3494
0.0.0.0 mail-cytanet.pages.dev
0.0.0.0 c0nt4ct-me.pages.dev
# https://github.com/hagezi/dns-blocklists/issues/3514
0.0.0.0 onevanilla.click
0.0.0.0 bilbocine.com
# on the same IP
0.0.0.0 unionplus-card.click
0.0.0.0 dailysmscollection.org
0.0.0.0 surgecardinfo.click
0.0.0.0 panoramacharter.click
0.0.0.0 mymorri.click
0.0.0.0 mymercy.click
0.0.0.0 marykayintouch.autos
0.0.0.0 direct2hr.click
0.0.0.0 alaskasworld.cfd
0.0.0.0 partycityfeedback.bond
# https://github.com/hagezi/dns-blocklists/issues/3540
0.0.0.0 pages.tempisite.com
# https://github.com/hagezi/dns-blocklists/issues/3549
0.0.0.0 help.safety-x-feedback.com
0.0.0.0 help.documentary-x.com
# https://github.com/hagezi/dns-blocklists/issues/3550
0.0.0.0 wyy158.fun
0.0.0.0 m.wyy158.fun
0.0.0.0 cse38.xyz
0.0.0.0 b.cse38.xyz
# https://github.com/hagezi/dns-blocklists/issues/3542
0.0.0.0 sanadietzman.click
# https://github.com/hagezi/dns-blocklists/issues/3543
0.0.0.0 joannmax.com
0.0.0.0 joannofficial.com
0.0.0.0 joannoutlet.com
0.0.0.0 joannclearances.com
# https://infosec.exchange/@jeromesegura/113048172086583562
0.0.0.0 cisco.com.gruaselpiojito.com.mx
0.0.0.0 sivacycle.com
# https://github.com/hagezi/dns-blocklists/issues/3598 (deleted)
# see wiki\[link].ru.com badware.png in the repo
# not my analysis: https://any.run/report/1855ff5c90583af10bea4002935e2b1f2d64d4975af2bc169c259e7903800392/9973ba38-1376-4728-a06a-d242a38120eb
# https://github.com/mitchellkrogza/phishing/pull/478
0.0.0.0 yanisac.com
# https://github.com/mitchellkrogza/phishing/pull/479
0.0.0.0 albapietra.com.br
# coinbase phishing
# metamask phishing
# https://infosec.exchange/@urldna/113120340213435536
# orange.fr phishing
# robinhood phishing
# AT&T phishing (att-verification-542-9acc4c.webflow.io)
# CoinBase phishing
0.0.0.0 *coinbase*.webflow.io^
# many different phishing domains
0.0.0.0 *wallett*.webflow.io^
# Outlook phishing (microsoft-outlook-11402a.webflow.io)
# many metamask phishing websites
# https://github.com/hagezi/dns-blocklists/issues/3706
0.0.0.0 uszjj.fyjkxzq.shop
# https://github.com/hagezi/dns-blocklists/issues/3718
0.0.0.0 tplinkextender.net
# https://infosec.exchange/@urldna/113137563126979979
# https://github.com/hagezi/dns-blocklists/issues/3731
0.0.0.0 csbestplayers.com
# https://github.com/hagezi/dns-blocklists/issues/3727
0.0.0.0 bitegifts.com
# spam comment on https://github.com/AdguardTeam/AdGuardHome/discussions/7254
# my analysis: https://tria.ge/240916-z8v23szgqq/behavioral1 - I could not find a download button/link, but site looks suspicious
0.0.0.0 hackpc.net
# SMS spam: 【U­S Post Office Update】 Your package could not be delivered after two attempts because of incomplete address information. To prevent the package from being returned, please update your address at this link: hxxpx://cutt[.]ly/5eUedtvY?Mrl=gJ83DXW5n8 We will make a new delivery attempt within 24 hours after the update. US P­ost Office team.
# https://tria.ge/240927-qq2bpsvbnp/behavioral1
0.0.0.0 upf.xdpapmz.shop
# https://github.com/hagezi/dns-blocklists/issues/3837
0.0.0.0 thenorthfacegreece.com
0.0.0.0 www.thenorthfacegreece.com
0.0.0.0 the-north-face.gr
0.0.0.0 www.the-north-face.gr
# https://github.com/hagezi/dns-blocklists/issues/3838
# https://tria.ge/240929-tnwj8a1cjl/behavioral1
0.0.0.0 identifyillustration.com
# https://app.any.run/tasks/ada100c7-3001-4cc5-bf57-d883fcbb87a2
0.0.0.0 lonerprevailed.com
# https://github.com/DandelionSprout/adfilt/pull/1059
# https://github.com/hagezi/dns-blocklists/pull/3848
0.0.0.0 bromite.org
# https://infosec.exchange/@urldna/113228867828456640
0.0.0.0 wwwaaatxhdt.pages.dev
# https://github.com/mitchellkrogza/phishing/pull/489
0.0.0.0 blueevolution.it
# https://github.com/mitchellkrogza/phishing/pull/491
0.0.0.0 kidsacademyprayagraj.com
# https://github.com/mitchellkrogza/phishing/pull/494
0.0.0.0 usps.com-trackahc.top
# https://github.com/hagezi/dns-blocklists/pull/3961
0.0.0.0 lvrv0gkspz.blob.core.windows.net
0.0.0.0 formally-up.com
# https://tech.lgbt/@micah/113312198092441897
# https://tria.ge/241016-y6kmwsvbkj/behavioral1
0.0.0.0 dailyrx.org
0.0.0.0 redir.dailyrx.org
0.0.0.0 pdf-library.org
0.0.0.0 fbdata-edt.com
0.0.0.0 alch.neweradigitalservices.com
0.0.0.0 hearwork.lat
0.0.0.0 tracksallroundtheway2024.com
0.0.0.0 roa93d.tracksallroundtheway2024.com
0.0.0.0 thetoybox.club
# https://www.hybrid-analysis.com/sample/4ae782b2668984c0144d767ec4efefbf3c076f4f229a2c23194e8aded63a4931
0.0.0.0 enhancednetworkpc.com
# https://tria.ge/241016-zrwmaawcnq/behavioral1
0.0.0.0 getartscrafts.com
# https://tria.ge/241016-zs2vpawdkl/behavioral1
0.0.0.0 mydigitalgadgets.com
# https://tria.ge/241016-zwevbssfna/behavioral1
0.0.0.0 kittencutey.com
# https://github.com/hagezi/dns-blocklists/issues/4003
0.0.0.0 rustdesk.pl
0.0.0.0 rustdesk.co.nz
# https://github.com/rustdesk/rustdesk/discussions/9679
# https://github.com/hagezi/dns-blocklists/issues/4009
0.0.0.0 rustdesk.io
0.0.0.0 rustdesk.secure-box.de
# my analysis: https://tria.ge/241018-pvlldazcqr/behavioral1
# https://tria.ge/241018-wjwerszgre/behavioral1
# https://github.com/hagezi/dns-blocklists/issues/4048
0.0.0.0 ruthiekresal.za.com
0.0.0.0 leonoremanry.sa.com
0.0.0.0 jewellvanmarter.za.com
0.0.0.0 malgorzataschlegel.click
0.0.0.0 lesliespracklen.sa.com
0.0.0.0 linaromney.za.com
0.0.0.0 dierdrecrisan.buzz
0.0.0.0 terinaverkler.click
0.0.0.0 doaapodewils.buzz
0.0.0.0 velmaglendenning.ru.com
# https://github.com/hagezi/dns-blocklists/issues/4047
0.0.0.0 mcds100.com
0.0.0.0 bwpkizpfms.funnelish.com
0.0.0.0 glitchy.go2cloud.org
0.0.0.0 nextstephire.net
# https://github.com/hagezi/dns-blocklists/issues/4085
0.0.0.0 teslamaked.com
# https://github.com/hagezi/dns-blocklists/issues/4153
0.0.0.0 facebook-support-team-980.pages.med.br
# https://github.com/hagezi/dns-blocklists/issues/4204
0.0.0.0 bsnl5gtower.com
0.0.0.0 bsnltowersite.in
# https://github.com/hagezi/dns-blocklists/issues/4211
# https://tria.ge/241105-pellfa1arg/behavioral1
0.0.0.0 bsnl-tower.com
# https://tria.ge/241105-pgh84a1hjj/behavioral1
# https://tria.ge/241105-pj8a1azpes/behavioral1
# https://tria.ge/241105-pls9vs1cla/behavioral1
0.0.0.0 bsnltowerinstallations.com
# https://tria.ge/241105-pnpdpazqbs/behavioral1
0.0.0.0 towerinstallation5g.com
# https://tria.ge/241105-ppynrasanm/behavioral1
0.0.0.0 5gtower.in
# https://github.com/hagezi/dns-blocklists/issues/4222
# my analysis: https://tria.ge/241107-sgwe7sxjdm/behavioral1
0.0.0.0 udemy-creators.com
# https://github.com/hagezi/dns-blocklists/issues/4191
0.0.0.0 fkpgr.buzz
0.0.0.0 gov.fkpgr.buzz
0.0.0.0 efkgr.buzz
0.0.0.0 gov.efkgr.buzz
0.0.0.0 dcrfgr.buzz
0.0.0.0 gov.dcrfgr.buzz
# https://github.com/hagezi/dns-blocklists/issues/4274
0.0.0.0 pekanbaru.one
# https://github.com/hagezi/dns-blocklists/issues/4276
0.0.0.0 paquetsuivi7noti.com
# https://github.com/hagezi/dns-blocklists/issues/4288
0.0.0.0 monpaquet9trackpobox.com
# https://github.com/hagezi/dns-blocklists/issues/4322
0.0.0.0 stage3-last.pro
0.0.0.0 stage3-last.store
0.0.0.0 stage3-last.club
0.0.0.0 stage3-last.live
0.0.0.0 stage3-last.info
0.0.0.0 /^https://stage3-last\.[a-za-z]*\/info\/?
0.0.0.0 stage2024.club
0.0.0.0 stage3x.site
0.0.0.0 stage3x.store
# https://github.com/hagezi/dns-blocklists/issues/4327
0.0.0.0 airupbelgiums.com
0.0.0.0 airup-bottlegreece.com
0.0.0.0 airupbulgaria.com
0.0.0.0 airupespana.com
0.0.0.0 air-upfrance.com
0.0.0.0 airupfrance.fr
0.0.0.0 airup-gr.com
0.0.0.0 airupgreece.net
0.0.0.0 airupitaly.it
0.0.0.0 airup-nederland.com
0.0.0.0 airupnederlands.com
0.0.0.0 airup-romania.com
0.0.0.0 airupromania.ro
0.0.0.0 airupsrbija.com
0.0.0.0 air-up-turkiye.com
0.0.0.0 xn--airupespaa-19a.com
0.0.0.0 xn--airuptrkiye-yhb.com
0.0.0.0 airup-fi.com
# https://github.com/hagezi/dns-blocklists/issues/4362
# my analysis: https://tria.ge/241119-amgj5ayelr/behavioral1
# https://www.facebook.com/share/p/17dc5jTP2Q/
0.0.0.0 karan-pc.com
0.0.0.0 karanpcofficial.blogspot.com
# https://github.com/xRuffKez/NRD/issues/14
# my analysis: https://tria.ge/241119-ay45kayflr/behavioral1
0.0.0.0 monicarelino13512-carelino.click
# https://github.com/hagezi/dns-blocklists/issues/4291
0.0.0.0 securevault.top
# https://github.com/hagezi/dns-blocklists/issues/4393
0.0.0.0 diteringion.com
# https://github.com/mitchellkrogza/phishing/pull/513
0.0.0.0 /^https:\/\/usps.com-expres[a-za-z0-9]\.top\//
0.0.0.0 usps.com-expresf.top
0.0.0.0 usps.com-expresj.top
0.0.0.0 usps.com-expresh.top
0.0.0.0 usps.vip-expresg.top
0.0.0.0 usps.vip-expresq.top
0.0.0.0 usps.vip-expresj.top
0.0.0.0 usps.vip-expresf.top
0.0.0.0 yhrtfgd.top
0.0.0.0 ewhtwgerw.top
0.0.0.0 hjfddsa.top
0.0.0.0 weafgre.top
0.0.0.0 ewrtghre.top
0.0.0.0 tyrdddsa.top
0.0.0.0 sdswrw.top
0.0.0.0 restujytd.top
0.0.0.0 gdgrde.top
0.0.0.0 reshtryjd.top
0.0.0.0 hfgdtyr.top
0.0.0.0 rtyuijfyd.top
0.0.0.0 iuythfrty.top
0.0.0.0 liutjytfds.top
0.0.0.0 iutrydrhg.top
0.0.0.0 liutyjytf.top
0.0.0.0 ghtfews.top
# https://github.com/hagezi/dns-blocklists/issues/4417
0.0.0.0 sale-friday.store
0.0.0.0 black-sales.cloud
# https://github.com/mitchellkrogza/phishing/pull/516
0.0.0.0 /^https?:\/\/uspscom-fre[a-za-z0-9]*\.top\/track\/?
0.0.0.0 /^https?:\/\/uspscom-fre[a-za-z0-9]*\.cyou\/track\/?
0.0.0.0 /^https?:\/\/uspscom-fre[a-za-z0-9]*\.icu\/track\/?
0.0.0.0 /^https?:\/\/uspscom-fre[a-za-z0-9]*\.cfd\/track\/?
0.0.0.0 /^https?:\/\/uspscom-fre[a-za-z0-9]*\.xyz\/track\/?
0.0.0.0 /^https?:\/\/usps\.com-info-add[a-za-z0-9]*\.cfd\/[a-za-z0-9]\/?
0.0.0.0 /^https:\/\/usps.com-[a-za-z].win\//
# https://www.virustotal.com/gui/ip-address/129.226.206.133/relations
# https://github.com/hagezi/dns-blocklists/issues/4489
0.0.0.0 editproai.org
# https://github.com/hagezi/dns-blocklists/issues/4545
# https://www.youtube.com/watch?v=sTBssoyqDdg
0.0.0.0 eset.co.il
0.0.0.0 backend.store.eset.co.il
# https://github.com/hagezi/dns-blocklists/issues/4637
0.0.0.0 paquet1nfopabox.com
# https://tria.ge/241228-qaf1tsxrh1/behavioral1
0.0.0.0 zxcupload.com
# https://www.virustotal.com/gui/file/e8f37a06b0626b07d7999e81a6f95d4553d515e66dc578995b50d3404138aff5/behavior
# https://tria.ge/241228-qvenhayjfs/behavioral1
# https://threatfox.abuse.ch/ioc/1290806/
# https://threatfox.abuse.ch/ioc/1369035/
0.0.0.0 jammywritej.click
# https://github.com/hagezi/dns-blocklists/issues/4706
0.0.0.0 xn--2adcdvwhuqa83y31c-c5n.gtrewe.co.in
# https://github.com/hagezi/dns-blocklists/issues/4696
0.0.0.0 usps.com-tracking-helpsenf.xyz
# https://tria.ge/241231-bh8ngszla1/behavioral1
# Note: only works on mobile/mobile emulated devices, too lazy to see what fingerprint it uses but probably it's user agent
0.0.0.0 cgfji.top
# https://github.com/hagezi/dns-blocklists/issues/4721
0.0.0.0 icloud.apple.pariet.mhudr.cn
0.0.0.0 icloud.apple.street.oanvd.cn
# https://github.com/hagezi/dns-blocklists/issues/4757
0.0.0.0 fiheos.co.in
0.0.0.0 48095uqslydirvr761.fiheos.co.in
# https://github.com/hagezi/dns-blocklists/issues/4758
# https://www.reddit.com/r/alberta/comments/1hswbe2/parking_ticket_by_sms_legit/
0.0.0.0 casefollowup.com
# https://github.com/hagezi/dns-blocklists/issues/4784
0.0.0.0 angelinvestar.in
# https://github.com/hagezi/dns-blocklists/issues/4780
0.0.0.0 loveclickeve.site
# https://github.com/hagezi/dns-blocklists/issues/4799
0.0.0.0 trivo.uk
0.0.0.0 igloaptopto.net
# https://urlquery.net/report/21df11ff-a863-432c-8e5f-97eaad5965c7
# https://tria.ge/250107-tp7zmsyke1/behavioral1 (evasion)
0.0.0.0 shoomotairt.net
0.0.0.0 ormedion.com
0.0.0.0 utilityguard-host.info
# https://github.com/Phishing-Database/phishing/pull/646
0.0.0.0 acadgas.ru
# https://github.com/hagezi/dns-blocklists/issues/4801
# https://tria.ge/250107-ttsqhszqgl/behavioral1
0.0.0.0 notify-user-adjustments.vercel.app
# https://tria.ge/250107-tv21kszrcq/behavioral1
0.0.0.0 telegramweb.vercel.app
# https://github.com/hagezi/dns-blocklists/issues/4808
# https://tria.ge/250108-vjp3bawncz/behavioral1
# note: versyasist[.]website has phishing warning from CF
0.0.0.0 sos-de-muc-1.exo.io
# https://tria.ge/250108-whvf3szmcp/behavioral1
0.0.0.0 birthjeans.icu
0.0.0.0 jurantsepinine.shop
0.0.0.0 waisheph.com
0.0.0.0 waefufloaty.shop
0.0.0.0 ge.waefufloaty.shop
0.0.0.0 samalcuratic.shop
0.0.0.0 olympuscracowe.shop
0.0.0.0 xu.olympuscracowe.shop
# https://tria.ge/250108-wpwbysxney/behavioral1
0.0.0.0 whatsdating.college
# https://github.com/hagezi/dns-blocklists/issues/4851
0.0.0.0 nze0xw.butsmism.co.in
0.0.0.0 cultj2ghubcc73f08abg.gapconnectionbridge.co.in
# https://github.com/hagezi/dns-blocklists/issues/4849
0.0.0.0 dwlae.top
# lookalikes
0.0.0.0 cheerycouture.com
0.0.0.0 accurately.top
0.0.0.0 chicystore.com
# https://github.com/hagezi/dns-blocklists/issues/4863
0.0.0.0 gtltowerinfratel.in
0.0.0.0 bsnltower5g.com
0.0.0.0 towerinstalltion5g.in
# https://github.com/hagezi/dns-blocklists/issues/4907
# https://cside.dev/blog/over-5k-wordpress-sites-caught-in-wp3xyz-malware-attack
# examples of infected websites:
# - https://tria.ge/250116-z437wszjcy/behavioral1
# - https://tria.ge/250116-1abffszlev/behavioral1
# - https://tria.ge/250116-1bdl7szrgl/behavioral1
# - some infected websites have already been cleaned
0.0.0.0 wp3.xyz
# https://github.com/hagezi/dns-blocklists/issues/4916
# returns 404 on non-mobile devices
# https://tria.ge/250117-246n5awphl/behavioral1
# https://agora.echelon.pl/objects/310d887d-e111-48a4-9331-bc9e6b8cdd3b
# https://x.com/ryanchenkie/status/1880730173634699393
# https://masto.deoan.org/@neurovagrant/113857415001588398
0.0.0.0 brewmacos.com
# https://github.com/hagezi/dns-blocklists/issues/4959
# my analysis: https://tria.ge/250122-z336hawrgj/behavioral1
0.0.0.0 ieztoskbcoalf.z13.web.core.windows.net
# https://atomicpoet.org/objects/0a89b5d5-b1f0-4b2c-85ef-23007f842231
0.0.0.0 mostodon.social
# https://github.com/hagezi/dns-blocklists/issues/5112
0.0.0.0 vencord.app
0.0.0.0 newpipe.app
0.0.0.0 revanced-extended.com
# https://github.com/hagezi/dns-blocklists/issues/5160
0.0.0.0 47n78xprrvp1.top
# https://github.com/hagezi/dns-blocklists/issues/5193
0.0.0.0 edwardjhutley107375938786edwardjrhutley70205433153583usps.com
0.0.0.0 fiusps.com
0.0.0.0 foreveusps.com
0.0.0.0 helpdesk-usps.online
0.0.0.0 helpuspsnow.ru
0.0.0.0 270278609-2020004278-462904544-440202503325--570202500372x-usps.com
# https://github.com/hagezi/dns-blocklists/issues/5209
0.0.0.0 postova-uzivatel.com
0.0.0.0 poistenie-sk.com
0.0.0.0 kontakt-vszp.com
# https://github.com/hagezi/dns-blocklists/issues/5285
0.0.0.0 group-signal.com
0.0.0.0 signalgroup.site
0.0.0.0 signal-confirm.site
0.0.0.0 teneta.add-group.site
# https://www.eff.org/deeplinks/2025/03/simple-phish-bait-eff-not-investigating-your-albion-online-forums-account
0.0.0.0 act-7wbq8j3peso0qc1.pages.dev
# https://github.com/hagezi/dns-blocklists/issues/5500
0.0.0.0 ojlkimed.vip
# https://tria.ge/250315-v2kwbaspy7/behavioral1
0.0.0.0 ggrls45.info
0.0.0.0 naughtymets.com
0.0.0.0 bgigdga.naughtymets.com
# spam SMS sent to several people in a group thread (all strangers):
# 💌REMINDER💌 :  Please ensure that your E-ZPass tolls are paid in full by March 20, 2025 to prevent any legal or administrative action that could affect your DMV record. Late payments may result in fee increases, enforcement notices, or license renewal restrictions. Have a worry-free, safe trip!
#
# 🤝Complete your payment here:   https://bit.ly/4bBRQHI?yVW=YeUPmv0Kqs  🤝
# bitly link redirects to this domain, but it evades and goes to Google: https://tria.ge/250319-12gfsaypw5/behavioral1
0.0.0.0 mdfzo.xin
# https://github.com/hagezi/dns-blocklists/issues/5631
0.0.0.0 best-torrents.com
0.0.0.0 displaymovies.pl
0.0.0.0 ex-torrenty.org
0.0.0.0 filmo.agency
0.0.0.0 filmy24.cc
0.0.0.0 find-vod.com
0.0.0.0 showplax.com
0.0.0.0 vodlist.com
0.0.0.0 zobaczfilm.com
# https://github.com/hagezi/dns-blocklists/issues/5632
0.0.0.0 food-network.fwh.is
# https://phishtank.com/phish_detail.php?phish_id=9030918
# my analysis: https://hybrid-analysis.com/sample/cb3e185cb59b9bbd19294e1196f70a6580d7bd2a9d5e57d9410db0284ecc56ff
# note: appears to evade some online sandboxes, i.e. urlscan
# https://github.com/hagezi/dns-blocklists/issues/5656
# https://securelist.com/operation-forumtroll/115989/
0.0.0.0 primakovreadings.info
# https://github.com/hagezi/dns-blocklists/issues/5758
0.0.0.0 nopae.top
# https://github.com/iam-py-test/my_filters_001/issues/132
# formally hosted legitimate website, now parked, see e.g. https://tria.ge/250408-a7v81sxkx8/behavioral1
# https://github.com/hagezi/dns-blocklists/issues/5823
0.0.0.0 turtleclient.xyz
# https://github.com/hagezi/dns-blocklists/issues/5833
0.0.0.0 yma.zdwtixh.xyz
# https://github.com/DandelionSprout/adfilt/issues/1124
0.0.0.0 doh-gov.com
0.0.0.0 doh-gov.ph
# https://github.com/hagezi/dns-blocklists/issues/5867
0.0.0.0 dk9zc9.pro
0.0.0.0 quoka.dk9zc9.pro
# https://github.com/uBlockOrigin/uAssets/issues/27968
# my analysis: https://tria.ge/250413-pk1mjsvry4/behavioral1
# also (my analysis): https://tria.ge/250413-qztyzswqv6/behavioral1
0.0.0.0 worshippers.store
0.0.0.0 decisionsem.live
0.0.0.0 deliberatelyot.space
# not my analysis: https://any.run/report/84a456c92b249160eb532c6a4bdc96d3de3c2d034e41ee11d44b8c0e57cf8b44/469cb02e-b4d4-4d9d-8a20-4c133fb59f86
# https://tria.ge/250413-pwq79awxas/behavioral1
0.0.0.0 tegprokess.pro
# https://etechnix[.]com/get/update -> https://www.virustotal.com/gui/file/6676db2bc561d933aa84ac68e8c66fe278345bc4e435f7cb5164202cd3876e4d?nocache=1 and https://tria.ge/250413-qsfg1sw1ez/behavioral1
# not my analysis: https://any.run/report/59c44efd5b4f66ae6ed42878e14ae3c7b8e774f1d228a40a9cf818a62c740c9c/43790e20-d33d-42fa-8115-cbce56d3c9e1
# not my analysis: https://bazaar.abuse.ch/sample/59c44efd5b4f66ae6ed42878e14ae3c7b8e774f1d228a40a9cf818a62c740c9c/
# not my analysis: https://bazaar.abuse.ch/sample/9a8ba2203cf45bb5fe142cb4cee82fe397af4504d51e7fc8c7db19a8ef1c71e4/
0.0.0.0 etechnix.com
# https://tria.ge/250413-qyz4lswqt3/behavioral1
0.0.0.0 ommentsere.biz
0.0.0.0 goathaga.top
# https://github.com/hagezi/dns-blocklists/issues/5899
0.0.0.0 webcamstream.sbs
# https://github.com/hagezi/dns-blocklists/issues/5904
0.0.0.0 eventmusk-x.com
# https://github.com/hagezi/dns-blocklists/issues/5929
0.0.0.0 velazqur.store
# https://github.com/hagezi/dns-blocklists/issues/5935
0.0.0.0 eslgrandscup.com
# https://github.com/hagezi/dns-blocklists/issues/5954
# https://tria.ge/250419-vea3la1xcs/behavioral1
0.0.0.0 mullvaad.net
# https://www.virustotal.com/gui/url/12c9f243e447a8d145404069cdb72b654297c86fdcbffa33945799fc8d6b28d9/community
0.0.0.0 nscotra.com
# my analysis: https://tria.ge/250419-vjxgdstrx9/behavioral1
0.0.0.0 cvsdocfilesharingesign.com
0.0.0.0 secureauthxxdhgffgigff.cvsdocfilesharingesign.com
0.0.0.0 setup.cvsdocfilesharingesign.com
0.0.0.0 gateway.cvsdocfilesharingesign.com
0.0.0.0 ckdatabasews.cvsdocfilesharingesign.com
# spam comment on https://krebsonsecurity.com/2025/04/whistleblower-doge-siphoned-nlrb-case-data/
# https://tria.ge/250428-nkpdvawpy7/behavioral1
0.0.0.0 deltaa-executor.com
# https://github.com/hagezi/dns-blocklists/issues/6081
0.0.0.0 dexsceerner.net
0.0.0.0 app.dexscreener-home.net
0.0.0.0 traderjoexyz.bylfg.org
0.0.0.0 v2-o-p-e-n-s-e-a.com
0.0.0.0 susni-swap.com
0.0.0.0 open-sea.market-ntf.com
0.0.0.0 hyperilquid.xyz-trade.com
0.0.0.0 tangem.ing
0.0.0.0 tacngcm.com
0.0.0.0 raydiumx.org
0.0.0.0 ray-swap.net
0.0.0.0 raydium.io-sol.org
0.0.0.0 w-atomicwallet.com
0.0.0.0 atomiciwallet.com
0.0.0.0 base.bridge-home.net
0.0.0.0 v3-dappradar.com
# https://github.com/hagezi/dns-blocklists/issues/6392
0.0.0.0 seller-verification.com
# https://tria.ge/250602-196qmswxht/behavioral1
0.0.0.0 darkmodz-links.com
# https://github.com/hagezi/dns-blocklists/issues/6402
0.0.0.0 verif-order.help
# https://www.virustotal.com/gui/domain/mysign-mircrosoft.com/community
0.0.0.0 mysign-mircrosoft.com
# https://github.com/DandelionSprout/adfilt/discussions/779#discussioncomment-13435345
0.0.0.0 lonely.beauty
# https://github.com/hagezi/dns-blocklists/issues/6469
0.0.0.0 mobiilitiedot.org
0.0.0.0 mobiilitiedot.com
0.0.0.0 mp.mobiilitiedot.com
# https://tria.ge/250625-sy2zbadl6t/behavioral1 (downloads 7Zip?)
0.0.0.0 ezplayclub.com
# https://github.com/hagezi/dns-blocklists/issues/6563
0.0.0.0 streamboo.live
0.0.0.0 streambootest.ru
# https://github.com/hagezi/dns-blocklists/issues/6586
0.0.0.0 my-tracknl.com
# https://github.com/hagezi/dns-blocklists/issues/6618
0.0.0.0 rayjump.com
# https://github.com/hagezi/dns-blocklists/issues/6629
0.0.0.0 fish-lane.com
# https://github.com/hagezi/dns-blocklists/issues/6635
# TODO: recheck soon as this is preemptive
0.0.0.0 myhermes.atiylu.live
# https://github.com/hagezi/dns-blocklists/issues/6657
0.0.0.0 clientsboots.com.es
# https://mastodon.social/@Radical_EgoCom/114840608525562390
# https://mastodon.social/@paninodesu/114840594526505979
# https://tria.ge/250712-rdknvscq61/behavioral1
# https://tria.ge/250712-rfq9escr5t/behavioral1
# https://github.com/hagezi/dns-blocklists/issues/6897
0.0.0.0 revolut.so
# https://github.com/hagezi/dns-blocklists/issues/7558
0.0.0.0 getfiles.pro
0.0.0.0 4bind3.cfd
0.0.0.0 eset-nod32-key-2025.xyz
0.0.0.0 mediafileslow.info
0.0.0.0 2mf6tl6ky1408255md.cfd
0.0.0.0 n14rr140825e7.cfd
0.0.0.0 qjvczu9pq00904257.cfd
0.0.0.0 rfsjh070725nwj.cfd
0.0.0.0 9rxm9js3140825fy.cfd
0.0.0.0 khatra98700lo.cfd
0.0.0.0 setup004media.info
0.0.0.0 www.chal00012hath.cfd
0.0.0.0 marga2retta7ge6rlach.cfd
0.0.0.0 90003cfd.cfd
0.0.0.0 kotlogog-gogd.cfd
0.0.0.0 securefilesdogs.info
0.0.0.0 filesoftly.icu
0.0.0.0 bskryar.icu
0.0.0.0 eureoreu.cloud
0.0.0.0 zdrytehy.cloud
0.0.0.0 ebnbwm070725fhl.cfd
0.0.0.0 9wn7wh140825st.cfd
0.0.0.0 96u5qbb3v1408257.cfd
0.0.0.0 1dljf140825u79.cfd
0.0.0.0 t6mu9n080425f.cfd
0.0.0.0 83ru6xa8xf0804259.cfd
0.0.0.0 cdxtsd.cfd
0.0.0.0 villaassz.click
0.0.0.0 fined.cfd
0.0.0.0 mdera.icu
0.0.0.0 earshows.xyz
0.0.0.0 azzul.cfd
0.0.0.0 premiumfile.cfd
0.0.0.0 premiumfiles.site
0.0.0.0 filessoftz.xyz
0.0.0.0 filessoftware.xyz
0.0.0.0 filestosoftz.pro
0.0.0.0 easutofiles.cfd
0.0.0.0 smallszand.store
0.0.0.0 eoprovide.live
0.0.0.0 pwstop.icu
0.0.0.0 filedownloader.top
0.0.0.0 fileboxgen.cyou
0.0.0.0 filetapfy.space
0.0.0.0 fixfiles.cfd
0.0.0.0 topfiles.cfd
0.0.0.0 file-sharings.store
0.0.0.0 modesoft.me
0.0.0.0 good.indianbober.com
0.0.0.0 vsdvsdv.click
0.0.0.0 s1xgjbq4.pro
0.0.0.0 keygenbox.ru
0.0.0.0 get.gigadrop.pro
0.0.0.0 get.hostloom.online
0.0.0.0 go-digital.vip
# malware ad
0.0.0.0 best-knowledge-good24.com
# https://www.bleepingcomputer.com/news/security/fake-lastpass-death-claims-used-to-breach-password-vaults/
0.0.0.0 lastpassrecovery.com
# https://github.com/hagezi/dns-blocklists/issues/8240
0.0.0.0 sublime-merge-git-client.github.io
0.0.0.0 aftop10.com
0.0.0.0 dokopka.icu
0.0.0.0 acrossprotocols.com
# https://github.com/hagezi/dns-blocklists/issues/8257
0.0.0.0 simplexspot.com
# https://github.com/hagezi/dns-blocklists/issues/8573
0.0.0.0 recover-signe.com
# https://github.com/iam-py-test/my_filters_001/issues/135
# https://www.indy100.com/science-tech/life2vec-calulator-death-date
# sandbox
# https://tria.ge/260109-g1l54aav5b/behavioral1
# https://tria.ge/260109-gznmjaat3c/behavioral1
# https://tria.ge/260109-g5jkrsax5a/behavioral1
# https://tria.ge/260109-g8jpyaaz3c/behavioral1
# https://tria.ge/260109-g86jpsaz6a/behavioral1
# https://crushon[.]ai/character/cdc77abe-83ba-4b64-8e35-005ab8bd2af0/details
# https://infosec.exchange/@iampytest1/115863886773871893
0.0.0.0 aipredictdeathcalculator.com
0.0.0.0 deathcalculator.ai
0.0.0.0 life2vecai.com
0.0.0.0 deathprediction.ai
0.0.0.0 life2veccalculatoronline.github.io
0.0.0.0 deathcalculator.net
# https://tria.ge/260109-xncznafs4g/behavioral1
# https://www.virustotal.com/gui/file/a5b80dc1f0f6ba603f876d3e94c17a520f30cbd2a30fa65483ddb204b0cccd01
# https://github.com/hagezi/dns-blocklists/issues/8813
0.0.0.0 fitgirl-repacks.proxyninja.org
# https://forums.malwarebytes.com/topic/332575-fell-for-cake-cloudflare/
# https://www.virustotal.com/gui/file/b27b099d3b1bb34f1dc43c00797a43b1da3b7d48e61390f9da5b04fd143f755e
# https://www.virustotal.com/gui/url/e9b31d5bfaaa80b4218831c98e5b7df200ca9821fced02a87d6fb9c7de4a543f
# https://web.archive.org/web/20260123203620/https://www.youtube.com/watch?v=DNvdNN-4ur0
# https://tria.ge/260123-y316gaht4d/behavioral1
# https://infosec.exchange/@iampytest1/115946438997785194
0.0.0.0 wploits.com
0.0.0.0 fdy.borendrokontho.com
0.0.0.0 fdy.lidiia.com.ua
# https://kolektiva.social/@ddosecrets/115979746538660397
0.0.0.0 ddosecrets.com
0.0.0.0 data.ddosecrets.com
# https://x.com/BrandiKruse/status/2014525124553388390
# https://x.com/BrandiKruse/status/2014558762871464440
# https://www.reddit.com/r/SeattleWA/comments/1qmpeof/someone_at_wsdot_put_a_link_to_fuckiceorg_in_a/
# https://tria.ge/260129-zww4lsgt8a/behavioral1
# https://infosec.exchange/@iampytest1/115980534212744514
# https://bsky.app/profile/did:plc:ysz3jltsuhnyrqrskrcbcz2s/post/3mdlqzvbkec25
# https://x.com/iam_py_test/status/2016990950141067696
0.0.0.0 accurate.you
# https://github.com/DandelionSprout/adfilt/issues/1219
# https://tria.ge/260130-2ss9naas5f/behavioral1
0.0.0.0 tjrksciow.pro
# https://github.com/hagezi/dns-blocklists/issues/9010
# https://github.com/ShadowWhisperer/BlockLists/issues/246
# https://www.koi.ai/blog/4-million-browsers-infected-inside-shadypanda-7-year-malware-campaign
# https://www.theregister.com/2025/12/01/chrome_edge_malicious_browser_extensions/
0.0.0.0 dergoodting.com
0.0.0.0 nossl.dergoodting.com
# https://forums.malwarebytes.com/topic/291609-dark-reader-plugin-contains-malware-browser-hijacker/ (seems unrelated to Dark Reader, as the website continues with Dark Reader disabled/uninstalled)
0.0.0.0 furiousfar.com
# 2026-2-4: redirects to http://xml-v4.icdsoap-4.online/click?i=aLHraN3-WV4_0&seat=3764086 - can not reproduce in Triage
0.0.0.0 xml-v4.icdsoap-4.online
# https://github.com/blocklistproject/Lists/issues/1586
0.0.0.0 blocklist.site
0.0.0.0 landr-atlas.com
0.0.0.0 tagesschau.finance
# https://infosec.exchange/@iampytest1/116016048124997625
# found by my research
0.0.0.0 connectgates.co.in
0.0.0.0 d621b48hubcc73aav7l0.connectgates.co.in
0.0.0.0 opredirect.com
0.0.0.0 solsticea.net
0.0.0.0 fusionchainedge.com
0.0.0.0 d621b18hubcc73aav3e0.fusionchainedge.com
0.0.0.0 watchnowclick.com
0.0.0.0 silverwhitebirds.co
0.0.0.0 anthracnosis.lat
0.0.0.0 bzbiz-crm.com
0.0.0.0 voyagewinds.co
0.0.0.0 quick-scanning.top
# tries to install a browser extension (https://addons[.]newtabsearch[.]net/ntff/new_tab_search-1.0.4-fx.xpi)
# https://support.mozilla.org/mk/questions/1555476
0.0.0.0 newtabsearch.net
0.0.0.0 ff.newtabsearch.net
0.0.0.0 addons.newtabsearch.net
# https://tria.ge/260205-etq5csey2a/behavioral1
0.0.0.0 telemechanism.cyou
# https://www.reddit.com/r/techsupport/comments/1ooasab/what_is_the_ey43com_site_and_why_is_firefox/
# https://www.malwarebytes.com/blog/detections/ey43-com
0.0.0.0 ey43.com
# occurs when connecting using sandbox, Tor, VPN ip
# https://tria.ge/260205-ec9v5sev8c/behavioral1
# https://tria.ge/260205-edwd5sev8g/behavioral1
# https://tria.ge/260205-ed9lrsev9c/behavioral1
0.0.0.0 resultsfastfind.com
# https://infosec.exchange/@iampytest1/116042005986881470
# based on https://github.com/uBlockOrigin/uAssets/commit/b33e4635beb8a827d6ebd3867374a0abbb905fe5
# https://github.com/hagezi/dns-blocklists/issues/9078
0.0.0.0 protonwalletdesktop.com
# https://github.com/hagezi/dns-blocklists/issues/9088
# https://github.com/massgravel/Microsoft-Activation-Scripts/issues/1299
# https://tria.ge/260210-vv729ses5b/behavioral2
0.0.0.0 actiwated.win
0.0.0.0 get.actiwated.win
# https://github.com/DandelionSprout/adfilt/issues/1223
# https://tria.ge/260211-15vsksbz7h/behavioral1
0.0.0.0 snowvan.xyz
# https://tria.ge/260211-16ykvsb12c/behavioral1
0.0.0.0 kygens.xyz
0.0.0.0 host11m.cfd
0.0.0.0 getlink6.host11m.cfd
0.0.0.0 generate89c659.host11m.cfd
0.0.0.0 host15m.cfd
0.0.0.0 file169599.host15m.cfd
0.0.0.0 filehost09.sbs
0.0.0.0 s2.filehost09.sbs
0.0.0.0 sharehost06.sbs
0.0.0.0 cdn5.sharehost06.sbs
# https://tria.ge/260211-2h1wracv2g/behavioral1
0.0.0.0 getdwnloadss.com
# https://tria.ge/260215-q8jvdaey6c/behavioral1
0.0.0.0 crvftgbyh.click
0.0.0.0 tvgyfdtrf.pro
0.0.0.0 edweasdxf.pro
0.0.0.0 hubygvftc.cfd
0.0.0.0 audioza.cyou
# https://github.com/hagezi/dns-blocklists/issues/9111
0.0.0.0 moodabvrockcon.com
0.0.0.0 frenchy06--315ffb88022311f1b78142dde27851f2.web.val.run
# https://github.com/hagezi/dns-blocklists/issues/9127
0.0.0.0 tunnis-tautuminen-fi.gt.tc
# https://github.com/hagezi/dns-blocklists/issues/9112
# https://github.com/Phishing-Database/phishing/pull/1120
0.0.0.0 app2fa.com
0.0.0.0 enable.app2fa.com
0.0.0.0 seedlinkservice.com
0.0.0.0 activate.seedlinkservice.com
# https://github.com/hagezi/dns-blocklists/issues/9131
# https://www.malwarebytes.com/blog/threat-intel/2026/02/fake-7-zip-downloads-are-turning-home-pcs-into-proxy-nodes
# https://sourceforge.net/p/sevenzip/discussion/45797/thread/119837b16d/
# https://github.com/uBlockOrigin/uAssets/commit/47ef7d7f1c030da2c8a4c2af09e3a10a4e048852
# https://github.com/uBlockOrigin/uAssets/commit/95a8322ea08821a18c6cf72223892a6702d72f32
# https://www.youtube.com/watch?v=bpLxXH37Hs8
# https://www.youtube.com/watch?v=O-e7j-rndh0
0.0.0.0 7zip.com
0.0.0.0 www.7zip.com
0.0.0.0 7zip.cloud
# https://infosec.exchange/@iampytest1/116065978824511741
# https://tria.ge/260213-2jp6mshx4g/behavioral1
# https://tria.ge/260213-2q313shy7c/behavioral2
# https://www.virustotal.com/gui/file/e1427745d8b7ee49b92552b8cc33654b035a1632901fd6400a86086f4a87a17f/detection
# https://bazaar.abuse.ch/sample/e1427745d8b7ee49b92552b8cc33654b035a1632901fd6400a86086f4a87a17f/
0.0.0.0 ryosweb.com
0.0.0.0 xenos.love
# https://github.com/hagezi/dns-blocklists/issues/9168
# https://tria.ge/260217-qkxrbsbw5f/behavioral1
# dropped by the malware as C:\Users\Admin\AppData\Local\Temp\RarSFX0\1.exe: https://www.virustotal.com/gui/file/2e543b190d4a673b48818fd22224ad6a9139e75aa6acb4149169748f224ccafb
0.0.0.0 unlocktoolpro.com
# https://github.com/hagezi/dns-blocklists/issues/9169
0.0.0.0 digiseccloud.com
0.0.0.0 wulingyuanparkzone.com
# https://github.com/hagezi/dns-blocklists/issues/9177
0.0.0.0 lightsolutions.tv
# https://github.com/hagezi/dns-blocklists/issues/9203
# https://www.linkedin.com/posts/divy-vanesa-256865270_cybersecurity-macos-threatintelligence-activity-7424681298390323200-C5tT
# https://threatfox.abuse.ch/ioc/1750836/
# https://threatfox.abuse.ch/ioc/1683641/
0.0.0.0 kys.li
0.0.0.0 kys.cx
# https://github.com/uBlockOrigin/uAssets/issues/31922
0.0.0.0 payout-chatgpt.com
# https://infosec.exchange/@james_inthe_box/116127006471605901
# https://urlhaus.abuse.ch/browse.php?search=158.94.211.63
# https://github.com/hagezi/dns-blocklists/issues/9232
0.0.0.0 lichengdaiper.com
# https://github.com/hagezi/dns-blocklists/issues/9253
0.0.0.0 qfinder-pro.com
0.0.0.0 orayc.com
0.0.0.0 todeskapp.com
0.0.0.0 todesk.im
0.0.0.0 to-desk.com.cn
# https://github.com/hagezi/dns-blocklists/issues/9257
0.0.0.0 bakaoaikeujr.com
# https://github.com/hagezi/dns-blocklists/issues/9274
# https://maldita.es/timo/20260224/el-gobierno-espanol-junto-con-la-seguridad-social-ha-puesto-en-marcha-un-programa-de-ingresos-pasivos-para-la-poblacion-y-tras-una-inversion-inicial-de-250-los-ingresos-oscilaran-entre-2000-y-4000/
0.0.0.0 incoprimedec.com
# https://github.com/hagezi/dns-blocklists/issues/9323
0.0.0.0 main-chrome.com
0.0.0.0 kkd-google.com.cn
0.0.0.0 chroom-gooogle.com.cn
0.0.0.0 chromeg-google.com.cn
0.0.0.0 kf-google.com.cn
0.0.0.0 arc-google.com.cn
0.0.0.0 g-chrome-google.com.cn
0.0.0.0 chraome-google.hl.cn
0.0.0.0 p-google.cn
0.0.0.0 zh-cn-google.hl.cn
0.0.0.0 www.chrom-pc.cn
0.0.0.0 link-chrome.com
0.0.0.0 w-google.hl.cn
0.0.0.0 bing-google.hl.cn
0.0.0.0 gooogel.cn
0.0.0.0 aiwin-google.com
0.0.0.0 chrome.polamus.com
0.0.0.0 chrome.minphon.com
0.0.0.0 chrome.sungyun.cn
0.0.0.0 www.chrome-google-zh.hl.cn
0.0.0.0 vie-google.com.cn
0.0.0.0 chromes-google.com.cn
0.0.0.0 chrome.apkcmd.com
0.0.0.0 chromeandroid.com
0.0.0.0 chrome.jisuliulanqi.cn
# https://github.com/hagezi/dns-blocklists/issues/9321
# https://github.com/blocklistproject/Lists/issues/1604
0.0.0.0 bendigorewardsaj-homes.info
# https://github.com/hagezi/dns-blocklists/issues/9328
0.0.0.0 totamona.shop
0.0.0.0 obxnfnqo.shop
# https://github.com/hagezi/dns-blocklists/issues/9337
0.0.0.0 firefox.hl.cn
0.0.0.0 firefox-firefox.com
0.0.0.0 m-firefox.com
# ---- Scams ----
# fails to disclose it's lack of connection to uBlock *Origin*
# https://infosec.exchange/@iampytest1/111306748409652707
0.0.0.0 ublock.org
# https://virustotal.com/gui/url/723d30dcc93ee90f8f04b5cc3c5d07492338c41f7aa62fb2723c7d8b91537338/community
# https://github.com/uBlockOrigin/uAssets/issues/5854
0.0.0.0 ublockerext.com
# This domain has been used for typosquatting, malware, phishing, and scams (redirects to other scam/malware sites as of 17/9/2021)
# curl on 9/5/2021 shows it is still online
# https://www.siteadvisor.com/sitereport.html?url=quatrefeuillepolonaise.xyz
# https://virustotal.com/gui/url/7319b37aff351dc0f0e71dba194b5f21972be9ad072b955a35d27d5af359d5fa/community
# https://virustotal.com/gui/domain/quatrefeuillepolonaise.xyz/detection
# https://safeweb.norton.com/report/show?url=quatrefeuillepolonaise.xyz
# https://www.fortiguard.com/webfilter?q=quatrefeuillepolonaise.xyz
# https://quttera.com/detailed_report/quatrefeuillepolonaise.xyz
# https://www.urlvoid.com/scan/quatrefeuillepolonaise.xyz/
# https://www.mywot.com/en/scorecard/quatrefeuillepolonaise.xyz
# https://github.com/DandelionSprout/adfilt/issues/188
0.0.0.0 quatrefeuillepolonaise.xyz
# Related to above
# https://github.com/DandelionSprout/adfilt/issues/188
# https://github.com/DandelionSprout/adfilt/commit/0af1431c8f4cf45e9c27e359edf777b0c9bfa153
0.0.0.0 captcharesolving-universe.com
# https://virustotal.com/gui/ip-address/5.8.34.26/relations
# https://github.com/DandelionSprout/adfilt/issues/188
# https://virustotal.com/gui/url/136909c39798eacfc82e58459684619a4b89de8d3dedbe5a3010c5152b670328/detection
# https://github.com/iam-py-test/Assets-001/blob/main/goglenet%20malware
# https://github.com/DandelionSprout/adfilt/issues/188#issuecomment-848834204
0.0.0.0 instantfwding.com
0.0.0.0 catnip.de
0.0.0.0 fwdservice.com
# https://securitytrails.com/list/ip/5.8.47.3
# https://safeweb.norton.com/report/show?url=gamesex.fun
# https://www.siteadvisor.com/sitereport.html?url=gamesex.fun
# https://virustotal.com/gui/url/7bedfdd70bd23869a3598186270bcca9e64870842fb95df46da9ed5519e0b41c/detection
# just redirects to another blocked domain
# https://github.com/DandelionSprout/adfilt/issues/188
0.0.0.0 kmip.net
0.0.0.0 iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com
# More scam stuff on 27/9/2021
0.0.0.0 retailproductsusa.com
0.0.0.0 www.retailproductsusa.com
# Even more scams - https://github.com/DandelionSprout/adfilt/issues/188#issuecomment-931700117
0.0.0.0 findanswersnow.net
0.0.0.0 two.findanswersnow.net
0.0.0.0 signupandturnyourscreenoffsafepowernow.date
0.0.0.0 www.signupandturnyourscreenoffsafepowernow.date
0.0.0.0 jsontdsexit.com
0.0.0.0 therewardboost.com
0.0.0.0 t.therewardboost.com
0.0.0.0 natnlconsmrctr.com
0.0.0.0 lore.deduce.com
0.0.0.0 jpgtrk.com
# domains which gogle[.]net redirects to on 17/10/2021
0.0.0.0 securysearchapp.com
0.0.0.0 www1.securysearchapp.com
# on the same IP & just by looking at them, I can tell they are not legit
0.0.0.0 intunes.com
0.0.0.0 gimal.com
# https://github.com/uBlockOrigin/uAssets/issues/9344
# https://github.com/iam-py-test/Assets-001/tree/main/uiz.io_scam
0.0.0.0 uiz.io
# More scam domains found via redirects when clicking on the fake recaptcha
# https://virustotal.com/gui/url/73dae7d74bcdc9099a54b75b904cc45995d85534a313ad65fcc4d9e401b34607/detection
0.0.0.0 rewardsavenue.net
# https://virustotal.com/gui/url/d6745ce01da185054bd2125858e75445783976de0e5fa4a445284243830070e7/detection
0.0.0.0 rewardsgiantusa.com
# https://virustotal.com/gui/url/9edd33c7a370ba96bf3a7682193e67538984eab9d1b719c2f3042599a4d3d1d5/detection
0.0.0.0 rewardgiantztesters.com
# https://github.com/blocklistproject/Lists/issues/513
0.0.0.0 gooooooooogle.com
# https://github.com/iam-py-test/investigations/blob/main/2021/10/26/1.md#domains
0.0.0.0 r-tb.com
0.0.0.0 feed.r-tb.com
0.0.0.0 t.r-tb.com
0.0.0.0 cdn.hoood.info
0.0.0.0 beta-one.net
0.0.0.0 ny-t.r-tb.com
0.0.0.0 pisism.com
0.0.0.0 security-scanner.xyz
# https://github.com/iam-py-test/investigations/blob/main/2021/10/26/1.md#html-captures
0.0.0.0 news-back.org
0.0.0.0 www1.news-back.org
0.0.0.0 www2.news-back.org
0.0.0.0 www3.news-back.org
0.0.0.0 www4.news-back.org
0.0.0.0 www5.news-back.org
0.0.0.0 www6.news-back.org
0.0.0.0 www7.news-back.org
0.0.0.0 www8.news-back.org
0.0.0.0 www9.news-back.org
0.0.0.0 www10.news-back.org
# https://github.com/DandelionSprout/adfilt/pull/289
0.0.0.0 gogles.com
0.0.0.0 army-glo.scrollingsystem.com
# ||www.kqzyfj.com^$all
# ||kqzyfj.com^$all
# ||cj.dotomi.com^$all
0.0.0.0 mcafee12.tt.omtrdc.net
# https://virustotal.com/gui/ip-address/70.32.1.32/relations
0.0.0.0 cd.org
# https://github.com/uBlockOrigin/uAssets/issues/9848#issuecomment-907855092
# https://virustotal.com/gui/url/1671d2b14f2baed1438176929ba9908270f26e41f7b17c0ce0a85bd5e9c20f35/detection
# https://virustotal.com/gui/url/0eca172b2f35f81e0f222dbdf261a100c7897f734c7ba43920b67c4cddd6f8c9/detection
0.0.0.0 get-cracked.com
# More related domains/urls
0.0.0.0 mediafiire.com
0.0.0.0 www.mediafiire.com
0.0.0.0 www.onlinepromotionsusa.com
0.0.0.0 onlinepromotionsusa.com
0.0.0.0 promotionsonlineusa.com
0.0.0.0 w.promotionsonlineusa.com
# https://github.com/uBlockOrigin/uBlock-issues/issues/1774
# https://github.com/iam-py-test/investigations/blob/main/2021/10/28/1.md
0.0.0.0 eritokyo.jp
0.0.0.0 cpanlyzr.co
0.0.0.0 www.cpanlyzr.co
0.0.0.0 rewardzoneusa.com
0.0.0.0 contact.rewardzoneusa.com
0.0.0.0 reward3spot.com
0.0.0.0 www.reward3spot.com
0.0.0.0 order-safely.com
0.0.0.0 www.order-safely.com
0.0.0.0 followlink.click
0.0.0.0 publishers.revenueuniverse.com
# https://github.com/DandelionSprout/adfilt/issues/63#issuecomment-974886953
0.0.0.0 datingmap.top
0.0.0.0 e.datingmap.top
0.0.0.0 tonightshookup.com
0.0.0.0 members.tonightshookup.com
0.0.0.0 t.tonightshookup.com
# Scam and fake Roblox hacks
0.0.0.0 gghacks.com
# Scam websites opened - put in redirect order
0.0.0.0 www.rewardsgiantusa.com
# Asks for personal data (name,address,birthdate,gender,email), claims you will get a "reward", never provides hack
0.0.0.0 r.promotionsonlineusa.com
# More scams
0.0.0.0 displayoptoffers.com
0.0.0.0 www.displayoptoffers.com
0.0.0.0 www.yrxtrk.com
0.0.0.0 sweepstakesalerts.com
0.0.0.0 play.sweepstakesalerts.com
0.0.0.0 www.stash.com
0.0.0.0 www.qualityhealth.com
0.0.0.0 qualityhealth.com
0.0.0.0 consumerproductsusa.com
0.0.0.0 www.consumerproductsusa.com
# https://github.com/iam-py-test/investigations/blob/main/2021/11/21/1.md
# https://github.com/hagezi/dns-blocklists/issues/241
# ||yasir252.com^$all
# ||www.yasir252.com^$all
0.0.0.0 safelink.kadal.club
# https://forums.malwarebytes.com/topic/285824-malicious-disk-image-file-iso/ --> https://virustotal.com/gui/url/20ef8f13f6ed4f2ad0f25c4d98c5ba213223dd95d18ae31494b5df4305fc7a6c
0.0.0.0 iclickcdn.com
0.0.0.0 bedrapiona.com
0.0.0.0 dozubatan.com
0.0.0.0 onmarshtompor.com
0.0.0.0 chultoux.com
0.0.0.0 yonhelioliskor.com
0.0.0.0 ptauxofi.net
0.0.0.0 betshucklean.com
0.0.0.0 b58ncoa1c07f.com
0.0.0.0 gammamkt.com
0.0.0.0 leadgentrk.com
# https://github.com/AdguardTeam/AdguardFilters/issues/122055
# https://tria.ge/230714-tf54paga3y/behavioral1
0.0.0.0 adblock-zen-download.com
0.0.0.0 adblock-zen.com
0.0.0.0 adblockertool.com
0.0.0.0 supremeadblocker.info
# https://scammer.info/t/faremart/82671
0.0.0.0 faremart.com
0.0.0.0 www.faremart.com
# https://github.com/DandelionSprout/adfilt/issues/63#issuecomment-977912975
# https://www.tv2.no/nyheter/14368524/
0.0.0.0 alexstewartinternationalltd.rw
0.0.0.0 vps.re
# https://www.youtube.com/watch?v=iQiVH533ncM
0.0.0.0 avengeradblocker.com
0.0.0.0 poweradblocker.com
# https://github.com/iam-py-test/investigations/blob/main/2021/11/25/1.md
0.0.0.0 fasterfiles.net
0.0.0.0 inteledirect.com
0.0.0.0 turapport-strience.icu
0.0.0.0 americanwinnerscircle.com
# https://github.com/iam-py-test/investigations/blob/main/2021/11/28/1.md
0.0.0.0 reykijnoac.com
0.0.0.0 totalnicefeed.com
0.0.0.0 omnatuor.com
# https://scammer.info/t/youtube-bot-roblox-scam-39/84530
0.0.0.0 freeco.xyz
# https://scammer.info/t/microsoft-phishing-1/84589
0.0.0.0 aceelectricalny.com
# https://github.com/DandelionSprout/adfilt/issues/63#issuecomment-986306768
0.0.0.0 chess-progress.ru
# https://forums.malwarebytes.com/topic/281514-scam-websites/
0.0.0.0 812138.com
0.0.0.0 dj-video.xyz
0.0.0.0 hj-video.xyz
# https://github.com/uBlockOrigin/uAssets/pull/10804
# https://bbs.kafan.cn/thread-2221500-1-1.html
0.0.0.0 88btbtt.com
# https://github.com/DandelionSprout/adfilt/issues/63#issuecomment-988127908
# https://www.tek.no/i/lVeQAe/
# https://www.nkom.no/aktuelt/ikke-trykk-pa-lenker-i-sms--for-du-er-helt-sikker/
0.0.0.0 eccolabgroup.com
0.0.0.0 galerijajava.ba
0.0.0.0 p-stn.net
# scam dating sites
0.0.0.0 casualdating.com
0.0.0.0 iflirts.com
0.0.0.0 www.iflirts.com
# fake notification scams
0.0.0.0 ourcoolstories.com
0.0.0.0 javsidblog.com
0.0.0.0 cagothie.net
# https://github.com/iam-py-test/investigations/blob/main/2021/12/9/1.md
0.0.0.0 0s.click
0.0.0.0 0pen.online
# https://github.com/iam-py-test/investigations/blob/main/2021/12/12/1.md
0.0.0.0 onlineenglishteacher.co
0.0.0.0 www.fling.com
# either redirects to random websites or scams
0.0.0.0 lekms.com
0.0.0.0 yourcoolfeed.com
# fake MediaFire websites
0.0.0.0 royaltees.co
0.0.0.0 kitago.info
0.0.0.0 herezfile400.weebly.com
0.0.0.0 hereeup447.weebly.com
0.0.0.0 yaihxj.knewdayfull.top
0.0.0.0 knewdayfull.top
0.0.0.0 4lgx4.bemobtrcks.com
0.0.0.0 ge6s.com
0.0.0.0 yellowmother374.weebly.com
0.0.0.0 tiborola.info
0.0.0.0 myhypeposts.com
0.0.0.0 zxzfic.weebly.com
0.0.0.0 iminna.info
0.0.0.0 bloghunter.aaguatemala.org
0.0.0.0 cleveradult148.weebly.com
0.0.0.0 forexever451.weebly.com
0.0.0.0 ourcoolposts.com
0.0.0.0 bitnew695.weebly.com
0.0.0.0 gomusic.info
0.0.0.0 myprotectionsurveys.com
0.0.0.0 www.myprotectionsurveys.com
0.0.0.0 ouphouch.com
# https://github.com/iam-py-test/investigations/blob/main/2021/12/14/1.md
0.0.0.0 onemacusa.net
# random .xyz domains which just don't look legit
0.0.0.0 cp2s.xyz
# https://scammer.info/t/snapchat-spam-click-link-don-t-link-investigate-please/85620
0.0.0.0 hotglrls.net
0.0.0.0 nvoddn.hotglrls.net
0.0.0.0 hushlove.com
0.0.0.0 jucydate.com
0.0.0.0 w17veh63m7o8s4ncihd1jq8i.people-wet.com
# https://scammer.info/t/stupid-ass-scammers-lol/85601 (support[@]clickgadgets[.]club)
0.0.0.0 clickgadgets.club
# scam website with only fake links
0.0.0.0 pseepsie.com
# pretty sure this is a porn scam
0.0.0.0 carnalcams.com
0.0.0.0 www.carnalcams.com
# the register form doesn't do anything after entering data, just redirect back to the start
0.0.0.0 fbookhookups.com
0.0.0.0 fuckpal.com
# seen in scam ads
0.0.0.0 fuck-me.io
# https://scammer.info/t/youtube-comment-spam/85737
0.0.0.0 acceptww.com
0.0.0.0 0.acceptww.com
0.0.0.0 8.acceptww.com
# https://github.com/DandelionSprout/adfilt/issues/288
0.0.0.0 discordap.com
0.0.0.0 7lyonline.com
0.0.0.0 safelyonline.net
0.0.0.0 get.safelyonline.net
0.0.0.0 browse-safe.net
0.0.0.0 get.browse-safe.net
0.0.0.0 btpnative.com
0.0.0.0 data-px.services
0.0.0.0 live.newsvot.com
0.0.0.0 ny-feed.r-tb.com
# https://scammer.info/t/cyberpunk-2077-fake-generator/85772
0.0.0.0 ragamer.com
# possible Tech Support Scam
0.0.0.0 installmysecurity.com
# "press allow to continue"
0.0.0.0 shortnewsinfo.com
# https://github.com/uBlockOrigin/uBlock-issues/issues/1774#issuecomment-1000722777
0.0.0.0 viewty.xyz
0.0.0.0 landing.marketstm.com
# https://forums.malwarebytes.com/topic/282206-scam-websites/
0.0.0.0 bs-video.xyz
0.0.0.0 video-cd.xyz
0.0.0.0 gm-video.xyz
0.0.0.0 iamoney.xyz
0.0.0.0 vbmoney.xyz
0.0.0.0 lstmoney.xyz
0.0.0.0 uamoney.xyz
0.0.0.0 ecmoney.xyz
0.0.0.0 gcmoney.xyz
# 'click allow to continue' scam which redirects to random subdomains when the premission is blocked. Also redirects to TotalAV at the end
0.0.0.0 8db3p.leadoesnotknowaboutkukuriko.xyz
0.0.0.0 leadoesnotknowaboutkukuriko.xyz
# fake antivirus message
0.0.0.0 mcafee5.www-safety.com
0.0.0.0 weledying-jessed.com
# https://forums.malwarebytes.com/topic/282376-website-giving-spammy-popups/
0.0.0.0 rplnd10.com
# https://scammer.info/t/youtube-bot/86668
0.0.0.0 kingapp.store
0.0.0.0 downloadlocked.com
0.0.0.0 advantagecircles.com
# found this while looking for Memz samples - https://user-images.githubusercontent.com/84232764/149638659-8e0e9e91-8d02-4fff-bd0f-af8423550777.png (hxxps://verify-me.club/2004cbf?s1=down1)
# still alive as of 11/11/2022 - https://app.any.run/tasks/f0474f51-6b14-432b-b1f0-98a1137e359c
0.0.0.0 letmik.com
0.0.0.0 atandmouse.com
0.0.0.0 c.atandmouse.com
# another fake Nitro generator
0.0.0.0 richinfo.co
0.0.0.0 contact.uplevelrewards.com
# fake download website
0.0.0.0 tonxis19.amebaownd.com
0.0.0.0 hzaowj3.berilata.ru
# https://github.com/DandelionSprout/adfilt/issues/63#issuecomment-1025251202
# https://github.com/uBlockOrigin/uAssets/issues/11518
0.0.0.0 libertatea.net
# fake human verification scam
# start form - reported for abuse
0.0.0.0 q.promotionsonlineusa.com
0.0.0.0 reward4spot.com
0.0.0.0 www.reward4spot.com
# fake download buttons with popups
0.0.0.0 cracked-games.org
0.0.0.0 prksism.com
# fake 'no human verification' discord nitro generator
0.0.0.0 huffduffer.com
# still alive as of 11/11/2022 - https://app.any.run/tasks/c4a6e7d3-21da-4274-b262-e08dee1bb3cd
0.0.0.0 meine.belohnung24.com
0.0.0.0 ideen.belohnung24.com
0.0.0.0 iphone.belohnung24.com
# another discord Nitro scam
# "press allow to continue"
0.0.0.0 www.kuyhaa-mee.com
0.0.0.0 kuyhaa-mee.com
0.0.0.0 www.upload-4ever.com
0.0.0.0 upload-4ever.com
# Fake discord nitro (still alive as of 11/11/2022)
0.0.0.0 lucymods.com
0.0.0.0 gluegames.xyz
# another fake site
0.0.0.0 www.aldvingomes.com
0.0.0.0 aldvingomes.com
# fake discord nitro
# https://app.any.run/tasks/73236419-3190-47fa-81f0-8a31bcf48a5b
0.0.0.0 minutewinner.com
# Yet another fake discord generator
0.0.0.0 jellycheat.com
# https://scammer.info/t/paste-your-discord-nitro-scams-here/89880/2
# https://github.com/uBlockOrigin/uAssets/issues/11157#issuecomment-1049093327
0.0.0.0 sideload.cc
# survey scams
0.0.0.0 psp-haxors.com
0.0.0.0 gripclicks.com
# https://app.any.run/tasks/a3abdf35-fa15-4115-91fb-cfc5c1e45ff4
0.0.0.0 omnioffers.com
# hxxpx[://]consortiumrecords[.]co/free-tools/download-microsoft-office-365-product-key-crack-updated/
0.0.0.0 foradream.top
0.0.0.0 h.therewardboost.com
0.0.0.0 b.therewardboost.com
0.0.0.0 i.therewardboost.com
0.0.0.0 s.therewardboost.com
0.0.0.0 c.therewardboost.com
0.0.0.0 w.therewardboost.com
0.0.0.0 z.therewardboost.com
0.0.0.0 g.therewardboost.com
0.0.0.0 o.therewardboost.com
0.0.0.0 u.therewardboost.com
0.0.0.0 v.therewardboost.com
0.0.0.0 y.therewardboost.com
0.0.0.0 m.therewardboost.com
0.0.0.0 x.therewardboost.com
0.0.0.0 d.therewardboost.com
0.0.0.0 j.therewardboost.com
0.0.0.0 p.therewardboost.com
0.0.0.0 f.therewardboost.com
0.0.0.0 a.therewardboost.com
0.0.0.0 e.therewardboost.com
0.0.0.0 r.therewardboost.com
0.0.0.0 k.therewardboost.com
0.0.0.0 n.therewardboost.com
0.0.0.0 l.therewardboost.com
0.0.0.0 q.therewardboost.com
0.0.0.0 www.therewardboost.com
# porn scam? asks for personal info and gets stuck in a loop
# https://tria.ge/260206-ybjr4sa19a/behavioral1
0.0.0.0 dream-singles.com
0.0.0.0 www.dream-singles.com
0.0.0.0 assets.dream-singles.com
0.0.0.0 cdn-assets.dream-singles.com
# even more fake "human verification"
0.0.0.0 speedboostpc.com
# redirects to already blocked sites
# scam browser theme
0.0.0.0 unlock3r.net
# looks very shady
0.0.0.0 www.taixiu.bet
0.0.0.0 taixiu.bet
# https://github.com/AdguardTeam/AdguardFilters/issues/111843
0.0.0.0 cybop.net
# https://forums.malwarebytes.com/topic/284608-crypto-giveaway-scams/
# https://github.com/DandelionSprout/adfilt/issues/63#issuecomment-1060031240
0.0.0.0 mydirtytinders.com
# yet another fake Discord Nitro Generator
0.0.0.0 www.everydaywinner.com
0.0.0.0 everydaywinner.com
0.0.0.0 www.monumented.com
# looks like Fox News, to promote something which is probably a scam
0.0.0.0 www.livingyourbestlife.co
0.0.0.0 livingyourbestlife.co
0.0.0.0 foxnewsweatherdaily.com
# https://virustotal.com/graph/gae4b79eddfec44439142fec34bf90890609e118340984dbd855b515b1be9cfc9
# auto-redirect from hxxpx://createwithkrista[.]co/windows/winrar-for-windows-10-64-bit-free-download-with-crack/
0.0.0.0 outto.us
# the rest is blocked
# YAFNG (Yet another fake Nitro generator)
0.0.0.0 nitromexyz.xyz
0.0.0.0 grptrac.com
# Yet Another fake discord generator
0.0.0.0 consumerdigitalsurvey.com
# Reddit spam --> already blocked
# Already blocked
0.0.0.0 d.promotionsonlineusa.com
# https://forums.malwarebytes.com/topic/285189-scam-warnings-of-trojansviruses-via-web-browser-service-workers/
0.0.0.0 yourwebshield.com
# https://app.any.run/tasks/a8a589e0-2aee-43f5-9fbe-92dc9e4bfec4
0.0.0.0 action.miliated.xyz
# https://github.com/DandelionSprout/adfilt/issues/63#issuecomment-1094359634
0.0.0.0 localdates16s.com
0.0.0.0 popupchat-live.com
# a "press allow to continue" + fake McAfee
0.0.0.0 ultrafastultra.blogspot.com
0.0.0.0 tei.ai
0.0.0.0 forfrogadiertor.com
# Fake Discord nitro generator
0.0.0.0 www.uplevelreward.com
0.0.0.0 uplevelreward.com
# even more fake Discord Nitro generators
# Google Group --> Discord Nitro generator
# https://github.com/AdguardTeam/AdguardFilters/issues/115955
# https://github.com/AdguardTeam/AdguardFilters/issues/115960
0.0.0.0 onpharmvermen.com
# https://github.com/AdguardTeam/AdguardFilters/issues/115959
0.0.0.0 classpharmenado.com
# https://github.com/AdguardTeam/AdguardFilters/issues/115958
0.0.0.0 sale24-pills.com
# https://github.com/AdguardTeam/AdguardFilters/issues/115957
# https://github.com/AdguardTeam/AdguardFilters/issues/115954
0.0.0.0 everypdnsharmacy.com
# https://github.com/AdguardTeam/AdguardFilters/issues/115953
0.0.0.0 happypharmproduct.com
# Fake Norton screen
# a fake MediaFire domain
0.0.0.0 walkeryellow141.weebly.com
0.0.0.0 www.dealskeeper.com
0.0.0.0 h.promotionsonlineusa.com
# ads on hxxp://gestyy[.]com/es8jOv
0.0.0.0 m.eegeeglou.com
# Discord Nitro generator (fake)
0.0.0.0 y.promotionsonlineusa.com
# ads on a site --> https://virustotal.com/gui/url/0871f217f945c993d8624aadd5e718e9bb740096d13fad74d58b3fc3a4fdfda0
0.0.0.0 ebaaa.xyz
0.0.0.0 uprimp.com
# a random popup
0.0.0.0 lifeimpressions.net
0.0.0.0 d0063d.lifeimpressions.net
0.0.0.0 100800.lifeimpressions.net
0.0.0.0 fdb51a.lifeimpressions.net
0.0.0.0 3ceeb9.lifeimpressions.net
# https://github.com/AdguardTeam/AdguardFilters/issues/121544
0.0.0.0 trafredirtds.com
# https://web.archive.org/web/20230604184126/https://twitter.com/iam_py_test/status/1538267982551347200
0.0.0.0 www.easyrobuxtoday.org
0.0.0.0 appinstallcheck.com
# weird website with some Push Allow To Continue alerts - hxxpx[://]www[.]filefixation[.]com/malwarebytes-pro-crack-serial-keygen-download.html
0.0.0.0 filefixation.com
0.0.0.0 www.filefixation.com
# ads
0.0.0.0 german0.xyz
0.0.0.0 wnprt.club
0.0.0.0 kerbians.click
# redirects to scams
0.0.0.0 sharefast572.tumblr.com
0.0.0.0 tumblr.gotohouse.top
0.0.0.0 gotohouse.top
# redirected to scams automatically
0.0.0.0 loadingdead.netlify.app
0.0.0.0 down.myboxloadneed.top
0.0.0.0 myboxloadneed.top
# fake download to scams
0.0.0.0 alexisfernandez.doodlekit.com
0.0.0.0 doodlekit.gotorange.top
# hxxps://iyoutubetomp4[.]com/en/
# https://app.any.run/tasks/8125703c-6fdb-49bc-a18c-918e64e83f4d
0.0.0.0 lsmnz.perfordpetre.xyz
0.0.0.0 perfordpetre.xyz
# Discord scam
# Push-Allow-To-Continue
0.0.0.0 ptaimpeerte.com
# McAfee-themed scam
0.0.0.0 d3f068fvt45f1f.cloudfront.net
0.0.0.0 eastrk-dn.com
# Fake giveaway
0.0.0.0 teenmas46.tistory.com
0.0.0.0 teenymi.tistory.com
# https://github.com/DandelionSprout/adfilt/issues/63#issuecomment-1209782781
# https://app.any.run/tasks/a7cc86ee-a604-4a65-968c-26c237620b2b (nsfw)
0.0.0.0 fuckbook.tv
# https://www.youtube.com/watch?v=6e7MsoThffo
0.0.0.0 loadnova898.netlify.app
0.0.0.0 tonrino.info
0.0.0.0 x-delivery.icu
0.0.0.0 nextsoft.icu
# https://github.com/DandelionSprout/adfilt/issues/63#issuecomment-1218058597
0.0.0.0 a2ics.eu
# https://github.com/DandelionSprout/adfilt/issues/63#issuecomment-1230939213
0.0.0.0 classicsgirl.com
# https://app.any.run/tasks/a24d7146-479f-4b90-b4d6-c9d6e73257a8
0.0.0.0 pogothere.xyz
0.0.0.0 sihighlyrecom.xyz
0.0.0.0 czxcm.sihighlyrecom.xyz
0.0.0.0 rwanf.sihighlyrecom.xyz
0.0.0.0 zosuc.sihighlyrecom.xyz
# https://forums.malwarebytes.com/topic/290022-malware-from-acaptchalesstop/ <-- No proof, but the domain name looks sus
0.0.0.0 captchaless.top
0.0.0.0 a.captchaless.top
0.0.0.0 pshmetrk.com
# https://virustotal.com/gui/url/d86dda38f96243311df2857966c047be0b4097ed4541ebe28cdc0dfc9e4ff4d2/community
# https://app.any.run/tasks/3c8b1d38-de18-488a-9e3f-62b3354c17e8
0.0.0.0 haltertrailer.info
0.0.0.0 trk-magnam.com
0.0.0.0 event.trk-magnam.com
0.0.0.0 trk-deserunt.com
0.0.0.0 push.trk-deserunt.com
0.0.0.0 subscription.trk-deserunt.com
0.0.0.0 event.trk-deserunt.com
0.0.0.0 alertsx.com
0.0.0.0 core.alertsx.com
# Porn scam
0.0.0.0 her-cupid.com
0.0.0.0 hottieswantu.com
0.0.0.0 usabangpalace.com
0.0.0.0 offers.usabangpalace.com
0.0.0.0 find-singles-online.com
0.0.0.0 w86a5jeili53sd6j26lv71h0.find-singles-online.com
# https://forums.malwarebytes.com/topic/290348-fake-mcafee-site/
# credit to https://forums.malwarebytes.com/profile/62534-chas4/
0.0.0.0 install-network.com
# https://github.com/DandelionSprout/adfilt/issues/63#issuecomment-1257870944
0.0.0.0 netbuilding.com.ar
# Scam shared by https://github.com/piquark6046 (https://app.any.run/tasks/c30445b3-cc48-4039-9b02-26289f798b2f)
# redirects from a hacked website
0.0.0.0 rx-qualityshop.com
0.0.0.0 canadatrustmed.com
# domains used by adfly for notification spam
# https://github.com/DandelionSprout/adfilt/commit/f60df9e069b404ce56727cc1b734b89ba7241849
# https://github.com/AdguardTeam/AdguardFilters/issues/132079
0.0.0.0 davisonbarker.pro
0.0.0.0 www64.davisonbarker.pro
0.0.0.0 www31.davisonbarker.pro
0.0.0.0 www10.davisonbarker.pro
0.0.0.0 www24.davisonbarker.pro
0.0.0.0 www62.davisonbarker.pro
0.0.0.0 www87.davisonbarker.pro
0.0.0.0 www16.davisonbarker.pro
0.0.0.0 www61.davisonbarker.pro
0.0.0.0 www50.davisonbarker.pro
0.0.0.0 www77.davisonbarker.pro
0.0.0.0 www100.davisonbarker.pro
0.0.0.0 www85.davisonbarker.pro
0.0.0.0 www76.davisonbarker.pro
0.0.0.0 www39.davisonbarker.pro
0.0.0.0 www28.davisonbarker.pro
0.0.0.0 www3.davisonbarker.pro
0.0.0.0 www75.davisonbarker.pro
0.0.0.0 www78.davisonbarker.pro
0.0.0.0 www15.davisonbarker.pro
0.0.0.0 www29.davisonbarker.pro
0.0.0.0 www70.davisonbarker.pro
0.0.0.0 www21.davisonbarker.pro
0.0.0.0 www59.davisonbarker.pro
0.0.0.0 www25.davisonbarker.pro
0.0.0.0 www17.davisonbarker.pro
0.0.0.0 www74.davisonbarker.pro
0.0.0.0 www99.davisonbarker.pro
0.0.0.0 www79.davisonbarker.pro
0.0.0.0 www22.davisonbarker.pro
0.0.0.0 www94.davisonbarker.pro
0.0.0.0 www45.davisonbarker.pro
0.0.0.0 www51.davisonbarker.pro
0.0.0.0 www98.davisonbarker.pro
0.0.0.0 www35.davisonbarker.pro
0.0.0.0 www92.davisonbarker.pro
0.0.0.0 www12.davisonbarker.pro
0.0.0.0 www37.davisonbarker.pro
0.0.0.0 www33.davisonbarker.pro
0.0.0.0 www68.davisonbarker.pro
0.0.0.0 www34.davisonbarker.pro
0.0.0.0 lowrihouston.pro
0.0.0.0 www53.lowrihouston.pro
0.0.0.0 www44.lowrihouston.pro
0.0.0.0 www48.lowrihouston.pro
0.0.0.0 www91.lowrihouston.pro
0.0.0.0 www57.lowrihouston.pro
0.0.0.0 www1.lowrihouston.pro
0.0.0.0 www42.lowrihouston.pro
0.0.0.0 nathanaeldan.pro
0.0.0.0 www97.nathanaeldan.pro
0.0.0.0 www61.nathanaeldan.pro
0.0.0.0 www48.nathanaeldan.pro
0.0.0.0 www4.nathanaeldan.pro
0.0.0.0 www86.nathanaeldan.pro
0.0.0.0 www84.nathanaeldan.pro
0.0.0.0 www50.nathanaeldan.pro
0.0.0.0 www39.nathanaeldan.pro
0.0.0.0 www16.nathanaeldan.pro
0.0.0.0 www44.nathanaeldan.pro
0.0.0.0 freddyoctavio.pro
0.0.0.0 www63.freddyoctavio.pro
0.0.0.0 www70.freddyoctavio.pro
0.0.0.0 www16.freddyoctavio.pro
0.0.0.0 www36.freddyoctavio.pro
0.0.0.0 www21.freddyoctavio.pro
0.0.0.0 www68.freddyoctavio.pro
0.0.0.0 www72.freddyoctavio.pro
0.0.0.0 www86.freddyoctavio.pro
# various domains farmed from adfly
# https://app.any.run/tasks/e18002cc-5207-4834-9e67-08364efb5036
0.0.0.0 toido.arrowtoldilim.com
# https://app.any.run/tasks/07bb037e-3180-40cd-8f59-b7854cabd601/
0.0.0.0 gamegadget2022.blogspot.com
# https://app.any.run/tasks/da8a44c3-965f-4fd6-816d-b5ae16235f62
0.0.0.0 winnenmetje.info
0.0.0.0 iphone14.winnenmetje.info
# https://virustotal.com/gui/url/7b40e1b7ffc3b710640ae41c529aff18e4c8cded55391d55c34b601912c5a2a2/community
# https://app.any.run/tasks/f0a198be-f4a4-4414-94c5-21ed61ae0264
# https://app.any.run/tasks/6600c704-20f5-4643-a9b7-322673aa7eb4
0.0.0.0 vbucks-goo.com
0.0.0.0 www.vbucks-goo.com
0.0.0.0 www.jpnbgn.com
0.0.0.0 789offers.net
0.0.0.0 1263dcb80ec5.789offers.net
# https://forums.malwarebytes.com/topic/291952-mb-keeps-finding-same-4-pups/#comment-1541507
0.0.0.0 wilycaptcha.live
0.0.0.0 a.wilycaptcha.live
0.0.0.0 captchasee.live
0.0.0.0 captchatotal.live
# https://app.any.run/tasks/c87a34ca-0d2f-43cb-be6d-8f48506bd723
0.0.0.0 elooksjustli.one
# https://app.any.run/tasks/6bd12a68-ef8e-4e44-9c66-9c8e82cb784c
0.0.0.0 2.napublic.com
0.0.0.0 napublic.com
0.0.0.0 haxbyq.com
0.0.0.0 authookroop.com
0.0.0.0 s.viiqvmfb.com
# porn-related scams
0.0.0.0 flirtclub.life
0.0.0.0 bumble-me.com
0.0.0.0 localhookup5.com
0.0.0.0 i.placefordating.live
0.0.0.0 placefordating.live
0.0.0.0 eroticmadness.com
0.0.0.0 jtdn2.datingtopgirls.com
0.0.0.0 datingtopgirls.com
0.0.0.0 join-the-dating.com
0.0.0.0 18hot.pw
# https://scammer.info/t/discord-nitro-scam/113648
# popups from shady URL shorteners
0.0.0.0 mediasama.com
0.0.0.0 ufacw.com
0.0.0.0 lyconery-readset.com
0.0.0.0 fralstamp-genglyric.icu
# https://app.any.run/tasks/a15bbdd6-64d6-4a49-8457-6fbef1d00872
0.0.0.0 belohnung24.com
# https://app.any.run/tasks/5a76864c-7436-4411-afc8-5937e8d1d147#
# https://app.any.run/tasks/f7cdecba-0b76-4a5f-9d19-c36a453130dc
# https://tria.ge/240411-xhwjtahh93/behavioral1
0.0.0.0 nationalconsumerscenter.co.uk
0.0.0.0 contact.nationalconsumerscenter.co.uk
# https://tria.ge/221208-2zaqwsbg78/behavioral1
# I got some kind of miner/adware and an adware extension! All in one run!
0.0.0.0 manualmaestro.com
0.0.0.0 holavpninstaller.com
0.0.0.0 cdn4.holavpninstaller.com
0.0.0.0 perr.holavpninstaller.com
0.0.0.0 client.holavpninstaller.com
# https://forums.malwarebytes.com/topic/292800-posiberchoncom-%C2%A0malwarebytes-please-research-and-update-your-virus-db/
0.0.0.0 posiberchon.com
# https://app.any.run/tasks/68b82f9e-16f5-4514-8140-ac3df58a3114
0.0.0.0 fastspeed121.xyz
0.0.0.0 track.buzz-track.com
0.0.0.0 main.smile-keeper.com
# https://app.any.run/tasks/41c5f7b2-250a-4781-86be-e03e56d1a8ed
0.0.0.0 tlgrph.gotorange.top
0.0.0.0 gotorange.top
0.0.0.0 puredating.top
# (NSFW) https://app.any.run/tasks/e5a682c3-c4a3-4bb9-abd7-4f6c1cbd22f3
0.0.0.0 dating-schedule.com
0.0.0.0 onlyfucks1s.com
0.0.0.0 d.wonderfuldating.top
0.0.0.0 wonderfuldating.top
0.0.0.0 milf-book.com
0.0.0.0 www.casualdates4you.com
0.0.0.0 casualdates4you.com
# an infected VM
0.0.0.0 dreamyproducts4u.net
0.0.0.0 getarrectlive.com
0.0.0.0 get.securedbrowser.net
0.0.0.0 securedbrowser.net
0.0.0.0 settings.securedbrowser.net
0.0.0.0 www.securedbrowser.net
0.0.0.0 search.securedbrowser.net
0.0.0.0 kms-auto.site
0.0.0.0 phenotypeguide.com
0.0.0.0 onesocialimpactnow.com
0.0.0.0 globaledyta.com
# https://app.any.run/tasks/67907c11-6877-4c38-932f-2cf09ee4e434
0.0.0.0 adblock-chrome.net
# https://github.com/uBlockOrigin/uAssets/issues/16000
# https://app.any.run/tasks/195b871c-b9cd-48f8-a7c1-6a53ea943a4b
0.0.0.0 z83z9.com
0.0.0.0 videofon.space
0.0.0.0 videofen.space
0.0.0.0 video7top.com
0.0.0.0 click-videov.com
0.0.0.0 click-videot.com
0.0.0.0 click-videom.com
0.0.0.0 click-videok.com
0.0.0.0 click-videoc.com
0.0.0.0 video7top.site
0.0.0.0 videobtc.space
0.0.0.0 videoeth.space
0.0.0.0 videofun.space
0.0.0.0 videofan.space
0.0.0.0 videoton.space
0.0.0.0 videosol.space
0.0.0.0 ythjhk.com
# https://app.any.run/tasks/e0266815-2e00-42cb-b646-fa7dffb4a5e5
0.0.0.0 deine.belohnung24.com
0.0.0.0 spr.belohnung24.com
0.0.0.0 expensivesurvey.click
0.0.0.0 af.247games.mobi
# various scams from one site
0.0.0.0 recodetime.com
0.0.0.0 updateinfoacademy.com
# https://forums.malwarebytes.com/topic/293205-alexa-support-scam/
0.0.0.0 privacysearching.com
# probably a Tech Support scam
# discord nicro scam
0.0.0.0 discordnitrocodegeneratorfree2022nohumanverification.weebly.com
0.0.0.0 gainforfree.com
# https://virustotal.com/gui/url/65e7a48f0f2efb758087a0d99e8482a4b3245468e959633493655754fec08f48/community
# https://app.any.run/tasks/58b76078-e35e-46c8-b15e-e187ed375be6
0.0.0.0 bubuxflow.com
# https://virustotal.com/gui/url/9c7b98445c0fd303be8604f383b3c940309068ea88b37d3945f4d34bb42d6c57/community
# (nsfw) https://app.any.run/tasks/a8a191ea-0e54-439f-96fd-c04a04150b06
0.0.0.0 expresscommusa.com
0.0.0.0 date.sofortdates69.com
0.0.0.0 sofortdates69.com
# https://forums.malwarebytes.com/topic/293293-i-clicked-on-something-and-i-got-redirected-to-malicious-website-help/
# https://forums.malwarebytes.com/topic/293294-fake-onlyfans-website/ (account required)
# https://app.any.run/tasks/cb1a672e-c3ed-455a-bc84-4b8bc060ee68
# https://www.hybrid-analysis.com/sample/c3190b42a350a79f2b97af529a8bb57f39b62c9b12367419e71a2d053fb4a5fe
0.0.0.0 freeflirtz.com
0.0.0.0 sexfriendfdr.freeflirtz.com
# https://app.any.run/tasks/6c4f152f-c5b2-43ab-9b9e-06ae1480c74d
0.0.0.0 cldoffers.net
# typical fake "discord nitro generator"
0.0.0.0 thunderfiles.co
0.0.0.0 g.luckycashzone.com
# https://forums.malwarebytes.com/topic/293412-possible-fake-malwarebytes-number/
# https://scammer.info/t/viruses-need-to-be-removed-immediately-take-emergency-measures-trojan/117241/3
0.0.0.0 install.sunlifestores.com
# https://virustotal.com/gui/url/2dabab937f09b2892f26c995365f64402574c8aa3e2f9750047131ca7a8d73d6
# https://tria.ge/230109-14rdrsbd6t/behavioral1
0.0.0.0 lootprime.com
0.0.0.0 rdr.mobiletime.net
# https://github.com/AdguardTeam/AdguardFilters/issues/139667 (credit to DandelionSprout for some of these entries)
0.0.0.0 yepsimmen.live
# resolve to 51.68.87.229
0.0.0.0 intoobut.live
0.0.0.0 logomuado.live
0.0.0.0 laxthatpie.live
0.0.0.0 tooldidhurt.live
# https://github.com/AdguardTeam/AdguardFilters/issues/139667#issuecomment-1383935774
0.0.0.0 tapwhomjay.live
# https://github.com/AdguardTeam/AdguardFilters/issues/139667#issuecomment-1387103725
# https://virustotal.com/gui/url/5c74d63d19b8ec82321d352749977e29795a9d074fcdacce3f1c822da28a3bba/detection
# https://github.com/AdguardTeam/AdguardFilters/issues/139667#issuecomment-1398421015
# https://github.com/AdguardTeam/AdguardFilters/issues/139667#issuecomment-1399002017
# https://tria.ge/230120-1tlersbg8x/behavioral1
0.0.0.0 totalrecaptcha.top
# https://github.com/DandelionSprout/adfilt/issues/747
# https://github.com/DandelionSprout/adfilt/commit/f055f89a51e7f9b1bcc58a0013b6207f89594ebe (all credit to DandlionSprout)
0.0.0.0 adidascostarica.com
0.0.0.0 aloyogaaustria.com
0.0.0.0 aloyogacz.com
0.0.0.0 asicousutlet.com
0.0.0.0 atl-braves.shop
0.0.0.0 billabong-turkiye.com
0.0.0.0 bosssalescheap.com
0.0.0.0 bossusaclearan.com
0.0.0.0 bucsjersey.sale
0.0.0.0 californiasports.shop
0.0.0.0 chacosandalsaustralia.com
0.0.0.0 cipomagyarorszag.com
0.0.0.0 cityconnect.pro
0.0.0.0 clarks-ar.com
0.0.0.0 clarks-dk.com
0.0.0.0 clarks-pe.com
0.0.0.0 clarksirelandshop.com
0.0.0.0 clarksoutlet-philippines.com
0.0.0.0 clarksoutletecuador.com
0.0.0.0 clarkssaleturkiye.com
0.0.0.0 clarksuy.com
0.0.0.0 clipperton.sk
0.0.0.0 collegegameshop.com
0.0.0.0 converse-finland.com
0.0.0.0 crucialcatch.pro
0.0.0.0 crucialcatchshop.pro
0.0.0.0 dallascowboys.sale
0.0.0.0 fanaticsshop.net
0.0.0.0 floridagators.sale
0.0.0.0 gaborcanadasale.com
0.0.0.0 gaborfactoryoutlets.com
0.0.0.0 gaborsaleireland.com
0.0.0.0 gaborskodanmark.com
0.0.0.0 gaborskonorge.com
0.0.0.0 gaborsuomi.com
0.0.0.0 gaborsverige.com
0.0.0.0 georgiabulldogs.pro
0.0.0.0 gheteclarksromania.com
0.0.0.0 groundiesshoesuk.com
0.0.0.0 gymshark-greece.com
0.0.0.0 gymsharksaleus.com
0.0.0.0 haglofsrea.com
0.0.0.0 haglofsusastore.com
0.0.0.0 hitecayakkabi.com
0.0.0.0 hitecscarpe.com
0.0.0.0 illinoisfightingillini.shop
0.0.0.0 iowahawkeyes.pro
0.0.0.0 kamikbootsukstore.com
0.0.0.0 kenscottshop.com
0.0.0.0 kentuckywildcats.shop
0.0.0.0 lacostcheapuk.com
0.0.0.0 lasport.shop
0.0.0.0 longchamp-luxembourg.com
0.0.0.0 longchamp-southafrica.com
0.0.0.0 longchampbagsonsalecanada.com
0.0.0.0 longchampfactoryoutletuk.com
0.0.0.0 longchampoutletenligne.com
0.0.0.0 longchampoutletsydney.com
0.0.0.0 longchampparissoldes.net
0.0.0.0 longchampuaedubai.com
0.0.0.0 mlbbraves.pro
0.0.0.0 mlbjersey.store
0.0.0.0 nbaallstarfan.store
0.0.0.0 ncaafanshop.com
0.0.0.0 ncaajersey.com
0.0.0.0 ncaajersey.pro
0.0.0.0 ncaajersey.sale
0.0.0.0 ncaajerseysstore.com
0.0.0.0 ncaashopjerseys.com
0.0.0.0 nflgamejersey.store
0.0.0.0 nfljersey.pro
0.0.0.0 nflnikeshoes.com
0.0.0.0 nflsaleshop.com
0.0.0.0 nflsalutetoservice.com
0.0.0.0 nflsocks.com
0.0.0.0 nflstorefan.com
0.0.0.0 nflsts.com
0.0.0.0 nhlallstar.pro
0.0.0.0 nhljersey.sale
0.0.0.0 nhlshopfan.com
0.0.0.0 nhlshopjersey.com
0.0.0.0 onlinestoresshops.com
0.0.0.0 oofos-ireland.com
0.0.0.0 oofosnorgeoutlet.com
0.0.0.0 oofosoutletcanada.com
0.0.0.0 oofosoutletmalaysia.com
0.0.0.0 oofosoutletonline.com
0.0.0.0 oofosshoeaustralia.com
0.0.0.0 oofosskorsveriges.com
0.0.0.0 pittsburghsteelersshop.com
0.0.0.0 psychobunnycolombia.com
0.0.0.0 quiksilver-southafrica.com
0.0.0.0 quiksilverfactoryoutlet.com
0.0.0.0 reebok-chile.com
0.0.0.0 reebok-romania.com
0.0.0.0 reebokfactoryoutlet.com
0.0.0.0 salomon-nederland.com
0.0.0.0 salomonaphilippines.com
0.0.0.0 salomonashoesnz.com
0.0.0.0 salomonespanas.com
0.0.0.0 salomonfactoryoutletmadrid.com
0.0.0.0 salomonmalaysiawebsite.com
0.0.0.0 salomonoutletgreece.com
0.0.0.0 salomonoutletsfactory.com
0.0.0.0 salomonoutletstoresusa.com
0.0.0.0 salomonxapro3d.com
0.0.0.0 sapatosclarkportugal.com
0.0.0.0 seattlekraken.sale
0.0.0.0 sebagoshoesdubai.com
0.0.0.0 spraygrousoutlet.com
0.0.0.0 swarovskichile.com
0.0.0.0 swarovskidubai.com
0.0.0.0 swarovskifactoryoutlet.com
0.0.0.0 swarovskioutletuk.com
0.0.0.0 swarovskiphilippines.com
0.0.0.0 swarovskisaleoutlet.com
0.0.0.0 tevacolombia.com
0.0.0.0 tevagreece.com
0.0.0.0 tiendacolumbiachile.com
0.0.0.0 tiendaunderarmourmexico.com
0.0.0.0 tombradyshop.pro
0.0.0.0 tommyhilfigerperth.com
0.0.0.0 tumicheapuk.com
0.0.0.0 ua-australia.com
0.0.0.0 ua-canada.com
0.0.0.0 ua-chile.com
0.0.0.0 ua-greece.com
0.0.0.0 underarmour-israel.com
0.0.0.0 underarmour-italia.com
0.0.0.0 underarmour-nl.com
0.0.0.0 underarmour-nz.com
0.0.0.0 underarmour-saudiarabia.com
0.0.0.0 underarmourosterreich.com
0.0.0.0 vejaoslo.com
0.0.0.0 vejaosterreich.com
0.0.0.0 xn--conversemaazalar-shc44a.com
0.0.0.0 xn--hotiayakkab-p9a38g.com
0.0.0.0 xn--vansayakkab-9zb.com
# https://forums.malwarebytes.com/topic/293979-recent-scamware-not-recognized-by-malwarebytes/
0.0.0.0 allreqdusa.com
# NSFW: https://app.any.run/tasks/dff4525c-555a-479e-83ba-c5b2f2d11ab6
0.0.0.0 baconaces.pro
# NSFW: https://app.any.run/tasks/10647999-b75b-42bd-ae49-c7d596f3c797
0.0.0.0 qualitydating.top
0.0.0.0 a.curedating.top
0.0.0.0 curedating.top
# https://virustotal.com/gui/ip-address/5.181.203.4/relations
0.0.0.0 finestdating.top
0.0.0.0 datingpoint.top
0.0.0.0 vipdatingtime.top
# https://virustotal.com/gui/ip-address/195.201.253.131/relations
0.0.0.0 timetopdatings.life
0.0.0.0 dateflirt.life
0.0.0.0 originalspartner.life
0.0.0.0 charmingdating.life
0.0.0.0 datingarea.life
0.0.0.0 getsexy.life
0.0.0.0 findsexy.life
# https://app.any.run/tasks/8ced67f6-f4e6-4fed-b634-86fd93ac4074/
0.0.0.0 darkinfotale.xyz
0.0.0.0 hollandcash.nl
0.0.0.0 exit.hollandcash.nl
0.0.0.0 clean-blocker.com
# https://github.com/DandelionSprout/adfilt/issues/752
0.0.0.0 godpvqnszo.com
0.0.0.0 vipdatingtoday.top
0.0.0.0 xxxnewvideos.com
0.0.0.0 iseult-aplite.xyz
0.0.0.0 battik-bowwow.xyz
0.0.0.0 pshsbscapr.xyz
0.0.0.0 click01.pshtrkg.com
0.0.0.0 4bd71.trknovi.com
0.0.0.0 jergocast.com
0.0.0.0 news-pelivo.com
# https://app.any.run/tasks/cc3be172-9813-4637-914b-533ac2b72299
0.0.0.0 getfreegem.com
0.0.0.0 gamingtoolz.club
# from notification scams
0.0.0.0 renhadmasandbab.info
0.0.0.0 h.curedating.top
0.0.0.0 martoysure.live
0.0.0.0 goodgollygold.com
# https://github.com/no-cmyk/Search-Engine-Spam-Blocklist/issues/8
# TODO: verify these entries, hopefully there aren't any more https://github.com/hagezi/dns-blocklists/issues/987
# https://app.any.run/tasks/e90c2a06-036f-4fff-a36f-dffd0d4048ab
0.0.0.0 giftaward.life
# https://github.com/AdguardTeam/AdguardFilters/issues/142492 --> https://github.com/uBlockOrigin/uAssets/commit/fca5436e3e823d73541721867f42dd0712da54a0
0.0.0.0 apkmirror.co
0.0.0.0 webogram.org
0.0.0.0 webogram.ru
0.0.0.0 xn--80affa3aj0al.xn--80asehdb
0.0.0.0 tgram.ru
0.0.0.0 telegramm.site
0.0.0.0 web-telegram.net
# other domains not in the uBo commit
0.0.0.0 atm-receipts.neocities.org
0.0.0.0 apkmirror.net
0.0.0.0 github.me
0.0.0.0 yandec.ru
0.0.0.0 yandex.co
# a test system
# https://app.any.run/tasks/3f79c271-f68d-48a8-af16-efd001ce7be3
0.0.0.0 mwgtf.hintonjour.com
# https://github.com/AdguardTeam/AdguardFilters/issues/143281
0.0.0.0 understatedworking.com
0.0.0.0 jatostepa.com
# https://github.com/hagezi/dns-blocklists/issues/598
0.0.0.0 t-post.com
# https://github.com/hagezi/dns-blocklists/issues/594
0.0.0.0 nirvezal.com
# https://github.com/AdguardTeam/AdguardFilters/issues/144514
0.0.0.0 best-prize.life
0.0.0.0 bestbigbonus.life
0.0.0.0 bonusgift.life
0.0.0.0 bonusscore.life
0.0.0.0 greatprizes.life
0.0.0.0 mygreatprize.life
0.0.0.0 prizeaward.life
0.0.0.0 prizesenses.life
0.0.0.0 realgift.life
0.0.0.0 scorereward.life
0.0.0.0 simpleprize.life
0.0.0.0 taketheprizes.life
0.0.0.0 winearth.life
0.0.0.0 winexpert.life
0.0.0.0 winmore.life
0.0.0.0 winpulse.life
0.0.0.0 winsimply.life
# https://github.com/uBlockOrigin/uAssets/issues/17075
# my analysis: https://app.any.run/tasks/ed301c03-1105-47e5-88d1-66fded6a0a9b
0.0.0.0 myspecialdates.com
# https://www.reddit.com/r/uBlockOrigin/comments/11s92xa/badware_risks_page_request_malware/
0.0.0.0 www.addonsearch.net
# https://app.any.run/tasks/794fc4f3-e0da-49b0-b29b-304514a8bd2d
0.0.0.0 70k-free-robux-generator-no-human-verification.statuspage.io
0.0.0.0 bettertool.xyz
# elon musk crypto scam on hacked YouTube channels
# https://app.any.run/tasks/2963db56-bd87-4b82-8b24-97e6e68aef66/
0.0.0.0 x2-promo.net
# https://tria.ge/230318-twrw1ach63/behavioral1
0.0.0.0 teslasend.io
# https://forums.malwarebytes.com/topic/296022-comment-spam-from-my-site/ (account required)
# (my analysis) NSFW https://app.any.run/tasks/cd2d1278-ad10-4c38-8f49-fa34fa675820
0.0.0.0 vipcooldating.top
0.0.0.0 f.vipcooldating.top
0.0.0.0 i.vipcooldating.top
# https://github.com/durablenapkin/scamblocklist/issues/10
0.0.0.0 adzfree-watch.net
# https://github.com/AdguardTeam/AdguardFilters/commit/57f39538070d7d5e6379da4e58bd02defffa7481
0.0.0.0 ikouthaupi.com
0.0.0.0 instreamersdian.com
# https://app.any.run/tasks/31119ba0-9bf8-42e2-8e77-eec9045be865
0.0.0.0 applover.net
# https://app.any.run/tasks/89a5c643-ba0f-4bb6-b953-ef08ee0213ef
0.0.0.0 youtubgenerator.w3spaces.com
# https://app.any.run/tasks/482b8fa1-0f24-461a-a4f5-a6996c46ccdc/
0.0.0.0 rewards24.onlinewebshop.net
0.0.0.0 locked3.com
0.0.0.0 cdn.locked3.com
# https://github.com/durablenapkin/scamblocklist/issues/15
0.0.0.0 rewardsgiantca.com
# https://0xacab.org/my-privacy-dns/matrix/-/issues/90853
# (my analysis) https://app.any.run/tasks/029760ea-9972-4c3a-8a7e-cca3d7777c0f
0.0.0.0 emeraldtrking.com
# https://github.com/StevenBlack/hosts/issues/2271
0.0.0.0 warehousesale.shop
# https://app.any.run/tasks/3137c861-185d-4037-84e9-65cc0adeba15
0.0.0.0 econsultingcoem.com
0.0.0.0 bgqcb.econsultingcoem.com
# https://app.any.run/tasks/7626fdcc-20f1-4471-a011-23108f113eca
# https://app.any.run/tasks/4bc28a83-6a39-430a-a74b-246b30ab4ae4
0.0.0.0 .xyz/1sm/9.html?*&campaign_id=
# https://virustotal.com/gui/ip-address/157.230.4.182/relations
# https://github.com/uBlockOrigin/uAssets/pull/17530
0.0.0.0 rblx.land
# https://github.com/uBlockOrigin/uAssets/issues/17602
0.0.0.0 allprizesforme.com
# https://www.reddit.com/r/uBlockOrigin/comments/12r255v/gamingnewsanalystcom_badware/
# https://github.com/uBlockOrigin/uAssets/pull/17655
0.0.0.0 gamingnewsanalyst.com
0.0.0.0 gamingdebates.com
# https://www.reddit.com/r/uBlockOrigin/comments/12q5o60/repost_fake_dating_site_badware/
0.0.0.0 flirt4free.com
0.0.0.0 entrance.flirt4free.com
# https://www.reddit.com/r/uBlockOrigin/comments/12pues7/fake_123movies_site_leading_to_redirect/
0.0.0.0 123moviesgo.ga
# https://0xacab.org/my-privacy-dns/matrix/-/issues/121793
0.0.0.0 cjtrade4.xyz
0.0.0.0 .xyz/gift_iphone_x/?
# https://0xacab.org/my-privacy-dns/matrix/-/issues/121792
0.0.0.0 rplnd60.com
0.0.0.0 news-pewuce.com
# from notifications
0.0.0.0 totalprotection-2023.store
0.0.0.0 closingday2.xyz
0.0.0.0 s.viifogyp.com
0.0.0.0 viifogyp.com
# https://0xacab.org/my-privacy-dns/matrix/-/issues/121816
0.0.0.0 tradersuper4.xyz
# nitro scam 
0.0.0.0 tronite.xyz
0.0.0.0 locked4.com
0.0.0.0 www.locked4.com
# https://www.reddit.com/r/uBlockOrigin/comments/12wqrv5/steamunlockednet_badware/ <-- have not verified sites to be malware! These are just domains ads in my analysis
# https://app.any.run/tasks/9ed7df61-f0a9-49cc-91bc-a3fcc2c59ae1/
0.0.0.0 aluationiamcur.com
0.0.0.0 xrlbq.aluationiamcur.com
0.0.0.0 awesome-blocker.com
# https://app.any.run/tasks/c9657f58-f49e-4e9e-80bf-9704f0eaa32a (NSFW)
0.0.0.0 gbcok.aluationiamcur.com
0.0.0.0 www6.renhadmasandbab.info
0.0.0.0 mobilesecuremail.com
# https://github.com/durablenapkin/scamblocklist/issues/38
0.0.0.0 tdsintegrations11.online
0.0.0.0 crypto030.online
# NSFW: https://app.any.run/tasks/a1a425ca-7b5d-4774-95bf-c11f8f25685a
0.0.0.0 uuksehinkitwkuo.com
0.0.0.0 wzzzs.uuksehinkitwkuo.com
# https://github.com/durablenapkin/scamblocklist/issues/40
0.0.0.0 dischargebackhanded.com
0.0.0.0 govmedcareers.com
0.0.0.0 radiatorcrate.com
0.0.0.0 theniemannbest.com
# https://github.com/uBlockOrigin/uAssets/issues/17947
0.0.0.0 pccdirect.site
# youtube typosquatt I found
0.0.0.0 you8tube.com
0.0.0.0 /17138/iphone14.html?
# https://app.any.run/tasks/494077d1-478b-47e0-871c-b22788a455b6
0.0.0.0 funprizeali.site
# other notification spam
0.0.0.0 losbestbsdating2023.com
# discord nitro scam 
0.0.0.0 techsoftglobals.com
# https://github.com/durablenapkin/scamblocklist/issues/43
0.0.0.0 555sq.com.cn
0.0.0.0 prorify.de
0.0.0.0 milgenial.uy
0.0.0.0 swuso.com
0.0.0.0 buyyeezy2023.com
0.0.0.0 kingcampoutdoors.co.jp
0.0.0.0 imlb2c.com
0.0.0.0 felara.com.do
0.0.0.0 storagestory.com
0.0.0.0 quitasueno.com
0.0.0.0 lifestyletrading.co.za
0.0.0.0 audiosg.com.sg
0.0.0.0 fujibikes.com
0.0.0.0 geldencosmeticos.com
0.0.0.0 sellfox.com
0.0.0.0 iteeus.com
0.0.0.0 andamente.pt
0.0.0.0 staging.zendrop.com
0.0.0.0 courier-tracking.com
0.0.0.0 yofi-yofi.com
0.0.0.0 stellara.de
0.0.0.0 innomediacreate.com
0.0.0.0 sehaleservices.com
0.0.0.0 decompraschile.com
0.0.0.0 salimusic.com
0.0.0.0 open-cbd.de
0.0.0.0 caraci.it
0.0.0.0 shopperexpress.shop
0.0.0.0 mila-vica.de
0.0.0.0 vinisay.com
0.0.0.0 tinkleo.com
0.0.0.0 draxu.com
0.0.0.0 headsets4business.co.uk
0.0.0.0 nosdaarte.com
0.0.0.0 babybeddingdesign.com
0.0.0.0 coco-vip-shop.com
0.0.0.0 xunlei.it
0.0.0.0 botsuanah.com
0.0.0.0 lojaacasa.com.br
0.0.0.0 dashracegear.net
0.0.0.0 smartokids.com
0.0.0.0 pipopi.com
0.0.0.0 lasercutjewelry.net
0.0.0.0 carsaratek.com
0.0.0.0 xajzfwgs.com
0.0.0.0 imagemotorcycles.co.nz
0.0.0.0 twinsbio.com
0.0.0.0 microgull.com
# https://github.com/hagezi/dns-blocklists/issues/1025
0.0.0.0 msmcompare.com
# https://www.reddit.com/r/uBlockOrigin/comments/13e53jy/badware_movie_sites/
# https://github.com/uBlockOrigin/uAssets/issues/18333
0.0.0.0 filmshngjbzix.blogspot.com
0.0.0.0 mopiez.com
# NSFW: https://tria.ge/230511-1g9xlada3x/behavioral1
0.0.0.0 lynku.mingotime.com
0.0.0.0 secret-list.yasdoodl.com
0.0.0.0 smcdsecure.com
# https://github.com/hagezi/dns-blocklists/issues/1053
0.0.0.0 i-grade.online
# https://github.com/durablenapkin/scamblocklist/issues/49
0.0.0.0 successglossary.com
0.0.0.0 mybestautologin567.com
0.0.0.0 microngroup.pro
# https://github.com/durablenapkin/scamblocklist/issues/50
0.0.0.0 abncbp.com
# spam
0.0.0.0 locasualx.com
0.0.0.0 datingcentral.top
0.0.0.0 i.datingcentral.top
# https://tria.ge/230520-nthbwseg41/behavioral1
0.0.0.0 tabloidquantitycosts.com
# account required: https://forums.malwarebytes.com/topic/298281-genshin-impact-scam-websites-to-avoid/
# my analysis: https://tria.ge/230524-wfaznadg93/behavioral1
0.0.0.0 hoylab.firebaseapp.com
# https://github.com/hagezi/dns-blocklists/issues/1075
0.0.0.0 factorysale2023.com
0.0.0.0 onlinestores.factorysale2023.com
0.0.0.0 si.factorysale2023.com
0.0.0.0 augusthenri.be
# https://github.com/durablenapkin/scamblocklist/issues/54
0.0.0.0 haceroberomaste.com
0.0.0.0 nze0xw.haceroberomaste.com
# https://github.com/hagezi/dns-blocklists/issues/1079
# my analysis: https://app.any.run/tasks/4d88f2f5-5446-4980-8bc9-15e520e96651
# my analysis: https://app.any.run/tasks/060171c5-6a0f-41db-ba01-27bd8c61e326
0.0.0.0 onlyfanstake.pro
0.0.0.0 filedenzu.com
# https://tria.ge/230524-m6b5zacg3y/behavioral2
# https://www.reddit.com/r/uBlockOrigin/comments/13ub824/trojan_scam_ads_to_block/
# my analysis: https://app.any.run/tasks/e3720726-f650-434c-b34c-68ce718977ff
0.0.0.0 goo.googoodee.com
0.0.0.0 vipsupport.festivalmarqueecompany.cyou
0.0.0.0 festivalmarqueecompany.cyou
# https://app.any.run/tasks/484b97da-3dff-466a-99c7-c1a7fe4ac385
0.0.0.0 fbshredder.com
0.0.0.0 softwaredlfast.top
0.0.0.0 softwarebaze.top
0.0.0.0 rapidfilesbase.top
# https://app.any.run/tasks/e9aa7e83-283f-4ef3-bb6f-cd98d7df2e1e
0.0.0.0 hypercracker.com
# https://github.com/hagezi/dns-blocklists/issues/1098
0.0.0.0 improtants.space
# https://0xacab.org/my-privacy-dns/matrix/-/issues/551938
# my analysis: https://tria.ge/230531-2tegwsbh3v/behavioral1
0.0.0.0 pdtrax.g2afse.com
0.0.0.0 tr.trackingit.site
0.0.0.0 trackingit.site
# https://github.com/uBlockOrigin/uAssets/issues/18366
# my analysis: https://app.any.run/tasks/cf36d3ac-bedd-4cb9-bc9f-ac389b769d20
0.0.0.0 globaladblocker.info
# my analysis: https://app.any.run/tasks/7696196c-7c36-4dcc-aace-cb09f14b6685
0.0.0.0 ourcommonwords.com
0.0.0.0 supapush.net
# https://github.com/uBlockOrigin/uAssets/issues/18375
# nsfw: https://app.any.run/tasks/e3da5e5e-8b6d-4a7f-8165-6439ff68d940
0.0.0.0 www.fulltimesecurityguard.com
# https://github.com/uBlockOrigin/uAssets/issues/18380
0.0.0.0 lgpc.bestextensionegde.com
0.0.0.0 bestextensionegde.com
# nsfw: https://app.any.run/tasks/49927d07-3f8e-4115-a6e3-476e6aec62c0
0.0.0.0 nodritsissub.com
# https://github.com/uBlockOrigin/uAssets/pull/18388
0.0.0.0 roundyearfun.org
0.0.0.0 anyplacehere.me
# https://tria.ge/230605-nfg4zagb63/behavioral2
0.0.0.0 errors.pro
0.0.0.0 stucktimeoutvexed.com
# https://github.com/DandelionSprout/adfilt/discussions/779#discussioncomment-6141190
0.0.0.0 dateperfectly.top
0.0.0.0 c.dateperfectly.top
# https://github.com/uBlockOrigin/uAssets/issues/18452
0.0.0.0 geminifond.com
# https://virustotal.com/gui/url/7df0f1873fb746b2eb98a9fc8245000222a31db82506d9988adc83f145c80b3a
# my analysis: https://app.any.run/tasks/eb63e697-9df1-425a-814d-5e23858c146f
0.0.0.0 umbrellacorporation.id
0.0.0.0 push-gabjbib-9138.boustahe.com
0.0.0.0 memesfunny.org
0.0.0.0 dudialgator.com
0.0.0.0 coustaushaw.com
# https://dnstwist.it/ for slack.com
# https://app.any.run/tasks/14cafa37-652e-47dc-b08f-39843f7ef022
0.0.0.0 slackk.com
0.0.0.0 galotop1.com
# https://github.com/uBlockOrigin/uAssets/issues/18527
0.0.0.0 together.com
0.0.0.0 maturedating.com
# https://github.com/uBlockOrigin/uAssets/issues/18537
# https://tria.ge/230617-ar39pahb3w/behavioral2
0.0.0.0 whaujimisurvey.top
0.0.0.0 eehuzaih.com
# https://tria.ge/230617-ar39pahb3w/behavioral3
0.0.0.0 subscribe-notifications.com
0.0.0.0 user0.subscribe-notifications.com
0.0.0.0 user1.subscribe-notifications.com
# https://github.com/hagezi/dns-blocklists/issues/1193
0.0.0.0 coinaps.com
# https://tria.ge/230624-phdd8scc7t/behavioral1
0.0.0.0 discordnitro.live
0.0.0.0 www.discordnitro.live
0.0.0.0 rapidownload.online
0.0.0.0 qoaaa.com
0.0.0.0 d.rapidownload.online
# https://tria.ge/230624-pw6ypsbc94/behavioral1
0.0.0.0 freevbucks2022.online
# https://tria.ge/230624-p3xcvabd24/behavioral2
# https://www.hybrid-analysis.com/sample/9cdcea08ed2d28f0618a032fdcac2a0f070020035d54d0e63ae3b90ba9a8cfa3
# unrelated malware ads on the download link
# https://app.any.run/tasks/426cbd81-f441-436c-b227-15224316ce4b
# https://tria.ge/230624-pzryysbc98/behavioral1
0.0.0.0 chromnius.com
0.0.0.0 www.chromnius.com
# https://github.com/DandelionSprout/adfilt/discussions/779#discussioncomment-6298369
# https://tria.ge/230701-q2qdksgh48/behavioral1
0.0.0.0 crummygoddess.com
# https://github.com/uBlockOrigin/uAssets/pull/18736
0.0.0.0 twitter-circle.com
# https://github.com/uBlockOrigin/uAssets/issues/18664
0.0.0.0 family-simulators.io
0.0.0.0 familyfornicate.com
# https://github.com/blocklistproject/Lists/issues/1015
0.0.0.0 bigosext9s.com
# popups
0.0.0.0 xmegaxvideox.com
0.0.0.0 neeglashsurvey.top
# https://github.com/MetaMask/eth-phishing-detect/pull/12960
0.0.0.0 app.uniswap.cam
0.0.0.0 claim-booster.xyz
0.0.0.0 crypto-claims.io
0.0.0.0 notify-metamask.com
# https://github.com/hagezi/dns-blocklists/issues/1255
0.0.0.0 beze.co
0.0.0.0 laro.co
0.0.0.0 haso.co
0.0.0.0 fessy.co
0.0.0.0 zatte.co
0.0.0.0 lanno.co
0.0.0.0 detty.co
# https://tria.ge/230708-zw13kaab69/behavioral2
0.0.0.0 install-check.com
0.0.0.0 goph.club
# https://github.com/hagezi/dns-blocklists/issues/1266
0.0.0.0 zat.io
# https://github.com/hagezi/dns-blocklists/issues/1310
0.0.0.0 bcb.game
# scam? notification spam & weird pharmaceutical ads
0.0.0.0 us-trendingtoday.com
# https://tria.ge/230718-vydmtscf83/behavioral1
0.0.0.0 truebuyerreview.com
0.0.0.0 areyourealhuman.com
0.0.0.0 cdn.areyourealhuman.com
# not my analysis: https://app.any.run/tasks/5bc3d455-486d-4d74-9cae-557eeaf69f27/
# my analysis: https://app.any.run/tasks/fc24d271-a114-4c43-b99b-8bf8e9f6c704
0.0.0.0 eu.gtrxlnd7.com
0.0.0.0 gtrxlnd7.com
# https://github.com/durablenapkin/scamblocklist/issues/58
# https://github.com/hagezi/dns-blocklists/issues/1330
0.0.0.0 hotdebrid.com
0.0.0.0 maxdebrid.com
# https://github.com/hagezi/dns-blocklists/issues/409
0.0.0.0 anydebrid.com
# https://github.com/durablenapkin/scamblocklist/issues/59
# https://github.com/hagezi/dns-blocklists/issues/1335
0.0.0.0 primeleech.com
0.0.0.0 www.primeleech.com
# https://app.any.run/tasks/cc0dd977-97e3-4b4a-833b-dfc4d5f0be55/
0.0.0.0 ak.deephicy.net
0.0.0.0 qr-captcha.com
0.0.0.0 haffnetworkmm.com
0.0.0.0 cdn4.haffnetworkmm.com
0.0.0.0 im2easy.site
0.0.0.0 downlon.com
# https://tria.ge/230724-z8hfzsha64/behavioral1
0.0.0.0 zubajuroo.com
0.0.0.0 singlewomenmeet.com
0.0.0.0 only2date.online
0.0.0.0 amnotification.com
# https://0xacab.org/my-privacy-dns/matrix/-/issues/646177
0.0.0.0 desbiens123.net
# https://0xacab.org/my-privacy-dns/matrix/-/issues/646168
0.0.0.0 systemoon.co.in
# https://0xacab.org/my-privacy-dns/matrix/-/issues/644871
0.0.0.0 inarilyhukel.info
# https://forums.malwarebytes.com/topic/300664-malwarebytes-premium-subscription-fails-to-detect-infection/
0.0.0.0 prizehub.top
# https://tria.ge/230729-a8fjysba31/behavioral1
0.0.0.0 ambrs.online
0.0.0.0 www.ambrs.online
# infected system
0.0.0.0 jokekroako.com
0.0.0.0 push-ebfhafd-7996.boustahe.com
# https://0xacab.org/my-privacy-dns/matrix/-/issues/646600
0.0.0.0 74les.ru
# fake robux generator
# https://tria.ge/230731-x1nlxsae69/behavioral2
# anonfiles ads
0.0.0.0 browser-app.co
# https://www.bleepingcomputer.com/news/security/fake-flipperzero-sites-promise-free-devices-after-completing-offer/
0.0.0.0 trkrspace.com
# anonfiles ads
0.0.0.0 outhjkm.ezasutuduwife.online
# https://forums.malwarebytes.com/topic/300873-i-keep-getting-pop-ups-from-eudmailcom/
0.0.0.0 eudmail.com
# https://0xacab.org/my-privacy-dns/matrix/-/issues/649649
# https://tria.ge/230805-rb1bjaee3x/behavioral1
0.0.0.0 thewinjackpot.life
# https://github.com/uBlockOrigin/uAssets/issues/19271
# https://tria.ge/230805-1pnz4agc7w/behavioral1
0.0.0.0 wbilvnmool.com
0.0.0.0 theod-omq.com
0.0.0.0 goatmod.xyz
# https://tria.ge/231022-p48ghaab87/behavioral1
0.0.0.0 propolixte.com
0.0.0.0 quinc-rdk.com
0.0.0.0 /nlp/index.php?clickid=*&t1=*&t2=*&t3=*&t4=*&t5=propolixte,propolixte.com,propolis&url_bnm_redirect=
0.0.0.0 /click.php?lp=data_upd&site_id=1293|

0.0.0.0 12ezo5v60.com
# https://github.com/easylist/easylist/pull/16955
# https://tria.ge/230806-xd58fsdc4t/behavioral1
0.0.0.0 lands.ninja
0.0.0.0 6.lands.ninja
0.0.0.0 19.lands.ninja
# https://github.com/durablenapkin/scamblocklist/issues/61
# https://github.com/hagezi/dns-blocklists/issues/1390
0.0.0.0 okdebrid.com
0.0.0.0 youdebrid.com
# https://github.com/uBlockOrigin/uAssets/issues/19316
# https://tria.ge/230810-zq62maag9y/behavioral1
0.0.0.0 uidhealth.com
# https://tria.ge/230810-zzlr2sah5y/behavioral1
0.0.0.0 popgoldblocker.info
0.0.0.0 adblockology.net
0.0.0.0 download-adblock-zen.com
0.0.0.0 blockadsology.net
# https://web.archive.org/web/20230813181452/https://www.bleepingcomputer.com/news/security/uk-gov-keeps-repeating-its-voter-registration-website-is-not-a-scam/
0.0.0.0 householdresponses.com
# https://infosec.exchange/@briankrebs/110889813735728083
0.0.0.0 diligere.co.uk
# https://github.com/MetaMask/eth-phishing-detect/pull/13289
0.0.0.0 optimisim.io
# https://github.com/hagezi/dns-blocklists/issues/1440
# https://tria.ge/230817-nq2alaha63/behavioral1
0.0.0.0 seasonsofficial.com
# https://github.com/uBlockOrigin/uAssets/issues/19400
# https://tria.ge/230819-nzqkfshe69/behavioral1
0.0.0.0 video-adblocker.pro
# https://github.com/hagezi/dns-blocklists/issues/1452
0.0.0.0 huuskmesser.de
0.0.0.0 huusk-original.com
# https://www.malwarebytes.com/blog/threat-intelligence/2023/08/wooflocker2
0.0.0.0 api.cloudcachestels.com
0.0.0.0 api.imagecloudsedo.com
0.0.0.0 cdncontentstorage.com
0.0.0.0 cdnpictureasset.com
0.0.0.0 cloudcusersyn.com
0.0.0.0 cloudgertopage.com
0.0.0.0 cloudlogobox.com
0.0.0.0 logosvault.com
0.0.0.0 miniassetcloud.com
# https://github.com/hagezi/dns-blocklists/issues/1457
0.0.0.0 cutty.app
# https://github.com/hagezi/dns-blocklists/issues/1455
0.0.0.0 wintexfashions.com
# https://github.com/AdguardTeam/AdguardFilters/issues/159825
0.0.0.0 i7kctkutdv2c.top
0.0.0.0 confirm.i7kctkutdv2c.top
# https://github.com/AdguardTeam/AdguardFilters/issues/159825#issuecomment-1688865198 (credit to dandelionsprout)
0.0.0.0 ://confirm.*.top^
0.0.0.0 topmoneysurvey.com
0.0.0.0 better-than-tinder.com
0.0.0.0 awarded-best-vpn.com
0.0.0.0 best-finance-now.com
0.0.0.0 best-global-apps.com
0.0.0.0 best-hornygirls.com
0.0.0.0 best-official-app.com
0.0.0.0 best-smart-utility.com
0.0.0.0 big-players-club.com
0.0.0.0 big-prizes-site.com
0.0.0.0 big-winnings-spot.com
0.0.0.0 bustygirls-online.com
0.0.0.0 campwredir.com
0.0.0.0 check-you-device.com
0.0.0.0 chikasinapp.com
0.0.0.0 crazy-win-casino.com
0.0.0.0 cute-wet-babes.com
0.0.0.0 protect-your-phone.com
0.0.0.0 datingpwredir.com
0.0.0.0 easy-sex-dates.com
0.0.0.0 fast-growing-app.com
0.0.0.0 findyourlovesurvey.com
0.0.0.0 free-gifts-onweb.com
0.0.0.0 freebies-take.com
0.0.0.0 your-lucky-day.com
0.0.0.0 gambpwredir.com
0.0.0.0 girls-wants-you.com
0.0.0.0 giveaway-site.com
0.0.0.0 global-app-center.com
0.0.0.0 global-casino-gaming.com
0.0.0.0 grab-your-money.com
0.0.0.0 hd-video-app.com
0.0.0.0 high-safety-vpn.com
0.0.0.0 horny-neighbour.com
0.0.0.0 hornygirls-onsite.com
0.0.0.0 hornygirlsinapp.com
0.0.0.0 jump-path1.com
0.0.0.0 jump-path2.com
0.0.0.0 redirect-path1.com
0.0.0.0 redirect-path2.com
0.0.0.0 your-online-casino.com
0.0.0.0 hot-girls-around.com
0.0.0.0 hot-pretty-chiks.com
0.0.0.0 hotgirls-around.com
0.0.0.0 how2-become-rich.com
0.0.0.0 indiastream-online.com
0.0.0.0 juicy-girls-online.com
0.0.0.0 loadingscripts.com
0.0.0.0 love-connectors.com
0.0.0.0 love-territory.com
0.0.0.0 wheel-of-luck.com
0.0.0.0 mobile-safe-app.com
0.0.0.0 most-advanced-vpn.com
0.0.0.0 my-casino-now.com
0.0.0.0 nice-babes-nearby.com
0.0.0.0 nor-pw1.com
0.0.0.0 nor-pw10.com
0.0.0.0 nor-pw11main.com
0.0.0.0 nor-pw12.com
0.0.0.0 nor-pw13.com
0.0.0.0 nor-pw14.com
0.0.0.0 nor-pw15.com
0.0.0.0 nor-pw2.com
0.0.0.0 nor-pw3main.com
0.0.0.0 nor-pw4ad.com
0.0.0.0 nor-pw5.com
0.0.0.0 nor-pw6.com
0.0.0.0 nor-pw7.com
0.0.0.0 nor-pw8.com
0.0.0.0 nor-pw9.com
0.0.0.0 techbytemedia.com
0.0.0.0 o863tmto6ocp.com
0.0.0.0 oj0in172pri5.com
0.0.0.0 online-survey-service.com
0.0.0.0 only-sexy-girls.com
0.0.0.0 perfectbabe4you.com
0.0.0.0 pretty-girls-nearby.com
0.0.0.0 privacy-focused-vpn.com
0.0.0.0 prize-collecting-site.com
0.0.0.0 pw-content.com
0.0.0.0 pw-download.com
0.0.0.0 pw-red-ad.com
0.0.0.0 pw-red-main.com
0.0.0.0 pw-red-test.com
0.0.0.0 pw-show-ad.com
0.0.0.0 pw-show-main.com
0.0.0.0 pw-show-test.com
0.0.0.0 pwredir-1.com
0.0.0.0 pwredir-2.com
0.0.0.0 pwredir-3.com
0.0.0.0 pwredir-4.com
0.0.0.0 pwredir-5.com
0.0.0.0 real-hot-profiles.com
0.0.0.0 real-hotbabes.com
0.0.0.0 redir-pw1.com
0.0.0.0 redir-pw10.com
0.0.0.0 redir-pw11.com
0.0.0.0 redir-pw12.com
0.0.0.0 redir-pw13.com
0.0.0.0 redir-pw14.com
0.0.0.0 redir-pw15.com
0.0.0.0 redir-pw2.com
0.0.0.0 redir-pw3main.com
0.0.0.0 redir-pw4ad.com
0.0.0.0 redir-pw5.com
0.0.0.0 redir-pw6.com
0.0.0.0 redir-pw7.com
0.0.0.0 redir-pw8.com
0.0.0.0 redir-pw9.com
0.0.0.0 rich-people-club.com
0.0.0.0 search-top-videos.com
0.0.0.0 secret-casino-site.com
0.0.0.0 secured-browsing-app.com
0.0.0.0 secured-connect-app.com
0.0.0.0 shoppwredir.com
0.0.0.0 stay-secured-online.com
0.0.0.0 stay-virus-free.com
0.0.0.0 strip-hotbabes.com
0.0.0.0 sweet-alone-girls.com
0.0.0.0 testpwredir.com
0.0.0.0 three-hundred-bucks.com
0.0.0.0 top-awarded-app.com
0.0.0.0 top-betting-now.com
0.0.0.0 top-cleaner-app.com
0.0.0.0 top-gambling-spot.com
0.0.0.0 top-mobile-scanner.com
0.0.0.0 top-safest-vpn.com
0.0.0.0 top-secure-app.com
0.0.0.0 top-store-app.com
0.0.0.0 top-trend-app.com
0.0.0.0 top-video-content.com
0.0.0.0 top-wealth-secrets.com
0.0.0.0 top-web-secure.com
0.0.0.0 topwebportals.com
0.0.0.0 users-choice-app.com
0.0.0.0 utipwredir.com
0.0.0.0 video-streaming-app.com
0.0.0.0 vpn-risk-free.com
0.0.0.0 vppwredir.com
0.0.0.0 web-protected-app.com
0.0.0.0 win-big-here.com
0.0.0.0 winwin-raffle.com
0.0.0.0 your-finance-now.com
0.0.0.0 your-survey-services.com
# https://github.com/durablenapkin/scamblocklist/issues/63
0.0.0.0 summersale.online
# https://github.com/hagezi/dns-blocklists/issues/1469
0.0.0.0 crackedkey.org
# https://github.com/hagezi/dns-blocklists/issues/1470
0.0.0.0 mixcrack.net
# https://github.com/hagezi/dns-blocklists/issues/1471
0.0.0.0 kingsoftz.com
# https://tria.ge/230828-zyzbraga22/behavioral1
0.0.0.0 push-ebfhafd-6311.boustahe.com
0.0.0.0 nomadsfit.com
0.0.0.0 apedodo8.fun
0.0.0.0 derytc.click
0.0.0.0 /light/av/nrtn03/index.php?lpkey=
# https://tria.ge/230830-l7yjxseb6z/behavioral1
0.0.0.0 push-ebfhafd-5643.boustahe.com
0.0.0.0 sys.donecperficiam.net
0.0.0.0 nomadsbrand.com
# https://tria.ge/230831-zcwzhaad59/behavioral1
0.0.0.0 system-notify.app
0.0.0.0 paladiact.com
0.0.0.0 pupspu.com
0.0.0.0 aug3120.rednewly.com
0.0.0.0 browsekeeper.com
# https://github.com/hagezi/dns-blocklists/issues/1512
0.0.0.0 online-binomo.com
0.0.0.0 binomo-id.pro
0.0.0.0 binomoindonesia.com
0.0.0.0 www.binomoweb.org
0.0.0.0 www.binomo.vip
0.0.0.0 binomoweblogin.com
0.0.0.0 binomo2022.net
0.0.0.0 www.binom0-web.com
0.0.0.0 binomo.broker
0.0.0.0 binomo-brokers.com
# https://github.com/durablenapkin/scamblocklist/issues/64
0.0.0.0 coinreq.com
# https://tria.ge/230909-m91mqsaf82/behavioral1
0.0.0.0 uplevelrewards.com
0.0.0.0 www.uplevelrewards.com
0.0.0.0 liveappsearch.com
0.0.0.0 www.liveappsearch.com
0.0.0.0 wholedailyjournal.com
0.0.0.0 fubsoupt.top
0.0.0.0 adblocked-supreme.net
# https://tria.ge/230909-tghd1scd3y/behavioral1
0.0.0.0 h.datingcentral.top
# https://github.com/StevenBlack/hosts/issues/2436
0.0.0.0 w61.1piecemanga.com
0.0.0.0 fbet.com
# my analysis: https://tria.ge/230910-pysh4ahb47/behavioral1
# my analysis: https://tria.ge/230910-py86vahb49/behavioral1
0.0.0.0 stemboastfulrattle.com
# https://github.com/AdguardTeam/AdguardFilters/issues/161349
# https://tria.ge/230913-mb6fbsdh42/behavioral1
0.0.0.0 /light/qfhupj/index.php?lpkey=
0.0.0.0 best-pc-protect.xyz
# https://tria.ge/231002-nhasnsbb63
0.0.0.0 allsidesguide.com
0.0.0.0 sulkvulnerableexpecting.com
0.0.0.0 secondquaver.com
# https://github.com/hagezi/dns-blocklists/issues/1658
# my analysis: https://tria.ge/231004-p3e4kabg8t/behavioral1
0.0.0.0 z-lib.is
# https://www.reddit.com/r/zlibrary/comments/16xtm67/if_you_cannot_download_any_books_then_youre_on/
0.0.0.0 zlib.is
0.0.0.0 zlib.to
0.0.0.0 zlibrary.to
0.0.0.0 zlibrary.is
0.0.0.0 z-lib.io
# https://tria.ge/231005-2c2abshf76/behavioral1
0.0.0.0 2ntrfi.torixibre.com
0.0.0.0 invv7n.torixibre.com
0.0.0.0 /av_sw.js?uid=*-*-*-*-*&sid=*-*-*-*-*&sd=*==
0.0.0.0 /click.php?key=*&zone_id=

0.0.0.0 /landers/mcafee_mac_os_scanner_multilang/alert.png|
# https://github.com/hagezi/dns-blocklists/issues/1724
0.0.0.0 healy.world
0.0.0.0 healyworld.net
0.0.0.0 healy.shop
# https://tria.ge/231021-mvvg6sff95/behavioral1
0.0.0.0 downloads-101.com
0.0.0.0 mafens.xyz
0.0.0.0 .xyz/74ko/7.html?cep=
0.0.0.0 .xyz/74ko/files/images/action_3.gif|
# https://github.com/hagezi/dns-blocklists/issues/1760
0.0.0.0 altrafi.com
0.0.0.0 altrafinland.com
0.0.0.0 altrasuomi.com
0.0.0.0 altrasuomioutlet.com
0.0.0.0 asicsale.com
0.0.0.0 asicsoutletsuomi.com
0.0.0.0 asics-suomi.com
0.0.0.0 asicssuomioutlet.com
0.0.0.0 balmainsuomishop.com
0.0.0.0 carharttsuomi.com
0.0.0.0 caterpillarfi.com
0.0.0.0 caterpillarsuomi.com
0.0.0.0 champion-suomi.com
0.0.0.0 championsuomi.com
0.0.0.0 columbia-suomi.com
0.0.0.0 comfitunderwear-suomi.com
0.0.0.0 conversefi.com
0.0.0.0 converseinsuomi.com
0.0.0.0 converseoutlethelsinki.com
0.0.0.0 crossfitsuomi.co
0.0.0.0 demoniafinland.com
0.0.0.0 demoniasuomi.com
0.0.0.0 demoniasuomi.net
0.0.0.0 desigualsuomi.net
0.0.0.0 dopesnowsuomi.com
0.0.0.0 dope-suomi.com
0.0.0.0 dopesuomi.com
0.0.0.0 footjoy-suomi.com
0.0.0.0 footjoysuomi.com
0.0.0.0 gym-shark.co.za
0.0.0.0 gymsharkaustralia-au.com
0.0.0.0 gymsharkcolombia-co.com
0.0.0.0 gymsharkcz.cz
0.0.0.0 gymsharkczshop.cz
0.0.0.0 gym-shark-danmark.com
0.0.0.0 gymsharkdublin.com
0.0.0.0 gymsharkfinland.com
0.0.0.0 gymsharkhungarystore.com
0.0.0.0 gym-shark-india.com
0.0.0.0 gymsharkinsouthafrica.co.za
0.0.0.0 gym-shark-italia.com
0.0.0.0 gymshark-italia.com
0.0.0.0 gym-sharkmexico.com.mx
0.0.0.0 gymsharkmexicostore.com
0.0.0.0 gymsharkmexicotiendas.com.mx
0.0.0.0 gymshark-no.com
0.0.0.0 gymshark-osterreich.at
0.0.0.0 gym-shark-philippines.com
0.0.0.0 gymsharkshop.cz
0.0.0.0 gymshark-sk.sk
0.0.0.0 gymsharkslovenijaeu.com
0.0.0.0 gymsharkspainstore.com
0.0.0.0 gymsharkssuomi.com
0.0.0.0 gymsharkstorenyc.com
0.0.0.0 gymshark-sweden.com.se
0.0.0.0 haglofsoutletsuomi.com
0.0.0.0 hanwagsuomi.net
0.0.0.0 hellyhansensuomi.net
0.0.0.0 icebugfioutlet.com
0.0.0.0 icebugsuomi.net
0.0.0.0 inov-8suomi.com
0.0.0.0 jomafinland.com
0.0.0.0 kappasuomi.com
0.0.0.0 kedssuomi.com
0.0.0.0 kedssuomishop.com
0.0.0.0 kickerssuomi.com
0.0.0.0 loakesuomioutlet.com
0.0.0.0 lornajanesuomi.com
0.0.0.0 lornajanesuomi.net
0.0.0.0 louboutin-finland.com
0.0.0.0 mizunofi.com
0.0.0.0 mizuno-suomi.com
0.0.0.0 moonbootssuomi.com
0.0.0.0 moonboot-suomi.com
0.0.0.0 muckbootsuomi.com
0.0.0.0 nikeinsuomi.com
0.0.0.0 nikeoutletsuomi.com
0.0.0.0 nikesuomi-fi.com
0.0.0.0 osirissuomi.com
0.0.0.0 osprey-suomi.com
0.0.0.0 ospreysuomi.net
0.0.0.0 outletadidas.com
0.0.0.0 outletadidasfi.com
0.0.0.0 outletarcteryx.com
0.0.0.0 outletcarhartt.com
0.0.0.0 outletjoma.com
0.0.0.0 outletlego.com
0.0.0.0 outletmizuno.com
0.0.0.0 outletsalomon.com
0.0.0.0 outletversace.com
0.0.0.0 palladiumfi.com
0.0.0.0 palladiumsuomishop.com
0.0.0.0 pleaserssuomi.com
0.0.0.0 pleasersuomi.com
0.0.0.0 puma-fi.com
0.0.0.0 pumafinland.com
0.0.0.0 pumafi-suomi.com
0.0.0.0 puma-suomi.com
0.0.0.0 pumasuomioutlet.com
0.0.0.0 restockssuomi.com
0.0.0.0 salmingsuomi.com
0.0.0.0 salomonfinland.com
0.0.0.0 salomonsuomioutlet.com
0.0.0.0 sanuksuomi.net
0.0.0.0 sendrasuomi.net
0.0.0.0 skims-suomi.com
0.0.0.0 tedbakerfinland.com
0.0.0.0 tedbakeroutletsuomi.com
0.0.0.0 tedbakersuomi.net
0.0.0.0 tevafi.com
0.0.0.0 teva-finland.com
0.0.0.0 tevahelsinki.com
0.0.0.0 tevassuomi.com
0.0.0.0 tevasuomi.com
0.0.0.0 timberlandhelsinki.com
0.0.0.0 timberland--suomi.com
0.0.0.0 timberlandsuomi.net
0.0.0.0 uniqlofinland.com
0.0.0.0 uniqlosuomi.com
0.0.0.0 vansale.net
0.0.0.0 vejasuomi.net
0.0.0.0 vessiale.com
0.0.0.0 vessisuomi.com
0.0.0.0 vivobarefoot-suomi.com
0.0.0.0 vivobarefootsuomi.com
0.0.0.0 xn--gymsharkespaa-tkb.com
0.0.0.0 xn--gymsharksterreich-6zb.com
0.0.0.0 youngla-suomi.com
# https://www.bleepingcomputer.com/news/security/bloomberg-crypto-x-account-snafu-leads-to-discord-phishing-attack/
0.0.0.0 altdentifiers.com
# https://web.archive.org/web/20231120125914/https://www.bleepingcomputer.com/news/security/russian-hackers-use-ngrok-feature-and-winrar-exploit-to-attack-embassies/
# https://tria.ge/231120-qafp3aga52/behavioral1
# https://infosec.exchange/@iampytest1/111443079100649886
0.0.0.0 cyber-wizard.com
0.0.0.0 iboltcyberhacker.wixsite.com
# https://github.com/durablenapkin/scamblocklist/issues/70
0.0.0.0 ekommmedia.com
0.0.0.0 try.ekommmedia.com
# https://github.com/RPiList/specials/issues/1369
0.0.0.0 qdyqdym.shop
0.0.0.0 buy.qdyqdym.shop
# https://github.com/RPiList/specials/issues/1400
0.0.0.0 america4internationalstudents.com
# https://github.com/RPiList/specials/issues/1404
# https://github.com/durablenapkin/scamblocklist/issues/73
0.0.0.0 bite-life.com
# scam
# possible scam (fake age verification)
0.0.0.0 pregnantsimulator.com
0.0.0.0 adultonlineplay.com
# https://github.com/RPiList/specials/issues/1422
0.0.0.0 nelyc5h5x.jaynapatel.co.uk
# https://github.com/hagezi/dns-blocklists/issues/2049
0.0.0.0 adidascolombia.net
0.0.0.0 adidasfotballsko.com
0.0.0.0 adidashungaryhu.com
0.0.0.0 adidasperu.com
0.0.0.0 adidasschoenen.com
0.0.0.0 adidassrbijashop.com
0.0.0.0 adidaszagreb.com
0.0.0.0 aerosolesshoesoutlets.com
0.0.0.0 airjordanbelgique.net
0.0.0.0 airjordanmagasinsuisse.com
0.0.0.0 aldocanada.net
0.0.0.0 aldomontreal.com
0.0.0.0 aldozapatos.com
0.0.0.0 alessandrozavettijas.com
0.0.0.0 alessandrozavettiromania.com
0.0.0.0 alessandrozavettiuk.com
0.0.0.0 aloyogaaustralia.net
0.0.0.0 aloyogabrasil.com
0.0.0.0 aloyogasale.net
0.0.0.0 aloyogasuomi.net
0.0.0.0 altra.ae
0.0.0.0 altrabelgie.com
0.0.0.0 altradanmarkshop.com
0.0.0.0 altraroadshoesnz.com
0.0.0.0 altrarunnerjapan.com
0.0.0.0 altrashoesdk.com
0.0.0.0 altrasverigeshop.com
0.0.0.0 annafieldshop.fr
0.0.0.0 asicskuwaitsale.com
0.0.0.0 asolocipele.com
0.0.0.0 asolosko.com
0.0.0.0 asportuguesaslatvija.com
0.0.0.0 autrybelgique.net
0.0.0.0 autryjapan.net
0.0.0.0 autrymexico.net
0.0.0.0 autryshoes.pl
0.0.0.0 autryshoesjapan.com
0.0.0.0 autrystore.net
0.0.0.0 autryuae.net
0.0.0.0 axelarigatojapan.net
0.0.0.0 axelarigatomilano.it
0.0.0.0 axelarigatooslo.com
0.0.0.0 axelarigatotenisice.com
0.0.0.0 balancecentrum.eu
0.0.0.0 bapebelgium.com
0.0.0.0 bapeberlin.de
0.0.0.0 bapecanadasale.com
0.0.0.0 bapedanmark.net
0.0.0.0 bapeeesti.com
0.0.0.0 bapeisrael.com
0.0.0.0 bapejapanonline.com
0.0.0.0 bapelietuva.com
0.0.0.0 bapenederland.net
0.0.0.0 bapenorgeoutlet.com
0.0.0.0 bapeportugal.net
0.0.0.0 bapesuisse.com
0.0.0.0 bapewien.at
0.0.0.0 barbourpolska.com
0.0.0.0 barbourpolska.net
0.0.0.0 belenkafi.com
0.0.0.0 billabong-argentina.com
0.0.0.0 billabongcanada.net
0.0.0.0 billabongportugal.net
0.0.0.0 bocancilowa.com
0.0.0.0 botashunterargentina.com
0.0.0.0 botashuntermexico.com
0.0.0.0 botashuntermujer.com
0.0.0.0 bothunterturkiye.com
0.0.0.0 bottegavenetasuomi.com
0.0.0.0 botycaterpillar.cz
0.0.0.0 brooksrunningindonesia.com
0.0.0.0 brooksshoesuk.com
0.0.0.0 brookssuomioutlet.com
0.0.0.0 brookswyprzedaz.pl
0.0.0.0 carharttchile.net
0.0.0.0 carhartthungary.com
0.0.0.0 carharttlatvia.com
0.0.0.0 carharttsrbija.com
0.0.0.0 carharttsuisse.com
0.0.0.0 carharttuae.net
0.0.0.0 castanerromania.com
0.0.0.0 caterpillarbootscanada.net
0.0.0.0 caterpillarchaussure.net
0.0.0.0 cerabone.cz
0.0.0.0 championbelgique.com
0.0.0.0 championberlin.de
0.0.0.0 championclchile.com
0.0.0.0 championcolombia.net
0.0.0.0 championdanmark.com
0.0.0.0 championisrael.net
0.0.0.0 championjapan.net
0.0.0.0 championkuwait.net
0.0.0.0 championroma.it
0.0.0.0 championslovenija.com
0.0.0.0 championuksale.com
0.0.0.0 cizmesorel.com
0.0.0.0 clarksbuty.pl
0.0.0.0 clarksmontreal.net
0.0.0.0 clarksportugal.net
0.0.0.0 clarksscarpe.it
0.0.0.0 clarksshoesaustralia.net
0.0.0.0 clarksshoesnz.net
0.0.0.0 coccinellepolska.com
0.0.0.0 columbiashoesmalaysia.com
0.0.0.0 converse-chile.cl
0.0.0.0 converseinespana.com
0.0.0.0 conversekuwait.com
0.0.0.0 converseromestore.it
0.0.0.0 converseshoesmalaysia.com
0.0.0.0 conversesrbija.com
0.0.0.0 conversestoreperu.com
0.0.0.0 converseuk.com
0.0.0.0 conversezurich.net
0.0.0.0 convresesuomi.com
0.0.0.0 crocslietuva.com
0.0.0.0 crocsuruguay.net
0.0.0.0 crocswarszawa.pl
0.0.0.0 cycasturkey.com
0.0.0.0 dannerbootsfrance.net
0.0.0.0 dannerbootsromania.com
0.0.0.0 dannerwandelschoen.com
0.0.0.0 dc-shoesperu.com
0.0.0.0 demoniabootscanada.com
0.0.0.0 demoniabootsireland.com
0.0.0.0 demoniabudapest.com
0.0.0.0 demoniajapan.com
0.0.0.0 demoniaportugal.com
0.0.0.0 demoniaromania.com
0.0.0.0 demoniashoesnorge.com
0.0.0.0 demoniastiefel.de
0.0.0.0 docsmartensfactoryoutlet.com
0.0.0.0 dopeargentina.net
0.0.0.0 dopechile.com
0.0.0.0 dopedanmark.com
0.0.0.0 dopeeesti.com
0.0.0.0 dopenorge.com
0.0.0.0 dopeportugal.net
0.0.0.0 dopesnownederland.com
0.0.0.0 dopesnowromania.com
0.0.0.0 drmartensbatai.com
0.0.0.0 drmartensbot.com
0.0.0.0 drmartensbotas.com
0.0.0.0 drmartensdamen.de
0.0.0.0 drmartensdublin.com
0.0.0.0 drmartenssalg.com
0.0.0.0 drmartensskroutz.com
0.0.0.0 eastpaklietuva.com
0.0.0.0 eccomontreal.com
0.0.0.0 eccorusland.com
0.0.0.0 eccoshoessaleaustralia.com
0.0.0.0 etniesshoesireland.com
0.0.0.0 fitflopparis.net
0.0.0.0 fitflopromania.com
0.0.0.0 footjoycanada.net
0.0.0.0 footjoygolfshoesuk.com
0.0.0.0 footjoyjapan.net
0.0.0.0 footjoyoutletmexico.com
0.0.0.0 footjoyshoesaustralia.com
0.0.0.0 fotbalovyfestival.cz
0.0.0.0 geoxargentina.net
0.0.0.0 geoxbelgique.com
0.0.0.0 geoxgreece.net
0.0.0.0 geoxisrael.com
0.0.0.0 geoxkuwait.com
0.0.0.0 geoxlatvija.com
0.0.0.0 geoxmexico.com
0.0.0.0 geoxnederland.net
0.0.0.0 geoxnorge.net
0.0.0.0 geoxportugaloutlet.com
0.0.0.0 geoxschweiz.com
0.0.0.0 geoxsouthafrica.com
0.0.0.0 geoxsrbija.com
0.0.0.0 geoxsuomi.com
0.0.0.0 geoxuk.com
0.0.0.0 geoxuruguay.com
0.0.0.0 groundiescanada.net
0.0.0.0 groundiesportugal.top
0.0.0.0 groundiesschoenennederland.com
0.0.0.0 guessfinland.com
0.0.0.0 gymsharkrea.com
0.0.0.0 gymsharksklep.pl
0.0.0.0 gymsharkstorejapan.net
0.0.0.0 hanwagoutletstore.com
0.0.0.0 hanwagshoesoutlet.com
0.0.0.0 hellyhansenargentina.net
0.0.0.0 hellyhansenaustralia.net
0.0.0.0 hellyhansencanada.com
0.0.0.0 hellyhansenchile.com
0.0.0.0 hellyhansencolombia.com
0.0.0.0 hellyhanseneesti.com
0.0.0.0 hellyhansengreece.com
0.0.0.0 hellyhansenhrvatska.net
0.0.0.0 hellyhansenhungary.com
0.0.0.0 hellyhansenireland.com
0.0.0.0 hellyhansenjapan.com
0.0.0.0 hellyhansenkuwait.com
0.0.0.0 hellyhansenlatvija.com
0.0.0.0 hellyhansenmexico.com
0.0.0.0 hellyhansennederland.com
0.0.0.0 hellyhansennorge.net
0.0.0.0 hellyhansenparis.net
0.0.0.0 hellyhansenromania.net
0.0.0.0 hellyhansenschweiz.com
0.0.0.0 hellyhansenuk.com
0.0.0.0 hellyhansenuruguay.com
0.0.0.0 hellyhansenwarszawa.pl
0.0.0.0 hokaoutletparis.com
0.0.0.0 hokarunnershungary.com
0.0.0.0 hoka-soldes.fr
0.0.0.0 hokastoreportugal.com
0.0.0.0 hummelchile.com
0.0.0.0 hunterbootscanada.com
0.0.0.0 hunterbootsdublin.com
0.0.0.0 hunterbootsjapan.com
0.0.0.0 hunterbootsnz.com
0.0.0.0 hunterbootsschweiz.net
0.0.0.0 hunterfinland.com
0.0.0.0 huntergumbootsaustralia.com
0.0.0.0 hunterregenlaarzen.com
0.0.0.0 inov8boty.cz
0.0.0.0 johannisstein.eu
0.0.0.0 jomajp.com
0.0.0.0 joyaperuventa.com
0.0.0.0 joyaromania.com
0.0.0.0 joyaschoenen.com
0.0.0.0 joyaschuhedeutschland.com
0.0.0.0 joyashoeskuwait.com
0.0.0.0 joyaskonorge.com
0.0.0.0 joyaskorstockholm.com
0.0.0.0 kaloszehunter.com
0.0.0.0 karenmillenslovensko.sk
0.0.0.0 karhuskor.com
0.0.0.0 karhusneakersnorge.net
0.0.0.0 kedscanada.net
0.0.0.0 kedspt.com
0.0.0.0 kiplingfrance.com
0.0.0.0 lasportivabootsnz.com
0.0.0.0 lasportivaclimbingshoescanada.com
0.0.0.0 lasportivaklatresko.com
0.0.0.0 lasportivawanderschuhe.de
0.0.0.0 lecoqsportifparis.fr
0.0.0.0 liujoukshop.com
0.0.0.0 loakedanmarkshop.com
0.0.0.0 longchampbucharest.com
0.0.0.0 lottoargentina.net
0.0.0.0 lottoaustralia.org
0.0.0.0 lottobelgium.net
0.0.0.0 lottobulgaria.org
0.0.0.0 lottocolombia.net
0.0.0.0 lottodanmark.net
0.0.0.0 lottofrankfurt.de
0.0.0.0 lottoireland.net
0.0.0.0 lottokuwait.org
0.0.0.0 lottolithuania.org
0.0.0.0 lottomexico.org
0.0.0.0 lottonorway.net
0.0.0.0 lottoportugal.net
0.0.0.0 lottoserbia.org
0.0.0.0 lottoslovakia.sk
0.0.0.0 lottosouthafrica.net
0.0.0.0 lottosuomi.net
0.0.0.0 lottoturkey.org
0.0.0.0 lottouruguay.net
0.0.0.0 louboutin-polska.com
0.0.0.0 lowaapavi.com
0.0.0.0 lowabootsaustralia.net
0.0.0.0 lowabootsmexico.com
0.0.0.0 lowaisrael.net
0.0.0.0 lululemonportugal.net
0.0.0.0 lululemonsale.de
0.0.0.0 mackagedenmark.com
0.0.0.0 mackagefemmeparis.com
0.0.0.0 mackageireland.com
0.0.0.0 mackageschweiz.com
0.0.0.0 magasinhokabelgique.com
0.0.0.0 merrellbarbati.com
0.0.0.0 merrellsandaalit.com
0.0.0.0 merrellsklepy.pl
0.0.0.0 michaelkorsargentina.net
0.0.0.0 michaelkorsberlin.de
0.0.0.0 michaelkorsgreece.net
0.0.0.0 michaelkorslatvia.com
0.0.0.0 michaelkorssuisse.net
0.0.0.0 michaelkorsuruguay.net
0.0.0.0 michaelkorswarszawa.pl
0.0.0.0 mizunoonsaleuk.com
0.0.0.0 mizunosaleportugal.com
0.0.0.0 mlbhungary.com
0.0.0.0 muckbootsnl.com
0.0.0.0 muckbootsosterreich.at
0.0.0.0 muckbootsoutletstore.de
0.0.0.0 nadejbaletu.sk
0.0.0.0 nauticaromania.com
0.0.0.0 nauticaukwebsite.com
0.0.0.0 nobullbelgie.net
0.0.0.0 nobullcanadasale.com
0.0.0.0 nobullcrossfitoutlet.net
0.0.0.0 nobulldeutschland.de
0.0.0.0 nobullgreece.net
0.0.0.0 nobullprojectireland.net
0.0.0.0 nobullprojectmexico.com
0.0.0.0 nobullsrbija.com
0.0.0.0 norronabunda.sk
0.0.0.0 ohpollyportugal.com
0.0.0.0 olukai-france.fr
0.0.0.0 osirisfootwearmexico.com
0.0.0.0 osirisuk.com
0.0.0.0 palladiumfi.me
0.0.0.0 panamajack-france.fr
0.0.0.0 panamajackonline.sk
0.0.0.0 panamajackschweiz.net
0.0.0.0 pandorajapan.net
0.0.0.0 pandorakorut.com
0.0.0.0 pandoraportugal.com
0.0.0.0 pandoraringsuk.com
0.0.0.0 patagoniapolskasklep.pl
0.0.0.0 pitviperbril.com
0.0.0.0 pitviperbriller.com
0.0.0.0 pitvipergafas.com
0.0.0.0 pitviperjapan.com
0.0.0.0 pitviperoculos.com
0.0.0.0 pitvipersunglassesnz.com
0.0.0.0 pleaserchaussure.com
0.0.0.0 pleaserchaussures.com
0.0.0.0 pleaserheelscanada.com
0.0.0.0 procuradoresnavas.com
0.0.0.0 quaygreece.net
0.0.0.0 quayocchiali.it
0.0.0.0 quayonline.net
0.0.0.0 quayoutlet.com
0.0.0.0 quayparis.com
0.0.0.0 quaysouthafrica.net
0.0.0.0 quaysstore.com
0.0.0.0 quaysuomeksi.com
0.0.0.0 rabdanmark.net
0.0.0.0 rabhungary.com
0.0.0.0 rabonline.net
0.0.0.0 rabparis.fr
0.0.0.0 rabromania.net
0.0.0.0 rabsrbija.net
0.0.0.0 raybanslovensko.sk
0.0.0.0 redwingoslo.com
0.0.0.0 reebokaustralia.com
0.0.0.0 rockportbootsireland.com
0.0.0.0 rockportjapan.com
0.0.0.0 rockportmontreal.com
0.0.0.0 rockportnz.com
0.0.0.0 rockportontario.com
0.0.0.0 rockportoutletortugal.com
0.0.0.0 rockportschoenen.com
0.0.0.0 rockportshoesmexico.com
0.0.0.0 rockporttr.com
0.0.0.0 rockportzapatos.com
0.0.0.0 russellandbromleynorge.net
0.0.0.0 russellnbromleycanada.com
0.0.0.0 rvcajapan.net
0.0.0.0 ryderwearjapan.com
0.0.0.0 ryderwearjapann.com
0.0.0.0 safenordicsolutions.com
0.0.0.0 saintjamesireland.com
0.0.0.0 salmingchile.com
0.0.0.0 salmingcolombia.com
0.0.0.0 salmingslovenija.com
0.0.0.0 salomonenucuz.com
0.0.0.0 salomonfinlandoutlet.com
0.0.0.0 salomongermany.de
0.0.0.0 salomonpraha.com
0.0.0.0 salomonshoesbulgaria.com
0.0.0.0 salomonstoreuae.com
0.0.0.0 sanukdublin.com
0.0.0.0 sanukflipflops.de
0.0.0.0 sanuknz.com
0.0.0.0 sanuksalecanada.com
0.0.0.0 sanukschoenen.com
0.0.0.0 scarpejoya.com
0.0.0.0 scarpelowa.it
0.0.0.0 sebagoantwerpen.com
0.0.0.0 sebagobruxelles.com
0.0.0.0 sebagodeckshoesireland.com
0.0.0.0 sebagojapan.net
0.0.0.0 sebagosaat.com
0.0.0.0 sebagoschoenen.com
0.0.0.0 sebagoshoesgreece.com
0.0.0.0 sebagozapatos.com
0.0.0.0 solovairargentina.com
0.0.0.0 solovairbelgique.com
0.0.0.0 solovairbelgium.net
0.0.0.0 solovairbrasil.com
0.0.0.0 solovaircanada.net
0.0.0.0 solovairchile.net
0.0.0.0 solovairgreece.net
0.0.0.0 solovairhrvatska.net
0.0.0.0 solovairschweiz.net
0.0.0.0 solovairshop.com
0.0.0.0 solovairslovenija.net
0.0.0.0 solovairsuomi.net
0.0.0.0 sorelschoenen.com
0.0.0.0 sorelschweiz.com
0.0.0.0 stevamaddenpl.com
0.0.0.0 stoneislandjapan.com
0.0.0.0 stoneislandlietuva.com
0.0.0.0 stoneislandsuisse.com
0.0.0.0 stoneislandsuomi.org
0.0.0.0 stussygreece.com
0.0.0.0 stussy-italia.com
0.0.0.0 suprainsuomi.com
0.0.0.0 suprashoescanada.com
0.0.0.0 tedbakereesti.com
0.0.0.0 tedbakerireland.net
0.0.0.0 tenisiconverseromania.ro
0.0.0.0 teniskyunderarmour.sk
0.0.0.0 teva-cz.com
0.0.0.0 tevaforhandler.com
0.0.0.0 teva-polska.com
0.0.0.0 thursdaycanada.com
0.0.0.0 tiendasairjordanmexico.com
0.0.0.0 tiffanyturkiye.com.tr
0.0.0.0 timberlandmontreal.net
0.0.0.0 tomfordsuomi.com
0.0.0.0 tommyhilfigerbunda.sk
0.0.0.0 tommyhilfigerdublin.com
0.0.0.0 tommyhilfigerjakke.com
0.0.0.0 tommyhilfigerjakne.com
0.0.0.0 tommyhilfigeronlinecanada.com
0.0.0.0 tommyhilfigeroutletargentina.com
0.0.0.0 tommyhilfigeroutletnz.com
0.0.0.0 tommyhilfigeroutletportugal.com
0.0.0.0 tommyhilfigerpatike.com
0.0.0.0 tommyhilfigerquebec.net
0.0.0.0 tommyhilfigersko.com
0.0.0.0 tomsjapan.net
0.0.0.0 tomsjapanoutlet.com
0.0.0.0 underarmourchaussures.net
0.0.0.0 underarmouroslo.com
0.0.0.0 underarmourskroutz.com
0.0.0.0 underarmourtrainersuk.com
0.0.0.0 undervon.com
0.0.0.0 vansdames.com
0.0.0.0 vansforsaleuk.net
0.0.0.0 vansindonesiastore.com
0.0.0.0 vansschoenenbelgie.com
0.0.0.0 vansshoesksa.com
0.0.0.0 vanstenisice.com
0.0.0.0 veja.com.gr
0.0.0.0 vejabelgium.com
0.0.0.0 vejabrasil.net
0.0.0.0 vejanorge.com
0.0.0.0 vejaoutlet.net
0.0.0.0 vejashoes.cz
0.0.0.0 vejaslovenia.com
0.0.0.0 vejazapatoscolombia.net
0.0.0.0 vessibelgium.com
0.0.0.0 vessijapan.net
0.0.0.0 vessischoenen.com
0.0.0.0 vibram-es.com
0.0.0.0 viking-cnc.com
0.0.0.0 viking-solutions.com
0.0.0.0 vionicmexico.com
0.0.0.0 vivaiabuty.pl
0.0.0.0 vivobarefootbrasil.net
0.0.0.0 vivobarefootslovenia.com
0.0.0.0 xerobarefoot.sk
0.0.0.0 xerofootwearuk.com
0.0.0.0 xeroshoesaustralia.com
0.0.0.0 xeroshoesnz.com
0.0.0.0 xn--aloyogamnchen-3ob.de
0.0.0.0 xn--asolokengt-y5a.com
0.0.0.0 xn--axelarigatokbenhavn-67b.com
0.0.0.0 xn--bapeespaa-s6a.com
0.0.0.0 xn--billabongtrkiye-8vb.com
0.0.0.0 xn--carharttespaa-tkb.com
0.0.0.0 xn--clarksespaa-beb.com
0.0.0.0 xn--clarkszrich-zhb.com
0.0.0.0 xn--dopeespaa-s6a.com
0.0.0.0 xn--dopetrkiye-eeb.com
0.0.0.0 xn--hellyhansenbelgi-prb.com
0.0.0.0 xn--hellyhansenespaa-lub.com
0.0.0.0 xn--hellyhansenper-yrb.com
0.0.0.0 xn--hellyhansentrkiye-e3b.com
0.0.0.0 xn--huntergummistvler-d1b.com
0.0.0.0 xn--hunterstvler-2jb.com
0.0.0.0 xn--joyaespaa-s6a.com
0.0.0.0 xn--norronatrkiye-3ob.com
0.0.0.0 xn--solovairmxico-jhb.com
0.0.0.0 xn--vejazrich-u9a.com
0.0.0.0 yeezybelgique.com
0.0.0.0 yeezyireland.com
0.0.0.0 yeezyisrael.com
0.0.0.0 yeezyuksale.com
0.0.0.0 yeti-southafrica.co.za
0.0.0.0 youngla-danmark.com
0.0.0.0 zapatillasunderarmourchile.com
0.0.0.0 zavettiireland.com
# https://github.com/hagezi/dns-blocklists/issues/2081
0.0.0.0 do0cd.com
0.0.0.0 doosd.pro
0.0.0.0 d0ood.com
# https://github.com/hagezi/dns-blocklists/issues/2178
0.0.0.0 guidesite.info
# https://github.com/hagezi/dns-blocklists/pull/2182
0.0.0.0 cashjuice.com
0.0.0.0 esigningapp.com
0.0.0.0 fastloanassist.com
0.0.0.0 myrequestresults.com
0.0.0.0 myresources-join.resourcesify.com
0.0.0.0 taxreturnoptions.com
0.0.0.0 247lendinggroup.com
0.0.0.0 theconsumerhq.com
0.0.0.0 banktoday.de
0.0.0.0 secureexpressrequest.com
0.0.0.0 cashusa.com
0.0.0.0 choicecreditrepair.life
0.0.0.0 swagbucks.com
0.0.0.0 grantsreach.com
# https://github.com/hagezi/dns-blocklists/issues/2228
0.0.0.0 z-lib.id
# https://www.reddit.com/r/Scams/comments/1bfbq5e/emf_neutralizer_is_this_actually_a_thing/
# https://youtube.com/watch?v=EgvdvfOvdJs
# https://youtube.com/watch?v=VmFzPALkFyo
# https://www.bbc.com/news/technology-55613452
# https://www.usatoday.com/story/news/factcheck/2020/07/12/fact-check-anti-radiation-shields-do-not-protect-against-emf-emission/5349018002/
0.0.0.0 energydots.com
# https://github.com/durablenapkin/scamblocklist/issues/80
0.0.0.0 produktretter.com
0.0.0.0 gratis-eltern-produkttests.com
0.0.0.0 produkttest-anmeldung.com
0.0.0.0 produkttester-werden.org
0.0.0.0 ruecksendungen-gratis.com
# https://github.com/RPiList/specials/issues/1515
# https://tria.ge/240320-23k12aef2v/behavioral1
0.0.0.0 iioddoy.shop
0.0.0.0 shop.iioddoy.shop
0.0.0.0 baodan.xyz
0.0.0.0 img.baodan.xyz
# https://tria.ge/240320-3qqanaec82/behavioral1
0.0.0.0 ixlcrg.shop
0.0.0.0 shop.ixlcrg.shop
0.0.0.0 img.gagabao216.com
# https://tria.ge/240321-aqql7sfb49/behavioral1
0.0.0.0 ffuoouw.shop
0.0.0.0 shop.ffuoouw.shop
# https://tria.ge/240321-a55dxagg71/behavioral1
0.0.0.0 nnsnnqn.shop
0.0.0.0 shop.nnsnnqn.shop
# https://tria.ge/240321-babc1sgh7v/behavioral1
0.0.0.0 rrmuumm.shop
0.0.0.0 shop.rrmuumm.shop
# https://github.com/jarelllama/Scam-Blocklist/issues/265
0.0.0.0 luizeva.com
0.0.0.0 prostargift.com
0.0.0.0 quirkleaf.com
# https://github.com/jarelllama/Scam-Blocklist/issues/264
0.0.0.0 hft-fyfc.com
0.0.0.0 sanexer.com
# https://infosec.exchange/@iampytest1/112203822803380750
0.0.0.0 vipbargainhub.com
# https://github.com/jarelllama/Scam-Blocklist/issues/277
# https://dfpi.ca.gov/2024/03/25/fraudulent-bank-website-scam/
# my analysis: https://tria.ge/240404-xlg6laga74/behavioral1
# https://infosec.exchange/@iampytest1/112214528899229692
0.0.0.0 americasfirstnationalbank.com
0.0.0.0 beachcitiescommercialbank.com.americasfirstnationalbank.com
0.0.0.0 www.beachcitiescommercialbank.com.americasfirstnationalbank.com
# https://tria.ge/240408-bf8kpscb83/behavioral1
0.0.0.0 spacex-invest.org
# https://github.com/jarelllama/Scam-Blocklist/issues/289
0.0.0.0 xcorepips.com
# https://tria.ge/240410-31s5ashh6w/behavioral1
0.0.0.0 x2-invest.com
# https://tria.ge/240411-xhwjtahh93/behavioral1
0.0.0.0 gettechreward.com
# https://tria.ge/240411-1jkqgsdh25/behavioral1
0.0.0.0 gamersahead.com
# https://tria.ge/240412-3nkbmagd63/behavioral1
0.0.0.0 hngfck.com
# https://tria.ge/240413-apvvjagg78/behavioral1
0.0.0.0 mailtknnews.com
0.0.0.0 t.mailtknnews.com
0.0.0.0 russiagirlsonline.com
0.0.0.0 www.russiagirlsonline.com
0.0.0.0 charmdate.com
0.0.0.0 www.charmdate.com
# owned by the same company, see also https://infosec.exchange/@iampytest1/113074397683569302
0.0.0.0 latamdate.com
0.0.0.0 asiame.com
0.0.0.0 chnlove.com
0.0.0.0 idateasia.com
0.0.0.0 charmlive.com
# https://github.com/hagezi/dns-blocklists/issues/2512
0.0.0.0 singingfiles.com
# https://github.com/hagezi/dns-blocklists/issues/2607
0.0.0.0 93mobiles.com
# spam email
# https://tria.ge/240511-qjc1jacc79/behavioral1
0.0.0.0 serenespring.info
0.0.0.0 onlyfwb.com
0.0.0.0 email.mg.onlyfwb.com
# https://www.bleepingcomputer.com/news/security/microsoft-indias-x-account-hijacked-in-roaring-kitty-crypto-scam-to-push-wallet-drainers/
0.0.0.0 presaie-roaringkitty.com
# https://github.com/hagezi/dns-blocklists/issues/2889
0.0.0.0 sweet-bonanza-demo.gr
0.0.0.0 hfr67jhqrw8.com
0.0.0.0 tbao684tryo.com
0.0.0.0 5wzgtq8dpk.com
0.0.0.0 65spy7rgcu.com
# https://github.com/yokoffing/filterlists/issues/147
0.0.0.0 service-rundfunkbeitrag.de
# spam email -> https://tria.ge/240621-y6rffa1cqe/behavioral1
0.0.0.0 dateflng.com
0.0.0.0 bgigdga.dateflng.com
# https://infosec.exchange/@iampytest1/112973906679266779
0.0.0.0 shag2night.com
# spam email -> https://tria.ge/240621-1m4yjawemm/behavioral1
0.0.0.0 findrussiabrides.com
0.0.0.0 www.findrussiabrides.com
# spam email -> https://tria.ge/240622-stxtssserh/behavioral1
0.0.0.0 emb-race.info
0.0.0.0 clublov.com
# https://tria.ge/240622-wypwjaybpc/behavioral1
0.0.0.0 datingdealshub.com
0.0.0.0 www.datingdealshub.com
0.0.0.0 mydirtyneighbour.com
0.0.0.0 www.mydirtyneighbour.com
# scam email
0.0.0.0 bestflirt.fun
# https://github.com/hagezi/dns-blocklists/issues/2999
0.0.0.0 elonweb.org
# https://github.com/hagezi/dns-blocklists/issues/3005
0.0.0.0 dinp2rm.suitablepartner.life
0.0.0.0 pornkaf.net
0.0.0.0 netfucks1.com
0.0.0.0 yoursecrethookup.com
0.0.0.0 brttre.com
0.0.0.0 byestar.com
0.0.0.0 olosex.pics
# https://tria.ge/240702-1356jascqh/behavioral1
0.0.0.0 adult-gfriend.click
0.0.0.0 yourlocaldate.com
# https://github.com/hagezi/dns-blocklists/issues/3068
0.0.0.0 getwavemax.com
# https://github.com/hagezi/dns-blocklists/pull/3083
0.0.0.0 usonkd.com
# https://github.com/hagezi/dns-blocklists/issues/3174
0.0.0.0 sakuradate.com
0.0.0.0 amorpulse.com
0.0.0.0 datempire.com
# https://tria.ge/240729-3cx4cazgpf/behavioral1
0.0.0.0 breasts-rule.info
0.0.0.0 hotmatchlyi.com
0.0.0.0 yourexclusiveoffers.com
0.0.0.0 clubforsingles.com
0.0.0.0 /ow_static/themes/flirt_clubforsingles/images
0.0.0.0 cupidaffairs.com
0.0.0.0 www.cupidaffairs.com
0.0.0.0 sttc.cupidaffairs.com
# https://github.com/hagezi/dns-blocklists/issues/3312
# not my analysis: https://any.run/report/c89740ba0467ed00c1ce3346f1455ed28c02b3b9cd11f7b338822b9f7e0e2a53/ad056e7a-e353-464f-a1ad-1fb2ca7d2ffb
# my analysis: https://tria.ge/240731-137pcs1bqf/behavioral1
0.0.0.0 threejplating.com
0.0.0.0 www.threejplating.com
# https://tria.ge/240807-1z6mwsycpc/behavioral1
0.0.0.0 alfagear.info
0.0.0.0 nightfordates.com
0.0.0.0 luckyfling.com
0.0.0.0 flirtingplaza.com
# handles payments
0.0.0.0 knupx.com
0.0.0.0 echty.com
# https://tria.ge/240811-xsj9jatbrm
0.0.0.0 jungefrau.eu
# https://tria.ge/240811-x13qvatepm/behavioral1
0.0.0.0 mynemesis.live
# https://github.com/hagezi/dns-blocklists/issues/3458https://github.com/hagezi/dns-blocklists/issues/3458
0.0.0.0 exclusivebuyz4uu.shop
# https://github.com/hagezi/dns-blocklists/issues/3473
0.0.0.0 reviewgiftfb.com
0.0.0.0 ddcad3.reviewgiftfb.com
# https://tria.ge/240824-plfnrs1gqp/behavioral1
0.0.0.0 dollscumnow.eu
# https://tria.ge/240824-pmgx8azdkd/behavioral1
0.0.0.0 englishlang.life
# https://tria.ge/240824-pm3jxszdnd/behavioral1
0.0.0.0 wistfulether.info
0.0.0.0 invitingmilfsn2.com
# https://tria.ge/240824-ppg11azelg/behavioral1
0.0.0.0 dark-silence.info
# https://tria.ge/240824-qh9ywatdlq/behavioral1
0.0.0.0 devoutdiscip.info
# https://tria.ge/240824-qj7j5s1hqh/behavioral1
0.0.0.0 unsealedbag.info
# https://tria.ge/240824-qkt1fasaka/behavioral1
0.0.0.0 eerieabyss.info
0.0.0.0 lewdcracker93m.com
# https://tria.ge/240824-qv7dhsthrm/behavioral1
0.0.0.0 ar-dent.info
# https://tria.ge/240824-qxmrwsseqb/behavioral1
0.0.0.0 flirttuorist.info
# https://tria.ge/240824-v65raa1frh/behavioral1
0.0.0.0 niightfall.info
# https://tria.ge/240824-wfvn3atfpl/behavioral1
0.0.0.0 change-harlot.life
# https://tria.ge/240824-wh97jathjm/behavioral1
0.0.0.0 virtucams.life
# inspired by https://github.com/ThioJoe/YT-Spammer-Purge/issues/1138
# https://github.com/hagezi/dns-blocklists/issues/3565
0.0.0.0 snapbabes9.com
0.0.0.0 singleflirt.com
0.0.0.0 unlimdate.com
0.0.0.0 charmfling.com
0.0.0.0 exosrw.com
0.0.0.0 bestdates.com
# https://tria.ge/240829-zacg3s1gpm/behavioral1
# https://tria.ge/240829-1d2f2sseme/behavioral1
0.0.0.0 qpow89xji.com
0.0.0.0 www.qpow89xji.com
0.0.0.0 datingunlimitedtoday.com
0.0.0.0 www.datingunlimitedtoday.com
# https://github.com/hagezi/dns-blocklists/issues/3608
0.0.0.0 awesomedealsfinder.com
0.0.0.0 www.awesomedealsfinder.com
0.0.0.0 rtrcr52.com
0.0.0.0 fromstartertofinisher.com
0.0.0.0 www.fromstartertofinisher.com
0.0.0.0 firmsecurejump.com
0.0.0.0 42h.firmsecurejump.com
# https://tria.ge/240903-nrb24awhrb/behavioral1
0.0.0.0 wooqi.win
0.0.0.0 tds.wooqi.win
0.0.0.0 milfsaround.com
0.0.0.0 join.milfsaround.com
0.0.0.0 cdn.milfsaround.com
0.0.0.0 salbories-symphemes.com
0.0.0.0 chemiclk.com
0.0.0.0 chaludistrecret.com
0.0.0.0 chatnotifier.com
0.0.0.0 16hl07csd16.nl
0.0.0.0 discreethookups.co.uk
0.0.0.0 22mlf09mds22.com
# https://tria.ge/240907-sbn4ya1fke/behavioral1
0.0.0.0 n5n.relationsbuddy.com
0.0.0.0 montlusa.top
0.0.0.0 ortb.montlusa.top
0.0.0.0 track-victoriadates.com
0.0.0.0 zephyrlabsora.com
0.0.0.0 datehaven.world
# several identical spam emails sent to a honeypot
# https://tria.ge/240908-rs4qaa1bqp/behavioral1
0.0.0.0 aeriview.life
# https://tria.ge/240908-r3nf2stfph/behavioral1
0.0.0.0 oncemanboy.live
# no sandbox
0.0.0.0 batrevrig.info
0.0.0.0 vowpairmax.live
0.0.0.0 impfehut.live
# https://tria.ge/240908-r6svyathjh/behavioral1
0.0.0.0 hfa.hookupsconnect.com
0.0.0.0 info-extremechat.com
0.0.0.0 promo.info-extremechat.com
0.0.0.0 promo3.info-extremechat.com
# https://tria.ge/240908-s5knlstgjp/behavioral1
0.0.0.0 uhe.fitflirts.com
0.0.0.0 testars-consin.icu
0.0.0.0 flirten.com
# https://tria.ge/240908-s8jwgswhme/behavioral1
0.0.0.0 pt0.flirtyconnection.com
# https://tria.ge/240908-tb2wgavbmp/behavioral1
0.0.0.0 tiamo.life
# twitter/x spam
0.0.0.0 jennajoslyn.ru.com
# https://www.bleepingcomputer.com/news/security/sextortion-scam-now-use-your-cheating-spouses-name-as-a-lure/
0.0.0.0 3bigs.com
0.0.0.0 savkar.ai
# https://tria.ge/240912-bqh3sstele/behavioral1
0.0.0.0 dgm.cloudflirts.com
0.0.0.0 findneighboursonline.com
0.0.0.0 uk.findneighboursonline.com
0.0.0.0 onlyshagplace.com
# typical push notification scam ("allow notifications to prove you are human")
0.0.0.0 tempmail.com
0.0.0.0 clunen.com
0.0.0.0 deviceconnectnetwork.co.in
0.0.0.0 crjf500hubcc73cogkng.deviceconnectnetwork.co.in
# https://github.com/hagezi/dns-blocklists/issues/3804
0.0.0.0 officialconbase.schtwalter.xyz
0.0.0.0 freebitcoin.pages.dev
# https://tria.ge/240927-2emjysvgja/behavioral1
0.0.0.0 suc.directaffair.com
# https://tria.ge/240927-2hvdzatanl/behavioral1
0.0.0.0 foxysociety.com
0.0.0.0 ogl.foxysociety.com
0.0.0.0 dirtyzone.com
# once dairy shop (shutdown in 2022 due to staffing issues), now porn scam... their socials still point to this
0.0.0.0 liegeanddairy.com
0.0.0.0 loveaholics.com
# spam GitHub discussions thread -> https://tria.ge/241003-ntd98sxdkr/behavioral1
0.0.0.0 seriedfilm.com
0.0.0.0 regarder.seriedfilm.com
0.0.0.0 sundaydiscounts.lat
0.0.0.0 paperartcard.com
# https://tria.ge/241003-n7c94axejr/behavioral1
0.0.0.0 goshopgadget.com
# https://tria.ge/241003-2ns34avalb/behavioral1
0.0.0.0 lwyn.theconversionsguru.com
0.0.0.0 deals4you.click
0.0.0.0 toysfunzone.com
# https://tria.ge/241004-ar4kfsvcmk/behavioral1
0.0.0.0 fabulousitem.com
# https://tria.ge/241010-zfyx9s1dql/behavioral1
0.0.0.0 mzb.flylocals.com
0.0.0.0 ukflirtzone.com
# owned by same company/other front companies (see also the entry for usabangpalace[.]com)
0.0.0.0 onlineromanceusa.com
0.0.0.0 forumofsecrets.com
0.0.0.0 forumofdesires.com
0.0.0.0 lustycanadians.com
0.0.0.0 onlybangbook.com
0.0.0.0 textorsext.com
0.0.0.0 fuckbuds.com
0.0.0.0 maturedates.com
0.0.0.0 fmn.network
0.0.0.0 slagnextdoor.com
0.0.0.0 sextingbook.com
0.0.0.0 shagslags.com
0.0.0.0 streetslagsuk.com
0.0.0.0 unitedflirtingstates.com
0.0.0.0 localsextingsluts.com
0.0.0.0 bookofsext.com
0.0.0.0 aussiebangclub.com
0.0.0.0 flirtyslapper.com
0.0.0.0 swipesecrets.com
0.0.0.0 foxymatures.com
0.0.0.0 ozziebang.com
0.0.0.0 shagsexts.com
0.0.0.0 sluzzanextdoor.com
0.0.0.0 slagplace.com
0.0.0.0 chavsgowild.com
0.0.0.0 regionbang.com
0.0.0.0 fetishmodelnetwork.com
0.0.0.0 feetondemand.com
0.0.0.0 feetpov.com
0.0.0.0 footfetishcardates.com
0.0.0.0 goddessfootdomination.com
0.0.0.0 goddessfootworship.com
0.0.0.0 goddessfootjobs.com
0.0.0.0 jerktomyfeet.com
0.0.0.0 footfetishpetite.com
0.0.0.0 imenacarlisle.com
0.0.0.0 officialmiax.com
0.0.0.0 kylierosefetish.com
0.0.0.0 fetishcustoms.com
0.0.0.0 onlymatchcity.com
0.0.0.0 fabucams.com
0.0.0.0 shybuds.com
# https://infosec.exchange/@iampytest1/113302551493884986
# https://github.com/DandelionSprout/adfilt/discussions/932#discussioncomment-10930948
0.0.0.0 paradismatch.com
# found by Imre
0.0.0.0 bigonyou.com
0.0.0.0 chattrummet.com
0.0.0.0 datingcashexperts.com
0.0.0.0 dejtingpalatset.com
0.0.0.0 dejtingrummet.com
0.0.0.0 dinnyevenn.com
0.0.0.0 ensamkontakt.com
0.0.0.0 finnenelsker.com
0.0.0.0 flingtalk.com
0.0.0.0 flirtseason.com
0.0.0.0 hemlighetsportalen.com
0.0.0.0 katesingler.com
0.0.0.0 lekendating.com
0.0.0.0 leklust.com
0.0.0.0 meetupz.app
0.0.0.0 myfuckfriends.com
0.0.0.0 mynextcrush.com
0.0.0.0 noenlikerdeg.com
0.0.0.0 norskchathub.com
0.0.0.0 noticetick.com
0.0.0.0 romancestarter.com
0.0.0.0 seksuelllyst.com
0.0.0.0 singelflirten.com
0.0.0.0 singelkontakt.com
0.0.0.0 singelogklar.com
0.0.0.0 singelplatsen.com
0.0.0.0 talknotice.com
0.0.0.0 treffraskt.com
0.0.0.0 vennlighallo.com
# owned by the same companies as above
0.0.0.0 aussieflings.com
0.0.0.0 flingmatches.com
0.0.0.0 naughtyfriendships.com
0.0.0.0 flirtyfindings.com
0.0.0.0 mail.213-5-71-141.cprapid.com
0.0.0.0 getaffairs.com
0.0.0.0 mysexychats.com
0.0.0.0 fuckmatches.com
# https://github.com/hagezi/dns-blocklists/issues/3944
0.0.0.0 info-animals.com
# https://tria.ge/241011-rdzssawcqa/behavioral1
0.0.0.0 opdomaines.space
0.0.0.0 softicoapps.com
# YouTube video titled "roblox mod menu - download app roblox mod menu in 2024 mediafire link - roblox mod apk" -> https://tria.ge/241018-nrgycaxdql/behavioral1
0.0.0.0 bbobb.net
0.0.0.0 download.bbobb.net
0.0.0.0 flamefolder.com
0.0.0.0 earnyourswag.com
0.0.0.0 uk.earnyourswag.com
0.0.0.0 j.promotionsonlineusa.com
# https://github.com/hagezi/dns-blocklists/issues/4035
0.0.0.0 containably.com
# other similar sites
0.0.0.0 lefttic.com
0.0.0.0 oramarian.com
0.0.0.0 equiward.com
0.0.0.0 termarian.com
0.0.0.0 quirize.com
0.0.0.0 diuntilard.com
0.0.0.0 exouous.com
0.0.0.0 arculike.com
# CDN for these scam sites?
0.0.0.0 static.bbcrossworld.com
# https://github.com/hagezi/dns-blocklists/issues/4223
# https://github.com/hagezi/dns-blocklists/issues/4802
0.0.0.0 atlaspvs.com
0.0.0.0 bisertravel.com.mk
0.0.0.0 blsindiavisa.kr
0.0.0.0 cibtvisas.com
0.0.0.0 covex.it
0.0.0.0 e-indianvisa.com
0.0.0.0 etaindiaonline.com
0.0.0.0 etaindia.org
0.0.0.0 e-touristvisa.com
0.0.0.0 etv-in.com
0.0.0.0 evisa.express
0.0.0.0 e-visa.ie
0.0.0.0 e-visaindia.com
0.0.0.0 evisaindia.com
0.0.0.0 evisa-indian.com
0.0.0.0 e-visaindiaonline.com
0.0.0.0 evisa-india-online.com
0.0.0.0 evisaindiaonline.org
0.0.0.0 evisaindia.org
0.0.0.0 evisatoindia.org
0.0.0.0 e-visums.nl
0.0.0.0 globalvisacorp.com
0.0.0.0 goindiavisa.com
0.0.0.0 indiaeta.com
0.0.0.0 india.evisa-agency.com
0.0.0.0 india-e-visa.com
0.0.0.0 indiae-visa.com
0.0.0.0 indiaevisaservice.com
0.0.0.0 indiaevisas.org
0.0.0.0 indiaimmigration.org
0.0.0.0 indianetouristvisacoin.wordpress.com
0.0.0.0 indian-e-visa.com
0.0.0.0 indian-evisa.com
0.0.0.0 indianevisaonline.com
0.0.0.0 indianimmigration.org
0.0.0.0 indianonlinevisas.org
0.0.0.0 indiantravelvisa.com
0.0.0.0 indianvisagov.com
0.0.0.0 indian-visa.in
0.0.0.0 indianvisa.online
0.0.0.0 indianvisaonlinegov.com
0.0.0.0 indian-visaonline.org
0.0.0.0 indianvisa-online.org
0.0.0.0 indianvisaonline.org
0.0.0.0 indianvisaservice.org.in
0.0.0.0 indiaonlinevisa.org
0.0.0.0 india.travisa.com
0.0.0.0 indiavisa.com
0.0.0.0 indiavisa.com.sg
0.0.0.0 indiavisa.co.uk
0.0.0.0 indiavisainfo.com
0.0.0.0 indiavisa.my
0.0.0.0 india-visa-online.com
0.0.0.0 india-visa-online.org
0.0.0.0 india-visaonline.org
0.0.0.0 indiavisa-online.org
0.0.0.0 indiavisaonline.org
0.0.0.0 indiavisa.org
0.0.0.0 india-visas.org
0.0.0.0 itseasy.com
0.0.0.0 ivisa.com
0.0.0.0 i-visaindia.com
0.0.0.0 jsdimmigration.com
0.0.0.0 jsdimmigrations.com
0.0.0.0 natvisa.com
0.0.0.0 online-eta.com
0.0.0.0 smvisa.co.il
0.0.0.0 touristvisaonline.com
0.0.0.0 traveldocs.com
0.0.0.0 travelexpress.us.com
0.0.0.0 travelvisabookings.com
0.0.0.0 travisa.com
0.0.0.0 visacentral.com
0.0.0.0 visadone.com
0.0.0.0 visafirst.com
0.0.0.0 visagov.com
0.0.0.0 visasimple.com
0.0.0.0 visa-to-india.com
0.0.0.0 visatoindia.org
0.0.0.0 visumbuitenland.nl
# https://www.trustpilot.com/review/paidwings.ag
# https://www.justanswer.co.uk/ireland-law/f3uhk-signed-dating-site-company-named-paidwings.html
0.0.0.0 uk-mums.com
# promoted by a fake version of the McAfee account - officialmcarfee
# https://tria.ge/250215-qd3n1a1pgk/behavioral1
0.0.0.0 8pm.simplymatches.com
0.0.0.0 info-mymilfs.com
0.0.0.0 promo.info-mymilfs.com
0.0.0.0 ad-extremesite.com
0.0.0.0 www.ad-extremesite.com
# owned by the same company
0.0.0.0 bbwdates24.com
# https://github.com/hagezi/dns-blocklists/issues/5534
0.0.0.0 certified-sale.com
# https://tria.ge/250327-rtesjstsbt/behavioral1
0.0.0.0 secretmatureaffair.com
0.0.0.0 flirtymoms.com
0.0.0.0 naughtymatureflirts.com
# from Yuki
# my analysis: https://tria.ge/250413-m75tnsvtax/behavioral1
0.0.0.0 qgxeqm.unfamiillardates.net
0.0.0.0 fuckfinder.com
0.0.0.0 www.fuckfinder.com
# same owner
0.0.0.0 fun-casualdate.com
# https://tria.ge/250602-zzvpysdr8w/behavioral1
0.0.0.0 bociti.click
0.0.0.0 flytomoon.online
0.0.0.0 ep2z.flytomoon.online
0.0.0.0 casualhookup.com
0.0.0.0 www.casualhookup.com
# https://github.com/hagezi/dns-blocklists/issues/6447
0.0.0.0 spinfortune.vip
# a family member was scammed by this company
# https://www.reddit.com/r/Flights/comments/1dcpbrl/discount_flight_website_scam_wwwfarehutzus/
# https://www.bbb.org/scamtracker/lookupscam?q=all%3Dfarehutz%26from%3D0
# https://scammer.info/t/farehutz-indian-travel-scammers-who-self-reported-to-scammer-info/170142
# https://www.scampulse.com/farehutz-reviews
# https://uk.trustpilot.com/review/farehutz.co.uk
# https://www.trustpilot.com/review/farehutz.us?stars=1
# https://www.trustpilot.com/review/farehutz.ca
0.0.0.0 farehutz.us
0.0.0.0 farehutz.ca
0.0.0.0 farehutz.co.uk
# also owned by the same company
# https://www.reddit.com/r/travel/comments/zygas2/any_experience_with_holidaydealzcom/
# https://www.reddit.com/r/travel/comments/1nvmh0i/is_holidaybreakz_a_scam/
# https://www.tiktok.com/@arsalonalderwood/video/7395080532641500458
# https://www.tripadvisor.com/ShowTopic-g1-i12334-k15116031-o20-Possible_Holiday_Scam-Holiday_Travel.html
# spam: https://web.archive.org/web/20231203215247/https://pcnflightwest.blogspot.com/2018/05/nwa-capt-larry-wade-morrison.html?showComment=1603277821646#c33024045163227171
# +1-844-414-9223 is the number of air1network.us and flyostudio.com 
# it is spammed all over the internet (i.e. https://www.scribd.com/document/665286995/1-844-414-9223-How-to-Book-a-Wheelchair-for-International-Flights-in-Turkish-Airlines), with titles like "How to request assistance on Turkish Airlines?" and "How Do I Select My Seat On British Airways?" - I found this complaint against this number (https://www.bbb.org/scamtracker/lookupscam/1075963)
# mastodon posts
# https://infosec.exchange/@iampytest1/115663214485049568
# https://infosec.exchange/@iampytest1/115673008851143479
# https://infosec.exchange/@iampytest1/115675508755253109
# https://infosec.exchange/@iampytest1/115679298019525586
# https://infosec.exchange/@iampytest1/115699009370293618
# https://infosec.exchange/@iampytest1/115699148601687231
# https://infosec.exchange/@iampytest1/115710085606959759
# https://infosec.exchange/@iampytest1/115710267139467948
# https://infosec.exchange/@iampytest1/115710280785788137
# https://infosec.exchange/@iampytest1/115775768872576946
# https://infosec.exchange/@iampytest1/115786882391564093
# https://infosec.exchange/@iampytest1/115786965604713239
# https://infosec.exchange/@iampytest1/115792755948568855
# https://infosec.exchange/@iampytest1/115806276757602191
# bluesky: https://bsky.app/profile/iam-py-test.bsky.social/post/3m7d3yste7222
0.0.0.0 skytravelfly.com
0.0.0.0 travodeals.us
0.0.0.0 travodeals.co.uk
0.0.0.0 travodeals.ca
0.0.0.0 holidayglobes.com
0.0.0.0 holidaybreakz.com
0.0.0.0 holidaybreakz.co.in
0.0.0.0 holidaybreakz.co.uk
0.0.0.0 holidaybreakz.ca
0.0.0.0 winktraveldeals.com
0.0.0.0 rawfares.com
0.0.0.0 fareslist.com
0.0.0.0 unocruise.com
0.0.0.0 air1network.us
0.0.0.0 flyostudio.com
0.0.0.0 airlinesupports.us
0.0.0.0 airlinesupports.co.uk
0.0.0.0 aircancellation.com
0.0.0.0 friendztravel.com
0.0.0.0 friendztravel.com.mx
0.0.0.0 friendztravel.ca
0.0.0.0 friendztravel.co.uk
0.0.0.0 skyfarefinder.co.uk
0.0.0.0 skyfarefinder.com
0.0.0.0 fareleaders.com
0.0.0.0 fareleaders.co.uk
0.0.0.0 farebuddies.com
0.0.0.0 fareoking.com
# spam profiles
0.0.0.0 aircancellation.website3.me
0.0.0.0 americanairlinescustomerservic.godaddysites.com
# see wiki\usa514k 1.png and wiki\usa514k 2.png in the repo for screenshots
# formally linked to archive[.]is but links removed due to the presence of malicious code on archive[.]is
# https://infosec.exchange/@iampytest1/115702574009471266
0.0.0.0 cikadron.co.in
0.0.0.0 virusscanner.cc
# spam email
# http://vp.nastydollz[.]wiki/?id=91b56efb-b877-4c25-aec4-0441e1a2154c&u=155&t=YmVuY2FydDkwMDFAcHJvdG9uLm1l
# https://hybrid-analysis.com/sample/3c60143510cb918ba7a45995c6b9d21ee7d5b45d0c79b3333413297ff246da2f
# ends in charmdate[.]com
0.0.0.0 nastydollz.wiki
0.0.0.0 vp.nastydollz.wiki
0.0.0.0 singlesrussian.com
0.0.0.0 www.singlesrussian.com
# spam email
# https://beno.poundrynloweq[.]com/
0.0.0.0 poundrynloweq.com
0.0.0.0 beno.poundrynloweq.com
# owned by Qpid Network
0.0.0.0 ukrainianbride.net
0.0.0.0 www.ukrainianbride.net
# the root domain of the inital spam domain goes to ukrainelady.net
0.0.0.0 ukrainelady.net
# https://tria.ge/260112-ew441adv3c/behavioral1
0.0.0.0 heart-rematcher.life
0.0.0.0 fraudate.com
0.0.0.0 cbfahah.fraudate.com
0.0.0.0 grannyloves.com
0.0.0.0 l.grannyloves.com
# https://github.com/hagezi/dns-blocklists/issues/8979
0.0.0.0 websiteinf05.com
0.0.0.0 superoptz.com
0.0.0.0 mainredirect.top
# https://github.com/hagezi/dns-blocklists/issues/9005
# evasive: https://tria.ge/260202-2z8mxsfw7f/behavioral1
0.0.0.0 elta.564306.com
# https://www.reddit.com/r/antivirus/comments/1qvzjrq/i_need_help_in_removing_a_trojan_virus_from_my/
# https://github.com/hagezi/dns-blocklists/issues/9054
# it's an ad for a PUP (don't install Combo Cleaner, it odviously can't remove this), but it documents this domain: https://www[.]youtube[.]com/watch?v=Ljs2b6isD5Y
0.0.0.0 texonnero.co.in
0.0.0.0 d61mf78hubcc739qivmg.texonnero.co.in
# Mastodon spam
# https://tria.ge/260206-ybjr4sa19a/behavioral1
0.0.0.0 satisfy-yourself.com
0.0.0.0 m.satisfy-yourself.com
0.0.0.0 mq.satisfy-yourself.com
0.0.0.0 static.satisfy-yourself.com
0.0.0.0 holouvery-vality.com
0.0.0.0 wishtoserve.com
0.0.0.0 date-corner.com
0.0.0.0 wcp8i2vke3a4lj4g3v90bm6m.date-corner.com
0.0.0.0 romanticboo.com
0.0.0.0 positive-daters.com
0.0.0.0 wume2vk7f2313j4g3srbdr3u.positive-daters.com
0.0.0.0 flingaroundme.com
0.0.0.0 w7cipjlb00bcoj4g3b90tft6.flingaroundme.com
# https://hucksters.net/person/gyorgy-gattyan/
# https://hucksters.net/forum/topic/gyorgy-gattyan-tries-to-takedown-hucksters-net-page/
# listed in EasyList
0.0.0.0 overdates.com
# https://github.com/hagezi/dns-blocklists/issues/9141
0.0.0.0 ricardo.zahlung-date.cfd
0.0.0.0 zahlung-date.cfd
# https://infosec.exchange/@iampytest1/116111883171991337
0.0.0.0 learnquestverification.blogspot.com
0.0.0.0 answhmflj.blogspot.com
0.0.0.0 kettledroopingcontinuation.com
0.0.0.0 humanverify.co.in
0.0.0.0 d6d62g8hubcc73c9popg.humanverify.co.in
0.0.0.0 answwgieq.blogspot.com
# https://github.com/hagezi/dns-blocklists/issues/9209
0.0.0.0 blastnew.live
# ---- PUPs ----
# https://virustotal.com/gui/url/c7e3137c4baaad64dcbbafd1938f581f264944fa1e2c1aa1ebcff77ed2959082/links
# https://safeweb.norton.com/report/show?url=https://www.totalav.com/ultra-deal?exit
# https://virustotal.com/gui/url/a15311f27a16908dfa87b8ce6cf0302d8c8260f32ce7171845fc73bd4d9769d2/detection
# https://virustotal.com/gui/url/dbc664226fd57c865f66bbaeae0d7270904c4ad735d0eb0ead4511e817392943/detection
# https://virustotal.com/gui/domain/www.totalav.com/detection
# https://quttera.com/detailed_report/totalav.com
# https://virustotal.com/gui/domain/totalav.com/community
# https://github.com/VernonStow/Filterlist/issues/3
# https://discussions.apple.com/thread/8226797
# https://malwaretips.com/threads/total-av-is-it-a-scam.80362/
# https://github.com/uBlockOrigin/uAssets/issues/9355
# https://github.com/notracking/hosts-blocklists/issues/756#issuecomment-1172973042
# https://tria.ge/230720-3qya9sbh2t/behavioral2
# https://app.any.run/tasks/cc0dd977-97e3-4b4a-833b-dfc4d5f0be55/
# https://tria.ge/230724-z8hfzsha64/behavioral1
# https://www.youtube.com/watch?v=PcS3EozgyhI
# *many* deceptive ads
0.0.0.0 totalav.com
0.0.0.0 www.totalav.com
# https://virustotal.com/gui/file/7a75c2c9695157772541cd426d057ff382d011a2791bcc3e511d94592ab0dbb7/relations
0.0.0.0 api.totalav.com
# Subdomains
0.0.0.0 secure.totalav.com
0.0.0.0 url.totalav.com
0.0.0.0 support.totalav.com
0.0.0.0 blog.totalav.com
0.0.0.0 track.totalav.com
0.0.0.0 ajax.totalav.com
0.0.0.0 affiliate.totalav.com
0.0.0.0 livechat.totalav.com
0.0.0.0 advertisers.totalav.com
0.0.0.0 affiliates.totalav.com
0.0.0.0 my.totalav.com
0.0.0.0 assets.totalav.com
0.0.0.0 identity.totalav.com
0.0.0.0 login.totalav.com
0.0.0.0 download.totalav.com
0.0.0.0 static.totalav.com
0.0.0.0 adblock.totalav.com
0.0.0.0 sso.totalav.com
0.0.0.0 webshield.totalav.com
0.0.0.0 resources.totalav.com
0.0.0.0 signup.totalav.com
0.0.0.0 link.totalav.com
0.0.0.0 chat.totalav.com
0.0.0.0 click.totalav.com
0.0.0.0 stats.totalav.com
0.0.0.0 search.totalav.com
0.0.0.0 aff.totalav.com
0.0.0.0 news.totalav.com
0.0.0.0 blockpage.totalav.com
0.0.0.0 ext.totalav.com
0.0.0.0 smtpmail.totalav.com
0.0.0.0 articles.totalav.com
0.0.0.0 data.totalav.com
0.0.0.0 pda.totalav.com
0.0.0.0 firmy.totalav.com
0.0.0.0 portal.totalav.com
0.0.0.0 educa.totalav.com
0.0.0.0 cp.totalav.com
0.0.0.0 images.totalav.com
0.0.0.0 p.totalav.com
0.0.0.0 gallery.totalav.com
0.0.0.0 webshop.totalav.com
0.0.0.0 new.totalav.com
0.0.0.0 sklep.totalav.com
0.0.0.0 manitoba.totalav.com
0.0.0.0 wiki.totalav.com
0.0.0.0 pei.totalav.com
0.0.0.0 dl.totalav.com
0.0.0.0 bbs.totalav.com
0.0.0.0 schools.totalav.com
0.0.0.0 ts.totalav.com
0.0.0.0 hosting.totalav.com
0.0.0.0 test.totalav.com
0.0.0.0 live.totalav.com
0.0.0.0 eng.totalav.com
0.0.0.0 forums.totalav.com
0.0.0.0 lnx.totalav.com
0.0.0.0 lib.totalav.com
0.0.0.0 galeria.totalav.com
0.0.0.0 cloud.totalav.com
0.0.0.0 appauth.totalav.com
0.0.0.0 ww.totalav.com
0.0.0.0 email.totalav.com
0.0.0.0 u002fwww.totalav.com
0.0.0.0 shield.totalav.com
0.0.0.0 comassets.totalav.com
0.0.0.0 ru.totalav.com
0.0.0.0 l.totalav.com
0.0.0.0 lyncext.totalav.com
0.0.0.0 liaoning.totalav.com
0.0.0.0 www2.totalav.com
0.0.0.0 www1.totalav.com
0.0.0.0 imap2.totalav.com
0.0.0.0 internet.totalav.com
0.0.0.0 smtps.totalav.com
0.0.0.0 a.totalav.com
0.0.0.0 gin.totalav.com
0.0.0.0 supprt.totalav.com
0.0.0.0 mailout.totalav.com
0.0.0.0 imap1.totalav.com
0.0.0.0 mta1.totalav.com
0.0.0.0 eml.totalav.com
0.0.0.0 help.totalav.com
0.0.0.0 phishtest.totalav.com
0.0.0.0 math.totalav.com
# other related
0.0.0.0 totalwebshield.com
0.0.0.0 download.totalwebshield.com
# This is owned by Protected[.]net, who also is responsible for the TotalAV scam. Can not get an exe as it requires me to pay first...
0.0.0.0 scanguard.com
0.0.0.0 www.scanguard.com
0.0.0.0 my.scanguard.com
0.0.0.0 secure.scanguard.com
0.0.0.0 download.scanguard.com
# An alias for TotalAV
# https://safeweb.norton.com/report/show?url=pcprotect.com
# https://virustotal.com/gui/url/523e692076d4eff5dba80a52bca9c01aa77b4e1dac6598aa78574cab1297497a/community
# https://www.mywot.com/scorecard/pcprotect.com
0.0.0.0 pcprotect.com
0.0.0.0 www.pcprotect.com
0.0.0.0 secure.pcprotect.com
# The company behind the TotalAV scam & pcprotect[.]com
# https://www.facebook.com/protectednet - they basically admitted to it. See https://www.facebook.com/protectednet/photos/a.685704165203904/1199676053806710/?type=3&theater
# Lesson to scammers: Don't post golf balls with the name of the scam product to facebook...
0.0.0.0 protected.net
0.0.0.0 definition.protected.net
0.0.0.0 install.protected.net
0.0.0.0 ssprotectltd.com
0.0.0.0 www.ssprotectltd.com
# scammers - now hiring
0.0.0.0 protected-net.breezy.hr
# A scam adblocker (use uBlock Origin, AdGuard, or even AdBlock Plus. They are all better then TotalAdBlock)
# VirusTotal scan of Android version: https://virustotal.com/gui/file/24ce64dfa6937c5ede674b2ba33d6818bfa9f8bb4d36ff8da9aff39e05b8e41c/detection
# https://apps.apple.com/app/totaladblock/id1564900435 (only two reviews?)
# https://tria.ge/231024-3lc5jace3w/behavioral1
# https://infosec.exchange/@iampytest1/111292640449421381
# https://tria.ge/231025-nk2zyagh81/behavioral1
# scam ads, as per ryanbr of EasyList 
0.0.0.0 totaladblock.com
0.0.0.0 www.totaladblock.com
0.0.0.0 download.totaladblock.com
0.0.0.0 blockpage.totaladblock.com
0.0.0.0 stats.totaladblock.com
0.0.0.0 affiliates.totaladblock.com
0.0.0.0 affiliate.totaladblock.com
0.0.0.0 url.totaladblock.com
0.0.0.0 api.totaladblock.com
0.0.0.0 signup.totaladblock.com
0.0.0.0 track.totaladblock.com
0.0.0.0 my.totaladblock.com
0.0.0.0 support.totaladblock.com
0.0.0.0 login.totaladblock.com
# https://infosec.exchange/@iampytest1/111565168288360998
0.0.0.0 totadblock.com
# https://app.any.run/tasks/eb07059f-c987-4366-9fed-8abfff016173
0.0.0.0 totaladblock.protected.net
0.0.0.0 extension.protected.net
0.0.0.0 totaladblocker.xyz
0.0.0.0 www.totaladblocker.xyz
# https://virustotal.com/gui/ip-address/34.117.171.15/relations
0.0.0.0 totalwebshield.xyz
0.0.0.0 www.totalwebshield.xyz
0.0.0.0 secure.totalwebshield.xyz
0.0.0.0 login.totalwebshield.xyz
0.0.0.0 download.totalwebshield.xyz
# as per https://github.com/iam-py-test/my_filters_001/issues/105, I have unblocked the main website but still block the registry cleaner, driver updater, etc
0.0.0.0 winzipregistryoptimizer.com
0.0.0.0 download.winzipregistryoptimizer.com
# WinZip ads
# https://virustotal.com/gui/url/cad59b610a95e69019638d171c2df89adb7eac183968e102e37396b806fa57bd/community
0.0.0.0 winzipdriverupdater.com
0.0.0.0 slowness.winzipdriverupdater.com
# https://virustotal.com/gui/url/e5e8624a07064fc3a296dcab3b0b578ac0ed6d841094489e8bec989653deb93c/detection
# https://virustotal.com/gui/ip-address/3.222.136.53/relations
0.0.0.0 winzipultimatepccare.com
0.0.0.0 www.winzipultimatepccare.com
0.0.0.0 winzipdisktools.com
0.0.0.0 winzipsystemtools.com
# It is a very bad sign when Windows Defender blocks a file, and it is not a false positive
# https://virustotal.com/gui/url/b27f7a631ee2bcf759ab82fa976980c2704c787ecd21abc8b591b7fc93d96ee1/detection
# https://github.com/iam-py-test/Assets-001/tree/main/PUPs/SpeedCat
# Installer
# https://virustotal.com/gui/file/3f4c860c2689984f7edab62d5a5459840dc9515ec2c7a94b6fea6878481a3992/detection
# https://www.hybrid-analysis.com/sample/3f4c860c2689984f7edab62d5a5459840dc9515ec2c7a94b6fea6878481a3992
# https://www.hybrid-analysis.com/sample/3f4c860c2689984f7edab62d5a5459840dc9515ec2c7a94b6fea6878481a3992/60f6d24211dc4473a31cd34a
# Other files and the app
# https://virustotal.com/gui/file/792bb2a2bd9f148d0b7dca1a98b4a310a30490c6523fc53a1f1e535e53d62389/detection
# https://virustotal.com/gui/file/57c40a9d2e592d968daa0f092abfa7abe2b41c47eb718adb770bd6930ec0dba4/detection
# https://virustotal.com/gui/file/f395839a00762a5e0428cb2cf596d80c56ba2be78cc3e6a3c89afb5c1f904db9/detection
# https://virustotal.com/gui/file/ff652f10ac6dbf8d4965f6624339c67e02715cf499ad8b26c1a683bd503e4136/detection
# https://quttera.com/detailed_report/pcspeedcat.com
0.0.0.0 pcspeedcat.com
# https://virustotal.com/gui/domain/pcspeedcat.com/relations
0.0.0.0 cdn.pcspeedcat.com
0.0.0.0 vold.pcspeedcat.com
0.0.0.0 www.pcspeedcat.com
0.0.0.0 dev.pcspeedcat.com
0.0.0.0 access.pcspeedcat.com
0.0.0.0 vold-cdn.pcspeedcat.com
0.0.0.0 envoy.pcspeedcat.com
0.0.0.0 www-click-cf.pcspeedcat.com
# Found in the shady Bing ads when searching for ADWCleaner
# Before downloading, ADWCleaner detected no adware. After downloading, ADWCleaner detected adware, which included the program. Program claims that buying the paid version (and entering private data) will fix issues with a clean VM. 
# This also adds unneeded start up tasks (why would it need start up tasks?). In total, Malwarebytes detected 99 threats.
# https://virustotal.com/gui/url/681984dd59e84ade5ad3c7b93842dd3b8b759992e7a5f5a1a2aa8dd04f4c823e/community
0.0.0.0 mycleanpc.com
# I saw the www in the results
0.0.0.0 www.mycleanpc.com
# Found using VirusTotal
0.0.0.0 reviews.mycleanpc.com
0.0.0.0 m.mycleanpc.com
0.0.0.0 shop.mycleanpc.com
0.0.0.0 web.mycleanpc.com
0.0.0.0 blog.mycleanpc.com
0.0.0.0 app.mycleanpc.com
0.0.0.0 get.mycleanpc.com
0.0.0.0 dev-www.mycleanpc.com
# related domains owned by the company used for paying - obtained when talking to the scammer
0.0.0.0 ustechsupport.com
0.0.0.0 www.ustechsupport.com
0.0.0.0 mycleanid.com
0.0.0.0 www.mycleanid.com
0.0.0.0 iolostore.com
0.0.0.0 www.iolostore.com
# the main website for the company
0.0.0.0 realdefen.se
# other 'products' which all appear to be PUPs
0.0.0.0 getmydrivers.com
0.0.0.0 www.getmydrivers.com
0.0.0.0 app.getmydrivers.com
0.0.0.0 dev-www.getmydrivers.com
0.0.0.0 qa-www.getmydrivers.com
0.0.0.0 stopzilla.com
0.0.0.0 cyberdefender.com
0.0.0.0 www.cyberdefender.com
0.0.0.0 virusfix.com
0.0.0.0 www.virusfix.com
# Owned by them (they admit it)
# 4/12/2022: https://app.any.run/tasks/82c340da-6ab4-4398-86bd-2bd368c018ce
0.0.0.0 iolo.com
0.0.0.0 www.iolo.com
0.0.0.0 secure1.iolo.com
# https://github.com/DandelionSprout/adfilt/compare/c3d04d61c9...4a2d9d2efa
# link on https://www.windowsdispatch.com/fix-system-restore-0x81000203-error-code/
# https://virustotal.com/gui/url/41ada9c74d64537274173ea01f61fae7c7bdce2d660b64abb11546563fc6bf10/community
# The installer
# https://virustotal.com/gui/file/5d99408fc2f7bc85f2c4bc6dcd762008bfecd5c8dcaaacf9c9bdc2914ddd22b1/detection
# Files related to the PUP program
# https://virustotal.com/gui/file/fcf484d1009b4136c8655d32484babb0a284cbcb112ced7647194aea9e7688df/detection
# https://virustotal.com/gui/file/67252e30a59ddc58c273555bfd306343ec61e3f198a1c2d3eb30d8a93ec4fffa/detection
# https://virustotal.com/gui/file/5ef7eedfa7f283f180c1de80803e8d5c81fee09750ca044f018a098a94ad85c1/detection
# Malwarebytes detection - https://blog.malwarebytes.com/detections/pup-optional-restoro/
# Screenshots from anaysis - https://github.com/iam-py-test/Assets-001/tree/main/PUPs/Restoro (VM Env: Windows 10, Windows Defender on)
0.0.0.0 restoro.com
0.0.0.0 www.restoro.com
# https://virustotal.com/gui/file/f019dab3172f6ce7808d45a5b5dea92354352e302219c02a84a280978f6eb166/community
# https://www.bleepingcomputer.com/virus-removal/page/2/
# https://virustotal.com/gui/url/1a381bcdd30c4fafbe50baa12a0446c18b875e2221330ffe2adec106f14904f4/community
# https://virustotal.com/gui/file/50abca232390db8eb28a17b9fa5386631857c7c14d1b43d0adcdaf90178a4f7c/community
# https://www.mywot.com/scorecard/iobit.com
# https://forums.malwarebytes.com/topic/29681-iobit-steals-malwarebytes-intellectual-property/page/5/#elControls_152972_menu
# https://virustotal.com/gui/url/1a381bcdd30c4fafbe50baa12a0446c18b875e2221330ffe2adec106f14904f4/community
# https://github.com/hagezi/dns-blocklists/issues/1794
0.0.0.0 iobit.com
# Subdomains
0.0.0.0 cdn.iobit.com
0.0.0.0 stats.iobit.com
0.0.0.0 estore.iobit.com
0.0.0.0 update.iobit.com
0.0.0.0 jp.iobit.com
0.0.0.0 store.iobit.com
0.0.0.0 download.iobit.com
0.0.0.0 www.iobit.com
0.0.0.0 clouddownload.iobit.com
0.0.0.0 ru.iobit.com
0.0.0.0 search.iobit.com
0.0.0.0 purchase.iobit.com
0.0.0.0 cloud.iobit.com
0.0.0.0 interface.iobit.com
0.0.0.0 shop.iobit.com
0.0.0.0 mobile.iobit.com
0.0.0.0 m.iobit.com
0.0.0.0 startup.iobit.com
0.0.0.0 survey.iobit.com
0.0.0.0 checkout.iobit.com
0.0.0.0 sdupdate.iobit.com
0.0.0.0 giveaway.iobit.com
0.0.0.0 uninstall.iobit.com
0.0.0.0 de.iobit.com
0.0.0.0 codes.iobit.com
0.0.0.0 recorder.iobit.com
0.0.0.0 ascstats.iobit.com
# download redirects to iobit
0.0.0.0 windowserrorfixer.com
0.0.0.0 www.windowserrorfixer.com
# itop vpn seems to be made by iobit and comes with bundled installs
0.0.0.0 itopvpn.com
0.0.0.0 update.itopvpn.com
0.0.0.0 api.itopvpn.com
0.0.0.0 stats.itopvpn.com
# https://tria.ge/231105-nq2lcsee2v/behavioral1
0.0.0.0 itopupdate.com
0.0.0.0 update.itopupdate.com
0.0.0.0 stats.itopupdate.com
# https://tria.ge/240511-bb4qysca5x/behavioral2
0.0.0.0 update.downloaditop.com
# https://virustotal.com/gui/file/4efd1bc1bdc12da1bbdc597cf3f37f0c65e582f42e353cf781ac1fe422dfa68c/detection
# https://virustotal.com/gui/file/69d9d162a040888164707b7e44f4709059ad45296a832c077c0dc91afed89c05/detection
# https://virustotal.com/gui/file/fd9dbb971a9995f6d146237933fbe27f18217d3cacbb6da121de4cc9590030be/relations
# https://github.com/iam-py-test/Assets-001/tree/main/PUPs/Restoro
# https://virustotal.com/gui/url/16766e8681f0bf474ec3238d4b6d7f33047f5f368abef0aac13001d2be0a757d/detection
# https://blog.malwarebytes.com/detections/pup-optional-reimage/
# https://virustotal.com/gui/url/16766e8681f0bf474ec3238d4b6d7f33047f5f368abef0aac13001d2be0a757d/detection
0.0.0.0 reimageplus.com
# More reimage - new name, new SHA256, new domain?
# https://virustotal.com/gui/url/3493793318d49332b789aba96de7937c468c5f6a20d6fdbf8da87832183c5d07/detection
# https://github.com/iam-py-test/Assets-001/tree/main/PUPs/Restoro_2
# https://virustotal.com/gui/file/fd9dbb971a9995f6d146237933fbe27f18217d3cacbb6da121de4cc9590030be/relations
0.0.0.0 reimage.org
0.0.0.0 www.reimage.org
# Nobody names their legit domain after malware and then is detected on VirusTotal
# https://virustotal.com/gui/url/deef544081c813ee971cfa78d8145e5a050ea5eccc3d5718b033d00b64c5f9f4/detection
0.0.0.0 reimage.com
# https://virustotal.com/gui/file/af7b36c0f9f48f35315877e3cd5efb83c1a122a043ea9228db7da9c1c3c3120b/community
# https://github.com/iam-py-test/Assets-001/blob/main/PUPs/MediaGet/mediaget_detections.jpeg
0.0.0.0 mediaget.com
# found by @DandelionSprout in https://github.com/DandelionSprout/adfilt/issues/253
0.0.0.0 media-get.com
0.0.0.0 media-get.ru
0.0.0.0 mediagetplus.com
0.0.0.0 mgmgmg.com
# https://virustotal.com/gui/file/05f052c64d192cf69a462a5ec16dda0d43ca5d0245900c9fcb9201685a2e7748/detection
# https://virustotal.com/gui/url/f938821627f117b561598186343cf47ce5f75b89b8d149a3efe885f9eba51942/community
# https://virustotal.com/gui/file/a367e0562e612bc66729f3a4676bad849e5c3c32fad8223b5ea991e11604f5fe/details
# ADWCleaner detects malware after execution. File opens webpage with generic 'your system has issues' message
0.0.0.0 driveragent.com
# https://virustotal.com/gui/file/61ddc79c421d13052f0acdb838d1a68d98c5e4eda0058f018f72a65474135d08/detection
# https://github.com/DandelionSprout/adfilt/issues/254
# https://blog.malwarebytes.com/detections/onesafe-software-com/
0.0.0.0 onesafesoftware.com
0.0.0.0 vpn.onesafesoftware.com
0.0.0.0 blog.onesafesoftware.com
0.0.0.0 drivers.onesafesoftware.com
0.0.0.0 updates.onesafesoftware.com
0.0.0.0 support.onesafesoftware.com
0.0.0.0 cdn.onesafesoftware.com
0.0.0.0 subscriptions.onesafesoftware.com
0.0.0.0 notifications.onesafesoftware.com
0.0.0.0 stats.onesafesoftware.com
0.0.0.0 www.onesafesoftware.com
# https://virustotal.com/gui/file/a6e89d2bb1c2da1d852fb8e248f39cf7b3d4b0ea05a8d8f343d1b8e74d271d43/relations
0.0.0.0 driversupport.com
0.0.0.0 front.driversupport.com
0.0.0.0 secure.driversupport.com
0.0.0.0 aloha.driversupport.com
# "SolveIQ"?
0.0.0.0 apps.solveiq.com
0.0.0.0 preview.solveiq.com
0.0.0.0 auth.solveiq.com
# Taken from DandelionSprout's Anti-malware list - which is at https://github.com/DandelionSprout/adfilt/blob/master/Dandelion%20Sprout's%20Anti-Malware%20List.txt and which is maintained by https://github.com/DandelionSprout -  and verified
0.0.0.0 driver-soft.com
# https://github.com/blocklistproject/Lists/issues/497
0.0.0.0 pcspeedup.en.softonic.com
0.0.0.0 tweakbit.com
0.0.0.0 static.tweakbit.com
0.0.0.0 www.tweakbit.com
0.0.0.0 debuglogs.tweakbit.com
0.0.0.0 update.tweakbit.com
0.0.0.0 dynamicdownloads.tweakbit.com
0.0.0.0 downloads.tweakbit.com
0.0.0.0 store.tweakbit.com
0.0.0.0 mail.tweakbit.com
# Original inspection
# disable uBlock Origin and go to https://www.google.com/search?q=clean+up+computer+to+run+faster&source=hp&ei=Y4KzYIrUL-rP0PEPqM2liAc&iflsig=AINFCbYAAAAAYLOQcwKl4vglkAEcsALPhO6XEyguHxPP&oq=clean+up+comp&gs_lcp=Cgdnd3Mtd2l6EAEYATICCAAyAggAMgIIADICCAAyBQgAEMkDMgIIADICCAAyAggAMgIIADICCAA6DgguELEDEMcBEKMCEJMCOgsILhCxAxDHARCjAjoFCAAQsQM6CAgAELEDEIMBOggILhDHARCjAjoOCC4QsQMQgwEQxwEQrwE6CAgAEOoCEI8BOggILhCxAxCDAToICC4QxwEQrwE6BQguELEDOggILhCxAxCTAjoICAAQsQMQyQM6BQgAEJIDOgsILhDHARCjAhCTAjoCCC46BQguEJMCUOUoWKCDAWDakwFoAnAAeACAAYoDiAGaFJIBCDAuMTQuMC4xmAEAoAEBqgEHZ3dzLXdperABCg&sclient=gws-wiz
# https://virustotal.com/gui/url/2f44cf878800c082d5fefb8326cf384fe12393ecfcca05e64903c5888f4c762c/detection
# https://virustotal.com/gui/url/c6290089eb08d05375650bfb7778713e1e9443ac1d8d180df44bd8ddd49124f9/detection
# https://virustotal.com/gui/domain/www.pchelpsoft.com/relations
# https://www.mywot.com/scorecard/pchelpsoft.com
# https://safeweb.norton.com/report/show_mobile?name=https://www.pchelpsoft.com/pc-cleaner/lp1-ms-us/?tracking=PH_EN_PP_GO_SE_PCC_US&keyword=speed%20up%20my%20pc&campaignID=ADWORDS&gclid=EAIaIQobChMIsOqVwrTx8AIV9xmtBh17swHGEAAYASAAEgLr1fD_BwE
# https://virustotal.com/gui/url/3cfe4ec34704092b5ad0c03b1f9566b538c11e3e0434a73991cdc2694db26582/detection
# https://www.urlvoid.com/scan/pchelpsoft.com/
# https://sitecheck.sucuri.net/results/pchelpsoft.com
# https://www.fortiguard.com/webfilter?q=pchelpsoft.com
# Inspection on 23/7/2021
# https://virustotal.com/gui/url/3cfe4ec34704092b5ad0c03b1f9566b538c11e3e0434a73991cdc2694db26582/detection
# https://safeweb.norton.com/reviews?url=pchelpsoft.com
# https://www.mywot.com/en/scorecard/pchelpsoft.com
# Setup file (installer) - https://virustotal.com/gui/file/7ab506784dcc49c916cdff2076132dafc881ac268e54aba39d6af2ca6ce0c775/details
# Related files
# https://virustotal.com/gui/file/04ef20ed8a783aaa91082865ed99c079cf2bf9f67908d536fdb9e227b19401f0/detection
# https://virustotal.com/gui/file/192dc080f0c52222e03c074e3a38a8b3cc5b31605457fd6acd447bf7488a89d8/relations
# https://virustotal.com/gui/file/40157e1981b97206658667927fbdc484c7e9615591884cfed2d6cadc9e3f1b4c/detection
# A 'driver updater' it wanted me to install - https://virustotal.com/gui/file/965bf402594ee539ce61d2a593c421b1c7ed6e1969369ae4a7866c17b2281a3c/detection
# https://forums.malwarebytes.com/topic/200216-removal-instructions-for-pccleaner/
# Screenshots - https://github.com/iam-py-test/Assets-001/tree/main/PUPs/PCHelpSoft
# 19/9/2022: https://app.any.run/tasks/3c8b1d38-de18-488a-9e3f-62b3354c17e8
# 6/11/2022: https://app.any.run/tasks/da8a44c3-965f-4fd6-816d-b5ae16235f62 (https://virustotal.com/gui/file/5475c9cff70482b8b5bf2c31395f9463261313991b41743686e4c8c43e53df0b/detection)
0.0.0.0 pchelpsoft.com
0.0.0.0 www.pchelpsoft.com
0.0.0.0 cloud.pchelpsoft.com
0.0.0.0 cda.pchelpsoft.com
0.0.0.0 cdn.pchelpsoft.com
0.0.0.0 webtools.pchelpsoft.com
0.0.0.0 pchelpsoft.net
0.0.0.0 www.pchelpsoft.net
# https://virustotal.com/gui/url/27307acb5b127114423ed0d7c63aaed0013d1833f56c158a3b049f8d1c98dcbc/detection
# Download button redirects to advancedsystemrepair.com
0.0.0.0 pccleaner.com
# The PUP from this website looks like a past one; maybe a variant or another download location
# https://github.com/iam-py-test/Assets-001/tree/main/PUPs/PCCleaner_1
0.0.0.0 advancedsystemrepair.com
0.0.0.0 support.advancedsystemrepair.com
0.0.0.0 secure.advancedsystemrepair.com
0.0.0.0 lp.advancedsystemrepair.com
0.0.0.0 track.advancedsystemrepair.com
0.0.0.0 www.advancedsystemrepair.com
0.0.0.0 checkout.advancedsystemrepair.com
# Found this PUP on someone else's computer, so I decided to figure more about it. It does look very old; even the UI sometimes looks like Windows 7 despite the VM running 10
# The (working) installer (from Softonic) - https://virustotal.com/gui/file/863adfe03c1ea35c424817274eabe4eef02fe4a2d6428f8718e61655fb8bc49c/detection
# The program (according to Malwarebytes's IOC report) - https://virustotal.com/gui/file/2aad06624e9b698ec0dc0276b433c606a4858d6585028cd658ae7c697358ffec/detection
# https://blog.malwarebytes.com/detections/pup-optional-slimcleanerplus/
# All the domains seem to be related to this PUP
# https://virustotal.com/gui/url/f7be15d28340acb7db31f63a62a26bad1253824f2424117a816203950e86fd22/community
0.0.0.0 slimware.com
# https://virustotal.com/gui/url/440e39a20d7e01064269dadfc38eafd80c8534f7391f2c1ef7ac41c10d9c4e20/detection
# https://virustotal.com/gui/url/946a5c2295cfef547f162350af93257df55d6b2103a0ce2e84b241cf727a81f6/detection
0.0.0.0 slimwareutilities.com
# The executable from the website (https://virustotal.com/gui/file/d9103347f6043f0266a6480b6c794a4ee9f07800db43b6301920fe97587066d2/detection) seemed broken, but this one (maybe an older/newer mirror) works
0.0.0.0 slimcleaner-plus.en.softonic.com
# Other TLDs
0.0.0.0 slimcleaner-plus.softonic.com.tr
# https://github.com/iam-py-test/investigations/blob/main/2021/11/5/1.md
0.0.0.0 windowserrorhelp.com
0.0.0.0 certified.windowserrorhelp.com
# Spyhunter is far from legit - and this company sues almost anyone (i.e. Bleeping Computer - https://blog.malwarebytes.com/security-world/2016/02/bleepingcomputer-defends-freedom-of-speech/, Malwarebytes - https://press.malwarebytes.com/2021/09/29/malwarebytes-wins-dismissal-of-enigma-lawsuit-in-final-ruling/) 
# https://www.mywot.com/en/scorecard/enigmasoftware.com
# https://github.com/gorhill/uBlock/wiki/Software-known-to-have-uninstalled-uBlock-Origin
# https://en.wikipedia.org/wiki/SpyHunter_(software)
0.0.0.0 enigmasoftware.com
0.0.0.0 www.enigmasoftware.com
0.0.0.0 installer.enigmasoftware.com
0.0.0.0 download.enigmasoftware.com
0.0.0.0 dl.enigmasoftware.com
0.0.0.0 instcfg.enigmasoftware.com
0.0.0.0 tt.web.enigmasoftware.com
0.0.0.0 myaccount.enigmasoftware.com
0.0.0.0 purchase.enigmasoftware.com
0.0.0.0 spyhunter.enigmasoftware.com
0.0.0.0 spyhunter-update.enigmasoftware.com
0.0.0.0 download2.enigmasoftware.com
0.0.0.0 spyhunter.com
0.0.0.0 www.spyhunter.com
0.0.0.0 spyhunter-download-v2.b-cdn.net
# https://tria.ge/230810-2gkhdahd53/behavioral1
0.0.0.0 enigmasoft.net
0.0.0.0 rh.downloads.enigmasoft.net
# https://github.com/iam-py-test/my_filters_001/issues/84
0.0.0.0 mackeeper.com
# https://virustotal.com/gui/file/088cbcec6b80eba99eb691968e0f972935aae301e9cb6d1c6133699530dd5621/community
0.0.0.0 secure-browser.io
# locks your screen and just creates a link to their website on your desktop. Malware?
0.0.0.0 goto.searchproonline.com
0.0.0.0 searchproonline.com
# https://github.com/uBlockOrigin/uAssets/issues/11176
0.0.0.0 nearbyme.io
0.0.0.0 m.nearbyme.io
# https://web.archive.org/web/20230604193437/https://twitter.com/iam_py_test/status/1488163521540075524
0.0.0.0 outbyte.com
0.0.0.0 testedforyou.net
# from an infected VM
0.0.0.0 pcsystemfix.com
0.0.0.0 lp.pcsystemfix.com
0.0.0.0 download.pcsystemfix.com
# article on perflib errors
0.0.0.0 xoomber.com
# https://forums.malwarebytes.com/topic/283588-mb-cant-find-malware/
# https://forums.malwarebytes.com/topic/293374-aasearchtoolshub/
0.0.0.0 searchtoolshub.com
0.0.0.0 find.searchtoolshub.com
# Some scam redirects brought me here (https://web.archive.org/web/20230604193632/https://twitter.com/iam_py_test/status/1497351777754050562 - https://virustotal.com/gui/file/2e68dbec330d7ebe567dcbb67a1dffe83f6f0c278664b60f3edeee684edfe7ff/relations)
0.0.0.0 drivermax.com
# adware downloader - https://app.any.run/tasks/d1918395-7080-4292-9a71-1059bc7a90cf
# Bundled installer & PUP
0.0.0.0 sysdriverupdater.com
0.0.0.0 www.sysdriverupdater.com
# This is just Advanced System Repair Pro
# https://blog.malwarebytes.com/threat-analysis/2022/06/forced-chrome-extensions-keep-reappearing/
0.0.0.0 activesearchbar.me
0.0.0.0 customsearchbar.me
# https://forums.malwarebytes.com/topic/286395-microsoft-edge-custom-search-bar-extension-redirects-to-rbfastsearchme/
0.0.0.0 rb.fastsearch.me
# https://forums.malwarebytes.com/topic/287338-browser-hi-jacker-royb2fastsearchme/
0.0.0.0 royb2.fastsearch.me
# adware
0.0.0.0 pdfconverterpower.net
0.0.0.0 searchpoweronline.com
0.0.0.0 goto.searchpoweronline.com
0.0.0.0 www.searchpoweronline.com
# https://forums.malwarebytes.com/topic/295131-pdfpower-pdfshark-pdfsuperhero-pdftodocpro-pdfmagic/#comment-1556224
0.0.0.0 gifsearchutils.com
0.0.0.0 start.gifsearchutils.com
0.0.0.0 pdfsharkapp.com
0.0.0.0 searchmagiconline.com
0.0.0.0 start.searchmagiconline.com
0.0.0.0 pdfsuperhero.com
0.0.0.0 stats.pdfsuperhero.com
# https://forums.malwarebytes.com/topic/289030-mbam-browser-guard-identifying-malware-but-mbam-not-removing-malware/
0.0.0.0 mysearchengine.co
# https://github.com/AdguardTeam/AdguardFilters/issues/128029
0.0.0.0 freddostagione.com
0.0.0.0 search.freddostagione.com
0.0.0.0 search.motherpipe.net
0.0.0.0 humanverified.net
0.0.0.0 video-ad-skipper.com
0.0.0.0 search.becovi.com
0.0.0.0 luminosoocchio.com
0.0.0.0 quick-speedtest.com
0.0.0.0 husmicto.com
0.0.0.0 splendidus.net
0.0.0.0 tutatagliente.com
0.0.0.0 osservareimmaginare.com
0.0.0.0 desideriosoldi.com
0.0.0.0 www.humanverified.net
0.0.0.0 search.potestainsula.com
0.0.0.0 search.husmicto.com
0.0.0.0 search.splendidus.net
0.0.0.0 search.tutatagliente.com
0.0.0.0 search.luminosoocchio.com
0.0.0.0 search.osservareimmaginare.com
0.0.0.0 search.desideriosoldi.com
# https://blog.malwarebytes.com/detections/pup-optional-bytefence/
# https://virustotal.com/gui/file/21dfa4ed47de7007c0fb6eadb3f94d2e847b3f4e301767d2320623f02f0926ba
# https://virustotal.com/gui/file/d41405553da0287be81722125b35405ad90923e7aa0631b5e5c6ab80358355ca
# https://safeweb.norton.com/reviews?url=bytefence.com
# https://www.mywot.com/scorecard/bytefence.com
0.0.0.0 bytefence.com
# https://www.youtube.com/watch?v=2tW_PDVfT-E
# https://virustotal.com/gui/file/1c45ac42e4486ae5114cf287626ffb02eb03675f667d076d5c8f886ee0016d26/detection
# https://github.com/iam-py-test/Assets-001/tree/main/PUPs/Auslogics_PUP_regclean
# https://virustotal.com/gui/file/a54dffea1703732c3daf043462c289f4c9fc57fb27e1e9cc099b0cc03835940e/detection
# https://forums.malwarebytes.com/topic/199170-false-positive-with-auslogics-boostspeed/#elControls_1116195_menu
0.0.0.0 auslogics.com
0.0.0.0 www.auslogics.com
# https://virustotal.com/gui/file/1d26c8e2760b9d95e344dc93e4516c88c23bae5af1e888b2769186520f53021d/detection
# https://virustotal.com/gui/url/c9d507f4fe1720bb0b70a799abfd548f315694f59eebea676204da1cbaee4b4f/detection
# https://virustotal.com/gui/file/bba00552bb0a562a00aa70c8425e48bb1b407a72f84df6c8f69f0bf44fabf310/detection
# https://virustotal.com/gui/file/0dcf7e52492de09df39f7b1f7996d61033c6f61b43d38990f43b45dd530dcdb9/relations
# https://www.hybrid-analysis.com/sample/1d26c8e2760b9d95e344dc93e4516c88c23bae5af1e888b2769186520f53021d
# https://www.hybrid-analysis.com/sample/1d26c8e2760b9d95e344dc93e4516c88c23bae5af1e888b2769186520f53021d/60a4789f1522974edf38bd58
# https://www.hybrid-analysis.com/sample/bba00552bb0a562a00aa70c8425e48bb1b407a72f84df6c8f69f0bf44fabf310
# https://github.com/iam-py-test/Assets-001/tree/main/PUPs/ashampoo
0.0.0.0 ashampoo.com
# https://virustotal.com/gui/url/9979729afeff4472121a6faa8d4a4b7c885a5f391b082d50585bf16929597d4e/community --> https://virustotal.com/gui/file/c9bb2af73703f81a31ae5a3dedbf6eebf404256b679303111c1dedf0e24879db/community
# https://app.any.run/tasks/d2533d89-8e5e-4fc6-b110-bafc153c3636 (my analysis)
# walliant: https://www.youtube.com/watch?v=91w4rzBTP5o
0.0.0.0 walliant.com
# clone of another screenlocker adware
0.0.0.0 gifsmakerpro.com
0.0.0.0 www.gifsmakerpro.com
# https://forums.malwarebytes.com/topic/293346-malwarebytes-not-detecting-virus-highjacking-my-search-engine-in-chrome/
# https://www.bleepingcomputer.com/forums/t/788099/howdy-yall-i-could-use-some-help-antivirus-and-self-hacking/
0.0.0.0 mobilisearch.com
0.0.0.0 mobility-search.com
# another clone of ziprar thing (Adware.SearchLightPro)
0.0.0.0 searchlightpro.com
0.0.0.0 start.searchlightpro.com
0.0.0.0 dsc.searchlightpro.com
# https://forums.malwarebytes.com/topic/283015-pupoptionalwinsweeper
# https://forums.malwarebytes.com/topic/300427-unable-to-start-in-a-normal-mod-of-windows/?do=findComment&comment=1579090
0.0.0.0 solvusoft.com
0.0.0.0 www.solvusoft.com
# random ad
0.0.0.0 totalsystemcare.com
0.0.0.0 www.totalsystemcare.com
0.0.0.0 safebytes.com
0.0.0.0 driverassist.com
# browsing YouTube without an adblocker
0.0.0.0 customsearchtool.com
0.0.0.0 home.customsearchtool.com
0.0.0.0 config.customsearchtool.com
0.0.0.0 hp.customsearchtool.com
# https://forums.malwarebytes.com/topic/293616-google-doc-fake-extension-not-detected/ (account required)
0.0.0.0 gosearches.gg
# https://forums.malwarebytes.com/topic/293620-adwcleaner-wont-run/
0.0.0.0 search-fine.com
# https://github.com/uBlockOrigin/uAssets/issues/16582 (without an adblocker)
0.0.0.0 easyprint.app
0.0.0.0 cdn.easyprint-cdn.app
# https://virustotal.com/gui/url/c7cdd1eaf651fbf4446d189d91b52b0c6a5811fb70db18b3eec1fa575057163a/detection
0.0.0.0 freshysearch.com
0.0.0.0 cdn.freshysearch.com
# two search engine hijackers
# https://virustotal.com/gui/url/1ca49bde04ac00c79b259a4a02b041d91c512ca55a6d0e839f69010d0bc32061/detection
0.0.0.0 pdftab.com
0.0.0.0 cdn.pdftab.com
0.0.0.0 findmanualsnow.com
# ran across this while looking for DDNS services
0.0.0.0 ww1.pwnz.org
0.0.0.0 thesafersearch.com
0.0.0.0 get.thesafersearch.com
# The makers of such wonderful programs like "Driver Genius 22" and "PC Cleaner"
0.0.0.0 avanquest.com
0.0.0.0 www.avanquest.com
0.0.0.0 webtools.avanquest.com
# 'Wave browser' which is just a scummy version of Chrome
# https://github.com/DandelionSprout/adfilt/issues/63#issuecomment-968062965
0.0.0.0 wavebrowser.co
0.0.0.0 download.wavebrowser.co
0.0.0.0 wavebrowser.com
0.0.0.0 dl.gowavebrowser.com
0.0.0.0 gowavebrowser.com
# DLL Helper
# https://virustotal.com/gui/file/675a72bb2b3ea39beafc73e8faf31b85b58b0dcc169b10649d5f49341936a379
0.0.0.0 dll-helper.en.softonic.com
# search engine hijacker
0.0.0.0 manualsdirectory.org
0.0.0.0 tab.freshymanuals-site.com
0.0.0.0 search.freshy.com
# https://github.com/uBlockOrigin/uAssets/issues/17568
0.0.0.0 wigglewurm.com
0.0.0.0 n.wigglewurm.com
# an infected VM --> this extension hijacks the search engine
0.0.0.0 getsecurify.com
0.0.0.0 www8.getsecurify.com
0.0.0.0 mysecurify.com
0.0.0.0 search.mysecurify.com
0.0.0.0 ext.mysecurify.com
# https://github.com/hagezi/dns-blocklists/issues/3163
0.0.0.0 withsecurify.com
0.0.0.0 ext.withsecurify.com
0.0.0.0 search5.withsecurify.com
0.0.0.0 search.withsecurify.com
0.0.0.0 securifyguard.com
# an infected VM --> this extension hijacks the search engine claiming it protects your searchs
0.0.0.0 privacykeeperapp.com
0.0.0.0 get.privacykeeperapp.com
0.0.0.0 privacykeepersearch.com
# https://0xacab.org/my-privacy-dns/matrix/-/issues/121797
0.0.0.0 speak-text-tab.com
0.0.0.0 search.speak-text-tab.com
# https://github.com/uBlockOrigin/uAssets/issues/17880
0.0.0.0 office.org
# https://github.com/uBlockOrigin/uAssets/issues/17960
0.0.0.0 templatesearch.org
# https://www.bleepingcomputer.com/forums/t/785431/26-pup-found-today-what-to-do/
0.0.0.0 securybrowse.com
0.0.0.0 search.securybrowse.com
0.0.0.0 ext.securybrowse.com
# https://github.com/uBlockOrigin/uAssets/issues/18103
# (my analysis) https://app.any.run/tasks/4a29352e-fc49-4c59-bb96-0acda5544d53
0.0.0.0 gamefabrique.com
# https://tria.ge/230518-m51f6sae43/behavioral2
# https://forums.malwarebytes.com/topic/298186-accidentally-visited-potential-maliciousmalware-website/
# (my analysis) https://tria.ge/230523-zqkhmahd85/behavioral2
0.0.0.0 doodrdash.com
0.0.0.0 thale-ete.com
0.0.0.0 dkjfhuyd.fivetrafficroads.com
0.0.0.0 weather-in.xyz
0.0.0.0 trk.weather-in.xyz
0.0.0.0 search.weather-in.xyz
# linkverse PUP
0.0.0.0 linkvertise.download
# https://github.com/StevenBlack/hosts/issues/2339
0.0.0.0 serasearchtop.com
# https://tria.ge/230601-z9q5hsha6v/behavioral1
0.0.0.0 safeplexsearch.com
# internal 
0.0.0.0 fontdeterminer.com
# https://tria.ge/230705-n3traaca92/behavioral1
0.0.0.0 ofoseveralyea.info
0.0.0.0 ratefinaukncei.info
# adware
0.0.0.0 pdfsuperhero.azureedge.net
0.0.0.0 pdfconverty.com
# chromium based adware
0.0.0.0 gettoptemplates.com
0.0.0.0 downloadonelaunchnow.com
# https://tria.ge/230805-1lv91agc6x/behavioral1
0.0.0.0 getconvertmyfile.com
# https://0xacab.org/my-privacy-dns/matrix/-/issues/649666
# https://tria.ge/230805-rgmydsee8s/behavioral1
0.0.0.0 websearchextension.info
0.0.0.0 containers.websearchextension.info
0.0.0.0 cloudfront.websearchextension.info
0.0.0.0 websearchextension-api.info
0.0.0.0 api.websearchextension-api.info
# https://github.com/StevenBlack/hosts/issues/2403
# https://github.com/StevenBlack/hosts/issues/2408
0.0.0.0 santknow.com
# https://forums.malwarebytes.com/topic/301185-i-ran-galacticshooterexe/#comment-1583465
0.0.0.0 segoonow.com
# https://forums.malwarebytes.com/topic/301473-pupoptionalcoduit/
0.0.0.0 conduit.com
0.0.0.0 search.conduit.com
# https://github.com/hagezi/dns-blocklists/discussions/1515
0.0.0.0 techadsology.com
# sells driver updater snake oil
0.0.0.0 drivereasy.com
# https://forums.malwarebytes.com/topic/303209-need-help-with-removing-trojan-virusvirtool32/?do=findComment&comment=1594712
# https://www.koi.ai/blog/4-million-browsers-infected-inside-shadypanda-7-year-malware-campaign
# maybe the same thing? https://www.youtube.com/watch?v=IsGRcAjgKwA
0.0.0.0 trovi.com
0.0.0.0 www.trovi.com
# https://github.com/iam-py-test/my_filters_001/issues/119
# https://forums.malwarebytes.com/topic/303863-cryptpkocryptpko1-and-cryptsigcryptsig1-in-registry-and-cant-delete/
0.0.0.0 sensorstechforum.com
# https://tria.ge/231028-pvxzeabb9z/behavioral1s
0.0.0.0 /11/?*&lpkey=*&filename=click%20to%20view%20the%20file%20links|
0.0.0.0 ivedmanyyea.org
# snake oil, bundles software
# https://youtube.com/watch?v=bIpYJoE7CxA
# https://spyware.neocities.org/articles/ccleaner
0.0.0.0 ccleaner.com
# https://github.com/uBlockOrigin/uAssets/issues/13566
# https://web.archive.org/web/20220220102436/https://twitter.com/gorhill/status/1352651716265713665
# https://palant.info/2020/10/28/what-would-you-risk-for-free-honey/
# https://infosec.exchange/@iampytest1/111069238525172731
# https://github.com/hagezi/dns-blocklists/issues/4666
# https://github.com/StevenBlack/hosts/issues/2792
# https://storage.courtlistener.com/recap/gov.uscourts.cand.441974/gov.uscourts.cand.441974.9.0_1.pdf (see also https://techcrunch.com/2025/01/05/youtuber-legaleagle-sues-paypal-over-sleeping-leech-honey-extension/ and https://infosec.exchange/@iampytest1/113782185134949815)
# https://www.heise.de/news/YouTuber-Mit-Honey-zu-arbeiten-war-sehr-einfach-10225641.html
0.0.0.0 joinhoney.com
0.0.0.0 honey.io
# from the TLS cert of supra
0.0.0.0 joinhoney.app
0.0.0.0 joinhoney.co.uk
0.0.0.0 joinhoney.com.au
# https://tria.ge/230821-2bt5maad51/behavioral1
# https://web.archive.org/web/20231120191617/https://forums.malwarebytes.com/topic/304687-pupoptionalfortect/
# https://infosec.exchange/@iampytest1/110736203666880292
0.0.0.0 fortect.com
0.0.0.0 cloud.fortect.com
# https://tria.ge/231121-x5hw8sgc87/behavioral1
0.0.0.0 quickdriverupdater.com
0.0.0.0 www.quickdriverupdater.com
0.0.0.0 webcf.quickdriverupdater.com
0.0.0.0 cf.quickdriverupdater.com
0.0.0.0 qip.quickdriverupdater.com
0.0.0.0 qdu.quickdriverupdater.com
0.0.0.0 dpsro.com
0.0.0.0 www.dpsro.com
# https://github.com/collinbarrett/FilterLists/issues/3794
0.0.0.0 rakuten.ca
0.0.0.0 ebates.com
0.0.0.0 www.ebates.com
# https://github.com/uBlockOrigin/uAssets/pull/17981
0.0.0.0 aadvantageeshopping.com
# https://github.com/iam-py-test/my_filters_001/issues/119
# https://tria.ge/230817-a16feaee47/behavioral1
0.0.0.0 combocleaner.com
0.0.0.0 www.combocleaner.com
# tricks users into installing an allowlist - unknown source
0.0.0.0 work-ink.github.io
# https://www.reddit.com/r/uBlockOrigin/comments/143k8lm/
# ||topcashback.co.uk^$document
# ||topcashback.com^$document
# "free registry cleaner"
# origin unknown (forgot to add a comment here)
# TODO: reverify
0.0.0.0 driveridentifier.com
# driverpack
0.0.0.0 driverpack.io
0.0.0.0 driverpack.tilda.ws
0.0.0.0 dwrapper-prod.herokuapp.com
# https://virustotal.com/gui/url/48a9e88e0b6cf59fac14588d252d9bb6b936ec2fd847e832d17fdb76322b35d3/detection
# https://virustotal.com/gui/file/e66db6f687eacf9852542ab583f4d77191965f3a8d6c2e726f4e6b8b83b4f390/detection
# https://virustotal.com/gui/file/93f1afd730eb30421d8e7cae9fc79cbee918c4b0a75d68bf64d34d2cc99d29f0/detection
# To remove, run ADWCleaner (https://malwarebytes.com/adwcleaner) and follow instructions.
0.0.0.0 speedupmypcfree.com
# https://virustotal.com/gui/domain/speedupmypcfree.com/relations
0.0.0.0 www.speedupmypcfree.com
# https://windowsreport.com/extend-windows-laptop-battery-life/
# https://www.hybrid-analysis.com/sample/0dd66edadbe93df04f6759e5549d3e76b5bfcb292ba6f6a6139903dd705ced6a
# Tested on VM: Removed by ADWCleaner
# Switched to document as per https://github.com/uBlockOrigin/uAssets/issues/9974
0.0.0.0 driverfix.com
# https://tria.ge/240427-2e441aac8x/behavioral1
0.0.0.0 pdfpilotapp.com
0.0.0.0 application.pdfpilotapp.com
0.0.0.0 por.pdfpilotapp.com
# https://youtube.com/watch?v=m9d-fXl3Z8k
# my analysis: https://tria.ge/240505-t81dxafb3s/behavioral1 (cloudflared)
0.0.0.0 restorex360.com
0.0.0.0 www.restorex360.com
# https://github.com/uBlockOrigin/uAssets/issues/24972
0.0.0.0 pcapp.store
# from Alex302: Speed Dial 2 (chrome extension) redirects searchs made through the address bar to Yahoo using these domains
0.0.0.0 getxmlisi.com
0.0.0.0 gotoyahoo.com
# https://forums.malwarebytes.com/topic/332457-clientupdatedrivethelifecom-outgoing-connection-is-blocked/
# https://www.virustotal.com/gui/file/02713f057c41c5f86bdccb7317aef15fd990b07028e065637c244fb7d4749424/detection
# https://www.malwarebytes.com/blog/detections/pup-optional-drivethelife
# https://forum.eset.com/topic/21561-false-positive-driver-talent/
# not a factor in detection but interesting: https://www.reddit.com/r/sysadmin/comments/3a485n/drive_the_life_a_hidden_gem_or_am_i_missing/
# sandbox: https://tria.ge/260111-gs27cabt8d/static1
# reaction to sandbox: https://infosec.exchange/@iampytest1/115874980699384241
# more posts:
# https://forums.malwarebytes.com/topic/332452-drivethelife-riskware-alerts/
# https://forums.malwarebytes.com/topic/332406-drivethelifecom-riskware-alert/
0.0.0.0 drivethelife.com
0.0.0.0 www.drivethelife.com
0.0.0.0 ipr.drivethelife.com
0.0.0.0 clientupdate.drivethelife.com
0.0.0.0 drivertalent.com
0.0.0.0 www.drivertalent.com
# was originally under "Malware and phishing" but is actually a PUP - originally added in https://github.com/iam-py-test/my_filters_001/commit/99b795b4ebc16f4aa185274c9d02e020cf34ae87
# https://github.com/uBlockOrigin/uAssets/issues/9933#issuecomment-913677276
0.0.0.0 greenadblocker.com
# ---- Spam ----
# https://forums.malwarebytes.com/topic/281397-how-to-update-my-adwcleaner/
0.0.0.0 24hourhtmlcafe.com
# https://forums.malwarebytes.com/topic/281787-how-many-types-of-malware-are-there/ (https://web.archive.org/web/20211214132150/https://forums.malwarebytes.com/topic/281787-how-many-types-of-malware-are-there/) -> hxxpx[:]//ilovealgarve[.]net[/]web-football-no-agents[/])
0.0.0.0 ilovealgarve.net
# https://web.archive.org/web/20211222121009/https://forums.malwarebytes.com/topic/282084-keeping-laptop-safe/ -> hxxpx[:]//nbgpapartmani[.]com[/]register-web-ball-ufadeal[/]
0.0.0.0 nbgpapartmani.com
# https://forums.malwarebytes.com/topic/282082-hi-working-a-spreadsheet-more-than-8-years-history-mb-crashed-it/ (https://web.archive.org/web/20211222121637/https://forums.malwarebytes.com/topic/282082-hi-working-a-spreadsheet-more-than-8-years-history-mb-crashed-it/) -> hxxpx[:]//superagentconcierge[.]com[/]casino-ebet-entrance[/]
0.0.0.0 superagentconcierge.com
# https://forums.malwarebytes.com/topic/283348-update-ios-15/ (https://web.archive.org/web/20220202172538/https:/forums.malwarebytes.com/topic/283348-update-ios-15/)
0.0.0.0 binaryreviewsrace.com
# https://forums.malwarebytes.com/topic/283347-update-ios-15/ (https://web.archive.org/web/20220202172612/https:/forums.malwarebytes.com/topic/283347-update-ios-15/)
0.0.0.0 stormlordpublishing.com
# https://github.com/DandelionSprout/adfilt/issues/63#issuecomment-1120210042
0.0.0.0 fuckbookmobile.com
0.0.0.0 www.fuckbookmobile.com
# https://github.com/DandelionSprout/adfilt/issues/63#issuecomment-1179770663
# https://web.archive.org/web/20221007114132/https://forums.malwarebytes.com/topic/290873-whats-the-hottest-temperature-in-your-city/
0.0.0.0 rathbunlakeassoc.com
0.0.0.0 ufadeal.info
# https://web.archive.org/web/20221206113456/https://forums.malwarebytes.com/topic/292706-top-cell-phone-apps-and-games-for-your-iphoneo-verjaardagsherinnering-nu/
# https://forums.malwarebytes.com/topic/292707-spam-post-on-this-forum/ (account required)
0.0.0.0 mhapks.com
# GH spam, i.e. https://github.com/tesla-android/issue-tracker/discussions/162#discussioncomment-4551799
0.0.0.0 4.fo
0.0.0.0 mylocaldates1s.com
0.0.0.0 in.sv
0.0.0.0 trk-click.pshtrk.com
# https://github.com/DandelionSprout/adfilt/commit/e83dc45b60a61c6097b8c40605855a80e3282901
0.0.0.0 link.sv
# https://virustotal.com/gui/url/6bbc5fc50b84711644db9739cab16fbdd5659b3d6b82dbde0a3a82427e6f03b9/community
0.0.0.0 go.sv
# https://virustotal.com/gui/url/1f273d4cd56060082b8a598514f975bf4592a5f6be5f77e05f7c453266edaaad/community
0.0.0.0 scuekpza.ws
# https://forums.malwarebytes.com/topic/273013-android-unknown-chrome-hijacker/page/3/#comment-1553668
0.0.0.0 thedrivingtutors.com
# https://forums.malwarebytes.com/topic/286891-my-android-phone-was-connected-to-pc-with-charge-only-when-pc-was-hacked/#comment-1555237 (deleted)
0.0.0.0 anonigstalk.com
0.0.0.0 bingenerator.one
# https://github.com/hagezi/dns-blocklists/issues/804
0.0.0.0 venezuelabaseballjerseys.com
0.0.0.0 italyworldbaseballclassic.com
0.0.0.0 storeoregononline.com
0.0.0.0 tlstoreonline.com
0.0.0.0 storecollegeonline.com
0.0.0.0 shoptcuhornedonline.com
0.0.0.0 shopsyracuseonline.com
# https://github.com/hagezi/dns-blocklists/issues/1169
0.0.0.0 fuckmebaby.click
# comment spam - endless cloudflare redirects
0.0.0.0 getcutt.fun
# https://infosec.exchange/@iampytest1/111485217708664748
0.0.0.0 free-amore.online
0.0.0.0 t.affoth2.com
0.0.0.0 newfast.pics
# cryptocurrency recovery scammers
0.0.0.0 cyberservices.com
# X/Twitter spammer
# https://infosec.exchange/@briankrebs/111947916198756986
0.0.0.0 forestver.se
# https://github.com/Mastodon-DE/blocklists/issues/17
0.0.0.0 tambayan.us
# https://www.bleepingcomputer.com/news/security/news-farm-impersonates-60-plus-major-outlets-bbc-cnn-cnbc-guardian/
0.0.0.0 australiannewstoday.com
0.0.0.0 bbcnewstoday.com
0.0.0.0 bloombergnewstoday.com
0.0.0.0 bostonnewstoday.com
0.0.0.0 britishnewstoday.com
0.0.0.0 canadiannewstoday.com
0.0.0.0 chinaworldnewstoday.com
0.0.0.0 chroniclenewstoday.com
0.0.0.0 cnbcnewstoday.com
0.0.0.0 cnnworldtoday.com
0.0.0.0 crunchbasenewstoday.com
0.0.0.0 dailyexpressnewstoday.com
0.0.0.0 dailyheraldnewstoday.com
0.0.0.0 dailymirrornewstoday.com
0.0.0.0 dailystarnewstoday.com
0.0.0.0 dailytelegraphnewstoday.com
0.0.0.0 dutchnewstoday.com
0.0.0.0 dwnewstoday.com
0.0.0.0 europeannewstoday.com
0.0.0.0 forbesnewstoday.com
0.0.0.0 frenchnewstoday.com
0.0.0.0 germaynewstoday.com
0.0.0.0 guardiannewstoday.com
0.0.0.0 headlinesworldnews.com
0.0.0.0 huffingtonposttoday.com
0.0.0.0 irishnewstoday.com
0.0.0.0 italiannewstoday.com
0.0.0.0 livemintnewstoday.com
0.0.0.0 maltanewstime.com
0.0.0.0 mirrornewstoday.com
0.0.0.0 nationalposttoday.com
0.0.0.0 neatherlandnewstoday.com
0.0.0.0 neweuropetoday.com
0.0.0.0 norwaynewstoday.com
0.0.0.0 oxfordnewstoday.com
0.0.0.0 portugalnewstoday.com
0.0.0.0 postgazettenewstoday.com
0.0.0.0 republicofchinatoday.com
0.0.0.0 reuterstoday.com
0.0.0.0 russiannewstoday.com
0.0.0.0 scotlandnewstoday.com
0.0.0.0 spanenewstoday.com
0.0.0.0 switzerlandnewstoday.com
0.0.0.0 thedailymailnewstoday.com
0.0.0.0 thedailytelegraphnewstoday.com
0.0.0.0 theexpressnewstoday.com
0.0.0.0 theheraldnewstoday.com
0.0.0.0 theindependentnewstoday.com
0.0.0.0 theirishtimesnewstoday.com
0.0.0.0 theirishtimestoday.com
0.0.0.0 themetronewstoday.com
0.0.0.0 themirrornewstoday.com
0.0.0.0 thequintnewstoday.com
0.0.0.0 thestarnewstoday.com
0.0.0.0 thesunnewstoday.com
0.0.0.0 thetelegraphnewstoday.com
0.0.0.0 timesofnetherland.com
0.0.0.0 timesofspanish.com
0.0.0.0 topeuropenews.com
0.0.0.0 topworldnewstoday.com
0.0.0.0 turkeynewstoday.com
0.0.0.0 walesnewstoday.com
0.0.0.0 washingtonposttoday.com
0.0.0.0 washingtontimesnewstoday.com
0.0.0.0 www.australiannewstoday.com
0.0.0.0 www.bbcnewstoday.com
0.0.0.0 www.bostonnewstoday.com
0.0.0.0 www.britishnewstoday.com
0.0.0.0 www.canadiannewstoday.com
0.0.0.0 www.chinaworldnewstoday.com
0.0.0.0 www.chroniclenewstoday.com
0.0.0.0 www.cnbcnewstoday.com
0.0.0.0 www.cnnworldtoday.com
0.0.0.0 www.crunchbasenewstoday.com
0.0.0.0 www.dailyexpressnewstoday.com
0.0.0.0 www.dailyheraldnewstoday.com
0.0.0.0 www.dailymirrornewstoday.com
0.0.0.0 www.dailystarnewstoday.com
0.0.0.0 www.dailytelegraphnewstoday.com
0.0.0.0 www.dutchnewstoday.com
0.0.0.0 www.dwnewstoday.com
0.0.0.0 www.europeannewstoday.com
0.0.0.0 www.forbesnewstoday.com
0.0.0.0 www.frenchnewstoday.com
0.0.0.0 www.germaynewstoday.com
0.0.0.0 www.guardiannewstoday.com
0.0.0.0 www.headlinesworldnews.com
0.0.0.0 www.huffingtonposttoday.com
0.0.0.0 www.irishnewstoday.com
0.0.0.0 www.italiannewstoday.com
0.0.0.0 www.livemintnewstoday.com
0.0.0.0 www.maltanewstime.com
0.0.0.0 www.mirrornewstoday.com
0.0.0.0 www.nationalposttoday.com
0.0.0.0 www.neatherlandnewstoday.com
0.0.0.0 www.neweuropetoday.com
0.0.0.0 www.norwaynewstoday.com
0.0.0.0 www.oxfordnewstoday.com
0.0.0.0 www.portugalnewstoday.com
0.0.0.0 www.postgazettenewstoday.com
0.0.0.0 www.republicofchinatoday.com
0.0.0.0 www.reuterstoday.com
0.0.0.0 www.russiannewstoday.com
0.0.0.0 www.scotlandnewstoday.com
0.0.0.0 www.spanenewstoday.com
0.0.0.0 www.switzerlandnewstoday.com
0.0.0.0 www.thedailymailnewstoday.com
0.0.0.0 www.thedailytelegraphnewstoday.com
0.0.0.0 www.theexpressnewstoday.com
0.0.0.0 www.theheraldnewstoday.com
0.0.0.0 www.theindependentnewstoday.com
0.0.0.0 www.theirishtimesnewstoday.com
0.0.0.0 www.theirishtimestoday.com
0.0.0.0 www.themetronewstoday.com
0.0.0.0 www.themirrornewstoday.com
0.0.0.0 www.thequintnewstoday.com
0.0.0.0 www.thestarnewstoday.com
0.0.0.0 www.thesunnewstoday.com
0.0.0.0 www.thetelegraphnewstoday.com
0.0.0.0 www.timesofnetherland.com
0.0.0.0 www.timesofspanish.com
0.0.0.0 www.topeuropenews.com
0.0.0.0 www.topworldnewstoday.com
0.0.0.0 www.turkeynewstoday.com
0.0.0.0 www.walesnewstoday.com
0.0.0.0 www.washingtontimesnewstoday.com
# https://github.com/hagezi/dns-blocklists/issues/3122
0.0.0.0 likenu.se
# spam wikipedia article (taken down - https://en.wikipedia.org/wiki/Fetish_Cams)
0.0.0.0 fetishes.cam
# from https://www.eff.org/deeplinks/2013/01/scanning-documents-patent-trolls-want-you-pay
# redirect from bought up domain: https://hybrid-analysis.com/sample/ee616d42e502581b5c1984b086b97c24114df2dd2fadf4680233a346635e10d0
0.0.0.0 stop-project-paperless.com
0.0.0.0 transaction-2007.com
0.0.0.0 www.transaction-2007.com
0.0.0.0 mediaresmi.com
0.0.0.0 fijiluxuryvacation.com
0.0.0.0 www.cinemasaver.com
0.0.0.0 sedationdentistrycenter.com
0.0.0.0 verandasoho.com
0.0.0.0 stream-dna.com
0.0.0.0 www.goldenstatestimulus.com
0.0.0.0 www.bluegatemusicals.com
0.0.0.0 xolopbr.com
0.0.0.0 getannepro.com
0.0.0.0 www.theredbeanannapolis.com
0.0.0.0 www.lilxlotus.com
0.0.0.0 www.plantitmodern.com
0.0.0.0 www.illinoisfiberconnect.com
# https://github.com/hagezi/dns-blocklists/issues/3598
0.0.0.0 miracrookshanks.ru.com
0.0.0.0 bethanfreedland.ru.com
# https://github.com/hagezi/dns-blocklists/issues/3601
0.0.0.0 1000fapvids.online
# search engine spam
0.0.0.0 n7p28.com
# https://github.com/hagezi/dns-blocklists/issues/4654
0.0.0.0 crm-b2c-26477.de
# https://github.com/hagezi/dns-blocklists/issues/5649
0.0.0.0 upnews.me
0.0.0.0 billboardwring.com
# https://infosec.exchange/@iampytest1/114230884762731497
# https://tria.ge/250326-1bty7avq16/behavioral1
0.0.0.0 swagedge.com
# https://tria.ge/250326-1ng56awjs4/behavioral1
# https://tria.ge/250326-1ypmzswkw8/behavioral1
0.0.0.0 doctoredits.com
# https://github.com/hagezi/dns-blocklists/issues/5654
0.0.0.0 x2em.com
# https://github.com/hagezi/dns-blocklists/issues/6597?notification_referrer_id=NT_kwDOBQVKPLQxNzMyNjYyMzAxNjo4NDIzMjc2NA&notifications_query=reason%3Amention
0.0.0.0 cheapgpts.selly.store
0.0.0.0 cheapgpt.store
# https://github.com/hagezi/dns-blocklists/issues/6620
0.0.0.0 t1.testname.me
# spammed in comments sections
0.0.0.0 adultgames.online
# https://infosec.exchange/@iampytest1/115956392732391541
0.0.0.0 777ad-game.com.pk
# ---- Resource Abuse ----
# https://github.com/hagezi/dns-blocklists/issues/1990
# https://infosec.exchange/@iampytest1/111666367575936830 (thanks to ajayyy)
0.0.0.0 brightdata.com
0.0.0.0 brightdata.de
0.0.0.0 bright-sdk.com
0.0.0.0 clientsdk.bright-sdk.com
0.0.0.0 perr.bright-sdk.com
# https://github.com/badmojr/1Hosts/issues/1831
0.0.0.0 joinmassive.com
0.0.0.0 api.joinmassive.com
0.0.0.0 geo-network.joinmassive.com
0.0.0.0 network.joinmassive.com
# https://github.com/hagezi/dns-blocklists/issues/9275
0.0.0.0 mineralt.io
# ---- Stalkerware ----
# copied from https://github.com/AssoEchap/stalkerware-indicators/blob/adae94598f8d628a4af90f9bf323553d3ec683a4/ioc.yaml#L1-L273 - https://github.com/AssoEchap/stalkerware-indicators#license (modified to be in uBo format, removed a few domains)
0.0.0.0 phonespying.com
0.0.0.0 app.phonespying.com
0.0.0.0 copy9.com
0.0.0.0 fonetracker.com
0.0.0.0 thetruthspy.com
0.0.0.0 icloudappe.com
0.0.0.0 spyzee.com
0.0.0.0 media-sync-a.copy9.com
0.0.0.0 media-sync-a.thetruthspy.com
0.0.0.0 media-sync-a743.thetruthspy.com
0.0.0.0 media-sync-a748.thetruthspy.com
0.0.0.0 media-sync-a7xx.thetruthspy.com
0.0.0.0 media-sync-a825.thetruthspy.com
0.0.0.0 media-sync-a830.thetruthspy.com
0.0.0.0 media-sync-a835.thetruthspy.com
0.0.0.0 media-sync-a895.thetruthspy.com
0.0.0.0 media-sync-a8xx.thetruthspy.com
0.0.0.0 media-sync-a910.thetruthspy.com
0.0.0.0 media-sync-a915.thetruthspy.com
0.0.0.0 media-sync-a920.thetruthspy.com
0.0.0.0 media-sync-a925.thetruthspy.com
0.0.0.0 media-sync-a930.thetruthspy.com
0.0.0.0 media-sync-a935.thetruthspy.com
0.0.0.0 media-sync-a940.thetruthspy.com
0.0.0.0 media-sync-a941.thetruthspy.com
0.0.0.0 media-sync-a942.thetruthspy.com
0.0.0.0 my.copy9.com
0.0.0.0 my.thetruthspy.com
0.0.0.0 phonetracking.net
0.0.0.0 protocol-a.copy9.com
0.0.0.0 protocol-a.thetruthspy.com
0.0.0.0 protocol-a621.copy9.com
0.0.0.0 protocol-a696.copy9.com
0.0.0.0 protocol-a710.copy9.com
0.0.0.0 protocol-a743.thetruthspy.com
0.0.0.0 protocol-a745.thetruthspy.com
0.0.0.0 protocol-a748.thetruthspy.com
0.0.0.0 protocol-a780.copy9.com
0.0.0.0 protocol-a785.copy9.com
0.0.0.0 protocol-a910.thetruthspy.com
0.0.0.0 protocol-a915.thetruthspy.com
0.0.0.0 protocol-a920.thetruthspy.com
0.0.0.0 protocol-a925.thetruthspy.com
0.0.0.0 protocol-a930.thetruthspy.com
0.0.0.0 protocol-a935.thetruthspy.com
0.0.0.0 protocol-a940.thetruthspy.com
0.0.0.0 protocol-a941.thetruthspy.com
0.0.0.0 protocol-a942.thetruthspy.com
0.0.0.0 protocol-viewer-a.copy9.com
0.0.0.0 protocol.copy9.com
0.0.0.0 protocol.thetruthspy.com
0.0.0.0 secondclone-2d312.firebaseio.com
0.0.0.0 setupmail-a.icloudappe.com
0.0.0.0 setupmail-a724.icloudappe.com
0.0.0.0 setupmail-a743.icloudappe.com
0.0.0.0 setupmail-a745.icloudappe.com
0.0.0.0 setupmail-a748.icloudappe.com
0.0.0.0 setupmail-a910.icloudappe.com
0.0.0.0 setupmail-a915.icloudappe.com
0.0.0.0 setupmail-a920.icloudappe.com
0.0.0.0 setupmail.icloudappe.com
0.0.0.0 sync-a.copy9.com
0.0.0.0 sync-a.thetruthspy.com
0.0.0.0 sync-a7xx.thetruthspy.com
0.0.0.0 sync-a8xx.thetruthspy.com
0.0.0.0 sync-a925.thetruthspy.com
0.0.0.0 sync-a930.thetruthspy.com
0.0.0.0 sync-a935.thetruthspy.com
0.0.0.0 sync-a940.thetruthspy.com
0.0.0.0 sync-a941.thetruthspy.com
0.0.0.0 sync-a942.thetruthspy.com
# https://github.com/AssoEchap/stalkerware-indicators/blob/9f656217ab46b2043612808940f4387b651000a9/ioc.yaml#L3937 - under https://github.com/AssoEchap/stalkerware-indicators#license
# my analysis: https://app.any.run/tasks/57cdb248-461e-4dc5-b6b2-2235eec1e098/
# my analysis: https://virustotal.com/gui/file/5809066a109718683fa1ffe3abcd0e6c9bd5f613279e081e31bc17e628d9bfba/detection
# my analysis: https://tria.ge/230505-27f8mshd2v/behavioral1
0.0.0.0 myspyapps.com
0.0.0.0 my-spy-a9c92.firebaseio.com
# Andrews, Jean. CompTIA A+ Guide to Information Technology Technical Support. Available from: Yuzu Reader, (11th Edition). Cengage Learning US, 2022.
# confirmed
0.0.0.0 flexispy.com
# https://lgbtqia.space/@alice/112017041119045914
0.0.0.0 clevguard.com
0.0.0.0 www.clevguard.com
0.0.0.0 images.clevguard.com
0.0.0.0 panel.clevguard.com
0.0.0.0 public.clevguard.com
0.0.0.0 account.clevguard.com
# possible fake page, unclear if related
0.0.0.0 clevguard.org
0.0.0.0 www.clevguard.org
0.0.0.0 images.clevguard.org
# "Remotely Monitor Kid's Device and Activity" - textbook stalkerware
0.0.0.0 imyfone.com
# https://techcrunch.com/2024/07/11/mspy-spyware-millions-customers-data-breach/
0.0.0.0 mspy.com
# an ad pretending to be an email on tempmail.email - the "emails" claim to be from Microsoft. It is not known if Spy99 is behind this deceptive advertising, or just happens to be promoted this way. No other service has been promoted via these deceptive ads.
# https://infosec.exchange/@iampytest1/113137078414460638
0.0.0.0 la.quicksightnow.com
0.0.0.0 spy99.com
# https://github.com/AssoEchap/stalkerware-indicators/issues/131
0.0.0.0 spyrix.com
0.0.0.0 www.spyrix.com
0.0.0.0 spyrix-sfk.com
0.0.0.0 spyrixweb.com
# no amount of disclaimers undoes "How Can I Read My Boyfriend’s Text Messages Without Touching His Phone?" and "Some apps, like Phonsee, are designed to be hidden and undetectable." - Stalkerware
0.0.0.0 phonsee.com
# "Monitor all the activities in the most popular dating apps."
# their support was more than willing to help me install this malware on my (nonexistant) "wife"'s phone, while knowing I did not have "her" consent. The support person claimed the only indicator that she was being spied on was the VPN indicator (why? no idea)
0.0.0.0 umobix.com
# ---- Include other lists ----
# include rules for just uBlock Origin and AdGuard, and the VXVault list
##include special_lists/anti-malware-ubo-extension.txt
# END