# Title: iam-py-test's antitypo list
# Description: Ever hit the wrong key when typing an address and ended up in the wrong place? This list aims to prevent that
# Expires: 1 day
# Homepage: https://github.com/iam-py-test/my_filters_001
# Issues url: https://github.com/iam-py-test/my_filters_001/issues
# GitLab issues url (not checked as often): https://gitlab.com/iam-py-test/my_filters_001/-/issues
# Last updated: 2024-6-17
# https://safeweb.norton.com/report/show?url=xn--gogle-jua.com
# https://virustotal.com/gui/url/0a354e33a0171ba3a740b823473ac7f8f0ae6d60924c9ced0ae6ba46851275bb/detection
# https://virustotal.com/gui/domain/xn--gogle-jua.com/detection
0.0.0.0 xn--gogle-jua.com
# https://www.mywot.com/scorecard/vrustotal.com
# https://safeweb.norton.com/report/show?url=vrustotal.com
0.0.0.0 vrustotal.com
# https://virustotal.com/gui/url/eb8b44eb62e50f576631d087eec719a2e12b34272ad03e04c2356a547e6896be/community
# https://virustotal.com/gui/domain/googlec.om/detection
# https://www.siteadvisor.com/sitereport.html?url=http%3A%2F%2Fgooglec.om
# https://safeweb.norton.com/report/show?url=http%3A%2F%2Fgooglec.om
# https://transparencyreport.google.com/safe-browsing/search?url=http:%2F%2Fgooglec.om
# https://sitecheck.sucuri.net/results/googlec.om
# https://safeweb.norton.com/reviews?url=googlec.om
# Can not resolve host but might come back some day
0.0.0.0 googlec.om
# https://virustotal.com/gui/url/f044015cf97b2475c569b46c7dc45b152ecd991ff365facd5c9a15cdfdeb8f68/detection
# https://www.urlvoid.com/scan/accountgoogle.com/
# https://www.mywot.com/scorecard/accountgoogle.com
0.0.0.0 accountgoogle.com
0.0.0.0 accountsgoogle.net
0.0.0.0 googlesignin.xyz
0.0.0.0 signingoogle.xyz
0.0.0.0 logingoogle.xyz
# https://virustotal.com/gui/url/2778a0b6162e8c14ed450dda8aa6c32486a6c7a8c224e940e7fb41be39816fc4/detection
0.0.0.0 malwarebytes.xyz
#!! w3school.com$document
# https://github.com/easylist/easylist/pull/7950
# https://www.siteadvisor.com/sitereport.html?url=xozilla.com
#!! xozilla.com$all
# https://sitecheck.sucuri.net/results/bit.lu
0.0.0.0 bit.lu
# https://www.mywot.com/scorecard/alwarebytes.com
0.0.0.0 alwarebytes.com
# inkbunny[.]net typosquatt
0.0.0.0 inkbunny.xyz
# duckDuckGo typosquatt - https://www.fortiguard.com/webfilter?q=dukduckgo.com&version=8
0.0.0.0 dukduckgo.com
# https://blog.dynamoo.com/2011/04/alisa-cartercom-lizamooncom-and-worid.html
# https://safeweb.norton.com/report/show?url=google-1aa.com
0.0.0.0 google-1aa.com
# https://safeweb.norton.com/report/show?url=googlesite.ws
0.0.0.0 googlesite.ws
# https://github.com/AdguardTeam/AdguardFilters/issues/85224
0.0.0.0 www.youtubewon.com
0.0.0.0 youtubewon.com
# https://www.reddit.com/r/mildlyinfuriating/comments/nc9zpe/got_a_paypal_or_should_i_say_paypl_phishing_email/
# https://virustotal.com/gui/url/e604fa0374dbbceefaf7190bd7aa649561dfc19ff49af443d8931df40e1e1f43/detection
0.0.0.0 paypl.com
0.0.0.0 paypal.xyz
# https://virustotal.com/gui/url/4531df5b01e2c58f9307fabecc9a17b03c6157bafc8e9af736b278e95c182dc5/detection
0.0.0.0 payapl.com
# https://virustotal.com/gui/url/2b0a3525bf412601e1acea8f7ee1eb0627df843d58e2d10553ea5a81d4ba26be/detection
# https://www.siteadvisor.com/sitereport.html?url=cchase.com
0.0.0.0 cchase.com
# https://virustotal.com/gui/url/6d9e9d347f3578fe8fea973820a40a0ab760165e613af323b4a025dee339c73e/detection
# https://www.mywot.com/scorecard/blogsopt.com
0.0.0.0 blogsopt.com
# https://virustotal.com/gui/url/76074c7a040ba1edcea412c3d1ea9098ee43ee85cffb75be5882ea553bc43d81/community
# https://www.mywot.com/scorecard/g0ogle.com
0.0.0.0 g0ogle.com
# https://github.com/SOBotics/Belisarius/issues/5
0.0.0.0 stackoverflows.com
# https://safeweb.norton.com/reviews?url=googe.com
0.0.0.0 googe.com
# https://forum.mywot.com/24626-whatsmyipaddress-com
0.0.0.0 whatsmyipaddress.com
# https://www.fortiguard.com/webfilter?q=appple.com&version=8
0.0.0.0 appple.com
0.0.0.0 bankofamericaa.com
0.0.0.0 rasberrypi.org
0.0.0.0 google.xyz
# https://www.scamner.com/check/irs.guv
0.0.0.0 irs.guv
# Look-alikes using non-ascii
0.0.0.0 xn--discrd-egb.com
0.0.0.0 xn--rddit-6za.com
# https://virustotal.com/gui/user/Site.safetychecker
# https://virustotal.com/gui/url/7108cfe6953cab08696ae1f9ab2c777b749fb53e7beb5c003756ea522c880f17/detection
0.0.0.0 yotube.com
# https://github.com/rcmaehl/WhyNotWin11/issues/66
0.0.0.0 whynotwin11.com
# https://github.com/blocklistproject/Lists/blob/master/malware.txt
# https://virustotal.com/gui/url/7f0b595a6004b1b6b6563e39b8d147dfde6a70d714e43b8a5a3da81b857e6b8b/detection
# https://www.siteadvisor.com/sitereport.html?url=01apple.com
0.0.0.0 01apple.com
# Does not resolve to anything - yet...
0.0.0.0 duckduckgo.net
# Might be typosquatts of yahoo
0.0.0.0 yahooc.com
0.0.0.0 yahooc.om
# https://virustotal.com/gui/url/263cf0103560c531755ed20823111c0cef36108893f369e8b58885777883940e/community
0.0.0.0 virustotl.com
# https://virustotal.com/gui/url/83cbc65ef32d4eef31acf9c5cfbf6acf1a41d8689c106836770caf31f5153e06/community
0.0.0.0 yutube.com
# https://virustotal.com/gui/url/8e073d1ab7f3234109c1b9382a784886631a8b8c486b55845fe9c07628dfa593/detection
# https://safeweb.norton.com/report/show?url=virusttal.com
0.0.0.0 virusttal.com
# https://virustotal.com/gui/url/db1da5818091e5270454bf765af7f24f8e1aec7ae7b6d0aeb384c3db95e67416/detection
# https://www.siteadvisor.com/sitereport.html?url=virustota.com
# https://safeweb.norton.com/report/show?url=virustota.com
0.0.0.0 virustota.com
# https://virustotal.com/gui/url/7192e189a778151b8b2ac216542c1dd4c842cc5dded479941cfecfc940e44cc8/detection
# https://safeweb.norton.com/report/show?url=discordapp.cam
# https://www.siteadvisor.com/sitereport.html?url=discordapp.cam
0.0.0.0 discordapp.cam
0.0.0.0 old.ereddit.com
0.0.0.0 ereddit.com
0.0.0.0 craisglist.org
# https://new.reddit.com/r/dwarffortress/comments/e4srco/be_sure_to_use_org_instead_of_com_when_going_to/
0.0.0.0 dwarffortresswiki.com
0.0.0.0 bitdefneder.com
# https://blog.malwarebytes.com/threat-intelligence/2021/09/the-many-tentacles-of-magecart-group-8/
0.0.0.0 googheusercontent.com
0.0.0.0 googlatagmanager.com
0.0.0.0 googlausercontent.com
0.0.0.0 google5sercontent.com
0.0.0.0 googleafalytics.com
0.0.0.0 googleanadytics.com
0.0.0.0 googleanahytics.com
0.0.0.0 googleanal9tics.com
0.0.0.0 googleanalxtics.com
0.0.0.0 googleanaly4ics.com
0.0.0.0 googleanalydics.com
0.0.0.0 googleanalypics.com
0.0.0.0 googleanalytacs.com
0.0.0.0 googleanalytias.com
0.0.0.0 googleanalytibs.com
0.0.0.0 googleanalyticc.com
0.0.0.0 googleanalyticr.com
0.0.0.0 googleanalyticw.com
0.0.0.0 googleanalytigs.com
0.0.0.0 googleanalytiks.com
0.0.0.0 googleanalytkcs.com
0.0.0.0 googleanalytmcs.com
0.0.0.0 googleanalytycs.com
0.0.0.0 googleanalyuics.com
0.0.0.0 googleanalyvics.com
0.0.0.0 googleanamytics.com
0.0.0.0 googleananytics.com
0.0.0.0 googleanclytics.com
0.0.0.0 googleanelytics.com
0.0.0.0 googleanilytics.com
0.0.0.0 googleanqlytics.com
0.0.0.0 googleaoalytics.com
0.0.0.0 googlecnalytics.com
0.0.0.0 googledagmanager.com
0.0.0.0 googleenalytics.com
0.0.0.0 googleesercontent.com
0.0.0.0 googleinalytics.com
0.0.0.0 googlepagmanager.com
0.0.0.0 googleqnalytics.com
0.0.0.0 googleqsercontent.com
0.0.0.0 googletacmanager.com
0.0.0.0 googletaemanager.com
0.0.0.0 googletag-anager.com
0.0.0.0 googletageanager.com
0.0.0.0 googletagianager.com
0.0.0.0 googletaglanager.com
0.0.0.0 googletagmafager.com
0.0.0.0 googletagmajager.com
0.0.0.0 googletagmalager.com
0.0.0.0 googletagmanacer.com
0.0.0.0 googletagmanaeer.com
0.0.0.0 googletagmanafer.com
0.0.0.0 googletagmanagar.com
0.0.0.0 googletagmanagdr.com
0.0.0.0 googletagmanage2.com
0.0.0.0 googletagmanageb.com
0.0.0.0 googletagmanagep.com
0.0.0.0 googletagmanages.com
0.0.0.0 googletagmanagev.com
0.0.0.0 googletagmanagez.com
0.0.0.0 googletagmanaggr.com
0.0.0.0 googletagmanagmr.com
0.0.0.0 googletagmanagur.com
0.0.0.0 googletagmanaoer.com
0.0.0.0 googletagmanawer.com
0.0.0.0 googletagmancger.com
0.0.0.0 googletagmaneger.com
0.0.0.0 googletagmaniger.com
0.0.0.0 googletagmanqger.com
0.0.0.0 googletagmaoager.com
0.0.0.0 googletagmcnager.com
0.0.0.0 googletagminager.com
0.0.0.0 googletagmqnager.com
0.0.0.0 googletagoanager.com
0.0.0.0 googletaomanager.com
0.0.0.0 googletawmanager.com
0.0.0.0 googletcgmanager.com
0.0.0.0 googletigmanager.com
0.0.0.0 googletqgmanager.com
0.0.0.0 googletsercontent.com
0.0.0.0 googleu3ercontent.com
0.0.0.0 googleuagmanager.com
0.0.0.0 googleucercontent.com
0.0.0.0 googleuqercontent.com
0.0.0.0 googleurercontent.com
0.0.0.0 googleusarcontent.com
0.0.0.0 googleusdrcontent.com
0.0.0.0 googleuse2content.com
0.0.0.0 googleusebcontent.com
0.0.0.0 googleusepcontent.com
0.0.0.0 googleuseraontent.com
0.0.0.0 googleuserbontent.com
0.0.0.0 googleusercgntent.com
0.0.0.0 googleuserckntent.com
0.0.0.0 googleusercmntent.com
0.0.0.0 googleusercnntent.com
0.0.0.0 googleusercoftent.com
0.0.0.0 googleusercojtent.com
0.0.0.0 googleusercoltent.com
0.0.0.0 googleusercon4ent.com
0.0.0.0 googleusercondent.com
0.0.0.0 googleuserconpent.com
0.0.0.0 googleusercontant.com
0.0.0.0 googleusercontdnt.com
0.0.0.0 googleuserconteft.com
0.0.0.0 googleusercontejt.com
0.0.0.0 googleusercontelt.com
0.0.0.0 googleuserconten4.com
0.0.0.0 googleusercontend.com
0.0.0.0 googleusercontenp.com
0.0.0.0 googleusercontenu.com
0.0.0.0 googleusercontenv.com
0.0.0.0 googleuserconteot.com
0.0.0.0 googleusercontgnt.com
0.0.0.0 googleusercontmnt.com
0.0.0.0 googleusercontunt.com
0.0.0.0 googleuserconuent.com
0.0.0.0 googleusescontent.com
0.0.0.0 googleusgrcontent.com
0.0.0.0 googleusmrcontent.com
0.0.0.0 googlevagmanager.com
0.0.0.0 googlganalytics.com
0.0.0.0 googluanalytics.com
0.0.0.0 googlutagmanager.com
0.0.0.0 googmeanalytics.com
# random domains
0.0.0.0 pay-pal.club
0.0.0.0 tw1tch.info
0.0.0.0 cioubfiare.com
0.0.0.0 exampe.com
# https://blog.malwarebytes.com/threat-intelligence/2021/11/credit-card-skimmer-evades-virtual-machines/
0.0.0.0 cdn.cookieslaw.org
0.0.0.0 cookieslaw.org
# https://twitter.com/Artilllerie/status/1534076124829036544
0.0.0.0 bbleepingcomputer.com
0.0.0.0 bleepingc0mputer.com
0.0.0.0 bleepingccomputer.com
0.0.0.0 bleepingcimputer.com
0.0.0.0 bleepingcmoputer.com
0.0.0.0 bleepingcmputer.com
0.0.0.0 bleepingcommputer.com
0.0.0.0 bleepingcomouter.com
0.0.0.0 bleepingcompiter.com
0.0.0.0 bleepingcompouter.com
0.0.0.0 bleepingcompputer.com
0.0.0.0 bleepingcomptuer.com
0.0.0.0 bleepingcompurer.com
0.0.0.0 bleepingcomputee.com
0.0.0.0 bleepingcomputeer.com
0.0.0.0 bleepingcomputerr.com
0.0.0.0 bleepingcomputet.com
0.0.0.0 bleepingcomputor.com
0.0.0.0 bleepingcomputre.com
0.0.0.0 bleepingcomputrr.com
0.0.0.0 bleepingcomputter.com
0.0.0.0 bleepingcomputwr.com
0.0.0.0 bleepingcompuuter.com
0.0.0.0 bleepingcompuyer.com
0.0.0.0 bleepingcompyter.com
0.0.0.0 bleepingcomupter.com
0.0.0.0 bleepingconputer.com
0.0.0.0 bleepingcoomputer.com
0.0.0.0 bleepingcopmuter.com
0.0.0.0 bleepingcoputer.com
0.0.0.0 bleepingcpmputer.com
0.0.0.0 bleepingocmputer.com
0.0.0.0 bleepingvomputer.com
0.0.0.0 bleepingxomputer.com
# I made a mistake and went to this domain
0.0.0.0 forums.malwarebytes.co
0.0.0.0 malwarebytes.co
# https://github.com/VernonStow/Filterlist/commit/cb04d77547497a1cd211d2eac20f8af10de01a76 (all credit to https://github.com/VernonStow for finding these domains)
# https://app.any.run/tasks/f204948b-3940-41d2-af50-b3db789d4ac3
# https://virustotal.com/gui/file/e34575d69ee7a2c0231982d4c2e47edc9adbf7c9290caedd69ad7598a2ae759c (with junk data deleted)
0.0.0.0 notepads-plus-plus.org
# same file
0.0.0.0 thundersbird.org
0.0.0.0 codevisualstudio.org
0.0.0.0 braves-browsers.org
# seems to be owned by Amazon (based on very limited research) but worth blocklisting anyway
0.0.0.0 anazon.com
# I mistyped virtualbox's website and landed here, which redirected to get[.]safety-search[.]com
0.0.0.0 virutalbox.org
# https://github.com/uBlockOrigin/uAssets/issues/4201
0.0.0.0 whatsaappp.com
0.0.0.0 no.whatsaappp.com
0.0.0.0 googlo.co
0.0.0.0 8l.googlo.co
0.0.0.0 yahoo-news.co
# https://dnstwister.report/search?ed=676f6f676c652e636f6d
0.0.0.0 googloe.com
# I made (another) typo
0.0.0.0 example.cm
# https://github.com/chris408/virustotal-subdomain-scraper/pull/1
0.0.0.0 www.virtustotal.com
0.0.0.0 virtustotal.com
# https://dnstwist.it/ (domain redirects to a sus Amazon page)
0.0.0.0 duckduckfo.com
# redirects to Google?
0.0.0.0 duckduckg0.com
# parked
0.0.0.0 virtualboc.org
# copied from ThreatFox
# https://threatfox.abuse.ch/ioc/1064519/
# https://threatfox.abuse.ch/ioc/1053246/
0.0.0.0 wwww-dlscord.top
# https://threatfox.abuse.ch/ioc/1064520/
# https://threatfox.abuse.ch/ioc/1053244/
0.0.0.0 wwww-discord.top
# https://threatfox.abuse.ch/ioc/1064521/
0.0.0.0 wwwwdiscord.top
# https://threatfox.abuse.ch/ioc/1064528/
# https://threatfox.abuse.ch/ioc/1053222/
0.0.0.0 www-discord.top
# https://threatfox.abuse.ch/ioc/1064468/
0.0.0.0 vvv-discord.top
# https://threatfox.abuse.ch/ioc/1064472/
0.0.0.0 vwvv-discord.top
# https://dnstwist.it/
0.0.0.0 discordi.com
# https://app.any.run/tasks/015824a4-f267-48df-8dde-a7ddd78f167e
0.0.0.0 discordt.com
# https://virustotal.com/gui/domain/netfllpl.com/community
0.0.0.0 netfllpl.com
# listed in some list somewhere
0.0.0.0 facebooklcom.com
# another day, another typo
0.0.0.0 virustotal.co
# https://dnstwist.it/
0.0.0.0 virusotal.com
0.0.0.0 virustptal.com
# https://github.com/uBlockOrigin/uAssets/issues/9848#issuecomment-907855092
# (28/1/2023) https://app.any.run/tasks/de411bb9-92af-42e5-a03a-992f81138d96
0.0.0.0 www.mediafiire.com
0.0.0.0 mediafiire.com
# https://github.com/uBlockOrigin/uAssets/issues/11269
0.0.0.0 discqrdapp.com
# appears to be a former tech support scam page, but now is parked
0.0.0.0 malwarebytes.support
# https://github.com/uBlockOrigin/uAssets/issues/16558
0.0.0.0 obsproicet.net
# https://scammer.info/t/fake-metamask-download/119071 (NXDOMAIN)
0.0.0.0 download-metamask.com
# https://dnstwist.it/ for mediafire
0.0.0.0 mediafire1.com
# listed in the MWB - https://github.com/DandelionSprout/adfilt/issues/188
0.0.0.0 gogle.net
# listed in uBo badware
0.0.0.0 com.com
# imports from the MWB
0.0.0.0 googieapls.com
# https://www.reddit.com/r/mildlyinfuriating/comments/nc9zpe/got_a_paypal_or_should_i_say_paypl_phishing_email/
0.0.0.0 paypai.com
# https://github.com/durablenapkin/scamblocklist/issues/5
0.0.0.0 dizcord.gift
# typo someone made. Redirects to a rhymes website?
0.0.0.0 gitlabs.com
# https://forums.malwarebytes.com/topic/294989-making-sense-of-a-website-exclusion-issue/
# https://forums.malwarebytes.com/topic/294994-possible-false-positive/ (account required)
0.0.0.0 stopify.co
# https://github.com/iam-py-test/my_filters_001/issues/109
0.0.0.0 b-i-t-l-y.co
0.0.0.0 b-ly.link
0.0.0.0 b-y.by
0.0.0.0 bit-ly.is
0.0.0.0 bit-ly.mobi
0.0.0.0 bitly.best
0.0.0.0 bitly.email
0.0.0.0 bitly.gold
0.0.0.0 bitly.host
0.0.0.0 bitly.network
0.0.0.0 tiny-url.mobi
# https://github.com/AdguardTeam/AdguardFilters/issues/142492
0.0.0.0 apkmirror.net
0.0.0.0 github.me
0.0.0.0 yandec.ru
0.0.0.0 yandex.co
0.0.0.0 tgram.ru
0.0.0.0 telegramm.site
0.0.0.0 web-telegram.net
0.0.0.0 apkmirror.co
0.0.0.0 webogram.org
0.0.0.0 webogram.ru
# https://threatfox.abuse.ch/ioc/1081080/
0.0.0.0 micnosoftupdates.com
# https://en.wikipedia.org/wiki/Typosquatting
0.0.0.0 yuube.com
# https://github.com/DandelionSprout/adfilt/commit/32ea69e5a7c632bc2cd739fba4ee256e8a9e8abf (all credit to https://github.com/DandelionSprout)
0.0.0.0 hbo.cm
# an online source
0.0.0.0 wwwcitibank.com
0.0.0.0 onlineciti.com
0.0.0.0 coinbases.org
# listed in the MWB, seems to be owned by Meta now
0.0.0.0 instagramm.com
# https://github.com/mitchellkrogza/Badd-Boyz-Hosts/issues/83
0.0.0.0 nottepad-plus-plus.org
# https://dnstwist.it/ for wolframalpha
0.0.0.0 wolfamalpha.com
0.0.0.0 wolfremalpha.com
0.0.0.0 woldramalpha.com
0.0.0.0 woolframalpha.com
0.0.0.0 www.woolframalpha.com
# https://github.com/durablenapkin/scamblocklist/issues/31
0.0.0.0 balkeryswep.online
0.0.0.0 bakeryxswap.org
0.0.0.0 bakareiswap.xyz
# https://github.com/durablenapkin/scamblocklist/issues/29
0.0.0.0 youutube.com
0.0.0.0 youtubee.com
0.0.0.0 youtunbe.com
0.0.0.0 twiiiter.com
0.0.0.0 twitterr.com
0.0.0.0 goglle.com
0.0.0.0 toyrube.com
0.0.0.0 yahhhoo.com
# https://www.reddit.com/r/uBlockOrigin/comments/12pues7/fake_123movies_site_leading_to_redirect/
0.0.0.0 123moviesgo.ga
# https://github.com/durablenapkin/scamblocklist/issues/37
0.0.0.0 youtubebplan.com
# https://citizenlab.ca/2015/04/chinas-great-cannon/ (typo in https://github.com/greatfire)
0.0.0.0 gitub.com
0.0.0.0 ww7.gitub.com
# https://www.reddit.com/r/uBlockOrigin/comments/1392c8f/typosquatting_domains/
0.0.0.0 girhub.com
0.0.0.0 linkefdin.com
# youtube typosquatt I found
0.0.0.0 you8tube.com
# https://forum.adguard.com/index.php?threads/dischrdapp-com-newyears.46467/
0.0.0.0 dischrdapp.com
# .zip domains which might also be common filenames (remove if they ever become legit websites)
0.0.0.0 familyphotos.zip
0.0.0.0 archive.zip
0.0.0.0 photos.zip
0.0.0.0 42.zip
0.0.0.0 microsoft-office.zip
0.0.0.0 document.zip
0.0.0.0 download.zip
0.0.0.0 a.zip
0.0.0.0 rar.zip
0.0.0.0 taxdocuments.zip
0.0.0.0 datasets.zip
0.0.0.0 setup.zip
0.0.0.0 java.util.zip
# .mov domains which also might be common filenames (remove if they ever become legit websites)
0.0.0.0 family.mov
0.0.0.0 familyvideo.mov
0.0.0.0 video.mov
0.0.0.0 movie.mov
0.0.0.0 funny.mov
# https://forums.malwarebytes.com/topic/298186-accidentally-visited-potential-maliciousmalware-website/
# (my analysis) https://tria.ge/230523-zqkhmahd85/behavioral2
0.0.0.0 doodrdash.com
# doubt this will do any harm, but adding anyway
0.0.0.0 locahost
# is autolinked, also is a common filename
0.0.0.0 readme.md
# https://old.reddit.com/r/uBlockOrigin/comments/13r51k1/goglelcom_typosquatting/
# https://github.com/uBlockOrigin/uAssets/issues/18332
0.0.0.0 goglel.com
# https://github.com/uBlockOrigin/uAssets/issues/18454
0.0.0.0 fllwers.com
# redirects to a malwarebytes affilate link
0.0.0.0 malwarebyttes.com
# https://dnstwist.it/ for slack.com
# https://app.any.run/tasks/14cafa37-652e-47dc-b08f-39843f7ef022
0.0.0.0 slackk.com
# https://github.com/fractureiser-investigation/fractureiser/pull/109
0.0.0.0 dev.craftbukkit.org
0.0.0.0 craftbukkit.org
# https://github.com/uBlockOrigin/uAssets/issues/18563
0.0.0.0 pronhubb.com
# https://github.com/uBlockOrigin/uAssets/issues/18564
0.0.0.0 yyooutube.com
# https://github.com/uBlockOrigin/uAssets/issues/19212
0.0.0.0 tikotk.com
# https://dnstwist.it/ for tiktok.com
0.0.0.0 tiktoks.com
0.0.0.0 tiktokc.com
0.0.0.0 tiktokl.com
0.0.0.0 tiktokw.com
0.0.0.0 tiktoke.com
# https://dnsrf.org/blog/the--zip-tld---ripe-for-abuse--but-so-far-so-good-/index.html
0.0.0.0 business-appeal.zip
0.0.0.0 newdocument.zip
0.0.0.0 google-drive.zip
0.0.0.0 dhl-invoice.zip
0.0.0.0 zoominstaller.zip
0.0.0.0 pdfword.zip
0.0.0.0 freecrack.zip
0.0.0.0 computer.zip
0.0.0.0 cringe.zip
# https://web.archive.org/web/20230813181452/https://www.bleepingcomputer.com/news/security/uk-gov-keeps-repeating-its-voter-registration-website-is-not-a-scam/
0.0.0.0 householdresponses.com
# https://threatfox.abuse.ch/ioc/1151472/
0.0.0.0 yahootk.tk
# https://virustotal.com/gui/url/45a03d912eaf1ec11a69a69129b393e3b84a3f48812264c5c9f95854e4bc6a36?nocache=1
# https://www.bleepingcomputer.com/news/security/evil-telegram-android-apps-on-google-play-infected-60k-with-spyware/
0.0.0.0 telegrnm.org
# https://virustotal.com/gui/url/51a5c613fa07f8301aa68fa16e7307dbf3bf0b0dcfa015632895d7ebf7ca36d3/community
# https://www.bleepingcomputer.com/news/security/fake-bitwarden-sites-push-new-zenrat-password-stealing-malware/
0.0.0.0 bitwariden.com
0.0.0.0 crazygameis.com
# https://virustotal.com/gui/domain/login-office365.info/community
0.0.0.0 login-office365.info
# used to be a filesharing website - the owners gave up and the domain may be for sale
0.0.0.0 anonfiles.com
# dead but may return: https://virustotal.com/gui/url/518a4fb06ce6184f62910e42eb4081998cb3c5675c977fccb7db998881f86cdc
0.0.0.0 steamcomunity.ru
# https://github.com/libre-tube/LibreTube/issues/4409
# rules based on phishing urls listed in openphish
# hxxp[://]www.coinbase-walletpro[.]com/
# hxxp[://]steamc0ommunity[.]bos[.]ru/
# hxxp[://]facebooksecuritys[.]blogspot[.]tw/
# hxxp[://]feceboolk[.]blogspot[.]sk/
# hxxp[://]whatsapp-com-videoooo-viral[.]paneldeni[.]com/
0.0.0.0 /^https?:\/\/whatsapp-com-video/
# hxxp[://]www[.]barclaysnet-support[.]com/
# hxxp[://]instragramsecurity[.]com/
# hxxpx[://]fb-account-restricted-8d535[.]web[.]app/
# hxxpx[://]fb-reserve-noreply-ea078[.]web[.]app/
# hxxpx://meta-account-review-af2d[.]firebaseapp[.]com/
# hxxpx[://]metabusiness-support-6092[.]firebaseapp[.]com/
# hxxpx://resolve-user-violation-c6961[.]web[.]app/
# hxxp://metamask[.]matamaskloen[.]com/
# hxxpx[://]attcom-102582.weeblysite[.]com/
# hxxpx://ccoinbaselogin[.]blogspot[.]com/
# hxxpx[://]web-metamaskwallet[.]ddnss[.]eu/Q5My1hNGEyLTARgAAA3RMwAi0wMAoA/2Fn8g8ZIoTRjEMi7D3wABuGi3HAAAAA/cd4ac
# hxxp[://]sign-in-att-106455[.]weeblysite[.]com/
# hxxp[://]account-restriction-1000967754[.]firebaseapp[.]com/
# hxxp[://]metazmskloign[.]github[.]io/
# hxxp[://]xn--mtamask-98a[.]io/
# hxxp[://]apple[.]appleidto[.]top/
# hxxp[://]usps[.]com-ca[.]xyz/
# hxxp[://]linkedindocumentinquiry[.]ap-south-1.linodeobjects[.]com/linkedinindex.html
0.0.0.0 /^http:\/\/linkedindocumentinquiry\..*\/linkedinindex\.html
# hxxpx[://]metamchromextensoin[.]gitbook[.]io/us/
# hxxpx[://]www[.]lnstagram-tropicaibaiitouts[.]com/mobile.html
# hxxpx[://]subscription-netflix-support[.]codeanyapp[.]com/monika/jonika/account/
# hxxpx://promote-warning-meta[.]help/3b070e09e0b9ac588d6b873cb246b2ae.html
# hxxpx[://]mailoutlook365login[.]us-lax-1.linodeobjects.com/link.html
# hxxp[://]office356domainlistmaintainnance231clouding1[.]brizy[.]site/
# hxxp[://]me-metamasklogin[.]mystrikingly[.]com/
# hxxp[://]matamask-logi[.]mystrikingly[.]com/
# hxxp[://]optusnet-com[.]blogspot[.]md/
# hxxp[://]met0amaskl0gin1[.]github[.]io/
# typo I made
0.0.0.0 downlod.com
# https://forums.malwarebytes.com/topic/303708-worried-about-drive-by-download-from-typoed-address/ (parked)
0.0.0.0 oldreddit.com
# https://github.com/hagezi/dns-blocklists/issues/1744
# https://github.com/uBlockOrigin/uAssets/pull/20247
0.0.0.0 magiskzip.net
0.0.0.0 magiskmanagerroot.com
# https://github.com/topjohnwu/Magisk/issues/3435
0.0.0.0 magisk.download
0.0.0.0 magiskmanager.com
# something I found
0.0.0.0 magisk.info
# https://github.com/paulgb/BarbBlock/issues/41
0.0.0.0 bblck.me
# another day another typo
0.0.0.0 adblockplu.org
# https://virustotal.com/gui/url/6afece7c72420223ae6f1700d02c8bee4806a335d23ab120522accba5e45250d
# my analysis: https://tria.ge/231102-nctnlach68/behavioral1
# https://www.bleepingcomputer.com/news/security/bloomberg-crypto-x-account-snafu-leads-to-discord-phishing-attack/
0.0.0.0 altdentifiers.com
# https://virustotal.com/gui/domain/miccrossoffit.online/community
0.0.0.0 miccrossoffit.online
# drive-google-com[.]tk
# https://github.com/DandelionSprout/adfilt/discussions/932#discussioncomment-7694946
# https://virustotal.com/gui/url/69a1570512a5694049a9444ab6c0dd73432f3685894eb3d4d1e7dba7ce99766d/community
0.0.0.0 ne-correos.top
# account required: https://forums.malwarebytes.com/topic/305116-fake-software-homepage/
0.0.0.0 unikey.vn
# https://threatfox.abuse.ch/browse.php?search=ioc%3Adiscord-gg.duckdns.org
# https://virustotal.com/gui/domain/base-usps.top/community
0.0.0.0 base-usps.top
# https://github.com/RPiList/specials/issues/1404
0.0.0.0 bonprix-sale.shop
# https://threatfox.abuse.ch/ioc/1226308/
# yes, another typo by me
0.0.0.0 deepl.cm
# https://infosec.exchange/@iampytest1/111669799133185795
0.0.0.0 gimail.su
# https://github.com/Dogino/Discord-Phishing-URLs/pull/25
0.0.0.0 steamcommuaity.com
# https://virustotal.com/gui/domain/booking.com-panel.com
0.0.0.0 com-panel.com
0.0.0.0 booking.com-panel.com
0.0.0.0 mail.com-panel.com
# https://virustotal.com/gui/url/3828695bc16bb9d0bfab17eb5c15e5fe9e8b30bb6cb948655a6a55466b9dc187/community
0.0.0.0 telegcrmz.fit
# https://virustotal.com/gui/url/53efa35943a9b0bbcc4f966791e992052ac647a883c81a43bb86dd94bbbbd48d/community
0.0.0.0 telegcrmz.work
# https://virustotal.com/gui/url/cf88de3dc23272e078a7412c64b12e038cd8b9dc1beb07be6ac3f017919aa09b/community
0.0.0.0 telejracm.fit
# https://virustotal.com/gui/ip-address/103.119.3.17/relations
0.0.0.0 www.telegreem.club
0.0.0.0 telejracm.work
0.0.0.0 telejracm.club
0.0.0.0 telejrzmn.cc
0.0.0.0 teleptrm.fit
0.0.0.0 teleptrm.work
0.0.0.0 telegzzem.club
0.0.0.0 telegzzem.fit
0.0.0.0 telegzzem.work
0.0.0.0 telegrnne.work
0.0.0.0 telegrnne.fit
0.0.0.0 telegrnne.club
0.0.0.0 telegcrmz.club
0.0.0.0 telegreem.club
0.0.0.0 telegreem.work
0.0.0.0 telegreem.vip
0.0.0.0 telejrzmn.work
0.0.0.0 telejrzmn.club
0.0.0.0 telegcrenn.fit
0.0.0.0 telegcrenn.club
0.0.0.0 telegrczm.work
0.0.0.0 telegrczm.fit
0.0.0.0 teleggcam.club
0.0.0.0 teleggcam.fit
0.0.0.0 teleggcam.work
0.0.0.0 www.telegceam.club
0.0.0.0 www.teleqpcam.club
0.0.0.0 teleqrinm.cn
0.0.0.0 teleqrinm.com.cn
0.0.0.0 www.teleqpamn.work
0.0.0.0 www.teleqrinm.club
0.0.0.0 www.teleqpcam.work
0.0.0.0 teleqpcam.work
0.0.0.0 teleqpcam.club
0.0.0.0 teleqpcam.fit
0.0.0.0 teleprannn.cc
0.0.0.0 telegbrm.work
0.0.0.0 telegbrm.club
0.0.0.0 telebriun.work
0.0.0.0 teleqpcn.fit
0.0.0.0 teleqpcn.club
0.0.0.0 teleqpcn.work
0.0.0.0 teleqrenm.cc
0.0.0.0 teleqpamn.fit
0.0.0.0 teleqpamn.club
0.0.0.0 teleqpamn.work
0.0.0.0 teleqrinm.club
0.0.0.0 teleqernm.cc
0.0.0.0 www.teleprium.fit
0.0.0.0 teleprannn.vip
0.0.0.0 teleprannn.club
0.0.0.0 www.teleqernm.fit
0.0.0.0 telegceam.club
0.0.0.0 telegceam.work
0.0.0.0 teleppram.club
0.0.0.0 teleqrenm.work
0.0.0.0 teleqrenm.club
0.0.0.0 www.telegczim.work
0.0.0.0 www.telegczim.vip
0.0.0.0 telegrcmn.cc
0.0.0.0 teletrean.cc
0.0.0.0 telegruim.top
0.0.0.0 telegczim.work
0.0.0.0 telegczim.club
0.0.0.0 telegczim.vip
0.0.0.0 www.telegczm.vip
0.0.0.0 teleprium.fit
0.0.0.0 teleprium.work
0.0.0.0 teleprium.club
0.0.0.0 www.telegczm.fit
0.0.0.0 telepamn.cc
0.0.0.0 telegczm.vip
0.0.0.0 telegczm.club
0.0.0.0 telegczm.fit
0.0.0.0 tgelegrean.cc
0.0.0.0 teleqriem.vip
0.0.0.0 telegpem.club
0.0.0.0 telegirmn.vip
0.0.0.0 telebrzm.vip
0.0.0.0 teleqcmn.work
0.0.0.0 teleqcmn.fit
0.0.0.0 teleqcmn.club
0.0.0.0 teleqernm.fit
0.0.0.0 teleqernm.club
0.0.0.0 telegirmn.cn
0.0.0.0 www.telegirmn.cn
0.0.0.0 telegwam.work
0.0.0.0 www.telegwam.work
0.0.0.0 telegcmn.cc
0.0.0.0 teletrpm.club
0.0.0.0 teleprazm.club
0.0.0.0 telegirm.cc
0.0.0.0 www.telebriun.work
0.0.0.0 tglegmn.work
0.0.0.0 telegpem.fit
0.0.0.0 telegpem.work
0.0.0.0 tgelegrean.work
0.0.0.0 teletrpm.fit
# https://github.com/Dogino/Discord-Phishing-URLs/pull/26
0.0.0.0 steamcommuniitny.club
# https://www.virustotal.com/gui/domain/business-manage-facebook.com
0.0.0.0 business-manage-facebook.com
# https://github.com/durablenapkin/scamblocklist/issues/74
0.0.0.0 link-etsy.com
0.0.0.0 etsy-verifed-shop.com
# https://github.com/hagezi/dns-blocklists/issues/2081
0.0.0.0 do0cd.com
0.0.0.0 doosd.pro
0.0.0.0 d0ood.com
0.0.0.0 dooodg.pro
0.0.0.0 doode.pro
# https://github.com/uBlockOrigin/uAssets/issues/22200
0.0.0.0 privacyguides.io
# https://forums.malwarebytes.com/topic/308126-writerswhoreadcom-fp/ -> https://www.virustotal.com/gui/ip-address/162.244.93.4/relations
0.0.0.0 chasecreditloan.com
# https://github.com/DandelionSprout/adfilt/commit/2b0705861bde02511e1fdd72edf470b2811ecb8c#r138964973
0.0.0.0 githubtalentcommunity.online
0.0.0.0 jobs.githubtalentcommunity.online
# typo I almost made.
0.0.0.0 virustotaal.com
# https://github.com/blocklistproject/Lists/issues/1199
0.0.0.0 steamcommumtiy.com
# https://github.com/hagezi/dns-blocklists/issues/2397
# my analysis: https://tria.ge/240325-przzlaae9x/behavioral1
0.0.0.0 ggogle.de
# https://github.com/hagezi/dns-blocklists/issues/2405
0.0.0.0 usps-delivery-a.com
# https://github.com/uBlockOrigin/uAssets/issues/22765
# https://github.com/uBlockOrigin/uAssets/issues/23084
0.0.0.0 fitgirltorrent.com
# https://github.com/hagezi/dns-blocklists/issues/2425
0.0.0.0 fling-trainer.com
# https://infosec.exchange/@iampytest1/112203822803380750
0.0.0.0 toughknifes.com
0.0.0.0 darntoughfactory.shop
0.0.0.0 darnroughonline.top
0.0.0.0 darntoughonline.shop
0.0.0.0 darntoughonline-us.top
0.0.0.0 darntoughsales.shop
0.0.0.0 us-darntoughonline.top
0.0.0.0 vipbargainhub.com
0.0.0.0 vpdamai.com
# https://github.com/jarelllama/Scam-Blocklist/issues/277
# https://dfpi.ca.gov/2024/03/25/fraudulent-bank-website-scam/
0.0.0.0 beachcitiescommercialbank.com
# my analysis: https://tria.ge/240404-xlg6laga74/behavioral1
# https://infosec.exchange/@iampytest1/112214528899229692
0.0.0.0 americasfirstnationalbank.com
# https://github.com/durablenapkin/scamblocklist/issues/82
0.0.0.0 account-cfe.mx
# https://vid.puffyan.us/watch?v=h0_L4BApOdA
# my analysis: https://tria.ge/240409-2aenjsee49/behavioral1
# my analysis: https://tria.ge/240409-2bwnfsaa5z/behavioral1
0.0.0.0 gooq1e.com
# https://github.com/hagezi/dns-blocklists/issues/2506
0.0.0.0 grapheneos.fr
# https://github.com/hagezi/dns-blocklists/issues/2549
# https://github.com/StevenBlack/hosts/pull/2637
0.0.0.0 sadostic.pl
# https://github.com/RPiList/specials/issues/1554
0.0.0.0 myhermes-sendungs.com
# https://www.bleepingcomputer.com/news/security/iranian-hackers-pose-as-journalists-to-push-backdoor-malware/
# https://cloud.google.com/blog/topics/threat-intelligence/untangling-iran-apt42-operations
0.0.0.0 washinqtonpost.press
0.0.0.0 bitly.org.il
0.0.0.0 aspenlnstitute.org
# https://forums.malwarebytes.com/topic/311757-opening-etsycom-gets-blocked-by-mb-browser-plugic-for-redirect-to/
0.0.0.0 esty.com
# https://github.com/hagezi/dns-blocklists/issues/2652
# https://github.com/AmnestyTech/investigations/blob/master/2024-05-02_wintego_helios/domains.txt
0.0.0.0 africatech.eu
0.0.0.0 afrinews.eu
0.0.0.0 alertanalysis.org
0.0.0.0 all-life-fitness.org
0.0.0.0 androidcheckupdate.com
0.0.0.0 androidsensorfirmware.net
0.0.0.0 applibraryupdate.network
0.0.0.0 arninja.eu
0.0.0.0 astroplanet.org
0.0.0.0 ateliernow.org
0.0.0.0 autotechhelp.net
0.0.0.0 backpackerreviews.org
0.0.0.0 basketballreviews.org
0.0.0.0 bbc.bio
0.0.0.0 bbc.tf
0.0.0.0 beaconzero.net
0.0.0.0 bestgeometry.org
0.0.0.0 bestgreenblog.org
0.0.0.0 bestsflix.net
0.0.0.0 biceptech.org
0.0.0.0 bincoupon.com
0.0.0.0 bitsinflow.net
0.0.0.0 biznetforum.eu
0.0.0.0 blastermaster.eu
0.0.0.0 boxmaster.org
0.0.0.0 boxpearl.eu
0.0.0.0 businesspractice.org
0.0.0.0 cafelatenow.com
0.0.0.0 carepile.net
0.0.0.0 caretechno.net
0.0.0.0 caronspot.co
0.0.0.0 cartechnews.net
0.0.0.0 celltechnollogy.com
0.0.0.0 cloudysystems.org
0.0.0.0 cnn.gallery
0.0.0.0 coffeedirectory.org
0.0.0.0 computer-repair.org
0.0.0.0 coolbrandlabs.com
0.0.0.0 coralspire.net
0.0.0.0 craftsplex.net
0.0.0.0 daily-tech.eu
0.0.0.0 dakaractu.news
0.0.0.0 daysomega.com
0.0.0.0 dealsenterprise.com
0.0.0.0 decofusion.eu
0.0.0.0 deepearnings.net
0.0.0.0 designercellular.com
0.0.0.0 dialrooms.eu
0.0.0.0 dinnerfit.org
0.0.0.0 doctorstar.org
0.0.0.0 draftshape.net
0.0.0.0 drinksnow.org
0.0.0.0 driverhacks.net
0.0.0.0 echoswift.net
0.0.0.0 ericshop.org
0.0.0.0 expandingtech.net
0.0.0.0 expressotelecom.eu
0.0.0.0 falconstudio.eu
0.0.0.0 fansclear.net
0.0.0.0 financeanalyzer.net
0.0.0.0 fitnessstar.org
0.0.0.0 flexibilycompany.org
0.0.0.0 flipcollective.eu
0.0.0.0 flyrick.net
0.0.0.0 foodystudio.org
0.0.0.0 gaincharts.net
0.0.0.0 gainthepain.com
0.0.0.0 galaxy-toolkit.net
0.0.0.0 galaxy-update-check.com
0.0.0.0 galaxyupdate.network
0.0.0.0 galaxyupdatecheck.com
0.0.0.0 gamingtoday.org
0.0.0.0 getappnion.org
0.0.0.0 getinstitution.org
0.0.0.0 gettechnology.org
0.0.0.0 globalbikeshop.org
0.0.0.0 gotechtube.com
0.0.0.0 hikewithmike.eu
0.0.0.0 hiphopreviews.org
0.0.0.0 hirecheapcar.com
0.0.0.0 history-guidance.net
0.0.0.0 hugetech.org
0.0.0.0 intech.so
0.0.0.0 internationalre.org
0.0.0.0 jeuneafrique.eu
0.0.0.0 jeuneafrique.news
0.0.0.0 jotnanews.co
0.0.0.0 jotnanews.fr
0.0.0.0 jotnanews.live
0.0.0.0 laneandco.org
0.0.0.0 laptoptech.org
0.0.0.0 lidarfirmwareupdate.network
0.0.0.0 localsystems.org
0.0.0.0 lovekitchen.org
0.0.0.0 loyalpro.org
0.0.0.0 loyarbox.org
0.0.0.0 mambaweb.org
0.0.0.0 maplebook.org
0.0.0.0 medatcost.co
0.0.0.0 michealblog.org
0.0.0.0 misoshiru.eu
0.0.0.0 mylaylastore.org
0.0.0.0 netprotector.org
0.0.0.0 nicetreasures.com
0.0.0.0 numbersnews.org
0.0.0.0 oneinfluence.org
0.0.0.0 onlineshoppingnetwork.org
0.0.0.0 paperscissors.net
0.0.0.0 penlife.org
0.0.0.0 piratetv.org
0.0.0.0 playerselection.eu
0.0.0.0 powerway.org
0.0.0.0 proteinreviews.org
0.0.0.0 pythonsystems.org
0.0.0.0 quickfindnow.net
0.0.0.0 realmac.org
0.0.0.0 recipeadvice.eu
0.0.0.0 reordertree.net
0.0.0.0 restroad.eu
0.0.0.0 restroad.net
0.0.0.0 risetech.one
0.0.0.0 riskdrive.eu
0.0.0.0 runningmart.org
0.0.0.0 securefilter.net
0.0.0.0 selfblank.net
0.0.0.0 selfhelptech.org
0.0.0.0 senedroid.net
0.0.0.0 senego.fr
0.0.0.0 senego.info
0.0.0.0 seneweb.eu
0.0.0.0 seneweb.news
0.0.0.0 sensomatics.net
0.0.0.0 serverdetails.click
0.0.0.0 setupvalue.net
0.0.0.0 singoffice.net
0.0.0.0 sodahub.org
0.0.0.0 solararcade.eu
0.0.0.0 solargeotech.net
0.0.0.0 spacevocal.net
0.0.0.0 sporthome.org
0.0.0.0 startupfit.org
0.0.0.0 storm-tech.org
0.0.0.0 swiftecho.eu
0.0.0.0 swimaster.org
0.0.0.0 swimmingcompany.org
0.0.0.0 syndicationcdn.com
0.0.0.0 taminessentials.net
0.0.0.0 techarmys.com
0.0.0.0 techarmys.net
0.0.0.0 techdeliver.cc
0.0.0.0 technarrow.net
0.0.0.0 ten-group.eu
0.0.0.0 theholder.org
0.0.0.0 thesoundyou.org
0.0.0.0 tiktok.do
0.0.0.0 tilesget.net
0.0.0.0 tipvortex.net
0.0.0.0 topmark24.org
0.0.0.0 travelow.org
0.0.0.0 tribunnews.org
0.0.0.0 triptrick.net
0.0.0.0 trvelingguide.org
0.0.0.0 ultrajewelery.net
0.0.0.0 unlockcredit.net
0.0.0.0 ups.so
0.0.0.0 urbanthree.eu
0.0.0.0 vision-tech.org
0.0.0.0 waterfit.org
0.0.0.0 wateringreviews.org
0.0.0.0 webjars.net
0.0.0.0 webtechuse.net
0.0.0.0 whiskytango.net
0.0.0.0 witquote.com
0.0.0.0 yachtatdock.com
0.0.0.0 yogurthome.org
# https://infosec.exchange/@jeromesegura/112577106338279545 (all credit to Jérôme Segura)
# ads created by "Richard L Riddle Jr", "Brian Hammes", and "Alexander Gubbens" respectively (all fake names)
0.0.0.0 angryip.paulistasolar.com.br
0.0.0.0 angryipsca.com
0.0.0.0 odvanced-ip-scanner.com
# anonymous submission
0.0.0.0 preggophila.com
# https://github.com/yokoffing/filterlists/issues/147
0.0.0.0 service-rundfunkbeitrag.de
# https://github.com/hagezi/dns-blocklists/issues/2936
0.0.0.0 midjourney.co