[Adblock Plus 2.0] ! Title: The malicious website blocklist ! Homepage: https://github.com/iam-py-test/my_filters_001 ! Expires: 1 day ! Last updated: 2026-2-21 ! Version: 2026221.3 ! Description: This list aims to protect against scams, phishing, malware, some stalkerware, and potentially unwanted programs (PUPs). It includes a version of vxvault.net's list, modified by me to work in adblockers. ! Issues url: https://github.com/iam-py-test/my_filters_001/issues ! GitLab issues url (not checked as often): https://gitlab.com/iam-py-test/my_filters_001/-/issues ! Special thanks to all of the people who have helped me maintain this list! Check out https://github.com/iam-py-test/my_filters_001/blob/main/CONTRIBUTORS.md ! Note: This list includes a version of VXVault.net's malware distribution url list, formatted for adblockers, which is at https://github.com/iam-py-test/vxvault_filter ! Note: This list includes a version of ThioJoe's YouTube spam blocklist, formatted for adblockers, which is at https://github.com/iam-py-test/thiojoe_yt_lists and was originally licensed under MIT ! ---- Malware and Phishing ---- ! A Facebook phishing website ! https://www.siteadvisor.com/sitereport.html?url=xn--faebook-64a.com ! https://www.fortiguard.com/webfilter?q=xn--faebook-64a.com ! https://virustotal.com/gui/domain/xn--faebook-64a.com/detection ! https://safeweb.norton.com/report/show?url=xn--faebook-64a.com ||xn--faebook-64a.com^$document ! https://www.reddit.com/r/mildlyinfuriating/comments/nc9zpe/got_a_paypal_or_should_i_say_paypl_phishing_email/ ! https://virustotal.com/gui/url/c0e5466cd2843f75d522093d93cf949259ca618ca2f00aa4952e7700cbf59384/detection ||paypl.com^$all ! https://virustotal.com/gui/url/4531df5b01e2c58f9307fabecc9a17b03c6157bafc8e9af736b278e95c182dc5/community ||payapl.com^$all ! https://virustotal.com/gui/url/91aecb78868044183cbe47614fb43a7e5aecd4b4ae89294a215354bdda2c3602/detection ! https://www.fortiguard.com/webfilter?q=paypaI.com ! https://www.mywot.com/en/scorecard/paypaI.com ! https://safeweb.norton.com/report/show?url=paypaI.com ||paypaI.com^$all ! https://forum.mywot.com/reputation-discussions-f5/ridiculous-eth-bitcoin-giveaways-or-instant-invest-t86210.html ||btc-promo.czweb.org^$all ||giveaway-eth-btc.webz.cz^$all ! https://virustotal.com/gui/ip-address/104.236.14.145/relations ! https://www.mywot.com/en/scorecard/blogsopt.com ! https://virustotal.com/gui/url/6d9e9d347f3578fe8fea973820a40a0ab760165e613af323b4a025dee339c73e/detection ||blogsopt.com^$document ! https://virustotal.com/gui/url/f645599a31b833dcebbfec890361e28a5fb14ba86e6f730d74688d11cfe7f52f/details ! https://www.joesandbox.com/analysis/436433/0/html#deviceScreen ! https://www.mywot.com/scorecard/googe.com ! https://safeweb.norton.com/reviews?url=googe.com ||googe.com^$all ! https://forum.mywot.com/24626-whatsmyipaddress-com ! https://virustotal.com/gui/url/c8bc45a00aeb7be3ccc68a0cf17e4a6175db761393dee57de32a49338b77ca45/detection ! https://www.fortiguard.com/webfilter?q=appple.com&version=8 ||appple.com^$all ||ww1.appple.com^$all ! https://twitter.com/gorhill/status/1293239879887970305 ! - via https://github.com/NanoAdblocker/NanoCore/issues/362#issuecomment-704235803 ! https://virustotal.com/gui/url/085d0bd9451920bd97eb099fb14e42b8ceccadf79cdf70da0d29e31900262ce1/detection ! https://www.siteadvisor.com/sitereport.html?url=fly-analytics.com ! https://www.fortiguard.com/webfilter?q=fly-analytics.com ! https://safeweb.norton.com/report/show?url=fly-analytics.com ! https://sitecheck.sucuri.net/results/fly-analytics.com ||fly-analytics.com^$all ! https://www.bleepingcomputer.com/virus-removal/remove-toksearches.xyz-search-redirect ! https://virustotal.com/gui/url/f6e174e4f27f27f27b5f8c3516fcdbea555d9128d50d6e20f6ca2ca8fbf0d37f/detection ! https://www.fortiguard.com/webfilter?q=toksearches.xyz ||toksearches.xyz^$all ! https://www.bleepingcomputer.com/virus-removal/remove-smashappsearch.com-search-redirect ! https://www.bleepingcomputer.com/virus-removal/remove-smashapps.net-search-redirect ! https://www.bleepingcomputer.com/virus-removal/remove-bipapp-chrome-extension ||smashapps.net^$document ! https://www.bleepingcomputer.com/virus-removal/remove-please-allow-to-watch-the-video ! https://virustotal.com/gui/url/ef88006f1f5beab8ded6b8786870209c1651db831c19e4f49e5ef829c267cac1/detection ! https://www.siteadvisor.com/sitereport.html?url=new-message.live ! https://www.fortiguard.com/webfilter?q=new-message.live ! https://safeweb.norton.com/report/show?url=new-message.live ! https://sitecheck.sucuri.net/results/new-message.live ||new-message.live^$all ! https://virustotal.com/gui/url/098cc8fed90c43af3a4afb4df0d7da9c68b1b2c8a3c73fb9d4506c7f062547f1/detection ! https://virustotal.com/gui/ip-address/95.168.170.165/relations ! https://virustotal.com/gui/url/6a23b2b07941322f9ad5555d97bfd020c2681264d71b5ed6c621f0a6cad6277c/detection ! https://www.fortiguard.com/webfilter?q=private-message.live ! https://safeweb.norton.com/report/show?url=private-message.live ! https://www.mywot.com/scorecard/private-message.live ||private-message.live^$document ! https://virustotal.com/gui/user/Site.safetychecker ! https://virustotal.com/gui/url/7108cfe6953cab08696ae1f9ab2c777b749fb53e7beb5c003756ea522c880f17/detection ||yotube.com^$all ! https://forums.malwarebytes.com/topic/278209-removal-instructions-for-socialsearchconverter/ ||socialsearchconverter.com^$all ||install.socialsearchconverter.com^$all ||feed.socialsearchconverter.com^$all ||api.socialsearchconverter.com^$all ||notify-service.com^$all ||install.stream-all.com^$all ||stream-all.com^$all ! https://blog.malwarebytes.com/threat-intelligence/2021/09/the-many-tentacles-of-magecart-group-8/ ||adaptivestyles.com^$all ||anduansury.com^$all ||bootstrapmag.com^$all ||foodandcot.com^$all ||freshdepor.com^$all ||hottrackcdn.com^$all ||mechat.info^$all ||paypaypay.org^$all ||googletagmanages.com^$all ||gstaticx.com^$all ||googletagmaneger.com^$document ! https://github.com/AdguardTeam/AdguardFilters/issues/95582 ! https://virustotal.com/gui/url/3323920fe31aaa6724441edc7bd395232194c52967480a95039fb35bcb3d7ac2 ! https://virustotal.com/gui/url/93011523cfdd4defbccbe5fff351acac2bb6fdddba6420cc69d81cc9f9dd7f61 ! https://virustotal.com/gui/url/145c4bdadca86dfb9560668f2cec835f75c248af41b8842687ad89dce8d2aed0 ! https://www.siteadvisor.com/sitereport.html?url=dlscord-app.info ||dlscord-app.info^$all ! https://github.com/DandelionSprout/adfilt/issues/287#issue-1013759704 ||youtuba.com^$all ||avprotectionoverview.com^$document ! https://virustotal.com/gui/file/294b8db1f2702b60fb2e42fdc50c2cee6a5046112da9a5703a548a4fa50477bc/relations ! https://virustotal.com/gui/ip-address/160.202.163.100/relations ! https://virustotal.com/gui/url/3818bac5233b17d11c0744005712a5761596f33ac54c23565eb08b5496323d48 ||microsoftkernel.com^$all ||update.microsoftkernel.com^$all ! https://virustotal.com/gui/url/7709e9dff92c359c920e31866268a04489a67fc2e415bbc8c20cea8604387121 ! https://virustotal.com/gui/url/c8da0d48ea7be9444411840955f2a658c3f6fbfd3dcc87df29fe0c13a6b9b604 ||microsofthk.com^$all ||update.microsofthk.com^$all ! https://github.com/DandelionSprout/adfilt/issues/63#issuecomment-944642656 ||allblock.net^$all ! https://blog.malwarebytes.com/threat-intelligence/2021/10/q-logger-skimmer-keeps-magecart-attacks-going/ ||pinokio.online^$all ||sitetraffic.site^$all ||spacecom.site^$all ! found when searching for "iam-py-test" on Google - starts at hxxpx[:]//google-yandex[.]info[/]iam-py-test ! https://github.com/iam-py-test/investigations/blob/main/2021/10/24/1.md ! https://github.com/DandelionSprout/adfilt/issues/63#issuecomment-950351144 ||google-yandex.info^$all ! https://virustotal.com/gui/url/2e874f308e1202ce4deb4068d029675c8487bed465f3bd34aeefb4a84c6b767f ! https://virustotal.com/gui/url/859be64d71834dba1693b079ec85f77edcd06124031c65178838555fea31efd7 ||dliscord.com^$all ! https://forums.malwarebytes.com/topic/280266-removal-instructions-for-search-streamly/ ||search-streamly.com^$document ||feed.search-streamly.com^$all ||api.search-streamly.com^$all ! https://github.com/iam-py-test/investigations/blob/main/2021/11/3/1.md#domains ||youutube.com^$all ||youvetube.com^$document ||www.youvetube.com^$all ||mediadlvr.com^$document ||safejokesearch.com^$all ||www.safejokesearch.com^$all ! https://blog.malwarebytes.com/threat-intelligence/2021/11/credit-card-skimmer-evades-virtual-machines/ ! https://virustotal.com/gui/url/229181849ae5d036ff997645e9cf708d4fe96337d6e68e780777aee382fdccf1 ||webflows.net^$all ||web.webflows.net^$all ||js.rawgit.net^$all ||rawgit.net^$all ! https://github.com/iam-py-test/investigations/blob/main/2021/11/24/1.md ||macsoftwarez.com^$all ! https://scammer.info/t/quantum-ad-blocker-trojan/84204 ||quantumadblocker.com^$document ! https://virustotal.com/gui/url/269d374b629d7896da1f9e7449bd5afecf6284a9a564244f96a71e5192363635 ||lowseelan.com^$all ! https://forums.malwarebytes.com/topic/281264-malware-bytes-scam-number-1-315-996-0560/ ||tradeford.com/us853558/malwarebytes-customer-service-1-315-996-o56o_p1049357.html^$all ! https://github.com/uBlockOrigin/uAssets/issues/11157 ||sideload.net^$all ||stcverify.com^$all ||verify.stc.tools^$all ||1980s.click^$all ||0x41414141.net^$all ||yatsura.0x41414141.net^$all ||ultimate-eraser.com^$document ! VirusTotal typosquatt ||virusttotal.com^$document ! https://github.com/uBlockOrigin/uAssets/pull/11744 ||greencracks.com^$all ||procrackerz.com^$all ||crackfix.net^$all ||zcracked.com^$all ||cracksoftware.org^$all ||downloadpc.net^$all ||pcfullcrack.org^$all ||up4pc.com^$all ||cracktube.net^$all ||iplogger.org/2Acru6^$all ||yourpcnotification.com^$all ! https://github.com/uBlockOrigin/uAssets/issues/12194 ||fulptube.org^$all ! https://bazaar.abuse.ch/sample/d7308dab0110ae3bc79fd15024f5ccfcbd6e676b7c42b27a0112506e8357a6dc/ --> https://app.any.run/tasks/bc53e7a9-5fd7-4682-894d-11e48e9ea89a# ||pccrackworld.com^$all ||www.pccrackworld.com^$all ! https://bazaar.abuse.ch/sample/7a1ac49143e4dc8d3e7f3d033b1b382b3120bfdebfbaf3a304ab2f086456a896/ ||telegra.ph/Install-3-06-11^$all ||mediafire.com/file/eeqo14m9t7mqvdr/Install.rar/file^$all ! https://bazaar.abuse.ch/sample/fc03d6fa6787c0e6fee51af9c567bc1febf642bdfd6fd91ee99348b0a2cdf947/ ||goo-gl.me/C_Cleaner^$all ! https://scammer.info/t/phishing-my-account-will-be-blocked/100783 ||bit.do/terewebmqil^$document ! https://scammer.info/t/fake-discord-nitro-generator/99942 ! https://bazaar.abuse.ch/sample/afc4c49625b8c888e7e4958ec95cf0a79baf48736d71b0cac2bb2fc5f1c99279/ ||importadoracandy.com^$all ! YouTube video on a probably hacked channel --> https://bazaar.abuse.ch/sample/786947bd41f7be120bc82fd563b5658ff319bcb45f8e3a35e9e4c62a03ef103e/ ||telegra.ph/Sony-Vegas-Pro-19-Crack-06-28-3^$all ||mega.nz/file/nWhSiBRQ#DfJfKPJFf6EiWI3vrVp2IvbBgbsmAqIid9l0H_e3ngE^$all ! https://virustotal.com/gui/file/8014510ba4ca11285598396ec7f36058ce42b2fdd4fd80004c1f1c84933126f1/detection ||byltly.com/24hrsg^$all ! https://forums.malwarebytes.com/topic/287876-im-posting-a-malware-to-ask-if-anyone-know-the-type-of-this-malware/ ||cdn.adx1.com/df60634899739d9c8ce9ae33940358dd.jpeg^$all ||cdn.adx1.com/8b678aab9185cb333cc7c1bf3442adcb.jpeg^$all ! https://app.any.run/tasks/85cfa904-06c4-4603-82ec-7a3db8db8df9 ||rewards-giant.uk^$all ||www.rewards-giant.uk^$all ! https://virustotal.com/gui/url/081c3fe5d843567d0b5a1f7b2efd6592eded82d8a6b0a4283760c53b06b9d009/community ||coinbase-buysell-cryptocurrency.yolasite.com^$all ! https://virustotal.com/gui/url/88c6f47ec835274fa193c5540a570dc53421fcfdc5d0408f8a8215ff9ec561bf/community ||share.getcloudapp.com/nOuXRll9^$all ! someone shared this SMS with me --> https://web.archive.org/web/20220707215749/https://twitter.com/iam_py_test/status/1545164642346930176 ||amazon-security-info.lnk.to^$all ! https://bazaar.abuse.ch/sample/b41a79633a38811e378ce4e3e05cbaf086791272ae55c87eafa845eb655994a9/ ||telegra.ph/Best-tutorial-04-30^$all ||gg.gg/11nfvn^$all ||mediafire.com/file/iqamfvx8teaq9y2/SoftwareInstaller.rar/file^$all ||77.91.102.23^$all ! https://bazaar.abuse.ch/sample/5c795e31f7130c2c15ed1fbcb300bea7266f64e10f68cfc9a2f139f2a25a9532/ ||crackload.net^$all ! https://virustotal.com/gui/file/36d0988bbecc52a81edde05ecf40562ce878dcf4eb273691a134f825bbc16f34/detection ||telegra.ph/INSTALLER-07-22-2^$all ||bit.ly/3b39wkA^$all ||mediafire.com/file/b0shvy4kbs26yro/Installer.rar/file^$all ! https://virustotal.com/gui/file/de78cb6a65184a6011d7dee1dc1e48a60d936208718448158f656919c29856e4 ||bit.ly/3PzDpaL^$all ||mediafire.com/file/r4fodu1r8tk0f5s/spotify_premium.rar/file^$all ! https://forums.malwarebytes.com/topic/289086-antivirus-keeps-telling-me-blocked-3523615979-and-cant-find-a-solution/ ! https://forums.malwarebytes.com/topic/289935-hijackautoconfigurlprxysvrrst-backdoorfarfli-in-registre-key/ ||35.236.159.79^$all ! https://bazaar.abuse.ch/sample/78bcb53e3e0bca3655038c80eb9339d94f4a52b614b2ae072c171925099bcca8/ ! https://virustotal.com/gui/file/6679a9fafa55cd95f682e35649413de7d36e81d7eb77736f888d98e5ac4ccf91 ! same malware? ||greponozy.com/1Gcf^$document ||ndandinter.hair^$all ! https://virustotal.com/gui/url/277ab53e753d552ec350aa812bc94345c84346ce52ca03f89979bfbe9a1ae000/community ||rb.gy/itouxx^$all ||es-sign-caieyna-b65164.ingress-florina.ewp.live^$all ! https://forums.malwarebytes.com/topic/289254-reoccuring-website-blocked-due-to-malwaretrojan-message/ ||104.155.207.188^$all ! https://forums.malwarebytes.com/topic/289555-malwarebytes-reporting-riskware-and-trojan-through-powershell-every-second/ ||45.227.254.52^$document ! https://twitter.com/MBThreatIntel/status/1567604533458780160 ||31.44.6.123^$all ! https://virustotal.com/gui/file/fe3f662947b072546eea1183ff626e851cb99a50a406dbe28a520078f38a84df ||telegra.ph/Download-09-07-6^$all ! https://virustotal.com/gui/file/31172f3d213210267adccd9e625a15f9713006812a3e20538425fba996e8889a ||mediafire.com/file/kvp9izio4r4hqly/Roblox+Hack.zip/file^$all ! https://bazaar.abuse.ch/sample/a674c8d984fe21bdbf03a9cafabe8963f0b471155655943299ef9695b836c307/ ||telegra.ph/Clip-Studio-Crack-Latest-Version-08-15^$all ! https://virustotal.com/gui/url/94532535b8591efdebf95cf3c463f4b6116c76a354320676d38ab1384d40d26f/community ||sukudoanalytica.com^$all ! https://twitter.com/UK_Daniel_Card/status/1573038624853082128 ! https://twitter.com/MBThreatIntel/status/1571949584943054848 ||parrable.com^$all ! https://twitter.com/MBThreatIntel/status/1573059941619081221 ||guyacave.fr/js/tiny_mce/themes/modern/validate.js^$all ! https://bazaar.abuse.ch/sample/7205488fe5a1d3d05f0734af8b156d5c1603e9334b407845eb5545950e7b9acc/ (credit to https://bazaar.abuse.ch/user/1169961/) ! https://app.any.run/tasks/ed58332c-913b-4a8e-8d17-e55c4fb40b76 (my analysis) ||85.31.46.80^$document ! https://virustotal.com/gui/url/dff608d10ce1c5d441e7d3d9e848d81302e26dcce121f984f2d1c2e341852a82/community ||medijaplus.com/wp-admin/network/ATOPSpA/^$all ! https://forums.malwarebytes.com/topic/290797-drive-by-typosquat/ ||login.mimecast.cm^$document ! https://web.archive.org/web/20230604182346/https://twitter.com/iam_py_test/status/1578112473768644611 ||pastebin.com/DyG0qkdA^$document ||bit.ly/3EhFS7k^$document ! new ||bit.ly/3W5iqkk^$all ||mediafire.com/file/48babb7qlspz6dd/Adobe+Photoshop.rar/file^$all ! https://virustotal.com/gui/url/d56c2ac37804bb6016c6666697b34ed0e95ad1a36ca2bd8b9db78c1e13f8ae81/community ||objectstorage.us-sanjose-1.oraclecloud.com^$all ! https://virustotal.com/gui/url/cf647bc81b76bd4857b34fe9a6dbec1f695b3bb8910e8cd000fa16e48d8c0c4c/community ||i4rry-tiaaa-aaaag-aaycq-cai.ic0.app^$all ! https://bazaar.abuse.ch/sample/9d5e04f46fc4e4340b2d4c5f2044584826e016347388ec35cc9805d36c7546f1/ ||95.214.53.31^$document ! https://tria.ge/221104-xnqwhsbhfp/behavioral1 ||clipper.guru^$all ! https://forums.malwarebytes.com/topic/291771-facebook-hacked-and-suspicious-link-sent-out/ ||monkey.redirectmaster.com^$all ! https://virustotal.com/gui/url/6a1435a75c9199af6c37df495fb6b05965e57ada5b617e0651efa13e51ae746b/community ! https://virustotal.com/gui/url/8425e5c13e3c0ee58fc0ed21cd3695ad4ef1962a32d90f2b3d34cc280e0c248b ||chungwoo.futuroinfo.co.kr^$all ! https://github.com/AdguardTeam/AdguardFilters/issues/134355 ! https://github.com/DandelionSprout/adfilt/commit/32ea69e5a7c632bc2cd739fba4ee256e8a9e8abf (all credit to https://github.com/DandelionSprout) ||1000girl.com^$all ||1000islandsinfo.com^$all ||100blackmenkc.org^$all ||141angel.com^$all ||168av.com^$all ||1800fdlowers.com^$all ||1800fl9owers.com^$all ||1800flowerx.com^$all ||1800tlowers.com^$all ||2d-plus.com^$all ||2m5f.com^$all ||30mercantil.com^$all ||3mvs.com^$all ||4hu59.com^$all ||99bricks.com^$all ||ab-automobile.de^$all ||abc13news.com^$all ||aboutarc.com^$all ||abuhamzahfx.com^$all ||abwkoeln.de^$all ||accessdiscounts.com^$all ||accountingservice.com^$all ||accountionline.com^$all ||acethematch.com^$all ||additude.org^$all ||addyourlink.net^$all ||adminbookings.com^$all ||admiralmarket.com^$all ||adriod.com^$all ||aerepostal.com^$all ||aergerforum.de^$all ||aetnaretriedhealth.com^$all ||aetnastudentehalth.com^$all ||aetnasyudenthealth.com^$all ||air-careductcleaning.com^$all ||akintor.com^$all ||alabamamedicaid.org^$all ||alamoinsurancegroup.com^$all ||allsttae.com^$all ||altesino.com^$all ||alumacarsuncity.com^$all ||amazonaus.com^$all ||amcestey.com^$all ||amecstry.com^$all ||americameagle.com^$all ||americanghostsandhauntings.com^$all ||americanlegion.net^$all ||americanwingsnorcross.com^$all ||amienmelody.com^$all ||ammica.com^$all ||anabolicalternative.com^$all ||anactor.net^$all ||anchormotor.com^$all ||anheiserbusch.com^$all ||animerunkkari.net^$all ||anningten.de^$all ||antennebayer.de^$all ||antiqueforhire.com^$all ||appdeploy.de^$all ||appe.indainbank.in^$all ||applebees.cm^$all ||appleidpassword.com^$all ||appolloprism.com^$all ||apppleseeds.com^$all ||appschoolgrid.co.uk^$all ||apqconstruction.com^$all ||apv-thermotech.de^$all ||arcanedevice.com^$all ||areopostel.com^$all ||ari-model.com^$all ||arielaudio.com^$all ||arizonadollandtoymuseum.com^$all ||arnoldmartinezgallery.com^$all ||artdesignweb.com^$all ||artediez.com^$all ||artofconway.com^$all ||asicsrunningshoe.com^$all ||askalligence.com^$all ||asperdental.com^$all ||aspspider.info^$all ||atlassion.net^$all ||aturealbum.com^$all ||audiopoisk.com^$all ||audioquartet.com^$all ||auitotrader.com^$all ||australien-embassy.de^$all ||autobk.com^$all ||autopartsguru.com^$all ||autoscvout24.de^$all ||avanteboatsales.co.uk^$all ||avg.cm^$all ||avipreview.com^$all ||awardswlwct.com^$all ||b5o.com^$all ||babybud.de^$all ||bagandbow.com^$all ||baileycar.com^$all ||bananajacks.com^$all ||banankofamerica.com^$all ||bankencryption.com^$all ||barrellab.com^$all ||barrettsoutdoor.co.uk^$all ||basicware.com^$all ||bbletche.com^$all ||bcbsillinois.com^$all ||bccstx.com^$all ||bcins.com^$all ||beachsideboatrentals.com^$all ||beardmiller.com^$all ||beatthestreak.com^$all ||bedbedandbeyond.com^$all ||beilgries.de^$all ||bejaminbluemchen.de^$all ||benifits.org^$all ||berwww.com^$all ||bestamericanstocks.com^$all ||bestcanadian.com^$all ||besthesda.net^$all ||bestwestner.com^$all ||bherb.com^$all ||bhojpurimovie.com^$all ||biblioteka-bg.com^$all ||bilabong.de^$all ||biovidasaude.com^$all ||birdscapes.com^$all ||bitsize.com^$all ||bittrex.cm^$all ||blackedram.com^$all ||blackmendigital.com^$all ||blauer-engel-koeln.de^$all ||blogs-pot.com^$all ||blurau.com^$all ||bmwsarasota.com^$all ||bnbcnews.com^$all ||boating-ed.com^$all ||bobybuilder.com^$all ||bokkinmg.com^$all ||bolivianland.net^$all ||boobking.cm^$all ||boohoi.com^$all ||booking.pixelextended.me^$all ||booksandmarks.com^$all ||boostbobile.com^$all ||boottownusa.com^$all ||bootyplanet.com^$all ||bossmovies.com^$all ||bothers.com^$all ||bottlecapgames.com^$all ||boxmoviez.com^$all ||boy-drive.net^$all ||bppkoing.com^$all ||braillealphabet.org^$all ||brainlly.com^$all ||brigdebase.com^$all ||briteledtech.com^$all ||brosdway.com^$all ||brotherprinter.com^$all ||bsswift.com^$all ||bt666.com^$all ||burnsidedigital.com^$all ||bwmbank.de^$all ||bzp.net^$all ||cabesp.com^$all ||calebpressley.com^$all ||calvertschool.com^$all ||cambridgeebook.com^$all ||cannel24.de^$all ||cantireu.ca^$all ||captialonedirect.com^$all ||carapowersports.com^$all ||carecredet.com^$all ||carnart.com^$all ||carolinatrustfederalcreditunion.com^$all ||carthorsemachinery.com^$all ||cartridgesshop.co.uk^$all ||casualxl.com^$all ||catharijnebioscoop.nl^$all ||cbej.com^$all ||cdlebjihad.com^$all ||cellutissue.com^$all ||centerblog.com^$all ||centerhillhouseboatrentalandcharter.com^$all ||cercoamicivip.com^$all ||charlestywritt.com^$all ||chasefreedomvisa.com^$all ||chasschwab.com^$all ||chathopper.com^$all ||cheapnikeshoes.com^$all ||chefsouls.com^$all ||chengsgardenct.com^$all ||childrencare.com^$all ||chinaautoparts.com^$all ||chlipfih.de^$all ||choctawwildlife.com^$all ||choicepriveleges.ca^$all ||choigame24h.net^$all ||christianbooksummaries.com^$all ||christiansocialnetwork.net^$all ||chuckychesse.com^$all ||cicda.com^$all ||cinemavf.org^$all ||citimortgage.cm^$all ||clarin.cm^$all ||clarires.com^$all ||clashofclanhacks.com^$all ||classmatess.com^$all ||clikurl.com^$all ||cloudbar.org^$all ||cloudmail.ontatio.ca^$all ||clubemusicas.com^$all ||clubterracan.net^$all ||cogeca.ca^$all ||collectioncentre.com^$all ||collegeoftheozarks.com^$all ||colonnialpenn.com^$all ||colordrives.com^$all ||columbusstoreeq.com^$all ||comcmast.net^$all ||comicstee.com^$all ||comkp.org^$all ||comstaples.com^$all ||confusion.co.uk^$all ||consunercellular.com^$all ||continentalcredito.com^$all ||convertapdftoword.com^$all ||cookiecliker.com^$all ||coolgearing.com^$all ||correo.foot-news.co^$all ||cottagechicbymargie.com^$all ||cottonflower.com^$all ||countrybros.com^$all ||countrylifegifts.com^$all ||courtreporting.com^$all ||covermania.com^$all ||covid-10.onario.ca^$all ||cps-pc.de^$all ||crackact.org^$all ||craigsdlist.com^$all ||crazynudistbeach.com^$all ||creativemindsacademyfl.com^$all ||credditonebank.com^$all ||cricket.info^$all ||crowddream.com^$all ||cruiseadventures.com^$all ||crystaldiskinfo.com^$all ||crystallinks.com^$all ||cstress.net^$all ||cumonlucy.co.uk^$all ||cumsex.com^$all ||cumsnap.com^$all ||cursodeunhasdecoradas.com^$all ||cvs.cm^$all ||cyberhostvpn.com^$all ||d25.net^$all ||dafearsoft.org^$all ||daftzex.com^$all ||damagedpictures.com^$all ||datingwall.com^$all ||davesandbusters.com^$all ||davidaustinroses.de^$all ||davidsonfirealarms.com^$all ||dealaday.com^$all ||debain.org^$all ||debide.com^$all ||defloreation.com^$all ||degowo.de^$all ||dekstophut.com^$all ||demo.europadonna.de^$all ||demo.halimcan.de^$all ||dentistfinder.com^$all ||desicorner.net^$all ||destokage.com^$all ||detailreviews.com^$all ||detroitk12.com^$all ||detroitlion.com^$all ||deutschewell.de^$all ||europadonna.de^$all ||gesundheitkatalog.de^$all ||hanseatischesweinkontor.de^$all ||hbo.cm^$all ||hypoverensbank.de^$all ||academicassociation.in^$all ||deviantaet.com^$all ||dhifaaf.com^$all ||dibujosdelos80.com^$all ||dicoverycove.com^$all ||dictionarg.com^$all ||dieaertze.de^$all ||diebahnd.de^$all ||diesimsens.de^$all ||digitaldigsads.com^$all ||dippegucker.de^$all ||directnergy.com^$all ||disany.com^$all ||discdb.com^$all ||disconcerting.com^$all ||discountrires.com^$all ||discunttire.com^$all ||disnneychannel.com^$all ||distorwatch.com^$all ||dixks.com^$all ||djwacho.de^$all ||dkroger.com^$all ||dlv4.com^$all ||com-download-stat.us^$all ||documentodoestudante.com^$all ||dofant.com^$all ||dolcegabanna.com^$all ||dollygals.com^$all ||domionspizza.com^$all ||donaldrussel.com^$all ||dotcomdirectory.com^$all ||drbbble.com^$all ||drocherway.com^$all ||droplox.com^$all ||droptv.com^$all ||drssbarn.com^$all ||ds4you.de^$all ||dsca85.com^$all ||dsneyland.com^$all ||ducusign.com^$all ||durgapurgovtcollege.org^$all ||dvrv.com^$all ||dyptiqueparis.com^$all ||dysma.de^$all ||easternbikes.de^$all ||ebookbinary.com^$all ||ecentennialcollege.ca^$all ||ecoediciones.com^$all ||ecoinspeed.com^$all ||ecread.com^$all ||edge.metropcs.co^$all ||educacionbc.com^$all ||eduparkpublishinghouse.com^$all ||eevb.com^$all ||efsll.com^$all ||einv.com^$all ||eknigu.org^$all ||elcactus.com^$all ||eletterhead.com^$all ||ellasontreeservice.com^$all ||ellisiland.org^$all ||elreydelfalafel.com^$all ||empak.de^$all ||emperorinfo.com^$all ||emulespana.net^$all ||enbto.com^$all ||engineerbob.com^$all ||enyergy.com^$all ||eoonext.com^$all ||epicgamis.com^$all ||epph.com^$all ||eppicard.cm^$all ||erotic-flowers.com^$all ||erotic99.com^$all ||es-toyaqui.com^$all ||esmallbusinessgrants.net^$all ||esty.com^$all ||esuracnce.com^$all ||eternityflowercreations.com^$all ||ethioporn.com^$all ||etimology.com^$all ||euronets.com^$all ||events.compres.us^$all ||everdaycarry.com^$all ||evil-unveiled.com^$all ||evtools.info^$all ||exberian.com^$all ||excelmission.com^$all ||3daxis.co^$all ||exiperan.com^$all ||experianokta.com^$all ||expieeian.com^$all ||explorors.com^$all ||expreien.com^$all ||exragazze.com^$all ||exrpessscripts.com^$all ||eyebuidirect.com^$all ||ezbiodiesel.com^$all ||ezgreatoffers.com^$all ||ezprogram.com^$all ||eztvseries.com^$all ||fabswiingers.com^$all ||faceb00k.com^$all ||facilisoft.com^$all ||fairplayhorse.com^$all ||fakehab.com^$all ||faketaxi.org^$all ||fashionchurchsuits.com^$all ||fashiondressstore.com^$all ||fashionsnetwork.com^$all ||fastlaneltd.com^$all ||fatbike-motor.com^$all ||fatwa1.com^$all ||faxsports.com^$all ||fcbs-inc.com^$all ||fedbizopps.org^$all ||fellfootfarm.co.uk^$all ||ferel.com^$all ||fertagus.com^$all ||ffrontgate.com^$all ||fiars.com^$all ||fightmove.co.uk^$all ||filezila.com^$all ||findmymobike.com^$all ||findrc.com^$all ||finleyfurst.com^$all ||fionagary.com^$all ||fireking.us^$all ||firhouse.com^$all ||firstnationalc.com^$all ||firstthirdbank.com^$all ||fivestarautomotiverepair.com^$all ||fivethirteight.com^$all ||flagstarwholesale.com^$all ||flightconsolidator.com^$all ||flightlcub.com^$all ||flipnormals.com^$all ||flixbruns.de^$all ||floormakers.com^$all ||flowermodels.com^$all ||flugzeugsupermarkt.de^$all ||fluxrp.com^$all ||flygpoolen.com^$all ||fmhogar.com^$all ||fmword.net^$all ||fnsbsd.com^$all ||focusbangla.com^$all ||followx.com^$all ||food-stamps-apply.com^$all ||foosewheels.com^$all ||footballflags.com^$all ||forceporn.com^$all ||foreverybella.com^$all ||forexclient.com^$all ||forexengines.com^$all ||formacioncorreos.com^$all ||formaua.com^$all ||forslaebyowner.com^$all ||forstinger.de^$all ||fotobugil.com^$all ||fotoescalera.com^$all ||fotoporst.de^$all ||foyerjeansturm.com^$all ||fraigslist.com^$all ||franciscajoias.com^$all ||franklhammondiii.com^$all ||frebmd.org.uk^$all ||freddiesfinespirits.com^$all ||free-iphone6s.com^$all ||freeconferenceline.com^$all ||freedomkia.com^$all ||freefre.com^$all ||freelanceeditors.com^$all ||freemovie.com^$all ||freemovies.net^$all ||freemoviesonline.com^$all ||freenortonsecurity.com^$all ||freeprogz.com^$all ||freeshoutbox.com^$all ||friedmanshoes.com^$all ||friendsinfo.net^$all ||fsuwebmail.com^$all ||fuckhoes.com^$all ||fudelidade.com^$all ||fullyloadednews.com^$all ||fumformobile.com^$all ||furnitureking.com^$all ||furukawa-cooking.com^$all ||futaplay.com^$all ||gadisbandung.com^$all ||galerievitesse.com^$all ||gallagherstudents.com^$all ||gallerialighting.com^$all ||gameartisan.com^$all ||gamesloft.com^$all ||garden-flags.com^$all ||garndinroad.com^$all ||gastrodocs.info^$all ||gautengonline.com^$all ||gaylar.com^$all ||gbbox.com^$all ||geacorn.com^$all ||geamail.com^$all ||geapplaince.com^$all ||gedichtsbilder.de^$all ||gemini-usa.com^$all ||generadordememes.com^$all ||genwigs.com^$all ||geogiaboot.com^$all ||geometro.com^$all ||getchaselnk.com^$all ||getjeeping.com^$all ||getmsguide.com^$all ||getmytranscrpit.com^$all ||ggodyear.com^$all ||ghostsearch.com^$all ||gibsonrv.net^$all ||gidonline.net^$all ||giphy.cm^$all ||girls-party.com^$all ||glamrockbeauty.com^$all ||glassdoir.com^$all ||glasssoor.com^$all ||glendeedogrescue.co.uk^$all ||globalifeinc.com^$all ||glomp.com^$all ||gmauo.com^$all ||gmboree.com^$all ||gmglobalconnec.com^$all ||gmsexp.com^$all ||gnctraining.com^$all ||gnet7.com^$all ||gnpschandigarh.com^$all ||gobdeals.com^$all ||goldclubslot.com^$all ||goodcheat.com^$all ||googglemail.com^$all ||google.ssvt.se^$all ||googlecal.com^$all ||googleidle.de^$all ||goole.com.vn^$all ||goopgle.com^$all ||goracertech.com^$all ||goralpolishdeli.com^$all ||gordanfoodservice.com^$all ||got-corgis.com^$all ||gracehillision.com^$all ||granddentalpc.com^$all ||grassrootsmeasures.com^$all ||greandhra.com^$all ||greatbulletin.com^$all ||greatlesson.com^$all ||greatrating.com^$all ||greenvaporco.com^$all ||greyhoundbuslines.com^$all ||grillsandgreens.com^$all ||grinandbakeit.com^$all ||grupograncolombia.com^$all ||grupomnemon.com^$all ||gsmatena.com^$all ||guicc.com^$all ||gulfmonster.com^$all ||hallsdawghouse.com^$all ||halys.com^$all ||hamburgschool.org^$all ||handrbloock.com^$all ||hangkhung.com^$all ||hao1131.com^$all ||harfordlife.com^$all ||hatventures.net^$all ||haveringfireplaces.co.uk^$all ||hawaiianaor.com^$all ||hboow.com^$all ||hcomicbooks.com^$all ||hdmedicalexams.com^$all ||hdsupplsolutions.com^$all ||hdwallpaperslist.com^$all ||hdww.com^$all ||healthtechni.com^$all ||heaphotels.com^$all ||heathyliving.com^$all ||helixcharter.com^$all ||hellsangelsusa.com^$all ||hensly.com^$all ||hermesairport.com^$all ||highcash.org^$all ||hillcountrysanmarcos.com^$all ||hiwaytractor.com^$all ||hobbylobby.cm^$all ||holidayproperty.com^$all ||hollywoodmoviez.net^$all ||homescapeonline.com^$all ||hongkongsthelens.co.uk^$all ||hosfordbrothersconcrete.com^$all ||hotelcentr.com^$all ||hotelesdoux.com^$all ||hotelsit.com^$all ||hotnsil.com^$all ||hpsupportphonenumber.com^$all ||hqjt.com^$all ||htmail.co.uk^$all ||httpexample.com^$all ||hu0.com^$all ||humaneassocofclarkcounty.com^$all ||humouron.com^$all ||hvanah.com^$all ||i80auto.com^$all ||ibuycard.com^$all ||iclovd.com^$all ||ideed.ca^$all ||idlebrsin.com^$all ||ifetel.com^$all ||igansupport.org^$all ||iheartmandalas.com^$all ||iidcgwalior.com^$all ||imageshake.de^$all ||importadoravehicular.com^$all ||inchirieriregimhotelier.net^$all ||indonesiaigo.com^$all ||infonavid.com^$all ||infoum.com^$all ||innotech-maschinenbau.de^$all ||insectflix.com^$all ||insidewireman.com^$all ||insovenz.de^$all ||inssigniaproducts.com^$all ||investopidia.com^$all ||inwexcel.com^$all ||iphonedevtools.com^$all ||ishifusion.com^$all ||islandsresturants.com^$all ||isseg.com^$all ||issstenet.com^$all ||iteachkinder.com^$all ||itunse.com^$all ||izak.com^$all ||jackwolfkins.de^$all ||jacobsfuneralhome.com^$all ||jailbait-gallery.net^$all ||janethepsychic.co.uk^$all ||jaspe.com^$all ||jcpenmey.com^$all ||jcpenneybenefits.com^$all ||jcpenneyey.com^$all ||jd.cm^$all ||jehblue.com^$all ||jeporady.com^$all ||jewelpak.com^$all ||jimmygaorestaurant.com^$all ||jimmysfarmtoys.com^$all ||jira.hannoverscheallgemeinezeitung.de^$all ||jkhols.com^$all ||jlibrary.org^$all ||jmxded100.net^$all ||joannamartinewoolfolk.com^$all ||joblana.com^$all ||joovideo.us^$all ||journeykids.com^$all ||jquerylenslider.com^$all ||jspecialjapan.com^$all ||jumpstar.com^$all ||juzzbunker.com^$all ||kascarpet.net^$all ||kayoutlets.com^$all ||kbshengyi.com^$all ||kelleyservices.com^$all ||keyrug.com^$all ||keywebtracker.com^$all ||keywordadvisetoolplus.com^$all ||kholsrebates.com^$all ||kickoff.cm^$all ||kindfirls.com^$all ||kitchenmusings.com^$all ||kiwihelme.de^$all ||klaser.com^$all ||kodiakproduce.com^$all ||koklsfeedback.com^$all ||komunitaspeduliumatdalung.com^$all ||koon.net^$all ||kootra.com^$all ||kpry.com^$all ||krca.net^$all ||kusakabehifuka.com^$all ||kyxc.com^$all ||kzdress.com^$all ||laguiadelocio.com^$all ||lakecumberlandfishingguide.com^$all ||lakeserenespa.com^$all ||landhausmitpfiff.de^$all ||lankantunes.com^$all ||lapels.org^$all ||larka.de^$all ||lasierratiresutah.com^$all ||laubergeduvieuxcrozet.com^$all ||lawh.com^$all ||leakz.net^$all ||leapinginto5thgrade.com^$all ||learn.movibaz.us^$all ||learnpack.co.uk^$all ||legavy.com^$all ||legumeloyalist.com^$all ||lepac.com^$all ||lesbiot.com^$all ||lezgame.com^$all ||lianasims2.de^$all ||lifellinescreening.com^$all ||likoer43.de^$all ||linkbaru.com^$all ||linkdin.ca^$all ||linuxdeal.com^$all ||liscensecoach.com^$all ||livescom.com^$all ||livingcomforts.com^$all ||login.reserveamerica.co^$all ||loitech.de^$all ||lojabau2mao.com^$all ||lorenagostosa.com^$all ||losingface.com^$all ||louisvuitten.com^$all ||louisvuittin.com^$all ||loveherbal.com^$all ||lowcostparceldelivery.com^$all ||lowe4s.com^$all ||lpaodata.net^$all ||lunettesde.com^$all ||lutherancommunitygrace.net^$all ||luxerycard.com^$all ||lyncdiscoverinternal.ualbera.ca^$all ||lynes-shoes.com^$all ||lyodsbank.com^$all ||m2e6.com^$all ||magento.fanmail2u.de^$all ||magento.gibco.de^$all ||magento.trannydating.nl^$all ||magoosfurniture.com^$all ||mahabaliexpress.com^$all ||makingfreinds.com^$all ||makisushi.net^$all ||malrboro.com^$all ||maluch.com^$all ||mamapho1.com^$all ||manage.polka-dot.co^$all ||mandourpharmacy.com^$all ||maneige.ca^$all ||manheimauto.com^$all ||manitobaparks.ca^$all ||mannakbbq.com^$all ||manoffashion.com^$all ||mantrafilms.com^$all ||manytears.com^$all ||manyvidd.com^$all ||maritimeway.com^$all ||marketpalce.com^$all ||marrottvacationclub.com^$all ||maruces.com^$all ||mascy.com^$all ||mathrubhmi.com^$all ||matomefun.net^$all ||mauriciodenassau.com^$all ||mbenzusa.com^$all ||mbwjk.de^$all ||mcatbui.net^$all ||mceyecenter.com^$all ||mcgraww-hill.com^$all ||mcjrotc.com^$all ||mckinleyspubri.com^$all ||mdtp.us^$all ||meaganslaw.com^$all ||medherb.de^$all ||medialine.org^$all ||mediasenso.com^$all ||mediationcenter.com^$all ||medicinelodgepom.com^$all ||medigov.com^$all ||medschoolhell.com^$all ||meficare.com^$all ||mega-hookup.com^$all ||megacinemaflix.com^$all ||melbourneactingstudio.com^$all ||mellatmobile.com^$all ||meloxicamsideeffects.org^$all ||metalartsinc.com^$all ||meuconsorciobb.com^$all ||midiuser.net^$all ||mightylayoutboys.com^$all ||migranteducation.com^$all ||mijaliscomexrestaurant.com^$all ||mijntoeslagen.com^$all ||mili010.com^$all ||minecraft2.com^$all ||minicottage.com^$all ||minnesotagoldendoodles.com^$all ||mitkindernwachsen.de^$all ||mlgn3usa.com^$all ||mmrafricanfashions.com^$all ||mnspeoplesystem.co.uk^$all ||mobileblitz.com^$all ||mobilehacktool.com^$all ||mobilehomepartstore.com^$all ||modestogold.com^$all ||modsey.com^$all ||moenygram.com^$all ||mojsng.com^$all ||mollinsburncarsales.co.uk^$all ||momentsoflife.com^$all ||monasteriodepoio.com^$all ||monesupermarket.com^$all ||monyorder.com^$all ||mortgae.com^$all ||motorjacket.com^$all ||motorradcenter.de^$all ||motorradpartner.com^$all ||motosu.de^$all ||mountaincrestapartments.com^$all ||mp3juicess.biz^$all ||mpcclubcard.com^$all ||mrtravelers.com^$all ||msephora.com^$all ||muisjes.com^$all ||mujerlunabella.net^$all ||musicans-place.de^$all ||musleblaze.com^$all ||mutedvods.com^$all ||blackberry.cm^$all ||carfax.cm^$all ||myaarpmwdocare.com^$all ||myancesty.com^$all ||myanthropologie.com^$all ||myapclassroom.com^$all ||mybodysoul.com^$all ||mycarrer.com^$all ||mycreditonecard.com^$all ||mydicksportinggoods.com^$all ||myebookmaster.com^$all ||myeverydayrewards.com^$all ||myfappening.org^$all ||myfinco.com^$all ||myfirstdegree.com^$all ||myftdi.com^$all ||myhbc.com^$all ||myherbelife.com^$all ||myjobsscotland.co.uk^$all ||mykohs.com^$all ||mylacountybenefit.com^$all ||myliferouch.com^$all ||mynait.ca^$all ||myoceanictwc.com^$all ||mypaneras.com^$all ||mypayback.de^$all ||myqnascloud.com^$all ||myscence.com^$all ||mysunywcc.com^$all ||mytruidenity.com^$all ||myvglicredential.com^$all ||myvirtualterminal.com^$all ||myvweizon.com^$all ||myxrt.com^$all ||nactar.com^$all ||nados.co.uk^$all ||nahro.com^$all ||nalcbp.com^$all ||nanitv.com^$all ||nanoxnutriceuticals.com^$all ||naoffroad.com^$all ||napkimcuong.com^$all ||nartube.com^$all ||nationpage.com^$all ||naturebois.com^$all ||navyfereral.org^$all ||nbkonline.com^$all ||ncscu.com^$all ||neckheavy.com^$all ||nedspipeandsteel.com^$all ||nehra.org^$all ||neipets.com^$all ||nesteggtrailers.com^$all ||netflflix.com^$all ||netflifx.com^$all ||networkredundancy.com^$all ||neuropsicologiacordoba.com^$all ||nevadaspca.com^$all ||newkindofmotherhood.com^$all ||nflflagfootball.com^$all ||niagaragazette.com^$all ||nichewines.com^$all ||nigerialatestnews.com^$all ||nikene.com^$all ||nissenusa.com^$all ||niuqiu.com^$all ||njtutoriales.net^$all ||noborobo.com^$all ||nodesjs.org^$all ||nooder.com^$all ||northpoleicecreamshop.com^$all ||norto.com^$all ||norwoodcadillac.com^$all ||novadevelooment.com^$all ||novorojencek.com^$all ||carmax.cm^$all ||skyteam.cm^$all ||pcmag.cm^$all ||nexxt.cm^$all ||tillys.cm^$all ||nuken.com^$all ||nursingsa.com^$all ||nutricroq.com^$all ||nutriksystem.com^$all ||nylottery.com^$all ||o-shohousen.com^$all ||o2tvseriea.com^$all ||obesityonline.org^$all ||obobettermann.de^$all ||oceach.org^$all ||octupus-versand.de^$all ||odrivers.com^$all ! https://virustotal.com/gui/url/ca6883e44a103ed205b6225d866719bc51a9301aca937d336dc38610e46c7ea2/community ||58.252.203.71^$all ! a "Yahoo" email claiming I will be locked out if I don't "correct my email" ||yahooo-mail-service.webflow.io^$all ! https://app.any.run/tasks/1dafbc8d-84d8-4e42-a96a-fffdc9d644e7/ ||kmspico-official.xyz^$all ! https://forums.malwarebytes.com/topic/292016-keep-getting-outbound-website-blocked-due-to-trojan-cant-find-threats/ ||humman.art^$all ! https://www.fortinet.com/blog/threat-research/new-rapperbot-campaign-ddos-attacks ||185.216.71.149^$all ! I misspelled virtualbox's website, landed here ||virutalbox.org^$all ||get.safety-search.com^$all ||safety-search.com^$document ! https://app.any.run/tasks/2de64615-6df3-457f-bfb8-3e207b44667c ||116.202.5.101^$all ! https://forums.malwarebytes.com/topic/292218-malwarebytes-says-that-vbcexe-is-a-virus-please-help/ ! https://threatfox.abuse.ch/ioc/840342/ ||193.106.191.160^$all ! https://github.com/AdguardTeam/AdguardFilters/issues/134903 ||znakomy.club^$all ||smartlink.name^$all ! https://app.any.run/tasks/2309c8ba-3e9f-41f2-8a5c-f15f7411ac58# ||www.sadeempc.com^$all ||sadeempc.com^$all ||iplogger.org/2AnXe7^$all ||bit.ly/Password-1234-FullSetups^$all ||iplogger.com/Sadeempcfullversins^$all ! https://www.youtube.com/watch?v=xwJJkvIsEJQ ||torrent-protection.com^$all ! https://app.any.run/tasks/e5ba6bf3-98ee-46bf-b9ee-406b1bbebe1f ||rotf.lol/BDFG-KZTP-QAYW^$all ||88.198.106.9^$all ! https://app.any.run/tasks/89b3e663-ea70-43fe-89f0-af05c1c9af2e ||95.217.31.208^$all ! https://github.com/AdguardTeam/AdguardFilters/issues/135924 ! https://github.com/DandelionSprout/adfilt/commit/31a32bcef8cfef97a6403f308d64c1991c6b4e8b ! credit to https://github.com/DandelionSprout ||abazelfan.com^$all ||abburmyer.com^$all ||abyamaskor.com^$all ||acelacien.com^$all ||adsvids.com^$all ||agaenteitor.com^$all ||ajestigie.com^$all ||almareepom.com^$all ||alspearowa.com^$all ||amexcadrillon.com^$all ||amgardevoirtor.com^$all ||amoddishor.com^$all ||arrlnk.com^$all ||arswabluchan.com^$all ||arwartortleer.com^$all ||arwhismura.com^$all ||aslaironer.com^$all ||aslaprason.com^$all ||asnoibator.com^$all ||astkyureman.com^$all ||astoecia.com^$all ||atgallader.com^$all ||attrapincha.com^$all ||audmrk.com^$all ||ausoafab.net^$all ||bechatotan.com^$all ||belickitungchan.com^$all ||benumelan.com^$all ||beskittyan.com^$all ||betalonflamechan.com^$all ||betimbur.com^$all ||betjoltiktor.com^$all ||betotodileon.com^$all ||bett2you.org^$all ||bigsport.today^$all ||breakingfeedz.com^$all ||businessenviron.com^$all ||byambipoman.com^$all ||cadbitff.com^$all ||chemitug.net^$all ||civadsoo.net^$all ||clicktracklink.com^$all ||consoupow.com^$all ||countriesnews.com^$all ||daizoode.com^$all ||desabrator.com^$all ||dfsdkkka.com^$all ||doflygonan.com^$all ||domakuhitaor.com^$all ||dugothitachan.com^$all ||dukirliaon.com^$all ||dulillipupan.com^$all ||duponytator.com^$all ||eyenider.com^$all ||faestara.com^$all ||fdiirjong.com^$all ||fiinann.com^$all ||fiinnancesur.com^$all ||finnnann.com^$all ||flymob.com^$all ||forlumineontor.com^$all ||forunfezanttor.com^$all ||fregtrsatnt.com^$all ||gdasaasnt.com^$all ||geedoovu.net^$all ||getsurv2youu.com^$all ||gfsdloocn.com^$all ||ggetsurveey.com^$all ||gggtrenks.com^$all ||gillynn.com^$all ||gkjoanks.com^$all ||glersakr.com^$all ||gloaphoo.net^$all ||goomaphy.com^$all ||groguzoo.net^$all ||growebads.com^$all ||gtoonfd.com^$all ||haunigre.net^$all ||higheurest.com^$all ||hoanoola.net^$all ||hrenbjkdas.com^$all ||inabsolor.com^$all ||inboldoreer.com^$all ||incorphishor.com^$all ||inkingleran.com^$all ||inpage-push.com^$all ||interdfp.com^$all ||intorterraon.com^$all ||itemolgaer.com^$all ||itgiblean.com^$all ||ittorchicer.com^$all ||itzekromom.com^$all ||jeehathu.com^$all ||koapsuha.net^$all ||kogutcho.net^$all ||lauhoosh.net^$all ||leezoama.net^$all ||loralana.com^$all ||lowdodrioon.com^$all ||lowdurantom.com^$all ||lowlatiasan.com^$all ||mauchopt.net^$all ||meagplin.com^$all ||meet4youu.com^$all ||mekstolande.com^$all ||moakaumo.com^$all ||moksoxos.com^$all ||mygtmn.com^$all ||newprofitcontrol.com^$all ||nieveni.com^$all ||oackoubs.com^$all ||oaphoace.net^$all ||offmachopor.com^$all ||omanala.com^$all ||omasatra.com^$all ||omchimcharchan.com^$all ||omnidokingon.com^$all ||onclickads.net^$all ||onclickrev.com^$all ||onclickserver.com^$all ||onelivetra.com^$all ||onwasrv.com^$all ||onxatutor.com^$all ||oodrampi.com^$all ||opcharizardon.com^$all ||opchikoritar.com^$all ||opclauncheran.com^$all ||osspalkiaom.com^$all ||ossrhydonr.com^$all ||outaipoma.com^$all ||outseylor.com^$all ||overonixa.com^$all ||overswaloton.com^$all ||overzoruaon.com^$all ||overzubatan.com^$all ||parumal.com^$all ||pipeschannels.com^$all ||propvideo.net^$all ||psaudous.com^$all ||qarewien.com^$all ||rhendam.com^$all ||rmndme.com^$all ||rndchandelureon.com^$all ||rndmusharnar.com^$all ||roduster.com^$all ||rouinfernapean.com^$all ||rtmark.net^$all ||rtrgt2.com^$all ||saimifoa.net^$all ||serconmp.com^$all ||shoubsee.net^$all ||show-review.com^$all ||sportevents.news^$all ||survey2you.org^$all ||tauvoojo.net^$all ||timecrom.com^$all ||toglooman.com^$all ||tosuicunea.com^$all ||totentacruelor.com^$all ||totogetica.com^$all ||touroumu.com^$all ||tovanillitechan.com^$all ||trads.io^$all ||trenhsmp.com^$all ||trewnhiok.com^$all ||ugroocuw.net^$all ||unampharostor.com^$all ||unbeedrillom.com^$all ||untimburra.com^$all ||uparceuson.com^$all ||uplucarioon.com^$all ||uponarticunoer.com^$all ||upregisteelon.com^$all ||urmavite.com^$all ||vamsoupowoa.com^$all ||vuftouks.com^$all ||wynather.com^$all ||yacurlik.com^$all ||yarlnk.com^$all ||yonabrar.com^$all ||zagtertda.com^$all ||zoawufoy.net^$all ||139.45.197.239^$all ! https://forums.malwarebytes.com/topic/292537-phishing-x-3/ (account required, credit to https://forums.malwarebytes.com/profile/126832-bradraynor/) ||13ee53.codesandbox.io^$document ! https://forums.malwarebytes.com/topic/292570-malwarebytes-blocked-trojanexe-am-i-safe/ ! https://threatfox.abuse.ch/ioc/1024382/ ||185.234.247.238^$all ! https://forums.malwarebytes.com/topic/292568-ironmodalcom/ ||ironmodal.com^$all ! https://app.any.run/tasks/fbb04c5d-ce57-4eaa-937b-20b014ed7c19# ||rsmerchantservices.com^$all ||gcrpgqhhmf.com^$document ||bestsmartfind.com^$all ! https://app.any.run/tasks/df07016b-df4a-47d2-8ef4-3764547ccb7b (website) ! https://app.any.run/tasks/30bb18a1-ea92-4208-91a1-e1b964930fa5 (file) ! https://threatfox.abuse.ch/ioc/1028938/ ||rebrand.ly/McAfeeSecurity2022ActivateDownload^$all ||45.15.157.132^$all ! https://app.any.run/tasks/82e6d95e-3fd5-4bf6-873e-3d7379d495e3 ! https://app.any.run/tasks/25665331-97a5-49a8-9381-eda377347ee5 ||bit.ly/fitgirl-repacks-site^$all ||fitgirl-repacks-site.org^$all ||bluemediafiles.top^$all ! https://forums.malwarebytes.com/topic/292840-file-detected-windowsmicrosoftnetframeworkv4030319aspnet_compileexe/ ||line.publicvm.com^$all ||209.209.41.33^$all ! https://bazaar.abuse.ch/sample/a3cafe7d2d20180460c2e581b215d63519a691de2781a66349fd57ea3e5fcfdf/ (https://bazaar.abuse.ch/user/86185858/) ||194.58.108.112^$all ! https://github.com/uBlockOrigin/uAssets/issues/15990 ||vlcdownloads.com^$all ! https://virustotal.com/gui/url/2eeeeba08305b13c205d66f7d9cd6a853bc491688d0e91c0381613066b2566a3/community ||storageapi.fleek.co/65d6137a-aa68-4f10-9b8d-3763e277f165-bucket/fav/indexxxxxx.html^$all ! https://github.com/AdguardTeam/AdguardFilters/issues/136390 ||glthub.org^$document ! https://forums.malwarebytes.com/topic/293076-google-docs-extension-malware/ ||goodsearchez.com^$document ||goog.goodsearchez.com^$document ! https://forums.malwarebytes.com/topic/293086-i-keep-getting-data-crypto-mining-trojans-in-my-chrome-extensions-folder/ ||daggerhashimoto.eu.nicehash.com^$all ! https://bazaar.abuse.ch/sample/dd022ea963e777dec7fbb6c3f84893961c60a0b72fa26152416a9e75e9879c5d/ ||142.93.198.232^$all ! https://virustotal.com/gui/file/9108e1d22d74bc5397b8886edc4f0a84b8906436a648ef8a86f30cf7e08978dd/detection ||bit.ly/3zKpp8y^$all ||mediafire.com/folder/bftfjxk7na4m8/Setup^$all ||mediafire.com/file/kfjdexcnso6l3uk/Installer.rar/file^$all ! https://virustotal.com/gui/file/8b526ce6c0637c72799d1f1944f5d77a821d896c2ffe01cd8c391ed37a175f76 ||mediafire.com/file/z0mvgi2bjbotamf/TeamViewerPremium.rar/file^$all ! https://github.com/DandelionSprout/adfilt/discussions/163#discussioncomment-4502840 (with no adblocker, I got an ad which downloaded https://virustotal.com/gui/file/7c4c570fb381176736d956ee84c5fb01b6e4638fe122e7a2e1f7335d08edb1d6/detection) ||ecomefuk.xyz^$all ! https://app.any.run/tasks/f4e39100-c15b-4cd3-9a2c-3401df4435d4 ! https://tria.ge/221227-3mk7jagg99 ||116.203.121.167^$all ! https://www.hybrid-analysis.com/sample/f2e12223da0ae00323260f8dadbdd1596f7ce8fcd2e2520fde0aefc6fd19a88b ! https://tria.ge/221228-3ez1qabh74/behavioral2 ! https://virustotal.com/gui/file/0814d32e07768c5387774d03108ea27ff132d4aee72d3f1fc98a6d78ab74d628 ||157.230.87.146^$all ||sigmarole.cyou^$all ! https://threatfox.abuse.ch/ioc/847757/ ||77.73.134.24^$all ! https://app.any.run/tasks/acb995d6-45ba-4680-8c39-b96b7a8574d8 ||rotf.lol/2p9fmd8k^$all ||65.108.249.43^$all ! https://github.com/iam-py-test/investigations/blob/main/malware/oceanofgames.com.md ||oceanofgames.com^$all ||easy-learn-tech.info^$all ||51.68.154.128^$all ! https://virustotal.com/gui/url/25c1299a47deee16de446a1e984b668779afe55cd5429639a112fe8cb6509b68/community ||colorflys.com^$all ! https://app.any.run/tasks/5bdcb423-d8a6-4c4a-bee0-e4817415d96e ! https://virustotal.com/gui/file/f82251f78347ba9a0a0fe6efee7fdfb4a07ef133ec29d4fb816116b194c4f4a2/detection ||116.203.3.152^$all ! shared by https://github.com/JobcenterTycoon ||funnycrack.com^$all ! https://app.any.run/tasks/5f9ddba3-9d5d-45a6-8ab1-37eaca832b2a/ ! https://tria.ge/230103-s79qhsfb2z/behavioral2 ||gigapurbalinggaa.com^$all ||cutt.ly/V2fZo0l^$all ||bit.ly/3Z8fkxh^$all ||stone10.xyz^$all ||143.198.211.93^$all ||5.75.173.242^$all ! https://github.com/AdguardTeam/AdguardFilters/issues/139106 (credit to DandelionSprout) ||loadingnow.me^$all ||gsecurecontent.com^$all ||pressizer.net^$all ||sapino.net^$all ||44.236.213.34^$document ||52.24.156.12^$document ||52.25.6.134^$document ||100.20.13.49^$document ! https://tria.ge/230104-qdn6lsfh34/behavioral2 ! https://tria.ge/230104-qcf4lsbb81/behavioral2 ! https://www.hybrid-analysis.com/sample/a2f1e5de0f6a32a2b202a973b4deebb0f3f3fd0c16001a010594ced932b17a07 ! https://virustotal.com/gui/file/a2f1e5de0f6a32a2b202a973b4deebb0f3f3fd0c16001a010594ced932b17a07/detection ! https://threatfox.abuse.ch/ioc/1064537/ ! https://threatfox.abuse.ch/ioc/1064536/ ! https://threatfox.abuse.ch/ioc/1064660/ ||88.119.161.188^$all ||88.119.161.19^$all ! https://forums.malwarebytes.com/topic/293448-brute-force-password-attack-on-email-server-from-ip-address-9820013539/?do=findComment&comment=1547922 (account required) ! https://www.abuseipdb.com/check/68.60.77.128 ! delist once there have been no new reports in one week. Probably pointless to list in the first place ||68.60.77.128^$all ! https://app.any.run/tasks/37850881-daef-455e-a60d-7b1a11438955 (just a 7zip download???) ||fitgirlrepack.games^$document ||losstub.icu^$document ! https://app.any.run/tasks/bdf92208-3c4b-4673-b4f4-4d59299d1201 ||fitgirl-repacks.proxy2link.com^$document ! https://github.com/hagezi/dns-blocklists/issues/166 ||milfme.com^$document,popup ||track.findb.news^$document,popup ||tracking.lovematchflirt.com^$document,popup ||tracking.latedreamdate.com^$document,popup ! https://bazaar.abuse.ch/sample/971a53dd3d17c44c1f4b21e33c0c161aed411ebb8c4d7f5a47c3cc68849340a5/ ||skynetx.com.br^$all ! https://app.any.run/tasks/45e3bc2d-8e87-47b6-b233-cf8bfecbd5b7 ||cdt2023.ddns.net^$all ! https://app.any.run/tasks/425c595f-3f93-4d54-abaf-29b7d8c78e1b# ||bit.ly/3G1xJTO^$all ||upload.ee/files/14795098/Installer.rar.html^$all ||upload.ee/download/14795098/e163e4d865031c40167f/Installer.rar^$all ! https://github.com/uBlockOrigin/uAssets/pull/16283 ||galeden.cn^$all ! https://virustotal.com/gui/url/ba238fade1efae3c4a22a777ea6d8e7876911ba2762a38e9068be025dae64642/community ! https://app.any.run/tasks/fc749190-7a49-4f62-bfcb-b4262ba6fe8b (my analysis) ||coda.io/d/_dgQ7smav5EW/AP_suCWI^$document ! https://virustotal.com/gui/url/d53cb0004ee89defa498483920b97ff3b414748e05ce7a5af65136b06b19ef6f/community ||tidy-mark.com^$all ! https://forums.malwarebytes.com/topic/293729-help-please-a-file-trojan-keeps-coming-back-when-i-reboot-my-computer/ ||phtgnx.top^$all ||cdn.phtgnx.top^$all ||progriu.top^$all ! https://tria.ge/230114-ra56dsch4w/behavioral2 ! https://threatfox.abuse.ch/ioc/1068340/ and https://threatfox.abuse.ch/ioc/1068341/ ||146.70.86.11^$all ||69.46.15.158^$all ! https://github.com/uBlockOrigin/uAssets/issues/16339 ||ormoredeta.xyz^$all ! https://forums.malwarebytes.com/topic/293881-hijackautoconfigurlprxysvrrst-backdoorfarfli/ ||agametog.com^$document ||g.agametog.com^$all ! https://blog.sucuri.net/2023/01/finding-removing-malware-from-weebly-sites.html ||circuitingratitude.com^$all ! https://forums.malwarebytes.com/topic/294335-repeated-blocked-website-trojan-compromised-logs/ ||dellenshop.top^$document ! https://forums.malwarebytes.com/topic/294374-might-have-a-virus/ ! https://forums.malwarebytes.com/topic/294372-suspicious-file/ ! https://threatfox.abuse.ch/ioc/1073271/ ! (my analysis) https://app.any.run/tasks/96fff8ad-199e-4a03-aea3-410214ed18f4 ||194.36.177.164^$all ! https://github.com/uBlockOrigin/uAssets/issues/16558 ! (my analysis) https://tria.ge/230130-pl42csac69/static1 ||driveusercontent.us^$document ! https://forums.malwarebytes.com/topic/294473-malware-not-detected-in-malwarebytes/ (account required) ! (my analysis) https://app.any.run/tasks/14b9da67-7f1e-49ff-b73d-26a5d263efbf/ ||135.181.41.147^$all ! https://github.com/DesktopECHO/T95-H616-Malware ||ycxrl.com^$all ||cbphe.com^$all ||cbpheback.com^$all ! from internal discussion ! https://urlhaus.abuse.ch/url/2524904/ ! (my analysis) https://tria.ge/230201-nxx7hsda77/behavioral2 ! https://threatfox.abuse.ch/ioc/1067729/ ||82.115.223.46^$all ! https://forums.malwarebytes.com/topic/294558-google-customer-reward-program/ ||21bustqisw2.top^$document ! https://forums.malwarebytes.com/topic/294619-trojan-hijack-browser/ ! https://app.any.run/tasks/9cdd662f-9642-4406-8797-03f021ce6370 ! https://tria.ge/230203-pmtl1saf9t/behavioral1 ||ccleaner-download.xyz^$all ||35.181.110.225^$all ||service-domain.xyz^$all ! https://virustotal.com/gui/url/7edda570d0f8fae48fac53194950c93137721d5535829d88add851c9bf42a0e2 ! (my analysis) https://app.any.run/tasks/1da745f3-0a79-44b4-9490-0ce55609f1e2 ||un-titled.co/remain/DNS/index.php$document ! NSFW: https://app.any.run/tasks/84fe2ec3-067b-4095-8a4f-e74636671351 ||okaynotification.com^$all ||message.okaynotification.com^$all ||notice.okaynotification.com^$all ||click.okaynotification.com^$all ||update.okaynotification.com^$all ||now.okaynotification.com^$all ||readnow.okaynotification.com^$all ! https://app.any.run/tasks/04b2bc07-923b-4890-8587-02e360d01ae0 ||gamebee.club^$document ! https://github.com/AdguardTeam/AdguardFilters/issues/142226 ! https://app.any.run/tasks/91ca9115-952b-479f-8f9d-360e096e558b ||qfdsq.inghesatin.com^$all ||wickedhumankindbarrel.com^$all ||videoadblockerpro.com^$all ||stop-adblocker.info^$all ||wheeshoo.net^$document ||justquiz39.pushalert.co^$all ! https://forums.malwarebytes.com/topic/294740-trojans-will-not-disappear-and-mb-wont-stop-blocking-websites/ ! https://threatfox.abuse.ch/ioc/1078147/ ||194.87.216.194^$all ! https://www.malware-traffic-analysis.net/2023/02/03/index.html ||yes2food.com^$all ||62.204.41.176^$all ||176.113.115.177^$all ! https://threatfox.abuse.ch/ioc/1078856/ ! https://twitter.com/1ZRR4H/status/1623067548781539339 ||79.137.248.136^$all ||79.137.206.31^$all ||85.192.40.253^$all ! https://github.com/uBlockOrigin/uAssets/issues/16704 ! https://app.any.run/tasks/dbfbbaca-9fd5-4466-8a29-9e0519b77589 ! https://virustotal.com/gui/file/f202337f99c730eef56d3be2a7fb92d74c9b5adac799fb0564bc9264f2784f5c/relations ||vserpg.ru^$all ! https://app.any.run/tasks/bcd4633b-931e-4bfc-a874-24d04a136036 ||wlbss.inghesatin.com^$all ||xe5j8.inghesatin.com^$all ||ggjt8.inghesatin.com^$all ! https://app.any.run/tasks/53948f39-666f-4083-aa4e-bd5f215d29e2 ||dykbo.inghesatin.com^$all ! https://github.com/iam-py-test/my_filters_001/issues/109 ||en.firstgooal.com^$all ||0-4.top^$all ||bitly.email^$all ||cutlinks.ca^$all ||cuturls.net^$all ||d-ev.dev^$all ||g-l.gl^$all ||i-io.io^$all ||i-n-fo.info^$all ||i-s.is^$all ||ii-ii.ru^$all ||l-ol.lol^$all ||oo-o.co^$all ||psu.su^$all ||ufox.info^$all ||vvg.vg^$all ||w-ws.ws^$all ! https://github.com/blocklistproject/Lists/issues/933 ||8narwi309.click^$all ||8ebtdbsjsu.click^$all ! https://app.any.run/tasks/77b6a223-4c81-4798-9dc0-a747de6e0f6d ||crackshash.com^$document ||czgovd.com^$all ||pufgilsofp.sbs^$all ||bstnwswrld.com^$document ||news-wobuda.com^$all ||ztzguv.com^$all ||thbstvd.com^$all ||notyfrom.info^$document ||flymylife.info^$all ||ms-82.flymylife.info^$all ||ms-52.flymylife.info^$all ||54trck.xyz^$all ||cxvfh.gesgloven.com^$all ! https://app.any.run/tasks/f03aaba8-7c21-4316-a6db-cbb9bdbb1db6 ! https://app.any.run/tasks/d142bf7d-0363-4bf2-9795-66423bbc9eac ||origincrack.com^$all ||9bghqk3avg2gnh.click^$all ||bit.ly/3S7o1VK^$all ! https://tria.ge/230216-sgsz3shg3w/behavioral2 ! https://threatfox.abuse.ch/ioc/1077934/ ||83.217.11.27^$all ! https://virustotal.com/gui/ip-address/77.73.134.35/relations ||77.73.134.35^$all ! https://twitter.com/TrackerC2Bot/status/1620944031030075392 ! https://threatfox.abuse.ch/ioc/1077935/ ||83.217.11.28^$all ! https://forums.malwarebytes.com/topic/295115-trojan-downloaders-not-detected-by-malwarebytes/ (account required) ! https://virustotal.com/gui/file/a0626a283b6e2cbcacfbcc06c21691aff5e3386d43a76909304b2b0bacf8f45a/relations ||176.57.150.117^$all ! fake tor browser - https://app.any.run/tasks/679e9afa-eb19-4414-a086-e280a779a448 ! https://tria.ge/230217-xd8nksgc9x/behavioral2 ||anapatformacion.org/modules/file/tor/tor-browser.zip^$all ! https://github.com/uBlockOrigin/uAssets/issues/15937 ! https://github.com/uBlockOrigin/uAssets/issues/15937 ! https://virustotal.com/gui/url/a70d88ffc974f8d9cc5c3561938e95435d20a12a555e8c10d638d2bee5292165 ||kochava.com^$all ||neptunclicks.com^$all ||arakusus.com^$all ||imgfil.com^$all ||urlcod.com^$all ||tiurll.com^$all ||startex3download.com^$all ||gowtos.com^$all ||lomogd.com^$all ||nosnou.com^$all ! https://virustotal.com/gui/file/aaa1beed5908f05cd7e4dc405ec763deecd6177b0bf78f0faa9cd54eed14bc34/detection ||mesoftwares.vip^$all ! https://app.any.run/tasks/82180609-bf2b-4565-88cd-e3cb2c8e6456/ (someone else's anyrun, credit to them) ||rebrand.ly/30p0zqg^$all ||95.217.14.200^$all ! https://app.any.run/tasks/1aa45c59-b90f-47a2-8fb9-7915a377055a/ ||46.48.76.120^$all ! https://forums.malwarebytes.com/topic/295202-windows-powershell-keeps-popping-up-randomly-and-closing/ ! https://virustotal.com/gui/file/d3c9371a1456fd7c4551e18b0c1172a597f86c97e2864bc0b1be632c48da9697/relations ||ahoravideo-blog.com^$all ||ahoravideo-cdn.com^$all ||ahoravideo-endpoint.com^$all ||ahoravideo-endpoint.xyz^$all ||ahoravideo-schnellvpn.com^$all ||ahoravideo-schnellvpn.xyz^$all ||bideo-blog.com^$all ||bideo-cdn.com^$all ||bideo-chat.com^$all ||bideo-chat.xyz^$all ||bideo-endpoint.com^$all ||bideo-endpoint.xyz^$all ||bideo-schnellvpn.com^$all ||fairu-blog.com^$all ||fairu-cdn.com^$all ||fairu-chat.com^$all ||fairu-chat.xyz^$all ||fairu-endpoint.com^$all ||fairu-endpoint.xyz^$all ||fairu-schnellvpn.com^$all ||fairu-schnellvpn.xyz^$all ||privatproxy-blog.xyz^$all ||privatproxy-cdn.xyz^$all ||privatproxy-chat.com^$all ||privatproxy-endpoint.xyz^$all ||privatproxy-schnellvpn.com^$all ||wmail-blog.xyz^$all ||wmail-cdn.xyz^$all ||wmail-chat.xyz^$all ||wmail-endpoint.xyz^$all ||wmail-schnellvpn.com^$all ||wmail-schnellvpn.xyz^$all ! https://forums.malwarebytes.com/topic/295239-unsure-if-anything-has-been-done/ ||tiktok.ti3fsaa.cloud^$all ||ti3fsaa.cloud^$document ! https://app.any.run/tasks/fc4768ad-8cc8-4af7-bd44-d91f5d8c258e ||polo.thegadgetguru.club^$all ||thegadgetguru.club^$all ||startd0wnload22x.com^$all ||burningpushing.info^$third-party ! https://www.welivesecurity.com/2023/03/01/blacklotus-uefi-bootkit-myth-confirmed/ ||erdjknfweklsgwfmewfgref.com^$all ||harrysucksdick.com^$all ||egscorp.net^$all ! https://forums.malwarebytes.com/topic/295534-rtp-outbound-connection-on-googlewikipedia/ ||eatablehelprut.com^$all ! https://forums.malwarebytes.com/topic/295590-malwarebyes-blocks-webite/ ||mignished-sility.com^$all ! https://forums.malwarebytes.com/topic/295631-blocked-website/ ||curvyalpaca.cc^$third-party ! https://github.com/RPiList/specials/issues/948#issuecomment-1458739160 ||yuppdownload.com^$all ! https://github.com/AdguardTeam/AdguardFilters/issues/145513 ||4b34eusvcxsdublb6f.runoj.click^$all ||runoj.click^$all ! https://github.com/AdguardTeam/AdguardFilters/issues/145513#issuecomment-1468676678 ||agapios-gla.com^$document,popup ||artax-evn.com^$document,popup ||balor-ghn.com^$document,popup ||ermin-oxj.info^$document,popup ||gloos-zus.info^$document,popup ||harib-eir.info^$document,popup ||kuno-gae.com^$document,popup ||orige-duo.com^$document,popup ||redirect.newprogrammatic.click^$document ||3.231.116.86^$document ||54.237.193.255^$document ! random malware ||fuckbookmobile.org^$document ||theparlornextthef.com^$all ||dtsdr.theparlornextthef.com^$all ||bvnie.taitlastwebegan.com^$all ||taitlastwebegan.com^$all ||162.243.164.175^$all ||jikabotlan.click^$all ||trackyouswin.com^$all ||getnomadtblog.com^$all ||urhandups.xyz^$all ||qtgsr.taitlastwebegan.com^$all ||entry4hide.cyou^$all ||ovhoq.nkingwitheaam.com^$all ||nkingwitheaam.com^$all ||bigosext1s.com^$document ! https://github.com/DandelionSprout/adfilt/issues/808 ||jonathanbartz.com^$all ||jp.imonitorsoft.com^$all ||junk-bros.com^$all ||kepw.org^$all ||kristinee.com^$all ||lakeside-fishandchips.com^$all ||108.61.242.65^$all ||146.70.78.43^$all ||87.120.254.39^$all ||45.150.108.213^$all ||92.204.160.240^$all ! https://www.reddit.com/r/uBlockOrigin/comments/1204r6t/this_should_probably_be_blocked_if_i_must_say/ ||adblockers.b-cdn.net^$all ||pleasetrack.com^$all ! malware ||official-expert.org^$document ||file-uploud.site^$document ! https://github.com/durablenapkin/scamblocklist/issues/31 ||balkeryswep.online^$all ! https://github.com/durablenapkin/scamblocklist/issues/29 ||youtubee.com^$document ||youtunbe.com^$document ||twiiiter.com^$document ||twitterr.com^$document ||goglle.com^$document ||toyrube.com^$document ||yahhhoo.com^$document ! https://forums.malwarebytes.com/topic/296944-malware-blocked-when-doing-a-google-search/ ||prodfliying.com^$all ! https://threatfox.abuse.ch/ioc/1104536/ ||js.msedgeupdate.com^$all ||msedgeupdate.com^$all ! https://app.any.run/tasks/00d5d80b-3924-4421-8780-7ba796d7b825 ! https://tria.ge/230420-anfn8agb9z/behavioral1 ||portalproveedores.com.mx^$all ! https://threatfox.abuse.ch/ioc/1063263/ https://threatfox.abuse.ch/ioc/1028975/ ||45.15.157.131^$all ! https://github.com/durablenapkin/scamblocklist/issues/36 ||ledgerlivewallets.com^$all ||ledgers.network^$all ! https://blog.morphisec.com/in2al5d-p3in4er ||siamaster.com.mx^$all ! https://www.reddit.com/r/uBlockOrigin/comments/1304khl/badware_sites/ ||actionclassicgames.com^$document ||allin1convert.com^$document ||allinonedocs.com^$document ||anytimeastrology.com^$document ! https://github.com/uBlockOrigin/uAssets/blob/fc2d7bd065b3e79d945fcfdc0da73ff33f6ea089/filters/badware.txt#L3038-L3044 (hopefully I understood the license right, if not, I can delete this) ||myway.com^$all ! https://forums.malwarebytes.com/topic/297334-our-company-website-shows-riskware-from-a-different-domain/ ||life.judyfay.com^$all ||xjquery.com^$all ! https://virustotal.com/gui/url/f68044fcf6f1a22b4b1d06cae0dddefa4bd7282377ba16a2a6222379414a6073/community ! https://app.any.run/tasks/ea625e50-b943-4e69-ae48-03231219b07f (my analysis) ||139.224.13.184^$all ! https://www.bleepingcomputer.com/news/security/new-atomic-macos-info-stealing-malware-targets-50-crypto-wallets/ ||amos-malware.ru^$all ! https://app.any.run/tasks/5fddd235-4433-4376-9a75-39a28b018f6b ||realtorstrust.com^$all ! https://app.any.run/tasks/d40fc871-4942-4acd-8d6a-d8f4baae1f32 ||kuyhaa-me.id^$all ||bit.ly/40K0ug0^$document ||mediafire.com/file/ztx9xrm611hw3z1/NewSetup_Use_2023_Password.rar/file^$all ||37.220.87.68^$all ! shared by ryan ||updatefreecompletelytheproduct.vip^$all ! https://github.com/hagezi/dns-blocklists/issues/1013 ||revanced.io^$all ! https://www.reddit.com/r/uBlockOrigin/comments/139u3yf/malicious_domain_to_block_used_by_hacked_manga/ ||gdpr.web0.eu^$third-party ! https://forums.malwarebytes.com/topic/297655-malware-and-popup-in-my-pc/?do=findComment&comment=1566331 ||threatdetect.org^$all ! https://www.malwarebytes.com/blog/threat-intelligence/2023/05/fake-system-update-drops-new-highly-evasive-loader ||xxxxxxxxxxxxxxx.ru^$all ||click7adilla.ru^$all ! https://virustotal.com/gui/file/dd45a0f40e75b051871fefd4ddb1ce6dcf130d4e172010c0753e01c1a6523666/relations ||zexeq.com^$all ||colisumy.com^$all ! https://virustotal.com/gui/url/4cbb55b62fe8bc2acdaa79d3c4fd3a6d33c0d5eed287bbe655fc117c6bdeb0a3/community ! (my analysis) https://app.any.run/tasks/2de7c1a5-bfe4-4b48-a1e5-b7d8c059cbd0 ! (my analysis) https://tria.ge/230512-xhsg6agd4v/static1 ||87.121.221.106^$all ! https://tria.ge/230512-tj6jmadg34 ||37.220.87.66^$all ||45.9.74.99^$all ! https://forums.malwarebytes.com/topic/297825-not-sure-if-i-am-being-hacked/?do=findComment&comment=1567599 ||redirection-to-the-offer.info^$document ! https://github.com/uBlockOrigin/uAssets/issues/18115 ||maxstream.video/*.php$document ||needyscarcasserole.com^ ! https://github.com/durablenapkin/scamblocklist/issues/52 ||baltic79.wordpress.com^$all ||visoedifica.com^$all ||balticpipe.wordpress.com^$all ||finnews7.wordpress.com^$all ||fazpowerdenet.tumblr.com^$all ! (my analysis) https://tria.ge/230519-1bgzmagd36/behavioral1 ! (not my analysis) https://threatfox.abuse.ch/ioc/1115696/ ||195.123.227.138^$all ! https://github.com/hagezi/dns-blocklists/issues/1071 ||hard-configurator.com^$all ! https://github.com/uBlockOrigin/uAssets/issues/18206 ||fitgirl.cc^$document ! https://github.com/uBlockOrigin/uAssets/issues/18205 ||fitgirlrepacksite.com^$document ! https://tria.ge/230525-z8rpnacd92/behavioral2 ! https://bazaar.abuse.ch/sample/a76c4f346a0f72cc1fcf8c471abb0ecd2e914c5863a4f4556d884212f8d3b2fb/ ||185.209.161.89^$all ||telegra.ph/FL-Studio-05-10^$all ! spam on Malwarebytes forums (taken down) ! https://app.any.run/tasks/c084b570-6946-4878-ab48-8db1dc4ed659 ! https://tria.ge/230530-m4zhgshb97/behavioral2 ||activatorscrack.com^$all ||mjko06yh.cfd^$all ||maper.info^$all ||79.137.202.161^$all ||78.46.248.198^$all ||78.47.9.120^$all ||162.55.212.236^$all ||45.159.189.105^$all ! https://www.reddit.com/r/uBlockOrigin/comments/134b450/please_add_adblock_badware/ ||softronline.click^$all ! https://github.com/mitchellkrogza/phishing/pull/232#issuecomment-1570214480 ||xajibur.ru^$all ||ponafet.ru^$all ||baarspo.ru^$all ||crophysi.ru^$all ||gimoguvi.ru^$all ! https://github.com/uBlockOrigin/uAssets/issues/18332 ||goglel.com^$all ! https://virustotal.com/gui/url/0ed4615c9ee045c652ae76001f55252a665cacbea0ed623909f8a780cbfd564d/community ! my analysis: https://app.any.run/tasks/0d2fac2a-6485-4d2d-941c-782acfddd966 ||mreilly.s3.eu-central-003.backblazeb2.com^$all ||zen-leakey.138-68-80-63.plesk.page^$all ! https://tria.ge/230601-z9q5hsha6v/behavioral1 ||softwave.cc^$all ! https://virustotal.com/gui/url/36a5536b1c4ca42b01b31bce4ec0be95192c7204cd83461c3dddff151266ba7b/community ! my analysis: https://tria.ge/230602-t1vhpach4z/behavioral1 ||jp6yze3jwx6462c537686e2.inetpr.ru^$all ! https://palant.info/2023/06/02/how-malicious-extensions-hide-running-arbitrary-code/ ||tryimv3srvsts.com^$all ! https://forums.malwarebytes.com/topic/298691-my-aspnet-website-infected-with-some-wired-malware/ ||usaday.biz^$all ||abu.usaday.biz^$all ||us.usaday.biz^$all ||c822c1b63853ed273b89687ac505f9fa.onepro.club^$all ||738aa8d3bc02eb8712acd0eb2cf6dfd5.onepro.club^$all ||241fe8af1e038118cd817048a65f803e.onepro.club^$all ||ba9bf05693b9fa202d922dd43a08f281.onepro.club^$all ! https://tria.ge/230607-m9fmkaac6w/behavioral1 ||rewardarium.com^$document ! malware on youtube - https://bazaar.abuse.ch/sample/4d152234f168692459b482981f469e96e4f933360295cd64f5089370a4b07118/ ! https://tria.ge/230607-zarl1aff36/behavioral1 ||65.21.240.228^$all ! more malware on YT - https://bazaar.abuse.ch/sample/bb02043cb749f91364f655b35404dc37e517d6aa7cdcbf474bee1fa6be5abe5f/ ! https://tria.ge/230607-z5gqaaga69/behavioral2 ||telegra.ph/T-Soft-06-02^$all ! https://forums.malwarebytes.com/topic/298978-potential-threat-blocked-website-appears-malicious-scan-says-virus-free/ ||garuq.com^$all ! https://bazaar.abuse.ch/sample/d41166f1c8bbd3c6bbac0f5c96c4dc867d501c3ce5aeb056686ffa28652facef/ (not my sample, credit to r3dbU7z) ! my analysis (dropped file): https://tria.ge/230611-paf56ahg4v/behavioral2 ! my analysis (dropped file): https://app.any.run/tasks/e1f1f0fa-8d92-4270-b422-801cfe91d189 ||josemonila.ddnsfree.com^$all ! https://github.com/badmojr/1Hosts/issues/1482 ||aoikerala.in^$all ! https://virustotal.com/gui/file/7840cb8d12d3a20f265802531f19e7d58928167a37a58b631fa468d78e417a14/community ! my analysis: https://app.any.run/tasks/864669a8-c96e-4971-9810-1427b4343120 ||5.42.66.3^$document ! https://tria.ge/230623-r72t8sfe33 ||45.15.159.27^$all ! https://tria.ge/230623-25exssae3x/behavioral1 ! https://app.any.run/tasks/036fbeb1-adc1-4f00-93ec-aa337f7b05dd ||pejik.com^$all ||bthp.com.pk^$all ||dokumentasoluciones.com^$all ||208.67.104.60^$all ! https://forums.malwarebytes.com/topic/299557-malware-sample-suspected-crypto-stealer/ (account required) ! my analysis: https://tria.ge/230629-tq712aeb59/behavioral1 ||store1.gofile.io/download/direct/d8c2a667-c088-4a39-9cdd-efe0b47d735c/InfinityWallet-Setup.exe^$all ||infinitywallet-dapps.b-cdn.net^$all ||167.86.74.95^$all ! https://github.com/uBlockOrigin/uAssets/pull/18686 ||roundyearfun.com^$all ! https://github.com/uBlockOrigin/uAssets/issues/18678 ||imganalyze.hgspz.com^$all ||www.tellegrom.xyz^$all ! https://forums.malwarebytes.com/topic/299589-suspicious-file/ (account required) ! my analysis: https://tria.ge/230630-tngfaseg9t/behavioral1 ||213.255.247.174^$all ! https://forums.malwarebytes.com/topic/299435-help-with-redirects-on-my-google-browser/ ||searchokay.com^$document ||srvtrck.com^$document ||r.srvtrck.com^$all ! malware infection: ! Edge Extension: (Apps) - C:\Users\User2\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pejhfhcoekcajgokallhmklcjkkeemgj [2023-06-24] [UpdateUrl:hxxps://extappupdate.com/crx/updates.xml] <==== ATTENTION ! Edge HKLM\...\Edge\Extension: [pejhfhcoekcajgokallhmklcjkkeemgj] - C:\\apps.crx [2022-11-27] ! CHR Extension: (Apps) - C:\Users\User2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pejhfhcoekcajgokallhmklcjkkeemgj [2023-06-24] [UpdateUrl:hxxps://extappupdate.com/crx/updates.xml] <==== ATTENTION ||extappupdate.com^$all ! CHR DefaultSearchURL: Profile 1 -> hxxps://find.fnavigate-now.com/results.aspx?d=092122&n=9998&q={searchTerms}&gd=RD1002806&searchsource=58 ||find.fnavigate-now.com^$document ! https://tria.ge/230707-zfx1zacf4s/behavioral1 ! https://tria.ge/230709-z9e29aga59/behavioral1 ! https://tria.ge/230711-xsyf6abf3y/behavioral2 ||5.42.86.86^$all ||77.105.147.158^$all ! https://virustotal.com/gui/url/ff883d9b80c27b78b2b303c12d3e57d5a2664ac35ccf41fdd6bbdbfbb97b613f/community (credit to IceFlame) ! my analysis: https://app.any.run/tasks/c386fa43-f566-4df4-a7d9-61f387da92f3 ||southbayleadgen.com^$all ! https://app.any.run/tasks/2e736410-ed5d-4c7e-9eb2-79ee3c578f37 ! https://tria.ge/230710-yhtkwsec9y/behavioral2 ||185.106.93.193^$all ! https://github.com/AdguardTeam/AdguardFilters/issues/155936 ||truanet.com^$document ! https://virustotal.com/gui/url/18581d709d6be180d2cd174b888202020b54b086aa1efc9365ea6ebf742d0217 ! my analysis: https://app.any.run/tasks/827c21c1-e63b-4fad-9000-2955bc5b81e3 ||chijkkkll.pages.dev^$all ! https://tria.ge/230711-tmceyshg22/behavioral2 ||tdamassoficial.com^$all ||t.me/rifbef734frbe43jfef^$all ||t.me/eagl3z^$all ||193.27.90.10^$all ||5.75.211.167^$all /PASSWD_2023_ThePcworldsPublics.rar|$all ! https://github.com/uBlockOrigin/uAssets/issues/18963 ||fitgirl-repack.com^$all ! https://forums.malwarebytes.com/topic/300219-outbound-traffic-alerts-from-malwarebytes/ ! not my analysis: https://app.any.run/tasks/586f952d-141e-4dae-a4c4-73523cde2f5a/ ! not my analysis: https://app.any.run/tasks/523b7f48-dae3-4854-b944-1facb01f8645/ ||62.182.156.148^$all ! https://forums.malwarebytes.com/topic/301834-pretty-sure-i-have-a-nasty-rat-msbuild-outgoing-being-blocked-constantly/ ||spexjs.com^$document ! https://app.any.run/tasks/1aabe39d-a1f9-41e4-81b3-9e84a174ffc5 ||95.216.94.138^$all ! malware download ||kellmda.click^$all ! https://tria.ge/230717-phq1bscd4y/behavioral2 ||85.208.139.35^$all ||95.216.94.138^$all ! https://www.bleepingcomputer.com/news/security/hackers-exploiting-critical-wordpress-woocommerce-payments-bug/ ||194.169.175.93^$all ! https://github.com/hagezi/dns-blocklists/issues/1327 ||bgrfmi.com^$all ||eweukr.com^$all ||gycqna.com^$all ||hcafpg.com^$all ||jggjh.com^$all ||mnawew.com^$all ||nvcrcf.com^$all ||vgrcxa.com^$all ||udwuyw.com^$all ! https://virustotal.com/gui/url/044d4e3d1e58f48e42cfb936d6ce3ab244bc85b8f0b1d5a84f3916584156bbd2/community ! my analysis: https://app.any.run/tasks/9ead09a0-6f56-477b-8a27-9a85c5a803e6 ||bafkreibm2c232v5uuz7vkxcdkwdjye6oaoasxg5zkye7y3oyodm6olulou.ipfs.dweb.link^$all ||lkalzzop.online^$all ! https://virustotal.com/gui/url/1696219caa54a048bb1fa0c1e95aaf80b7336ddcbdcca5a2c24ae2847a62cd03/community ! https://app.any.run/tasks/bce8c275-c977-46ee-bf0b-df5b0d9b2386 ! https://tria.ge/230720-29xy6sba84/behavioral1 ||168.119.178.159^$all ! malware download: https://virustotal.com/gui/url/8d6014420a75e2f33b9a2c1c2e33984df5e6ce0a178c8275af498251f02f1500/detection ! https://tria.ge/230721-y239fahc9y/behavioral2 ||gstatic-node.io^$all ! https://virustotal.com/gui/url/ad56257de36b1955113d7894423cc4d5b37d07ed5ade66b1fad5e73b830b1467/detection ||freesoftonic.cc^$all ! https://app.any.run/tasks/87d4e9bb-6697-4a2e-9323-fa5b403ed161/ (not my analysis) ! my analysis: https://tria.ge/230723-pzsv9aef9y/behavioral2 ||45.9.74.141^$all ||45.9.74.166^$all ! not my analysis: https://tria.ge/230723-zxzacshc8y/behavioral1 ||168.119.51.197^$all ! https://tria.ge/230724-w9z6mshb5t/behavioral1 ||gesmart.site^$all ||sanseemp.com^$document ||upgrade-phone.club^$all ! https://virustotal.com/gui/ip-address/207.154.243.69/relations ||update-smart.club^$document ||cleaner-update.club^$document ||speedupdate.club^$document ||good-update.club^$document ! https://forums.malwarebytes.com/topic/300693-fake-steam-login/ (account required) ||csgofloat.br.com^$all ! https://virustotal.com/gui/file/48987d9c89542a8cb4f8d34eb34902a4762cc8643c0e491deb6115907db4887b/detection ||24.199.69.78^$all ! https://tria.ge/230730-23lybsbf53/behavioral2 ||hopvibestravel.co.za^$document ||49.13.60.242^$all ! https://github.com/uBlockOrigin/uAssets/issues/19248 ! https://www.reddit.com/r/uBlockOrigin/comments/15hxgnd/why_ublock_blocks_revanced/ ||revanced.net^$all ! https://0xacab.org/my-privacy-dns/matrix/-/issues/648114 ! https://tria.ge/230805-s5szzsde27/behavioral1 ||thehipsteragency.com^$all ! https://github.com/uBlockOrigin/uAssets/issues/19287 ||keen-france.fr^$all ||keenfrance.fr^$document ||keen-fr.com^$document ! https://github.com/hagezi/dns-blocklists/pull/1405 ||pnsys.info^$all ||drto.info^$all ! https://forums.malwarebytes.com/topic/301391-can-you-check-if-im-infected/ ! https://forums.malwarebytes.com/topic/301390-possible-malware-ransomware-targetting-digital-ads-managers/ (account required) ! https://tria.ge/230819-mm3htaaf9x/behavioral1 ||dropbox.com/scl/fi/r3firsxixp8h4qv69gurt/A.Objectives-of-Facebook-Marketing-AD-Campaign-2023-NEW-Obag-Handbags.zip$all ! https://github.com/hagezi/dns-blocklists/issues/1467 ! https://tria.ge/230824-njm5dsdg2z/behavioral1 ||revanced.info^$all ! https://www.bleepingcomputer.com/news/security/childrens-snack-recalled-after-its-website-caught-serving-porn/ ||appykidsco.com^$document ! https://www.youtube.com/watch?v=DUbemJF_3zE /wp-admin/Install.exe|$document ! https://www.bleepingcomputer.com/news/security/evil-telegram-android-apps-on-google-play-infected-60k-with-spyware/ ||telegrnm.org^$all ||sg.telegrnm.org^$all ! https://www.bleepingcomputer.com/news/security/free-download-manager-site-redirected-linux-users-to-malware-for-years/ ||fdmpkg.org^$all ||deb.fdmpkg.org^$all ! https://github.com/hagezi/dns-blocklists/issues/1574 ||pdfviewer.app^$document ||zougla.news^$document ! https://github.com/AdguardTeam/AdguardFilters/issues/161711 ||yourfirstfunnelchallenge.com^ ! https://github.com/libre-tube/LibreTube/issues/4409#issuecomment-1722268425 ||libretube.app^$all ! https://virustotal.com/gui/url/51a5c613fa07f8301aa68fa16e7307dbf3bf0b0dcfa015632895d7ebf7ca36d3/community ! my analysis: https://tria.ge/230918-nj1eqagh7x/behavioral1 ||bookingcomdetails.$document ! https://github.com/hagezi/dns-blocklists/issues/1615 ||zlibrary-africa.se^$all ! https://github.com/DandelionSprout/adfilt/discussions/779#discussioncomment-7137675 ||86pmafno21mst.com^$all ! https://web.archive.org/web/20231002133931/https://forums.malwarebytes.com/topic/302965-rtp-detection-trojan/ ||178.20.47.114^$all ! https://github.com/dhowe/AdNauseam/issues/2405 ! my analysis: https://tria.ge/231002-r1qtdsbf71/behavioral1 ! my analysis: https://tria.ge/231002-r3eh5sbf9y/behavioral1 ||torixibre.com^$all ||qyt8pi.torixibre.com^$all ! my analysis: https://tria.ge/231002-r6zcqadd47/behavioral1 ||anybodyproper.com^$document ||violationphysics.click^$all ! https://github.com/hagezi/dns-blocklists/issues/1652 ||scribdbook.top^$all ||dleggere.com^$all ! https://urlhaus.abuse.ch/url/2716031/ ! my analysis: https://tria.ge/231003-neebpaca39/behavioral1 ||meshitislaw.com^$all ||uploaddeimagens.com.br^$all ! https://urlhaus.abuse.ch/url/2716407/ ! my analysis: https://tria.ge/231004-va4t4sdb3x/behavioral1 ||www.transportesevaristomadero.com/profilecontent/*.exe$document ! https://github.com/libre-tube/LibreTube/issues/4409 ||libretube.net^$all ||libretube.$document ||libretubeapk.$document ! https://securityintelligence.com/posts/x-force-uncovers-global-netscaler-gateway-credential-harvesting-campaign/ ||jscloud.live^$all ||cloudjs.live^$all ! https://virustotal.com/gui/url/c7f655bd7dfc420f022a96a30214460372a6ab74d6ed24ada16809bb9bf3dfa8/community ! my analysis: https://web.archive.org/web/https://tria.ge/231008-w9akzsfb7v/behavioral1 ||weibo-b5game.com^$all ! https://tria.ge/231009-m46lssed76/behavioral1 (cloudflared) ||videocampaign.co^$document /fkB225bp9B03IzhMTD-qV-nJq3iBCLf19BrRGtaIxfU/?cid=$popup,third-party /ZslvDO9tazAAM8cZhxdHFHsjpLRRnkJZ1AOLiLfLja8/?clck=*&sid=$document ||instantgreenapp.com^$document ||free.instantgreenapp.com^$document ||secure.instantgreenapp.com^$document ! https://github.com/uBlockOrigin/uAssets/issues/20036 ||www.ssp.sp.gov.br/ead/report/video/video_$document ||www.ssp.sp.gov.br/ead/auth/video/video_$document ||js.eventbr.xyz/vip/crazy.js ||br.zmdesf.cn/br.js ||v37870.com^ ||sites.uft.edu.br/topama/news.php$document ||pmf.sc.gov.br/arquivos/br.php^$all ! https://web.archive.org/web/20231010220704/https://tria.ge/231010-1rdl5sfg68/behavioral1 ||tiger.qnews.media^$third-party ||s8bet.com^$document ! https://www.fortinet.com/blog/threat-research/Iz1h9-campaign-enhances-arsenal-with-scores-of-exploits ||194.180.48.100^$all ||2.56.59.215^$all ||212.192.241.72^$all ! https://tria.ge/231014-mgpprscc8y/behavioral1 ||beakerweedjazz.com^$all ||pcsafetysurvey.com^$all ||cadrctlnk.com^$document ||clickmint3.online^$all ||alleubreakyailb.click^$all ||karoon.xyz^$all ||eu.karoon.xyz^$all ||news-sitogi.com^$all ! https://github.com/hagezi/dns-blocklists/issues/1703 ||ouisuamprert.com^$all ||nobistech.net^$all ! https://github.com/durablenapkin/scamblocklist/issues/66 ||arduino.uk.eu.org^$all ! https://infosec.exchange/@briankrebs/111261826129123343 ! https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/ ! https://www.malwarebytes.com/blog/threat-intel/2023/10/clever-malvertising-attack-uses-punycode-to-look-like-legitimate-website ! dead but will keep as there remains potential for future abuse ||xn--eepass-vbb.info^$all ||ķeepass.info^$all ||ķeepass.$document ! https://forums.malwarebytes.com/topic/303708-worried-about-drive-by-download-from-typoed-address/ (parked) ||oldreddit.com^$document ! https://forums.malwarebytes.com/topic/303710-caspolexe-causing-website-blocked-due-to-riskware-in-malwarebytes/ ||iniwork.4cloud.click^$document ! https://github.com/hagezi/dns-blocklists/issues/1744 ! https://github.com/uBlockOrigin/uAssets/pull/20247 ||magiskzip.net^$all ||magiskmanagerroot.com^$all ! https://github.com/topjohnwu/Magisk/issues/3435 ||magisk.download^$all ||magiskmanager.com^$all ||magisk.$document,domain=~topjohnwu.github.io ||magiskzip.$document,domain=~topjohnwu.github.io ||magiskmanagerroot.$document,domain=~topjohnwu.github.io ||magiskmanager.$document,domain=~topjohnwu.github.io ||magiskcn.$document,domain=~topjohnwu.github.io ||magiskroot.$document,domain=~topjohnwu.github.io ||magiskapp.$document,domain=~topjohnwu.github.io ! https://tria.ge/250131-plcxwavqgx/behavioral1 ! https://tria.ge/250131-pm9m8sxnep/static1 ||magiskzip.pro^$all ! something I found ||magisk.info^$all ! https://github.com/hagezi/dns-blocklists/issues/1743 /de-avira/?uclick=*&uclickhash=$document ! fake /@100-legal-free-discord-nitro-generator-no-human-verification|$document ! https://github.com/durablenapkin/scamblocklist/issues/68 ! https://tria.ge/231023-1xm3rsaa86/behavioral1 ||ninzatool.pw^$all ||powerboostup.com^$all ||www.ontajdu3js.com^$document ||arty2night.com^$all ||p.arty2night.com^$all /click?pid=*&sub1=$document ||quiztionnaire.biz^$all ||iphone.quiztionnaire.biz^$all ||offer-select.com^$document ||app.rewardflux.com^$document ! https://infosec.exchange/@iampytest1/111292640449421381 ! https://tria.ge/231024-3lc5jace3w/behavioral1 ||herew-lmq.com^$document ||findbestop.com^$document /74Dl/7.html?cep=$document ||thefinanceadvice.com^$all ||adblock1.com^$all ||install.adblock1.com^$all /3-blck-thefinadv-2clks.html?kw=$document ||newupdatesnow.com^$all ! https://forums.malwarebytes.com/topic/303782-new-threat-it-downloads-two-rar-files/#comment-1596622 (account required) ! https://forums.malwarebytes.com/topic/303784-malicious-script/ (account required) ! my analysis: https://tria.ge/231025-ner8jsgh51/behavioral1 ||154.223.16.114^$third-party ||dropbox.com/scl/fi/q0wq1lha5o0rkgdy9rdr4/m.zip$document ! https://tria.ge/231025-nk2zyagh81/behavioral1 ||goads.pro^$document ! https://github.com/paulgb/BarbBlock/issues/41 ||ssl.bblck.me^$document ! https://tria.ge/231027-2hkvjaae4w/behavioral1 ||dwnld-here.com^$document /74Ib/7.html?cep=$document ! https://forums.malwarebytes.com/topic/303877-trojanbitcoinminer-cant-be-removed/ ! https://virustotal.com/gui/file/1045127280b64e5d8e7af1efc347089f759860222f1373349d8c4aa1449918db/relations ||stratum-eu.rplant.xyz^$all ! https://tria.ge/231102-m8cjhsch24/behavioral1 ||walknotice.com^$all ! https://virustotal.com/gui/url/6afece7c72420223ae6f1700d02c8bee4806a335d23ab120522accba5e45250d ! my analysis: https://tria.ge/231102-nctnlach68/behavioral1 ||synergyproz.com^$all ||apparaatbeheer-online-abnamro-icscards.codeanyapp.com^$all ||apparaatbeheer-online-abnamro-icscards.$document ! https://bazaar.abuse.ch/sample/9fbd818dc28ea5561278e873bd9b6deb896d4fbaac86209903bdeaad55c6c31a/ ! my analysis: https://tria.ge/231102-npbnjsda74/behavioral2 ||ddos.dnsnb8.net^$all ! https://www.bitsight.com/blog/unveiling-socks5systemz-rise-new-proxy-service-privateloader-and-amadey ||109.230.199.181^$all ||185.141.63.172^$all ||193.242.211.141^$all ||212.8.242.211^$all ||109.236.85.145^$all ||190.2.135.77^$all ||151.80.38.159^$all ||217.23.6.51^$all ||217.23.9.168^$all ||37.187.122.227^$all ||51.159.66.125^$all ||109.236.88.134^$all ||109.236.81.104^$all ||176.31.254.229^$all ||185.141.63.2^$all ||185.141.63.4^$all ||185.141.63.84^$all ||185.141.63.85^$all ||188.165.192.126^$all ||188.165.192.18^$all ||188.165.195.130^$all ||195.154.174.130^$all ||195.154.176.206^$all ||195.154.176.209^$all ||195.154.178.238^$all ||195.154.188.211^$all ||195.154.235.51^$all ||195.154.241.165^$all ||195.154.242.37^$all ||195.154.243.38^$all ||195.154.251.21^$all ||195.154.251.99^$all ||195.154.252.221^$all ||195.154.253.49^$all ||37.187.142.187^$all ||37.187.143.172^$all ||37.187.148.204^$all ||62.210.204.131^$all ||88.80.145.110^$all ||88.80.145.142^$all ||88.80.147.200^$all ||88.80.147.205^$all ||88.80.147.36^$all ||88.80.148.219^$all ||88.80.148.33^$all ||88.80.148.8^$all ||91.121.171.208^$all ||91.92.111.131^$all ||91.92.111.132^$all ||91.92.111.133^$all ||91.121.30.185^$all ||94.23.58.173^$all ||217.23.5.14^$all ! https://github.com/durablenapkin/scamblocklist/issues/69 ||98kk89.com^$document ||42gixk.98kk89.com^$all ||9vzn29.98kk89.com^$all ||nzxsxn.98kk89.com^$all ||9vyzdk8.lvditoys.com^$all ||p8ydfra.lvditoys.com^$all ||qz94.com^$all ! https://virustotal.com/gui/url/c80163bbcc0ddd2e27263730a2a2f65ab0f0ede295d8ce0d6c4dc012ca158e44/community ! my analysis: https://tria.ge/231108-15zfrsfd77/behavioral1 ||arzo.ge^$document ! https://www.malwarebytes.com/blog/threat-intelligence/2023/11/malvertiser-copies-pc-news-site-to-deliver-infostealer ! https://github.com/hagezi/dns-blocklists/issues/1823 ||94.131.111.240^$all ||81.177.136.179^$all ||74.119.192.188^$document ! https://github.com/uBlockOrigin/uAssets/issues/20553 ! https://tria.ge/231110-pftcnsgg26/behavioral1 ||donwnaloadezzal.cfd^$all ||stopadblocker.pro^$document ||chaffewerbureaks.com^$document ||videoadblocker-pro.net^$document ! https://github.com/avast/ioc/pull/56 ||bombay.com.ar^$all ||ultracomb.com.ar^$all ||limpiadorpucho.com.mx^$all ||coacalco.gob.mx^$all ||navarro.gob.ar^$all ||pruebasbonsai.com.ar^$all ||pnt.info.pl^$all ||chapasanpedro.com^$all ||calzadosiris.com^$all ||ingenieriainsitu.com^$all ||paolomorettifurs.com^$all ||www.fefoncrecer.com^$all ||autoscuola-momo.ch^$all ||tcastro.com^$all ||www.steadyrun.com^$all ||moussedanslabouche.com^$all ! https://tria.ge/231112-pprv7sfb9v/behavioral1 .xyz/74Kq/7.html?cep=$document ||track.local-hotsite.com^$document ! https://github.com/hagezi/dns-blocklists/issues/1825 ||youcineapp.com^$all ||magistv.video^$all ||tele-latino.com^$all ||telelatino.app^$all ||youcineapk.org^$all ||btvapp.net^$all ||youcine.one^$all ||youcinetv.app^$all ||fadfatest.pneydn.com^$all ||pandoramain-1794008345.us-west-2.elb.amazonaws.com^$all ||romatotti520.oicp.io^$all ||pandorabackup-1322908155.us-west-2.elb.amazonaws.com^$all ||pcn.panddna.com^$all ||ok3.mflve.com^$all ||apz.bsaldo.com^$all ||fadfa.gdalieyw.com^$all ! https://github.com/hagezi/dns-blocklists/issues/1824 ||more-power-tool.com^$all ||ryzen-master.com^$all ||polaris-bios-editor.ru^$all ||techpowerup-gpu-z.com^$all ||sapphiretrixx.com^$all ||srbpolaris.ru^$all ||clockgen64.com^$all ||balena-etcher.com^$all ||nvidiainspector.ru^$all ||evga-precision.com^$all ||riva-tuner.com^$all ||atikmdagpatcher.com^$all ! https://virustotal.com/gui/url/caf096b6a0f7abe29ad126a21545f49418cc003c298a56ac6c967053483d2748/community ||185.196.9.161^$all ! https://tria.ge/231118-wbk9tsfb86/behavioral1 ||49.13.94.153^$all ||steamcommunity.com/profiles/76561199571056594^$all ! https://github.com/uBlockOrigin/uAssets/issues/20760 ||cloudtrck.com^$all ! https://tria.ge/231119-pvcngaag41/behavioral2 ||badbull.pro^$all ! https://virustotal.com/gui/url/009ab0b4a357017cb0c3f948c04f6a79e5252f4a91511ad28f8a411ec7f4adfb/community ! my analysis: https://tria.ge/231120-pn8gkagg71/behavioral1 ||server31.weebly.com^$all ! https://www.eff.org/deeplinks/2023/11/low-budget-should-not-mean-high-risk-kids-tablet-came-preloaded-sketchyware ||adups.com^$all ||fota5p.adups.com^$all ! https://research.checkpoint.com/2023/malware-spotlight-into-the-trash-analyzing-litterdrifter/ ||decorous.ru^$all ||geminiso.ru^$all ||triticumos.ru^$all ! https://virustotal.com/gui/file/e09af83cfccf4bcc8a51fda76e5fa10e9d0d838aededb6f339551f8363797dc2/community (credit to JaffaCakes118) ||retghrtgwtrgtg.bounceme.net^$all ||datastream.myvnc.com^$all ||gservicese.com^$all ||center.onthewifi.com^$all ! https://forums.malwarebytes.com/topic/304802-malware-affecting-chrome/ ||abyssalforge.top^$all ! https://github.com/RPiList/specials/issues/1353 ||rt54erdfgh.pro^$all ||mjiu876tyh.pro^$all ||ki987yth.pro^$all ||mi5cr46kg.click^$all ||cvasdf.click^$all ||jgtek990e.click^$all ||juy6asert67.click^$all ||jnh4afbw7.click^$all ||xzr9uauq.cfd^$all ||crack4hit.com^$all ||hjdhhfdh.click^$all ||vablecable.click^$all ||huqiinxy.click^$all ||closerscopy.net^$all ||eyhdjyst.click^$all ! missing from list ||topkeygen.com^$all ||piratesfile.com^$all ||rootscrack.com^$all ||cracksmat.com^$all ||crackedsoft.org^$all ||crackerzpro.org^$all ||crackfinal.com^$all ||wazusoft.com^$all ||crackzoom.com^$all ||activators4windows.com^$all ! not my analysis: https://tria.ge/231123-1wzp6sde7z/behavioral1 ||marinhoassessoria.com^$document ! https://github.com/hagezi/dns-blocklists/issues/1864 ||revanced.to^$document ! https://virustotal.com/gui/url/ecf1a475d84de38187831b4fb25167812117ea7b4ab22ce46dc6d36d822004fd/community ! https://virustotal.com/gui/url/fbc0e8828a4d86410e1c3fbf698bdda7e3e3c8d0ff1785adcfec181c967426ca/community ||67.217.57.54^$all ||89.190.156.180^$all ! https://virustotal.com/gui/url/f28bcf22fbd189fd87322da0b915ce32a700ed1bccd53f1e21552c04a8c2d229/community ||servegame.com^$document ! https://www.malwarebytes.com/blog/threat-intelligence/2023/11/associated-press-espn-cbs-among-top-sites-serving-fake-virus-alerts ||octob.azureedge.net^$all ||lzi.azureedge.net^$all ||tinlc.azureedge.net^$all ||bm-rb.azureedge.net^$all ||foluo.azureedge.net^$all ||vpv-ger.azureedge.net^$all ||trackmaster.cc^$all ||threatdetectorhub.life^$all ||strike-it-lucky.space^$all ||golden-opportunity.xyz^$all ||system-security-scan.net^$all ||trk6.kokamedia.com^$all ||trackmenow.life^$all ||trackinghub.info^$all ||trkmyclk.xyz^$all ||34.74.68.195^$all ||xyzcreators.xyz^$all ! https://github.com/AdguardTeam/AdguardFilters/issues/167470 (from ghajini) ||hotkabachok.com^ ! https://github.com/durablenapkin/scamblocklist/issues/71 ||dbmobile-phototan.de^$all ! account required: https://forums.malwarebytes.com/topic/305116-fake-software-homepage/ ||unikey.vn^$document ! https://cert.gov.ua/article/6276584 ||104.194.130.185^$all ||109.234.156.180^$all ||128.140.123.187^$all ||149.248.76.158^$all ||152.89.198.77^$all ||193.106.175.11^$all ||195.85.115.195^$all ||212.193.48.80^$all ||213.227.154.170^$all ||217.12.206.218^$all ||45.129.14.157^$all ||45.143.136.123^$all ||45.144.28.76^$all ||45.87.154.158^$all ||78.24.222.162^$all ||85.208.107.228^$all ||91.203.193.162^$all ! https://github.com/hagezi/dns-blocklists/issues/1893 ||register.akamaized.ca^$all ! https://github.com/hagezi/dns-blocklists/issues/1899 ||online-cloud.info^$document !!! ||store5.gofile.io^$document - see https://github.com/iam-py-test/my_filters_001/issues/133 ! https://github.com/RPiList/specials/issues/1372 ||marricoyes.online^$all ! https://forums.malwarebytes.com/topic/305420-website-blocked-due-to-malware-microsoft-windows-as-stopped-responding/ ! https://threatfox.abuse.ch/ioc/1140249/ ||194.26.135.180^$all ! https://infosec.exchange/@iampytest1/111568435119045533 ||fraavy.com^$document ! https://virustotal.com/gui/url/2670873ba07eea2c617ad3e34284bdea56730cd83ae70dd84b7c333b027f4ce7/community ||121.37.215.155^$all ! https://virustotal.com/gui/file/c9491f5eb282daf6b536f515cc9e1032af62919e727442c4e7ecbca2e9d8f8b0/community ||91.215.85.23^$all ||89.23.98.92^$all ! https://github.com/DandelionSprout/adfilt/discussions/932#discussioncomment-7872103 ||betzykrisesenter.no^$document ||citra2010oslo.no^$document ||digiter.no^$document ||easydisplay.no^$document ||kjaerra.no^$document ||kontrast1.no^$document ||norskmatkultur.no^$document ||norskoffroadteknikk.no^$document ||nyematoghelse.no^$document ||securmarksykkel.no^$document ||thecoolgirl.no^$document ||topshineauto.no^$document ||vossblues.no^$document ||yttersiden.no^$document ! https://github.com/gchq/CyberChef/issues/1668 ||forensicswiki.xyz^$document ! https://virustotal.com/gui/url/c367518781d3ec29f156e24ee04c24c0f54bd5c3467812f6cd56dc791f8beea8/community ||thumbzoner.com^$all ! https://tria.ge/231220-abydhaadfn/behavioral1 ! https://tria.ge/231220-abydhaadfn/behavioral2 ||pushub.net^$all ! https://github.com/RPiList/specials/issues/1398 ||deutschebank-kundendienst.comidrekt.net^$all ! https://github.com/hagezi/dns-blocklists/issues/1977 ||energie-portal-24.de^$document ! https://github.com/RPiList/specials/issues/1395 ||streamjumpstart.com^$document ! https://github.com/RPiList/specials/issues/1396 ||thebeneclinic.com^$document ! https://github.com/hagezi/dns-blocklists/issues/1986 ||energieausweis-online-erstellen.de^$document ! https://tria.ge/231227-yrr4esfbh5/behavioral1 (cloudflared) ||givelabs.monster^$all ! https://www.bleepingcomputer.com/news/security/blockchain-devs-wallet-emptied-in-job-interview-using-npm-package/ ||flickthebean.onrender.com^$document ! https://tria.ge/231228-w2dyfafadq/behavioral1 ||fitgirl-repacks.to^$all ||fitgirl-repacks.$document,domain=~fitgirl-repacks.site ! https://github.com/RPiList/specials/issues/1405 ||casinos-austria.install-app.com^$document ! https://tria.ge/231229-pvf1wshae9/behavioral1 (CloudFlared) ||haxnode.net^$all ! https://github.com/uBlockOrigin/uAssets/pull/21658 ||fitgirlrepackz.com^$all ||fitgirlrepackz.$document ! https://threatfox.abuse.ch/ioc/1226308/ ||updates.adobe-soft.$document ! https://tria.ge/231229-2sx8lscch5/behavioral2 (CloudFlared) ||liwishacks.com^$all ! https://github.com/RPiList/specials/issues/1411 ||sanityflash.mom^$document ! https://virustotal.com/gui/url/c7677f1b43e9b266a4542936cd947e0ccc89cf59c6270aaf2baad4de47e3ae8f/community ||89.23.96.177^$all ! https://tria.ge/240106-v9k62secc5/behavioral1 ||91.215.85.23^$all ! https://github.com/hagezi/dns-blocklists/issues/2017 ! https://github.com/badmojr/1Hosts/issues/1655 ! https://github.com/StevenBlack/hosts/issues/2552 ||duchessefit.com^$all ! https://virustotal.com/gui/domain/booking.com-panel.com ! https://virustotal.com/gui/url/c81a065a1344395a7329764a30729280dfd01f6ccb18fedb692d1b21590e614c ! https://virustotal.com/gui/ip-address/158.160.5.182/relations ||booking-admins.com^$document ||158.160.5.182^$document ! https://github.com/RPiList/specials/issues/1420 ||galactiq.life^$document ||mediago.io^$document ||smartlifeguides.top^$document ||gesundheitleber.com^$document ||oe24.co^$document ||busterry.com^$document ||bullionbreeze.xyz^$document ! https://github.com/avast/ioc/pull/57 ||185.215.113.66^$all ! https://virustotal.com/gui/url/3828695bc16bb9d0bfab17eb5c15e5fe9e8b30bb6cb948655a6a55466b9dc187/community ! https://virustotal.com/gui/url/53efa35943a9b0bbcc4f966791e992052ac647a883c81a43bb86dd94bbbbd48d/community ||telegcrmz.$document,domain=telegcrmz.* ! https://virustotal.com/gui/url/cf88de3dc23272e078a7412c64b12e038cd8b9dc1beb07be6ac3f017919aa09b/community ||telejracm.$document,domain=telejracm.* ! https://github.com/hagezi/dns-blocklists/issues/2041 ||east-trading.shop^$document ! https://github.com/Dogino/Discord-Phishing-URLs/pull/26 ||steamcommuniitny.club^$all ||steamcommuniitny.$document ! https://tria.ge/240120-1dgrmshdc6/behavioral2 ||mirfakpersei.top^$document ||alvsx.mirfakpersei.top^$document /ps/ps.js?&edg=true&sw=&fullscreen=true&pl=true&pp=false&id=*&sm=space-robot&click_id=*&sub_id=*&appspot=&d=$script,first-party,domain=top ||press-here-to-continue.com^$all ! https://github.com/hagezi/dns-blocklists/issues/2077 ||22.imohub.workers.dev^$all ! https://github.com/uBlockOrigin/uAssets/issues/22200 ! https://github.com/hagezi/dns-blocklists/pull/2175 ! https://github.com/AdguardTeam/AdguardFilters/issues/224264 ||privacyguides.io^$all ||poperblocker.com^$all ! https://gist.github.com/GossiTheDog/f1079fe5486b2e7ac61d2e069caa67d4 ||pq.hosting^$all ! https://github.com/hagezi/dns-blocklists/issues/2133 ||demolishabolish.com^$document ! https://cyberplace.social/@GossiTheDog/111929647559740363 ||193.233.193.65^$all ! https://github.com/hagezi/dns-blocklists/pull/2175 ||97tool.github.io^$document ||apkzpure.com^$document ||wattfo.com^$document ||networkpcigniter.com^$document ||cpmpri.com^$document ||manizx.com^$document ||ehallpasses.info^$document ! https://github.com/hagezi/dns-blocklists/pull/2173 ||wtmbook.com^$document ! https://github.com/hagezi/dns-blocklists/pull/2176 ||kmspico.de.download.it^$document ||dlhk.acehprov.go.id^$document ||softwared.click^$document ||kmsauto.org^$document ||kmsauto.pw^$document ||kmsavto-net.ru^$document ||kmsauto.xyz^$document ! https://github.com/hagezi/dns-blocklists/pull/2184 ||safety-andro1d-n0tice.co^$all ||unhaka.com^$all ||safety-andr-sys.info^$all ! https://github.com/hagezi/dns-blocklists/pull/2211 ||eyx092.github.io^$document ||davbuckgenerator.weebly.com^$document ||gemsforfree.com^$document ||hackzone.me^$document ! https://github.com/hagezi/dns-blocklists/pull/2221 ||modyolo.com^$all ||googlesavedata.ru^$all ! on url from https://github.com/easylist/easylist/issues/18489#issuecomment-1962261575, appears to be malvertising ||thaudray.com^$all ! https://github.com/xRuffKez/dns-blocklists/commit/9cf8a68e82a5fed10991a2e0a34bf84265960ce7 ||giveawayscord.xyz^$all ! https://github.com/durablenapkin/scamblocklist/issues/76 ! https://tria.ge/240224-zxewqafc9v/behavioral1 ||chat-o-live.com^$all ! https://tria.ge/240224-1ygx5sgc8v/behavioral1 ||rozaholshouser.cfd^$all ! https://tria.ge/240224-2lmtasgh3v/behavioral1 ! https://tria.ge/240225-qwh3badf7t/behavioral1 ! https://tria.ge/240227-njbflafh8z/behavioral1 ||bethanytunks.skin^$all ||localdatez.com^$all ! https://tria.ge/240227-n4apssga94/behavioral1 ! https://tria.ge/240229-bc1qpahg3t/behavioral1 ! https://tria.ge/240229-pc7e5age5x/behavioral1 ! https://tria.ge/240301-vmx74aaf67/behavioral1 (cloudflared) ||alexiaurlanza.skin^$all ! https://tria.ge/240402-nthmnagg5z/behavioral1 ! fake users with profile pics stolen from porn site, payment required before contacting/replying to these users ||40PlusShag.com^$all ||delivery.40plusshag.com^$all ! https://github.com/hagezi/dns-blocklists/pull/2251 ||pp.45-61-158-129.cprapid.com^$document ||globalserviceslogistics.com^$document ||luxurysgift.com^$document ||athletic-harmony.com^$document ||knkpublishingsoftware.com^$document ! spam email -> https://tria.ge/240229-psnyqahe45/behavioral1 ||obses-sion.info^$all ! https://github.com/braveinnovators/ukrainian-security-filter/pull/7 ||sportloto-1.co^$document ||parik24.win^$document ||oshad24.biz.ua^$document ||monoslot3.com^$document ||diamondclub.casino^$document ! email spam ! https://tria.ge/240301-xm9x1abg6s/behavioral1 ||honey-love-here.com^$all ! https://tria.ge/240305-nezbvsec94/behavioral1 ||naughty-webs.life^$all ! https://tria.ge/240305-nq59jsef93/behavioral1 ||hookarts.life^$all ||mx2.hookarts.life^$all ! https://tria.ge/240305-nyp8aseh65/behavioral1 ! spam sending servers ||176.123.11.26^$document ||141.11.178.3^$document ||91.199.133.104^$document ! https://cyberplace.social/@GossiTheDog/112031492191698112 ||193.17.183.123^$all ! https://github.com/uBlockOrigin/uAssets/issues/22757 ||jobs.trustaffingpartners.com^$document,popup ! https://github.com/hagezi/dns-blocklists/issues/2288 ||revancedapps.com^$all ||revancedapp.download^$all ||www.revancedapp.download^$all ! https://github.com/uBlockOrigin/uAssets/issues/22765 ||free-service.hubside.fr^$all ||freezimail.hubside.fr^$document ||zimbrafreemail.hubside.fr^$document ||zimbra-inbox.hubside.fr^$document ||free-mobile241.hubside.fr^$document ||compte-free.hubside.fr^$document ||espacefidelitefree.fr^$all ||free-mob2584.hubside.fr^$all ||zimbra-free-com.hubside.fr^$all ||zimbra-free-com.$document,domain=~translate.goog ||free-mobi20i2582.hubside.fr^$all ||zimbra-free-email.hubside.fr^$all ||freezimbra.hubside.fr^$all ||web0mail.hubside.fr^$all ||free-mobile0021547.hubside.fr^$all ||free-information.hubside.fr^$all ||mobiles.hubside.fr^$all ||freemailzimbra.hubside.fr^$all ||rivita3106felibgcom.hubside.fr^$all ||info-free.hubside.fr^$all ||emails-free.hubside.fr^$all ||freema.hubside.fr^$all ||free-zimbra.hubside.fr^$all ||free-mobile1540478.hubside.fr^$all ||acceder-a-mon-free.hubside.fr^$all ||my-acount-free.hubside.fr^$all ! my analysis: https://tria.ge/240305-2bg53abb8x/behavioral1 ||shopflarehub.com^$all ! https://github.com/RPiList/specials/issues/1500 ||casino-ice.fun^$document ||fortuneadvert.com^$document ||lalielynaualish.com^$document ! https://github.com/hagezi/dns-blocklists/issues/2304 ||vast-conexxion.com^$all ! https://tria.ge/240309-p8f8tagc55/behavioral1 ||www.arcanecheat.com^$all ||95.216.253.55^$all ! https://github.com/hagezi/dns-blocklists/issues/2313 ||moddetail.com^$document ||liveinfo.xyz^$document ||ww3.weweekly.us^$document ||timesofeuropnews.com^$document ||cards2024.org^$document ||getaccess.w3spaces.com^$document ||re-captha-version-3-16.live^$document ||getspins.info^$document ||storage.canalblog.com^$document ||vbbv.store^$document ||vibuxion.top^$document ||qrcodes.pro^$document ! https://blog.sucuri.net/2024/03/new-malware-campaign-found-exploiting-stored-xss-in-popup-builder-4-2-3.html ||traveltraffic.cc^$all ||ttincoming.traveltraffic.cc^$all ||cloudsonicwave.com^$all ||host.cloudsonicwave.com^$all ! https://github.com/hagezi/dns-blocklists/issues/2339 ||b.9-9-8.com^$document ! https://infosec.exchange/@jeromesegura/112090382122783994 ||trelconf.com^$all ! https://github.com/hagezi/dns-blocklists/issues/2341 ! my analysis: https://tria.ge/240313-zf3apaac75/behavioral1 ||uk-news.pro^$document ! https://github.com/hagezi/dns-blocklists/issues/2344 ||today.free.nf^$document ||nextmrolympia.com^$document ||an1.is^$document ! https://github.com/hagezi/dns-blocklists/issues/2345 ||spacex-starship.org^$all ! https://github.com/blocklistproject/Lists/issues/1199 ||steamcommumtiy.com^$document ! https://github.com/uBlockOrigin/uAssets/issues/23084 ||fitgirltorrent.com^$all ||fitgirltorrent.$document ! https://tria.ge/240401-nwc5ysea52/behavioral1 ||doge-coin24.org^$all ! https://github.com/hagezi/dns-blocklists/issues/2425 ||fling-trainer.com^$document ! https://infosec.exchange/@jeromesegura/112214506870744443 ! https://www.malwarebytes.com/blog/threat-intelligence/2024/04/bing-ad-for-nordvpn-leads-to-sectoprat ||45.141.87.216^$all ! https://github.com/durablenapkin/scamblocklist/issues/82 ||account-cfe.mx^$document ! https://vid.puffyan.us/watch?v=h0_L4BApOdA ! my analysis: https://tria.ge/240409-2aenjsee49/behavioral1 ! my analysis: https://tria.ge/240409-2bwnfsaa5z/behavioral1 ||gooq1e.com^$all ||apk.ecmokdtj.com^$document ! https://unit42.paloaltonetworks.com/cve-2024-3400/ ||172.233.228.93^$all ||144.172.79.92^$all ||nhdata.s3-us-west-2.amazonaws.com^$all ||66.235.168.222^$document ||110.47.250.103^$document ||126.227.76.24^$document ||38.207.148.123^$document ||147.45.70.100^$document ||199.119.206.28^$document ||38.181.70.3^$document ||149.28.194.95^$document ||78.141.232.174^$document ||38.180.128.159^$document ||64.176.226.203^$document ||38.180.106.167^$document ||173.255.223.159^$document ||38.60.218.153^$document ||185.108.105.110^$document ||146.70.192.174^$document ||149.88.27.212^$document ||154.223.16.34^$document ||38.180.41.251^$document ||203.160.86.91^$document ||srgsd1f.842b727ba4.ipv6.1433.eu.org^$all ||edcjn.57fe6f5d9d.ipv6.1433.eu.org^$all ||srgsdf.842b727ba4.ipv6.1433.eu.org^$all ||45.121.51.2^$all ! https://github.com/jarelllama/Scam-Blocklist/issues/314 ||dehoe.top^$all ! https://infosec.exchange/@jeromesegura/112294111264356672 ! my analysis: https://tria.ge/240418-zee4rsfe2x/behavioral1 ||sivaspastane.com^$all ||utm-adrooz.com^$all ! from Ryan Brown ||popupgoldblocker.net^$document ||popupsblocker.org^$document ! https://github.com/hagezi/dns-blocklists/issues/2549 ||sadostic.pl^$document ! see wiki\BEST ROBLOX EXECUTOR YouTube.png in the repo ! https://tria.ge/240427-1vhehahg3x/behavioral1 (CloudFlared) ! https://www.virustotal.com/gui/file/0f810bea02ae97cb015dc0de510892f3f83a9ddc969c1f261adf8a8bd5716862 ! https://bazaar.abuse.ch/sample/0f810bea02ae97cb015dc0de510892f3f83a9ddc969c1f261adf8a8bd5716862/ ! https://urlhaus.abuse.ch/url/2829815/ ||mediafire.com/folder/ux0dk7ist85e1/F0LDER^$all ||mediafire.com/file/7os5cx2x4rp70nm/UPL0ADER.7z/file^$all ! https://infosec.exchange/@th3_protoCOL/112360917153667995 ||appauthentiflcator.digital^$all ! from D4niloMR ||redecanaistv.dev^$document ! scam text: "Since the package does not have a house number, the package transportation is interrupted, please update https[://]urgug[.]com" ||urgug.com^$all ! https://forums.malwarebytes.com/topic/311937-infected-by-a-game-sent-via-discord/ ! CNAME ||1b14e0ee42d5e195c9aa1a2f5b42c710.com^$document ! https://community.snowflake.com/s/article/Communication-ID-0108977-Additional-Information (via https://cyberplace.social/@GossiTheDog/112536508653320169) ||104.223.91.28^$document ||198.54.135.99^$document ||184.147.100.29^$document ||146.70.117.210^$document ||198.54.130.153^$document ||169.150.203.22^$document ||185.156.46.163^$document ||146.70.171.99^$document ||206.217.206.108^$document ||45.86.221.146^$document ||193.32.126.233^$document ||87.249.134.11^$document ||66.115.189.247^$document ||104.129.24.124^$document ||146.70.171.112^$document ||198.54.135.67^$document ||146.70.124.216^$document ||45.134.142.200^$document ||206.217.205.49^$document ||146.70.117.56^$document ||169.150.201.25^$document ||66.63.167.147^$document ||194.230.144.126^$document ||146.70.165.227^$document ||154.47.30.137^$document ||154.47.30.150^$document ||96.44.191.140^$document ||146.70.166.176^$document ||198.44.136.56^$document ||176.123.6.193^$document ||192.252.212.60^$document ||173.44.63.112^$document ||37.19.210.34^$document ||37.19.210.21^$document ||185.213.155.241^$document ||198.44.136.82^$document ||93.115.0.49^$document ||204.152.216.105^$document ||198.44.129.82^$document ||185.248.85.59^$document ||198.54.131.152^$document ||102.165.16.161^$document ||185.156.46.144^$document ||45.134.140.144^$document ||198.54.135.35^$document ||176.123.3.132^$document ||185.248.85.14^$document ||169.150.223.208^$document ||162.33.177.32^$document ||194.230.145.67^$document ||5.47.87.202^$document ||194.230.160.5^$document ||194.230.147.127^$document ||176.220.186.152^$document ||194.230.160.237^$document ||194.230.158.178^$document ||194.230.145.76^$document ||45.155.91.99^$document ||194.230.158.107^$document ||194.230.148.99^$document ||194.230.144.50^$document ||185.204.1.178^$document ||79.127.217.44^$document ||104.129.24.115^$document ||146.70.119.24^$document ||138.199.34.144^$document ||185.248.85.14^$document ! https://github.com/hagezi/dns-blocklists/issues/2854 ||joathath.com^$document ||mp3y.info^$document ! https://infosec.exchange/@jeromesegura/112577106338279545 (all credit to Jérôme Segura) ! ads created by "Richard L Riddle Jr", "Brian Hammes", and "Alexander Gubbens" respectively (all fake names) ||angryip.paulistasolar.com.br^$document ||odvanced-ip-scanner.com^$document ! https://infosec.exchange/@goretsky/112589441999545249 (all credit to Aryeh Goretsky) ||lightssplash.shop^$document ||wildwestshine.com^$document ! https://github.com/hagezi/dns-blocklists/issues/2908 ||newincomingmessage.com^$document ||zaz4o.securesolidlink.com^$document ||re-captha-version-3-277.buzz^$all ||inboxtext.com^$document ! https://github.com/hagezi/dns-blocklists/issues/2936 ||midjourney.co^$all ! https://github.com/hagezi/dns-blocklists/issues/2933 ||gameportal.casa^$document ! https://github.com/hagezi/dns-blocklists/issues/2934 ! https://www.hybrid-analysis.com/sample/df38db6d31b68f19714bfb27b591a1ad778840ac8182cc0c7dfb6405aeb47c6e ||gimp.zendesk.com^$all ! redirect ||truefortnite.com^$document ! https://tria.ge/240620-wcbf1szcle/behavioral1 (behind CloudFlare) ||kmspico.io^$all ! https://github.com/hagezi/dns-blocklists/issues/2955 ||kmspico.ws^$all ||kms-full.com^$all ||kms-tool.com^$all ||kmsauto.info^$all ||officialkmspico.com^$all ||ultrasonica.info^$all ||kmspicoofficial.com^$all ||kmspi.co^$all ||kms-pc.com^$all ||thewindowsactivator.com^$all ||get-kmspico.com^$all ||getkmspico.com^$all ||heukmsactivator.com^$all ||furykms.com^$all ||kmspico-official.org^$all ||yasir252.com^$all ||yasir-252.net^$all ||getintopc.today^$all ! https://www.esentire.com/blog/adsexhaust-a-newly-discovered-adware-masquerading-oculus-installer ! https://github.com/esThreatIntelligence/iocs/blob/main/AdsExhaust/AdsExhaust_IOCs-6-16-2024.txt ! https://github.com/iam-py-test/my_filters_001/issues/135 ||oculus-app.com^$all ||us5.co^$document ||us11.org^$document ||life2vec.io^$document ! https://github.com/hagezi/dns-blocklists/issues/2985 ||get-express-vpn.online^$all ||mfcewkrob.com^$document ||myfood.ltd^$document ||newtab.page^$document ! https://tria.ge/240625-zxkrzatajh/behavioral1 (behind CloudFlare) ! https://forums.malwarebytes.com/topic/271891-removal-instructions-for-simple-malware-protector/ ||simplestar.com^$document ||www.simplestar.com^$document ! https://sansec.io/research/polyfill-supply-chain-attack ||polyfill.io^$all ||googie-anaiytics.com^$all ! https://github.com/iam-py-test/my_filters_001/commit/8589c181964a28b11a9c735fb25e8469381aa8d7#commitcomment-143600813 ! https://www.bleepingcomputer.com/news/security/polyfill-claims-it-has-been-defamed-returns-after-domain-shut-down/ (behind CloudFlare) ! https://www.bleepingcomputer.com/news/security/polyfillio-bootcdn-bootcss-staticfile-attack-traced-to-1-operator/ (behind CloudFlare) ||bootcdn.net^$all ||bootcss.com^$all ||staticfile.net^$all ||staticfile.org^$all ||xhsbpza.com^$all ||union.macoms.la^$all ! https://github.com/uBlockOrigin/uAssets/pull/24255#issuecomment-2198571468 ! https://x.com/Polyfill_Global/status/1807333297326113015 ! owned by polyfillio ||polyfillcache.com^$all ! https://www.bleepingcomputer.com/news/security/plugins-on-wordpressorg-backdoored-in-supply-chain-attack/ (behind CloudFlare) ||94.156.79.8^$all ! https://www.malwarebytes.com/blog/news/2024/06/poseidon-mac-stealer-distributed-via-google-ads ||arcthost.org^$all ||79.137.192.4^$all ! https://github.com/mitchellkrogza/phishing/pull/432 ||abcmueblesbogota.com^$all ! my analysis (behind CloudFlare): https://tria.ge/240627-z9agrstgmp/behavioral1 ||click2kikc.xyz^$document ||adxproofcheck.com^$document ! https://github.com/uBlockOrigin/uAssets/issues/24284 ||earth-ling.org^$all ! TODO: investigate further ||pambi.tech^$document ! https://github.com/hagezi/dns-blocklists/issues/3019 ||hsuitehub.com^$document ||teslafond.io^$document ! ||pump.fun^$document ||ousd-vault.com^$document ||dash.pocketuniverse.app^$document ||uprising.kip.pro^$document ||app.jameswoof.com^$document ! ||miles.plumenetwork.xyz^$document - https://github.com/hagezi/dns-blocklists/issues/4700 ! https://github.com/hagezi/dns-blocklists/issues/3018 ||help.premium-x-notes.com^$document ! https://github.com/mitchellkrogza/phishing/pull/433 ||dofuspourlesnoobs.com^$document ! https://github.com/hagezi/dns-blocklists/issues/3028 ||padsims.com^$document ||pacmoonn.icu^$document ! scam SMS: Since the package does not have a house number, the package transportation is interrupted, please update https://utpwk[.]com/i ||utpwk.com^$all ! https://www.bleepingcomputer.com/news/security/fake-it-support-sites-push-malicious-powershell-scripts-as-windows-fixes/ (behind CloudFlare) ||pchelprwizardpro.com^$document ||pchelperwizard.com^$document ! https://gist.github.com/iam-py-test/888d7170f9a7be6f2449d11962914fca ||window-updates-service.com^$all ||www.google.com.859046247270372.window-updates-service.com^$all ||62.138.18.13^$all ! https://github.com/mitchellkrogza/phishing/pull/435 ||reluzformaturas.com.br^$all ! https://bazaar.abuse.ch/sample/dd9ec1c6a4be9bd962e1b1bd843d5750ef399c7c7cce60b368f627f5384e7a7c/ ! https://www.joesandbox.com/analysis/1466504/0/html#domains ||doddyfire.linkpc.net^$all ! https://github.com/mitchellkrogza/phishing/pull/436 ! my analysis (behind CloudFlare): https://tria.ge/240702-3e72bsvglc/behavioral1 ||43.156.237.181^$all ! YouTube video titled "ROBLOX EXPLOIT - FREE DOWNLOAD | KRNL SCRIPT EXECUTOR | KEYLESS EXECUTOR [PC 2024]" -> https://tria.ge/240702-3bv8csvepf/behavioral1 (behind CloudFlare) & https://tria.ge/240702-3g8qmszcnp/behavioral1 (behind CloudFlare) ||mediafire.com/folder/ygvzvvks1va0b/F0LDER^$all ! see also: https://tria.ge/241228-qvenhayjfs/behavioral1 ||steamcommunity.com/profiles/76561199724331900^$all ! https://github.com/mitchellkrogza/phishing/pull/437 ||detiktotocakep.com^$all ! https://github.com/mitchellkrogza/phishing/pull/440 ||flyairprestige.com^$all ! https://www.virustotal.com/gui/url/b9cb91ff67e9b16ab73b9b1801f046e3554605311d31ae052cc9f38758cc87e6/community ! my analysis (behind CloudFlare): https://tria.ge/240703-sdzy8avfml/behavioral1 ||midnightblue-lapwing-207108.hostingersite.com^$all ! https://github.com/mitchellkrogza/phishing/pull/444 ! my analysis (behind CloudFlare): https://tria.ge/240707-tstlesxelh/behavioral1 ! my analysis (behind CloudFlare): https://tria.ge/240707-twydsavfmk/behavioral1 ||45.207.168.120^$all ! https://github.com/mitchellkrogza/phishing/pull/445 ! my analysis (behind CloudFlare): https://tria.ge/240707-3l4bqa1hrn/behavioral1 /lander/6cw/PACKAGE_DEMO.exe^$document ||185.81.115.28^$document ||79.137.197.154^$document ||crypto-wave.top^$document ! https://github.com/mitchellkrogza/phishing/pull/446 ||91.215.85.223^$document ||karimgouss.ug^$document ! https://github.com/hagezi/dns-blocklists/issues/3142 ||https.com^$all ! https://github.com/uBlockOrigin/uAssets/issues/24486 ||chromewebstore.google.com/detail/ublock-pro/fmaicbnbcbjgbpecclcnaehmbpjpdane^$all ! https://github.com/hagezi/dns-blocklists/issues/3278 ||upsbezorging.com^$all ! https://github.com/mitchellkrogza/phishing/pull/466 ||45.9.74.36^$document ||cloudslimit.com^$document ||dailywebstats.com^$document ||hertrud.shop^$document ||hexcrippler.shop^$document ||hiltrunde.shop^$document ||iankian.shop^$document ||ironturner.shop^$document ||kloisa.shop^$document ||leopolfa.shop^$document ||liferacer.shop^$document ||commodityprocess.top^$document ||insights.today-time.sitefind.top^$document ! https://github.com/hagezi/dns-blocklists/issues/3325 ! https://github.com/uBlockOrigin/uAssets/issues/24719 ! https://github.com/RPiList/specials/issues/1707 ||m-isist-emai-nmu-ne-yx8nu6hs7k.vercel.app^$all ||m-isist-emai-nmu-ne-6zft4bsbqh.vercel.app^$all ||m-isist-emai-nmu-ne-qefa68dvbd.vercel.app^$all ||thepatrones.blob.core.windows.net^$all ||xyzxyz55.xyz^$all ||m-isist-emai-nmu-ne-*.vercel.app^$document ! https://github.com/hagezi/dns-blocklists/issues/3331 ! https://github.com/uBlockOrigin/uAssets/issues/24726 ||vah-cont-in-uou-slyle-com-ay7t6dbmag9vhg8srhj4.vercel.app^$document ! https://github.com/hagezi/dns-blocklists/issues/3354 ||pr-ue-ba-de-lsa-bermu-ne-xre4pgczsk.vercel.app^$document ! https://github.com/hagezi/dns-blocklists/issues/3354#issuecomment-2271411954 ||pr-ue-ba-de-lsa-bermu-ne-cp5iah7zlw.vercel.app^$document ! https://github.com/hagezi/dns-blocklists/issues/3383 ||facebook-google-ygggvmvciad74v9lhi.vercel.app^$document ||facebook-google-vptyyny63pwfipshmm.vercel.app^$document ||facebook-google-15oqyxwtkremqyujsm.vercel.app^$document ! https://github.com/hagezi/dns-blocklists/issues/3429 ||w0-eg-d12-de-yd-nka-ne-rklkyazwo0.vercel.app^$document ! https://github.com/hagezi/dns-blocklists/issues/3338 ||nudepopsy71c.com^$document ||mamielournes.buzz^$document ||miahershberger.buzz^$document ||sanjuanitaliscano.click^$document ||viktoriadelenick.za.com^$document ! https://github.com/uBlockOrigin/uAssets/issues/24734 ||btc24.info^$all ! https://tria.ge/240802-p6fjha1gjd/behavioral1 ||allmostgone.life^$all ! https://github.com/hagezi/dns-blocklists/issues/3352 ! https://www.youtube.com/watch?v=_rCXxa5MDrE&t=599 ||hkdk.events/8cjknac3yxdqk4^$all ! https://github.com/hagezi/dns-blocklists/issues/3374 ||softzspot.com^$document ||afiletoget.click^$document ||redis08.sbs^$document ||filexstorage.site^$document ||jourl.live^$document ! https://github.com/hagezi/dns-blocklists/issues/3381 ||transiouratwat.com^$all ||undenentionin.com^$all ! https://github.com/hagezi/dns-blocklists/issues/3417 ! my analysis: https://tria.ge/240815-nm473szcjh/behavioral1 ||help.record-x-center.com^$all ! https://github.com/hagezi/dns-blocklists/issues/3445 ! todo: recheck soon ||chromeweb-authenticators.com^$all ! https://github.com/hagezi/dns-blocklists/issues/3453 ||microsoft-notifcation.com^$all ! https://github.com/hagezi/dns-blocklists/issues/3468 ||3ab48a20-acaa-49ab-95cc-3eb16f1cda78-00-1a0l3yf6hw9aq.sisko.replit.dev^$all ! https://github.com/hagezi/dns-blocklists/issues/3494 ||mail-cytanet.pages.dev^$document ||c0nt4ct-me.pages.dev^$document ! https://github.com/hagezi/dns-blocklists/issues/3514 ||onevanilla.click^$all ||bilbocine.com^$document ! on the same IP ||unionplus-card.click^$document ||dailysmscollection.org^$document ||surgecardinfo.click^$document ||panoramacharter.click^$document ||mymorri.click^$document ||mymercy.click^$document ||marykayintouch.autos^$document ||direct2hr.click^$document ||alaskasworld.cfd^$document ||partycityfeedback.bond^$document ! https://github.com/hagezi/dns-blocklists/issues/3540 ||pages.tempisite.com^$document ! https://github.com/hagezi/dns-blocklists/issues/3549 ||help.safety-x-feedback.com^$all ||help.documentary-x.com^$all ! https://github.com/hagezi/dns-blocklists/issues/3550 ||wyy158.fun^$document ||m.wyy158.fun^$document ||cse38.xyz^$document ||b.cse38.xyz^$document ! https://github.com/hagezi/dns-blocklists/issues/3542 ||sanadietzman.click^$document ! https://github.com/hagezi/dns-blocklists/issues/3543 ||joannmax.com^$document ||joannofficial.com^$document ||joannoutlet.com^$document ||joannclearances.com^$document ! https://infosec.exchange/@jeromesegura/113048172086583562 ||cisco.com.gruaselpiojito.com.mx^$all ||sivacycle.com^$all ! https://github.com/hagezi/dns-blocklists/issues/3598 (deleted) ! see wiki\[link].ru.com badware.png in the repo ! not my analysis: https://any.run/report/1855ff5c90583af10bea4002935e2b1f2d64d4975af2bc169c259e7903800392/9973ba38-1376-4728-a06a-d242a38120eb ||147.45.47.37^$all ||77.221.156.10^$all ! https://github.com/mitchellkrogza/phishing/pull/478 ||yanisac.com^$document ! https://github.com/mitchellkrogza/phishing/pull/479 ||albapietra.com.br^$document ! coinbase phishing ||auth-coinbase-offical.$document ! metamask phishing ||metamaskchromextensuiin.$document ! https://infosec.exchange/@urldna/113120340213435536 ||help-metamask-org-$document,domain=~translate.goog ! orange.fr phishing ||login-orange-fr.$document,domain=~translate.goog ! robinhood phishing ||secure---sso-robinhood-com-$document,domain=~translate.goog ! AT&T phishing (att-verification-542-9acc4c.webflow.io) ||att-verification-*.webflow.io^$document ! CoinBase phishing ||sso-cdn--coinbasepo-$document *coinbase*.webflow.io^$document ! many different phishing domains *wallett*.webflow.io^$document ! Outlook phishing (microsoft-outlook-11402a.webflow.io) ||microsoft-outlook-*.webflow.io^$document ! many metamask phishing websites ||help-meottamsk--xtens.$document ||extension-metamaskchromm.$document ||help-metamschrmexten-us.$document ||help-metamsk-extn.$document ||metamoask-login.$document ||matamasxtensiion.$document ! https://github.com/hagezi/dns-blocklists/issues/3706 ||uszjj.fyjkxzq.shop^$document ! https://github.com/hagezi/dns-blocklists/issues/3718 ||tplinkextender.net^ ! https://infosec.exchange/@urldna/113137563126979979 ||ads-verification-for-pay.$document ! https://github.com/hagezi/dns-blocklists/issues/3731 ||csbestplayers.com^$document ! https://github.com/hagezi/dns-blocklists/issues/3727 ||bitegifts.com^$document ||beacons.ai/dooreats^$all ! spam comment on https://github.com/AdguardTeam/AdGuardHome/discussions/7254 ! my analysis: https://tria.ge/240916-z8v23szgqq/behavioral1 - I could not find a download button/link, but site looks suspicious ||hackpc.net^$document ! SMS spam: 【U­S Post Office Update】 Your package could not be delivered after two attempts because of incomplete address information. To prevent the package from being returned, please update your address at this link: hxxpx://cutt[.]ly/5eUedtvY?Mrl=gJ83DXW5n8 We will make a new delivery attempt within 24 hours after the update. US P­ost Office team. ! https://tria.ge/240927-qq2bpsvbnp/behavioral1 ||upf.xdpapmz.shop^$all ! https://github.com/hagezi/dns-blocklists/issues/3837 ||thenorthfacegreece.com^$document ||www.thenorthfacegreece.com^$document ||the-north-face.gr^$document ||www.the-north-face.gr^$document ! https://github.com/hagezi/dns-blocklists/issues/3838 ! https://tria.ge/240929-tnwj8a1cjl/behavioral1 ||identifyillustration.com^$document ! https://app.any.run/tasks/ada100c7-3001-4cc5-bf57-d883fcbb87a2 ||lonerprevailed.com^$document ! https://github.com/DandelionSprout/adfilt/pull/1059 ! https://github.com/hagezi/dns-blocklists/pull/3848 ||bromite.org^$document ! https://infosec.exchange/@urldna/113228867828456640 ||wwwaaatxhdt.pages.dev^$all ! https://github.com/mitchellkrogza/phishing/pull/489 ||blueevolution.it^$all ! https://github.com/mitchellkrogza/phishing/pull/491 ||kidsacademyprayagraj.com^$document ! https://github.com/mitchellkrogza/phishing/pull/494 ||usps.com-trackahc.top^$all ! https://github.com/hagezi/dns-blocklists/pull/3961 ||lvrv0gkspz.blob.core.windows.net^$document ||formally-up.com^$document ! https://tech.lgbt/@micah/113312198092441897 ! https://tria.ge/241016-y6kmwsvbkj/behavioral1 ||dailyrx.org^$document ||redir.dailyrx.org^$document ||pdf-library.org^$document ||fbdata-edt.com^$document ||alch.neweradigitalservices.com^$document ||hearwork.lat^$document ||tracksallroundtheway2024.com^$document ||roa93d.tracksallroundtheway2024.com^$document ||thetoybox.club^$document ! https://www.hybrid-analysis.com/sample/4ae782b2668984c0144d767ec4efefbf3c076f4f229a2c23194e8aded63a4931 ||enhancednetworkpc.com^$all ! https://tria.ge/241016-zrwmaawcnq/behavioral1 ||getartscrafts.com^$document ! https://tria.ge/241016-zs2vpawdkl/behavioral1 ||mydigitalgadgets.com^$document ! https://tria.ge/241016-zwevbssfna/behavioral1 ||kittencutey.com^$document ! https://github.com/hagezi/dns-blocklists/issues/4003 ||rustdesk.pl^$document ||rustdesk.co.nz^$document ! https://github.com/rustdesk/rustdesk/discussions/9679 ! https://github.com/hagezi/dns-blocklists/issues/4009 ||rustdesk.io^$document ||rustdesk.secure-box.de^$document ! my analysis: https://tria.ge/241018-pvlldazcqr/behavioral1 ||mediafire.com/folder/zxpc2sootspqf/Comi_Co^$all ! https://tria.ge/241018-wjwerszgre/behavioral1 ||83.217.208.37^$all ! https://github.com/hagezi/dns-blocklists/issues/4048 ||ruthiekresal.za.com^$document ||leonoremanry.sa.com^$document ||jewellvanmarter.za.com^$document ||malgorzataschlegel.click^$document ||lesliespracklen.sa.com^$document ||linaromney.za.com^$document ||dierdrecrisan.buzz^$document ||terinaverkler.click^$document ||doaapodewils.buzz^$document ||velmaglendenning.ru.com^$document ! https://github.com/hagezi/dns-blocklists/issues/4047 ||mcds100.com^$document ||bwpkizpfms.funnelish.com^$document ||glitchy.go2cloud.org^$document ||nextstephire.net^$document ! https://github.com/hagezi/dns-blocklists/issues/4085 ||teslamaked.com^$all ! https://github.com/hagezi/dns-blocklists/issues/4153 ||facebook-support-team-980.pages.med.br^$all ||facebook-support-team-$document ! https://github.com/hagezi/dns-blocklists/issues/4204 ||bsnl5gtower.com^$document ||bsnltowersite.in^$document ! https://github.com/hagezi/dns-blocklists/issues/4211 ! https://tria.ge/241105-pellfa1arg/behavioral1 ||bsnl-tower.com^$document ! https://tria.ge/241105-pgh84a1hjj/behavioral1 ! https://tria.ge/241105-pj8a1azpes/behavioral1 ! https://tria.ge/241105-pls9vs1cla/behavioral1 ||bsnltowerinstallations.com^$document ! https://tria.ge/241105-pnpdpazqbs/behavioral1 ||towerinstallation5g.com^$document ! https://tria.ge/241105-ppynrasanm/behavioral1 ||5gtower.in^$document ! https://github.com/hagezi/dns-blocklists/issues/4222 ! my analysis: https://tria.ge/241107-sgwe7sxjdm/behavioral1 ||udemy-creators.com^$all ! https://github.com/hagezi/dns-blocklists/issues/4191 ||fkpgr.buzz^$document ||gov.fkpgr.buzz^$document ||efkgr.buzz^$document ||gov.efkgr.buzz^$document ||dcrfgr.buzz^$document ||gov.dcrfgr.buzz^$document ! https://github.com/hagezi/dns-blocklists/issues/4274 ||pekanbaru.one^$document ! https://github.com/hagezi/dns-blocklists/issues/4276 ||paquetsuivi7noti.com^$document ! https://github.com/hagezi/dns-blocklists/issues/4288 ||monpaquet9trackpobox.com^$document ! https://github.com/hagezi/dns-blocklists/issues/4322 ||stage3-last.pro^$all ||stage3-last.store^$all ||stage3-last.club^$all ||stage3-last.live^$all ||stage3-last.info^$all /^https://stage3-last\.[a-zA-Z]*\/info\/?$/$document ||stage2024.club^$all ||stage3x.site^$all ||stage3x.store^$all ! https://github.com/hagezi/dns-blocklists/issues/4327 ||airupbelgiums.com^$document ||airup-bottlegreece.com^$document ||airupbulgaria.com^$document ||airupespana.com^$document ||air-upfrance.com^$document ||airupfrance.fr^$document ||airup-gr.com^$document ||airupgreece.net^$document ||airupitaly.it^$document ||airup-nederland.com^$document ||airupnederlands.com^$document ||airup-romania.com^$document ||airupromania.ro^$document ||airupsrbija.com^$document ||air-up-turkiye.com^$document ||xn--airupespaa-19a.com^$document ||xn--airuptrkiye-yhb.com^$document ||airup-fi.com^$document ! https://github.com/hagezi/dns-blocklists/issues/4362 ! my analysis: https://tria.ge/241119-amgj5ayelr/behavioral1 ! https://www.facebook.com/share/p/17dc5jTP2Q/ ||karan-pc.com^$document ||karanpcofficial.blogspot.com^$document ||karanpcofficial.$document ! https://github.com/xRuffKez/NRD/issues/14 ! my analysis: https://tria.ge/241119-ay45kayflr/behavioral1 ||monicarelino13512-carelino.click^$all ! https://github.com/hagezi/dns-blocklists/issues/4291 ||securevault.top^$document ! https://github.com/hagezi/dns-blocklists/issues/4393 ||diteringion.com^$all ! https://github.com/mitchellkrogza/phishing/pull/513 /^https:\/\/usps.com-expres[a-zA-Z0-9]\.top\//$document ||usps.com-expresf.top^$all ||usps.com-expresj.top^$all ||usps.com-expresh.top^$all ||usps.vip-expresg.top^$all ||usps.vip-expresq.top^$all ||usps.vip-expresj.top^$all ||usps.vip-expresf.top^$all ||yhrtfgd.top^$document ||ewhtwgerw.top^$document ||hjfddsa.top^$document ||weafgre.top^$document ||ewrtghre.top^$document ||tyrdddsa.top^$document ||sdswrw.top^$document ||restujytd.top^$document ||gdgrde.top^$document ||reshtryjd.top^$document ||hfgdtyr.top^$document ||rtyuijfyd.top^$document ||iuythfrty.top^$document ||liutjytfds.top^$document ||iutrydrhg.top^$document ||liutyjytf.top^$document ||ghtfews.top^$document ! https://github.com/hagezi/dns-blocklists/issues/4417 ||sale-friday.store^$all ||black-sales.cloud^$all ! https://github.com/mitchellkrogza/phishing/pull/516 ||129.226.206.133^$document ||129.226.206.133^$document /^https?:\/\/uspscom-fre[a-zA-Z0-9]*\.top\/track\/?$/$document,domain=top /^https?:\/\/uspscom-fre[a-zA-Z0-9]*\.cyou\/track\/?$/$document,domain=cyou /^https?:\/\/uspscom-fre[a-zA-Z0-9]*\.icu\/track\/?$/$document /^https?:\/\/uspscom-fre[a-zA-Z0-9]*\.cfd\/track\/?$/$document /^https?:\/\/uspscom-fre[a-zA-Z0-9]*\.xyz\/track\/?$/$document /^https?:\/\/usps\.com-info-add[a-zA-Z0-9]*\.cfd\/[a-zA-Z0-9]\/?$/$document /^https:\/\/usps.com-[a-zA-Z].win\//$document ||examinecheck.com-street-$document ||information.com-street-$document ! https://www.virustotal.com/gui/ip-address/129.226.206.133/relations ||uspscom-upusktum.$document ||usps.com.*.cfd^$document,domain=cfd ! https://github.com/hagezi/dns-blocklists/issues/4489 ||editproai.org^$all ! https://github.com/hagezi/dns-blocklists/issues/4545 ! https://www.youtube.com/watch?v=sTBssoyqDdg ||eset.co.il^$all ||backend.store.eset.co.il^$all ! https://github.com/hagezi/dns-blocklists/issues/4637 ||paquet1nfopabox.com^$document ! https://tria.ge/241228-qaf1tsxrh1/behavioral1 ||zxcupload.com^$document ! https://www.virustotal.com/gui/file/e8f37a06b0626b07d7999e81a6f95d4553d515e66dc578995b50d3404138aff5/behavior ! https://tria.ge/241228-qvenhayjfs/behavioral1 ! https://threatfox.abuse.ch/ioc/1290806/ ! https://threatfox.abuse.ch/ioc/1369035/ ||jammywritej.click^$all ! https://github.com/hagezi/dns-blocklists/issues/4706 ||2aбdcdvwhuqa83y31c.gtrewe.co.in^$all ! https://github.com/hagezi/dns-blocklists/issues/4696 ||usps.com-tracking-helpsenf.xyz^$all ||usps.com-tracking-help$document ! https://tria.ge/241231-bh8ngszla1/behavioral1 ! Note: only works on mobile/mobile emulated devices, too lazy to see what fingerprint it uses but probably it's user agent ||cgfji.top^$all ! https://github.com/hagezi/dns-blocklists/issues/4721 ||icloud.apple.pariet.mhudr.cn^$all ||icloud.apple.street.oanvd.cn^$all ||icloud.apple.*.cn^$document,domain=cn ! https://github.com/hagezi/dns-blocklists/issues/4757 ||fiheos.co.in^$document,image ||48095uqslydirvr761.fiheos.co.in^$all ! https://github.com/hagezi/dns-blocklists/issues/4758 ! https://www.reddit.com/r/alberta/comments/1hswbe2/parking_ticket_by_sms_legit/ ||casefollowup.com^$document ! https://github.com/hagezi/dns-blocklists/issues/4784 ||angelinvestar.in^$document ! https://github.com/hagezi/dns-blocklists/issues/4780 ||loveclickeve.site^$document ! https://github.com/hagezi/dns-blocklists/issues/4799 ||trivo.uk^$document ||igloaptopto.net^$document ! https://urlquery.net/report/21df11ff-a863-432c-8e5f-97eaad5965c7 ! https://tria.ge/250107-tp7zmsyke1/behavioral1 (evasion) ||shoomotairt.net^$all ||ormedion.com^$all ||utilityguard-host.info^$all ! https://github.com/Phishing-Database/phishing/pull/646 ||acadgas.ru^$document ! https://github.com/hagezi/dns-blocklists/issues/4801 ! https://tria.ge/250107-ttsqhszqgl/behavioral1 ||notify-user-adjustments.vercel.app^$all ! https://tria.ge/250107-tv21kszrcq/behavioral1 ||telegramweb.vercel.app^$all ! https://github.com/hagezi/dns-blocklists/issues/4808 ! https://tria.ge/250108-vjp3bawncz/behavioral1 ! note: versyasist[.]website has phishing warning from CF ||sos-de-muc-1.exo.io^$all ! https://tria.ge/250108-whvf3szmcp/behavioral1 ||birthjeans.icu^$all ||jurantsepinine.shop^$document ||waisheph.com^$document ||waefufloaty.shop^$all ||ge.waefufloaty.shop^$all ||samalcuratic.shop^$document ||olympuscracowe.shop^$all ||xu.olympuscracowe.shop^$all ! https://tria.ge/250108-wpwbysxney/behavioral1 ||whatsdating.college^$all ! https://github.com/hagezi/dns-blocklists/issues/4851 ||nze0xw.butsmism.co.in^$all ||cultj2ghubcc73f08abg.gapconnectionbridge.co.in^$all ! https://github.com/hagezi/dns-blocklists/issues/4849 ||dwlae.top^$document ! lookalikes ||cheerycouture.com^$document ||accurately.top^$document ||chicystore.com^$document ! https://github.com/hagezi/dns-blocklists/issues/4863 ||gtltowerinfratel.in^$document ||bsnltower5g.com^$document ||towerinstalltion5g.in^$document ! https://github.com/hagezi/dns-blocklists/issues/4907 ! https://cside.dev/blog/over-5k-wordpress-sites-caught-in-wp3xyz-malware-attack ! examples of infected websites: ! - https://tria.ge/250116-z437wszjcy/behavioral1 ! - https://tria.ge/250116-1abffszlev/behavioral1 ! - https://tria.ge/250116-1bdl7szrgl/behavioral1 ! - some infected websites have already been cleaned ||wp3.xyz^$all ! https://github.com/hagezi/dns-blocklists/issues/4916 ! returns 404 on non-mobile devices ! https://tria.ge/250117-246n5awphl/behavioral1 ||ezdrivema.com-$document,domain=top ! https://agora.echelon.pl/objects/310d887d-e111-48a4-9331-bc9e6b8cdd3b ! https://x.com/ryanchenkie/status/1880730173634699393 ! https://masto.deoan.org/@neurovagrant/113857415001588398 ||brewmacos.com^$document ! https://github.com/hagezi/dns-blocklists/issues/4959 ! my analysis: https://tria.ge/250122-z336hawrgj/behavioral1 ||ieztoskbcoalf.z13.web.core.windows.net^$all ! https://atomicpoet.org/objects/0a89b5d5-b1f0-4b2c-85ef-23007f842231 ||mostodon.social^$all ! https://github.com/hagezi/dns-blocklists/issues/5112 ||vencord.app^$document ||newpipe.app^$document ||revanced-extended.com^$document ! https://github.com/hagezi/dns-blocklists/issues/5160 ||47n78xprrvp1.top^$all ! https://github.com/hagezi/dns-blocklists/issues/5193 ||edwardjhutley107375938786edwardjrhutley70205433153583usps.com^$document ||fiusps.com^$document ||foreveusps.com^$document ||helpdesk-usps.online^$document ||helpuspsnow.ru^$document ||270278609-2020004278-462904544-440202503325--570202500372x-usps.com^$document ! https://github.com/hagezi/dns-blocklists/issues/5209 ||postova-uzivatel.com^$document ||poistenie-sk.com^$document ||kontakt-vszp.com^$document ! https://github.com/hagezi/dns-blocklists/issues/5285 ||group-signal.com^$document ||signalgroup.site^$document ||signal-confirm.site^$document ||teneta.add-group.site^$document ! https://www.eff.org/deeplinks/2025/03/simple-phish-bait-eff-not-investigating-your-albion-online-forums-account ||act-7wbq8j3peso0qc1.pages.dev^$all ! https://github.com/hagezi/dns-blocklists/issues/5500 ||ojlkimed.vip^$all ! https://tria.ge/250315-v2kwbaspy7/behavioral1 ||ggrls45.info^$all ||naughtymets.com^$document ||bgigdga.naughtymets.com^$document ! spam SMS sent to several people in a group thread (all strangers): ! 💌REMINDER💌 : Please ensure that your E-ZPass tolls are paid in full by March 20, 2025 to prevent any legal or administrative action that could affect your DMV record. Late payments may result in fee increases, enforcement notices, or license renewal restrictions. Have a worry-free, safe trip! ! ! 🤝Complete your payment here: https://bit.ly/4bBRQHI?yVW=YeUPmv0Kqs 🤝 ! bitly link redirects to this domain, but it evades and goes to Google: https://tria.ge/250319-12gfsaypw5/behavioral1 ||mdfzo.xin^$all ! https://github.com/hagezi/dns-blocklists/issues/5631 ||best-torrents.com^$document ||displaymovies.pl^$document ||ex-torrenty.org^$document ||filmo.agency^$document ||filmy24.cc^$document ||find-vod.com^$document ||showplax.com^$document ||vodlist.com^$document ||zobaczfilm.com^$document ! https://github.com/hagezi/dns-blocklists/issues/5632 ||food-network.fwh.is^$document ! https://phishtank.com/phish_detail.php?phish_id=9030918 ! my analysis: https://hybrid-analysis.com/sample/cb3e185cb59b9bbd19294e1196f70a6580d7bd2a9d5e57d9410db0284ecc56ff ! note: appears to evade some online sandboxes, i.e. urlscan ||virginmoney-livesupport.$document ! https://github.com/hagezi/dns-blocklists/issues/5656 ! https://securelist.com/operation-forumtroll/115989/ ||primakovreadings.info^$all ! https://github.com/hagezi/dns-blocklists/issues/5758 ||nopae.top^$all ! https://github.com/iam-py-test/my_filters_001/issues/132 ! formally hosted legitimate website, now parked, see e.g. https://tria.ge/250408-a7v81sxkx8/behavioral1 ! https://github.com/hagezi/dns-blocklists/issues/5823 ||turtleclient.xyz^$document ! https://github.com/hagezi/dns-blocklists/issues/5833 ||yma.zdwtixh.xyz^$document ! https://github.com/DandelionSprout/adfilt/issues/1124 ||doh-gov.com^$all ||doh-gov.ph^$all ! https://github.com/hagezi/dns-blocklists/issues/5867 ||dk9zc9.pro^$document ||quoka.dk9zc9.pro^$document ! https://github.com/uBlockOrigin/uAssets/issues/27968 ! my analysis: https://tria.ge/250413-pk1mjsvry4/behavioral1 ! also (my analysis): https://tria.ge/250413-qztyzswqv6/behavioral1 ||worshippers.store^$document ||decisionsem.live^$document ||deliberatelyot.space^$all ! not my analysis: https://any.run/report/84a456c92b249160eb532c6a4bdc96d3de3c2d034e41ee11d44b8c0e57cf8b44/469cb02e-b4d4-4d9d-8a20-4c133fb59f86 ! https://tria.ge/250413-pwq79awxas/behavioral1 ||tegprokess.pro^$all ! https://etechnix[.]com/get/update -> https://www.virustotal.com/gui/file/6676db2bc561d933aa84ac68e8c66fe278345bc4e435f7cb5164202cd3876e4d?nocache=1 and https://tria.ge/250413-qsfg1sw1ez/behavioral1 ! not my analysis: https://any.run/report/59c44efd5b4f66ae6ed42878e14ae3c7b8e774f1d228a40a9cf818a62c740c9c/43790e20-d33d-42fa-8115-cbce56d3c9e1 ! not my analysis: https://bazaar.abuse.ch/sample/59c44efd5b4f66ae6ed42878e14ae3c7b8e774f1d228a40a9cf818a62c740c9c/ ! not my analysis: https://bazaar.abuse.ch/sample/9a8ba2203cf45bb5fe142cb4cee82fe397af4504d51e7fc8c7db19a8ef1c71e4/ ||etechnix.com^$all ! https://tria.ge/250413-qyz4lswqt3/behavioral1 ||ommentsere.biz^$document ||goathaga.top^$document ! https://github.com/hagezi/dns-blocklists/issues/5899 ||webcamstream.sbs^$document ! https://github.com/hagezi/dns-blocklists/issues/5904 ||eventmusk-x.com^$document ! https://github.com/hagezi/dns-blocklists/issues/5929 ||velazqur.store^$document ! https://github.com/hagezi/dns-blocklists/issues/5935 ||eslgrandscup.com^$document ! https://github.com/hagezi/dns-blocklists/issues/5954 ! https://tria.ge/250419-vea3la1xcs/behavioral1 ||mullvaad.net^$all ! https://www.virustotal.com/gui/url/12c9f243e447a8d145404069cdb72b654297c86fdcbffa33945799fc8d6b28d9/community ||nscotra.com^$all ! my analysis: https://tria.ge/250419-vjxgdstrx9/behavioral1 ||cvsdocfilesharingesign.com^$all ||secureauthxxdhgffgigff.cvsdocfilesharingesign.com^$all ||setup.cvsdocfilesharingesign.com^$all ||gateway.cvsdocfilesharingesign.com^$all ||ckdatabasews.cvsdocfilesharingesign.com^$all ! spam comment on https://krebsonsecurity.com/2025/04/whistleblower-doge-siphoned-nlrb-case-data/ ! https://tria.ge/250428-nkpdvawpy7/behavioral1 ||deltaa-executor.com^$all ! https://github.com/hagezi/dns-blocklists/issues/6081 ||dexsceerner.net^$document ||app.dexscreener-home.net^$document ||traderjoexyz.bylfg.org^$document ||v2-o-p-e-n-s-e-a.com^$document ||susni-swap.com^$document ||open-sea.market-ntf.com^$document ||hyperilquid.xyz-trade.com^$document ||tangem.ing^$document ||tacngcm.com^$document ||raydiumx.org^$document ||ray-swap.net^$document ||raydium.io-sol.org^$document ||w-atomicwallet.com^$document ||atomiciwallet.com^$document ||base.bridge-home.net^$document ||v3-dappradar.com^$document ! https://github.com/hagezi/dns-blocklists/issues/6392 ||seller-verification.com^$document ! https://tria.ge/250602-196qmswxht/behavioral1 ||darkmodz-links.com^$all ! https://github.com/hagezi/dns-blocklists/issues/6402 ||verif-order.help^$document ! https://www.virustotal.com/gui/domain/mysign-mircrosoft.com/community ||mysign-mircrosoft.com^$document ! https://github.com/DandelionSprout/adfilt/discussions/779#discussioncomment-13435345 ||lonely.beauty^$document ! https://github.com/hagezi/dns-blocklists/issues/6469 ||Mobiilitiedot.org^$document ||mobiilitiedot.com^$document ||mp.mobiilitiedot.com^$document ! https://tria.ge/250625-sy2zbadl6t/behavioral1 (downloads 7Zip?) ||ezplayclub.com^$document ! https://github.com/hagezi/dns-blocklists/issues/6563 ||streamboo.live^$document ||streambootest.ru^$document ! https://github.com/hagezi/dns-blocklists/issues/6586 ||my-tracknl.com^$document ! https://github.com/hagezi/dns-blocklists/issues/6618 ||rayjump.com^$document ! https://github.com/hagezi/dns-blocklists/issues/6629 ||fish-lane.com^$all ! https://github.com/hagezi/dns-blocklists/issues/6635 ! TODO: recheck soon as this is preemptive ||myhermes.atiylu.live^$document ! https://github.com/hagezi/dns-blocklists/issues/6657 ||clientsboots.com.es^$document ! https://mastodon.social/@Radical_EgoCom/114840608525562390 ! https://mastodon.social/@paninodesu/114840594526505979 ! https://tria.ge/250712-rdknvscq61/behavioral1 ! https://tria.ge/250712-rfq9escr5t/behavioral1 ||mastadon-verify.id-$document,domain=~mastodon.social ! https://github.com/hagezi/dns-blocklists/issues/6897 ||revolut.so^$document ! https://github.com/hagezi/dns-blocklists/issues/7558 ||getfiles.pro^$document ||4bind3.cfd^$document ||eset-nod32-key-2025.xyz^$document ||mediafileslow.info^$document ||2mf6tl6ky1408255md.cfd^$document ||n14rr140825e7.cfd^$document ||qjvczu9pq00904257.cfd^$document ||rfsjh070725nwj.cfd^$document ||9rxm9js3140825fy.cfd^$document ||khatra98700lo.cfd^$document ||setup004media.info^$document ||www.chal00012hath.cfd^$document ||marga2retta7ge6rlach.cfd^$document ||90003cfd.cfd^$document ||kotlogog-gogd.cfd^$document ||securefilesdogs.info^$document ||filesoftly.icu^$document ||bskryar.icu^$document ||aochalain.icu^$document ||eureoreu.cloud^$document ||zdrytehy.cloud^$document ||ebnbwm070725fhl.cfd^$document ||9wn7wh140825st.cfd^$document ||96u5qbb3v1408257.cfd^$document ||1dljf140825u79.cfd^$document ||t6mu9n080425f.cfd^$document ||83ru6xa8xf0804259.cfd^$document ||cdxtsd.cfd^$document ||villaassz.click^$document ||fined.cfd^$document ||mdera.icu^$document ||earshows.xyz^$document ||azzul.cfd^$document ||premiumfile.cfd^$document ||premiumfiles.site^$document ||filessoftz.xyz^$document ||filessoftware.xyz^$document ||filestosoftz.pro^$document ||easutofiles.cfd^$document ||smallszand.store^$document ||eoprovide.live^$document ||pwstop.icu^$document ||filedownloader.top^$document ||fileboxgen.cyou^$document ||filetapfy.space^$document ||fixfiles.cfd^$document ||topfiles.cfd^$document ||file-sharings.store^$document ||modesoft.me^$document ||good.indianbober.com^$document ||vsdvsdv.click^$document ||s1xgjbq4.pro^$document ||keygenbox.ru^$document ||get.gigadrop.pro^$document ||get.hostloom.online^$document ||go-digital.vip^$document ! malware ad ||best-knowledge-good24.com^$all ! https://www.bleepingcomputer.com/news/security/fake-lastpass-death-claims-used-to-breach-password-vaults/ ||lastpassrecovery.com^$all ! https://github.com/hagezi/dns-blocklists/issues/8240 ||sublime-merge-git-client.github.io^$document ||aftop10.com^$document ||dokopka.icu^$document ||acrossprotocols.com^$document ! https://github.com/hagezi/dns-blocklists/issues/8257 ||simplexspot.com^$all ! https://github.com/hagezi/dns-blocklists/issues/8573 ||recover-signe.com^$all ! https://github.com/iam-py-test/my_filters_001/issues/135 ! https://www.indy100.com/science-tech/life2vec-calulator-death-date ! sandbox ! https://tria.ge/260109-g1l54aav5b/behavioral1 ! https://tria.ge/260109-gznmjaat3c/behavioral1 ! https://tria.ge/260109-g5jkrsax5a/behavioral1 ! https://tria.ge/260109-g8jpyaaz3c/behavioral1 ! https://tria.ge/260109-g86jpsaz6a/behavioral1 ! https://crushon[.]ai/character/cdc77abe-83ba-4b64-8e35-005ab8bd2af0/details ! https://infosec.exchange/@iampytest1/115863886773871893 ||aipredictdeathcalculator.com^$document ||deathcalculator.ai^$document ||life2vecai.com^$document ||deathprediction.ai^$document ||crushon.ai/character/cdc77abe-83ba-4b64-8e35-005ab8bd2af0/$document ||life2veccalculatoronline.github.io^$document ||deathcalculator.net^$document ! https://tria.ge/260109-xncznafs4g/behavioral1 ! https://www.virustotal.com/gui/file/a5b80dc1f0f6ba603f876d3e94c17a520f30cbd2a30fa65483ddb204b0cccd01 ||app.mediafire.com/folder/1raxtc2u2wfgh^$all ||mediafire.com/file/0cynw8yylkc8nlh/MarryL%25D0%25B0unch%25D0%25B5r.zip/file^$all ||mediafire.com/file/cbdsklmjuv9esnz/PASSWORD_2299.txt/file^$all ! https://github.com/hagezi/dns-blocklists/issues/8813 ||fitgirl-repacks.proxyninja.org^$all ! https://forums.malwarebytes.com/topic/332575-fell-for-cake-cloudflare/ ! https://www.virustotal.com/gui/file/b27b099d3b1bb34f1dc43c00797a43b1da3b7d48e61390f9da5b04fd143f755e ||87.121.82.43^$all ! https://www.virustotal.com/gui/url/e9b31d5bfaaa80b4218831c98e5b7df200ca9821fced02a87d6fb9c7de4a543f ||185.11.61.41^$document ! https://web.archive.org/web/20260123203620/https://www.youtube.com/watch?v=DNvdNN-4ur0 ! https://tria.ge/260123-y316gaht4d/behavioral1 ! https://infosec.exchange/@iampytest1/115946438997785194 ||wploits.com^$all ||138.226.237.10^$all ||telegram.me/n1ds03^$all ||fdy.borendrokontho.com^$document ||fdy.lidiia.com.ua^$document ! https://kolektiva.social/@ddosecrets/115979746538660397 ||ddosecrets.com^$document ||data.ddosecrets.com^$document ! https://x.com/BrandiKruse/status/2014525124553388390 ! https://x.com/BrandiKruse/status/2014558762871464440 ! https://www.reddit.com/r/SeattleWA/comments/1qmpeof/someone_at_wsdot_put_a_link_to_fuckiceorg_in_a/ ! https://tria.ge/260129-zww4lsgt8a/behavioral1 ! https://infosec.exchange/@iampytest1/115980534212744514 ! https://bsky.app/profile/did:plc:ysz3jltsuhnyrqrskrcbcz2s/post/3mdlqzvbkec25 ! https://x.com/iam_py_test/status/2016990950141067696 ||accurate.you^$document ! https://github.com/DandelionSprout/adfilt/issues/1219 ! https://tria.ge/260130-2ss9naas5f/behavioral1 ||tjrksciow.pro^$all ! https://github.com/hagezi/dns-blocklists/issues/9010 ! https://github.com/ShadowWhisperer/BlockLists/issues/246 ! https://www.koi.ai/blog/4-million-browsers-infected-inside-shadypanda-7-year-malware-campaign ! https://www.theregister.com/2025/12/01/chrome_edge_malicious_browser_extensions/ ||dergoodting.com^$all ||nossl.dergoodting.com^$all ! https://forums.malwarebytes.com/topic/291609-dark-reader-plugin-contains-malware-browser-hijacker/ (seems unrelated to Dark Reader, as the website continues with Dark Reader disabled/uninstalled) ||furiousfar.com^$document,popup ! 2026-2-4: redirects to http://xml-v4.icdsoap-4.online/click?i=aLHraN3-WV4_0&seat=3764086 - can not reproduce in Triage ||xml-v4.icdsoap-4.online^$all ! https://github.com/blocklistproject/Lists/issues/1586 ||blocklist.site^$all ||landr-atlas.com^$document ||tagesschau.finance^$document ! https://infosec.exchange/@iampytest1/116016048124997625 ! found by my research ||connectgates.co.in^$all ||d621b48hubcc73aav7l0.connectgates.co.in^$all ||opredirect.com^$document ||solsticea.net^$document ||fusionchainedge.com^$all ||d621b18hubcc73aav3e0.fusionchainedge.com^$all ||watchnowclick.com^$all ||silverwhitebirds.co^$all ||anthracnosis.lat^$all ||bzbiz-crm.com^$all ||voyagewinds.co^$all ||quick-scanning.top^$all ! tries to install a browser extension (https://addons[.]newtabsearch[.]net/ntff/new_tab_search-1.0.4-fx.xpi) ! https://support.mozilla.org/mk/questions/1555476 ||newtabsearch.net^$document ||ff.newtabsearch.net^$document ||addons.newtabsearch.net^$document ! https://tria.ge/260205-etq5csey2a/behavioral1 ||telemechanism.cyou^$all ! https://www.reddit.com/r/techsupport/comments/1ooasab/what_is_the_ey43com_site_and_why_is_firefox/ ! https://www.malwarebytes.com/blog/detections/ey43-com ||ey43.com^$all ! occurs when connecting using sandbox, Tor, VPN ip ! https://tria.ge/260205-ec9v5sev8c/behavioral1 ! https://tria.ge/260205-edwd5sev8g/behavioral1 ! https://tria.ge/260205-ed9lrsev9c/behavioral1 ||resultsfastfind.com^$document ! https://infosec.exchange/@iampytest1/116042005986881470 ! based on https://github.com/uBlockOrigin/uAssets/commit/b33e4635beb8a827d6ebd3867374a0abbb905fe5 ||att-currently-$document,domain=weeblysite.com ! https://github.com/hagezi/dns-blocklists/issues/9078 ||protonwalletdesktop.com^$all ! https://github.com/hagezi/dns-blocklists/issues/9088 ! https://github.com/massgravel/Microsoft-Activation-Scripts/issues/1299 ! https://tria.ge/260210-vv729ses5b/behavioral2 ||actiwated.win^$all ||get.actiwated.win^$all ! https://github.com/DandelionSprout/adfilt/issues/1223 ! https://tria.ge/260211-15vsksbz7h/behavioral1 ||snowvan.xyz^$all ! https://tria.ge/260211-16ykvsb12c/behavioral1 ||kygens.xyz^$all ||host11m.cfd^$document ||getlink6.host11m.cfd^$document ||generate89c659.host11m.cfd^$document ||host15m.cfd^$document ||file169599.host15m.cfd^$document ||filehost09.sbs^$document ||s2.filehost09.sbs^$document ||sharehost06.sbs^$document ||cdn5.sharehost06.sbs^$document ! https://tria.ge/260211-2h1wracv2g/behavioral1 ||getdwnloadss.com^$all ! https://tria.ge/260215-q8jvdaey6c/behavioral1 ||crvftgbyh.click^$all ||tvgyfdtrf.pro^$all ||edweasdxf.pro^$all ||hubygvftc.cfd^$all ||audioza.cyou^$all ! https://github.com/hagezi/dns-blocklists/issues/9111 ||moodabvrockcon.com^$document ||frenchy06--315ffb88022311f1b78142dde27851f2.web.val.run^$document ! https://github.com/hagezi/dns-blocklists/issues/9127 ||tunnis-tautuminen-fi.gt.tc^$document ! https://github.com/hagezi/dns-blocklists/issues/9112 ! https://github.com/Phishing-Database/phishing/pull/1120 ||app2fa.com^$document ||enable.app2fa.com^$document ||seedlinkservice.com^$document ||activate.seedlinkservice.com^$document ! https://github.com/hagezi/dns-blocklists/issues/9131 ! https://www.malwarebytes.com/blog/threat-intel/2026/02/fake-7-zip-downloads-are-turning-home-pcs-into-proxy-nodes ! https://sourceforge.net/p/sevenzip/discussion/45797/thread/119837b16d/ ! https://github.com/uBlockOrigin/uAssets/commit/47ef7d7f1c030da2c8a4c2af09e3a10a4e048852 ! https://github.com/uBlockOrigin/uAssets/commit/95a8322ea08821a18c6cf72223892a6702d72f32 ! https://www.youtube.com/watch?v=bpLxXH37Hs8 ||7zip.com^$all ||www.7zip.com^$all ||7zip.cloud^$all ! https://infosec.exchange/@iampytest1/116065978824511741 ! https://tria.ge/260213-2jp6mshx4g/behavioral1 ! https://tria.ge/260213-2q313shy7c/behavioral2 ! https://www.virustotal.com/gui/file/e1427745d8b7ee49b92552b8cc33654b035a1632901fd6400a86086f4a87a17f/detection ! https://bazaar.abuse.ch/sample/e1427745d8b7ee49b92552b8cc33654b035a1632901fd6400a86086f4a87a17f/ ||ryosweb.com^$all ||xenos.love^$all ||46.225.67.21^$all ! https://github.com/hagezi/dns-blocklists/issues/9168 ! https://tria.ge/260217-qkxrbsbw5f/behavioral1 ! dropped by the malware as C:\Users\Admin\AppData\Local\Temp\RarSFX0\1.exe: https://www.virustotal.com/gui/file/2e543b190d4a673b48818fd22224ad6a9139e75aa6acb4149169748f224ccafb ||unlocktoolpro.com^$all ||178.16.52.65^$all ! https://github.com/hagezi/dns-blocklists/issues/9169 ||digiseccloud.com^$all ||wulingyuanparkzone.com^$all ! https://github.com/hagezi/dns-blocklists/issues/9177 ||lightsolutions.tv^$document ! https://github.com/hagezi/dns-blocklists/issues/9203 ! https://www.linkedin.com/posts/divy-vanesa-256865270_cybersecurity-macos-threatintelligence-activity-7424681298390323200-C5tT ! https://threatfox.abuse.ch/ioc/1750836/ ! https://threatfox.abuse.ch/ioc/1683641/ ||kys.li^$all ||kys.cx^$all ! ---- Scams ---- ! fails to disclose it's lack of connection to uBlock *Origin* ! https://infosec.exchange/@iampytest1/111306748409652707 ||ublock.org^$document ! https://virustotal.com/gui/url/723d30dcc93ee90f8f04b5cc3c5d07492338c41f7aa62fb2723c7d8b91537338/community ! https://github.com/uBlockOrigin/uAssets/issues/5854 ||ublockerext.com^$all ! This domain has been used for typosquatting, malware, phishing, and scams (redirects to other scam/malware sites as of 17/9/2021) ! curl on 9/5/2021 shows it is still online ! https://www.siteadvisor.com/sitereport.html?url=quatrefeuillepolonaise.xyz ! https://virustotal.com/gui/url/7319b37aff351dc0f0e71dba194b5f21972be9ad072b955a35d27d5af359d5fa/community ! https://virustotal.com/gui/domain/quatrefeuillepolonaise.xyz/detection ! https://safeweb.norton.com/report/show?url=quatrefeuillepolonaise.xyz ! https://www.fortiguard.com/webfilter?q=quatrefeuillepolonaise.xyz ! https://quttera.com/detailed_report/quatrefeuillepolonaise.xyz ! https://www.urlvoid.com/scan/quatrefeuillepolonaise.xyz/ ! https://www.mywot.com/en/scorecard/quatrefeuillepolonaise.xyz ! https://github.com/DandelionSprout/adfilt/issues/188 ||quatrefeuillepolonaise.xyz^$all ! Related to above ! https://github.com/DandelionSprout/adfilt/issues/188 ! https://github.com/DandelionSprout/adfilt/commit/0af1431c8f4cf45e9c27e359edf777b0c9bfa153 ||captcharesolving-universe.com^$all ! https://virustotal.com/gui/ip-address/5.8.34.26/relations ! https://github.com/DandelionSprout/adfilt/issues/188 ! https://virustotal.com/gui/url/136909c39798eacfc82e58459684619a4b89de8d3dedbe5a3010c5152b670328/detection ! https://github.com/iam-py-test/Assets-001/blob/main/goglenet%20malware ! https://github.com/DandelionSprout/adfilt/issues/188#issuecomment-848834204 ||instantfwding.com^$all ||103.224.182.251^$all ||catnip.de^$all ||fwdservice.com^$all ! https://securitytrails.com/list/ip/5.8.47.3 ! https://safeweb.norton.com/report/show?url=gamesex.fun ! https://www.siteadvisor.com/sitereport.html?url=gamesex.fun ! https://virustotal.com/gui/url/7bedfdd70bd23869a3598186270bcca9e64870842fb95df46da9ed5519e0b41c/detection ! just redirects to another blocked domain ! https://github.com/DandelionSprout/adfilt/issues/188 ||kmip.net^$all ||iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com^$all ||204.11.56.48^$document ! More scam stuff on 27/9/2021 ||retailproductsusa.com^$all ||www.retailproductsusa.com^$all ! Even more scams - https://github.com/DandelionSprout/adfilt/issues/188#issuecomment-931700117 ||findanswersnow.net^$document ||two.findanswersnow.net^$document ||signupandturnyourscreenoffsafepowernow.date^$document ||www.signupandturnyourscreenoffsafepowernow.date^$all ||jsontdsexit.com^$document ||therewardboost.com^$all ||t.therewardboost.com^$all ||natnlconsmrctr.com^$document ||lore.deduce.com^$document ||jpgtrk.com^$document ! domains which gogle[.]net redirects to on 17/10/2021 ||securysearchapp.com^$document ||www1.securysearchapp.com^$document ! on the same IP & just by looking at them, I can tell they are not legit ||intunes.com^$document ||gimal.com^$document ! https://github.com/uBlockOrigin/uAssets/issues/9344 ! https://github.com/iam-py-test/Assets-001/tree/main/uiz.io_scam ||uiz.io^$document ! More scam domains found via redirects when clicking on the fake recaptcha ! https://virustotal.com/gui/url/73dae7d74bcdc9099a54b75b904cc45995d85534a313ad65fcc4d9e401b34607/detection ||rewardsavenue.net^$all ! https://virustotal.com/gui/url/d6745ce01da185054bd2125858e75445783976de0e5fa4a445284243830070e7/detection ||rewardsgiantusa.com^$all ! https://virustotal.com/gui/url/9edd33c7a370ba96bf3a7682193e67538984eab9d1b719c2f3042599a4d3d1d5/detection ||rewardgiantztesters.com^$document ! https://github.com/blocklistproject/Lists/issues/513 ||gooooooooogle.com^$all ! https://github.com/iam-py-test/investigations/blob/main/2021/10/26/1.md#domains ||r-tb.com^$document ||feed.r-tb.com^$all ||t.r-tb.com^$all ||cdn.hoood.info^$document ||beta-one.net^$all ||ny-t.r-tb.com^$all ||pisism.com^$document ||security-scanner.xyz^$all ! https://github.com/iam-py-test/investigations/blob/main/2021/10/26/1.md#html-captures ||news-back.org^$document ||www1.news-back.org^$all ||www2.news-back.org^$all ||www3.news-back.org^$all ||www4.news-back.org^$all ||www5.news-back.org^$all ||www6.news-back.org^$all ||www7.news-back.org^$all ||www8.news-back.org^$all ||www9.news-back.org^$all ||www10.news-back.org^$all ! https://github.com/DandelionSprout/adfilt/pull/289 ||gogles.com^$all ||army-glo.scrollingsystem.com^$document ! ||www.kqzyfj.com^$all ! ||kqzyfj.com^$all ! ||cj.dotomi.com^$all ||mcafee12.tt.omtrdc.net^$document ! https://virustotal.com/gui/ip-address/70.32.1.32/relations ||cd.org^$document ! https://github.com/uBlockOrigin/uAssets/issues/9848#issuecomment-907855092 ! https://virustotal.com/gui/url/1671d2b14f2baed1438176929ba9908270f26e41f7b17c0ce0a85bd5e9c20f35/detection ! https://virustotal.com/gui/url/0eca172b2f35f81e0f222dbdf261a100c7897f734c7ba43920b67c4cddd6f8c9/detection ||get-cracked.com^$all ! More related domains/urls ||mediafiire.com^$document ||www.mediafiire.com^$all ||www.onlinepromotionsusa.com^$all ||onlinepromotionsusa.com^$all ||promotionsonlineusa.com^$all ||w.promotionsonlineusa.com^$all ! https://github.com/uBlockOrigin/uBlock-issues/issues/1774 ! https://github.com/iam-py-test/investigations/blob/main/2021/10/28/1.md ||eritokyo.jp^$document ||cpanlyzr.co^$document ||www.cpanlyzr.co^$all ||rewardzoneusa.com^$all ||contact.rewardzoneusa.com^$all ||reward3spot.com^$all ||www.reward3spot.com^$all ||order-safely.com^$document ||www.order-safely.com^$document ||followlink.click^$document ||publishers.revenueuniverse.com^$document ! https://github.com/DandelionSprout/adfilt/issues/63#issuecomment-974886953 ||datingmap.top^$all ||e.datingmap.top^$all ||tonightshookup.com^$document ||members.tonightshookup.com^$all ||t.tonightshookup.com^$all ! Scam and fake Roblox hacks ||gghacks.com^$all ! Scam websites opened - put in redirect order ||armanfiles.com/show.php?cl=true&l=971524&u=228373&id=23694$all ||www.rewardsgiantusa.com^$all ! Asks for personal data (name,address,birthdate,gender,email), claims you will get a "reward", never provides hack ||r.promotionsonlineusa.com^$all ! More scams ||displayoptoffers.com^$all ||www.displayoptoffers.com^$all ||www.yrxtrk.com^$document ||sweepstakesalerts.com^$document ||play.sweepstakesalerts.com^$document ||www.stash.com^$document ||www.qualityhealth.com^$document ||qualityhealth.com^$document ||consumerproductsusa.com^$document ||www.consumerproductsusa.com^$document ! https://github.com/iam-py-test/investigations/blob/main/2021/11/21/1.md ! https://github.com/hagezi/dns-blocklists/issues/241 ! ||yasir252.com^$all ! ||www.yasir252.com^$all ||safelink.kadal.club^$document ! https://forums.malwarebytes.com/topic/285824-malicious-disk-image-file-iso/ --> https://virustotal.com/gui/url/20ef8f13f6ed4f2ad0f25c4d98c5ba213223dd95d18ae31494b5df4305fc7a6c ||iclickcdn.com^$all ||bedrapiona.com^$all ||dozubatan.com^$all ||onmarshtompor.com^$all ||chultoux.com^$document ||yonhelioliskor.com^$document ||ptauxofi.net^$document ||betshucklean.com^$document ||b58ncoa1c07f.com^$document ||gammamkt.com^$document ||leadgentrk.com^$document ! https://github.com/AdguardTeam/AdguardFilters/issues/122055 ! https://tria.ge/230714-tf54paga3y/behavioral1 ||adblock-zen-download.com^$all ||adblock-zen.com^$all ||adblockertool.com^$all ||supremeadblocker.info^$all ! https://scammer.info/t/faremart/82671 ||faremart.com^$document ||www.faremart.com^$document,image ! https://github.com/DandelionSprout/adfilt/issues/63#issuecomment-977912975 ! https://www.tv2.no/nyheter/14368524/ ||alexstewartinternationalltd.rw^$all ||vps.re^$all ! https://www.youtube.com/watch?v=iQiVH533ncM ||avengeradblocker.com^$document ||poweradblocker.com^$document ! https://github.com/iam-py-test/investigations/blob/main/2021/11/25/1.md ||fasterfiles.net^$all ||inteledirect.com^$all ||turapport-strience.icu^$document ||americanwinnerscircle.com^$all ! https://github.com/iam-py-test/investigations/blob/main/2021/11/28/1.md ||reykijnoac.com^$document ||totalnicefeed.com^$all ||omnatuor.com^$all ! https://scammer.info/t/youtube-bot-roblox-scam-39/84530 ||freeco.xyz^$all ! https://scammer.info/t/microsoft-phishing-1/84589 ||aceelectricalny.com^$all ! https://github.com/DandelionSprout/adfilt/issues/63#issuecomment-986306768 ||chess-progress.ru^$document ! https://forums.malwarebytes.com/topic/281514-scam-websites/ ||812138.com^$document ||dj-video.xyz^$document ||hj-video.xyz^$document ! https://github.com/uBlockOrigin/uAssets/pull/10804 ! https://bbs.kafan.cn/thread-2221500-1-1.html ||88btbtt.com^$all ! https://github.com/DandelionSprout/adfilt/issues/63#issuecomment-988127908 ! https://www.tek.no/i/lVeQAe/ ! https://www.nkom.no/aktuelt/ikke-trykk-pa-lenker-i-sms--for-du-er-helt-sikker/ ||eccolabgroup.com^$all ||galerijajava.ba^$all ||p-stn.net^$all ! scam dating sites ||casualdating.com^$document ||iflirts.com^$document ||www.iflirts.com^$document ! fake notification scams ||ourcoolstories.com^$all ||javsidblog.com^$document ||link-split.com/view/tnAhAq30D4^$document ||cagothie.net^$document ! https://github.com/iam-py-test/investigations/blob/main/2021/12/9/1.md ||0s.click^$document ||0pen.online^$document ! https://github.com/iam-py-test/investigations/blob/main/2021/12/12/1.md ||onlineenglishteacher.co^$document ||www.fling.com^$document ! either redirects to random websites or scams ||lekms.com^$document ||yourcoolfeed.com^$all ! fake MediaFire websites ||royaltees.co^$all ||supersong.nl/upload/6277.rar^$all ||kitago.info^$all ||herezfile400.weebly.com^$all ||hereeup447.weebly.com^$all ||yaihxj.knewdayfull.top^$all ||knewdayfull.top^$document ||4lgx4.bemobtrcks.com^$document ||ge6s.com^$all ||yellowmother374.weebly.com^$all ||tiborola.info^$all ||myhypeposts.com^$all ||static.cdnativepush.com/contents/s/7f/95/8c/2488823c2d95d7162ff723c840/01192333514141.png^$all ||static.cdnativepush.com/contents/s/04/d8/68/c0dd305c8a79b01ae4f24672ac/01477976446043.png^$all ||static.cdnativepush.com/contents/s/b8/4e/1d/153294973f0fff7258e8f43d7c/0647024544646.jpeg^$all ||static.cdnativepush.com/contents/s/d2/3f/93/7fe562c37a9a7a6af5df460ee7/0490618650236.png^$all ||ssp-creatives.askprivate.com/prod/images/33242825/en/69dcb41b14c0449dbc67b998ca5b0c94.jpeg^$all ||ssp-creatives.askprivate.com/prod/icons/33242825/en/8bb2cd79c7dd45eb8075d0127f8d8331.jpeg^$all ||zxzfic.weebly.com^$all ||iminna.info^$all ||bloghunter.aaguatemala.org^$all ||api.pushnami.com/scripts/v2/pushnami-sw/5e4bf7d0e7585f1f723a7243^$all ||cleveradult148.weebly.com^$all ||forexever451.weebly.com^$all ||ourcoolposts.com^$all ||bitnew695.weebly.com^$all ||gomusic.info^$document ||myprotectionsurveys.com^$document ||www.myprotectionsurveys.com^$document ||ouphouch.com^$all ! https://github.com/iam-py-test/investigations/blob/main/2021/12/14/1.md ||onemacusa.net^$all ! random .xyz domains which just don't look legit ||cp2s.xyz^$all ! https://scammer.info/t/snapchat-spam-click-link-don-t-link-investigate-please/85620 ||hotglrls.net^$document ||nvoddn.hotglrls.net^$all ||hushlove.com^$all ||jucydate.com^$all ||w17veh63m7o8s4ncihd1jq8i.people-wet.com^$document ! https://scammer.info/t/stupid-ass-scammers-lol/85601 (support[@]clickgadgets[.]club) ||bit.ly/3DWxMNv^$all ||clickgadgets.club^$all ! scam website with only fake links ||pseepsie.com^$document ! pretty sure this is a porn scam ||carnalcams.com^$document ||www.carnalcams.com^$document ! the register form doesn't do anything after entering data, just redirect back to the start ||fbookhookups.com^$document ||fuckpal.com^$document ! seen in scam ads ||fuck-me.io^$document ! https://scammer.info/t/youtube-comment-spam/85737 ||acceptww.com^$all ||0.acceptww.com^$all ||8.acceptww.com^$all ! https://github.com/DandelionSprout/adfilt/issues/288 ||discordap.com^$all ||7lyonline.com^$document ||safelyonline.net^$document ||get.safelyonline.net^$all ||browse-safe.net^$document ||get.browse-safe.net^$all ||btpnative.com^$document ||data-px.services^$document ||live.newsvot.com^$document ||ny-feed.r-tb.com^$document ! https://scammer.info/t/cyberpunk-2077-fake-generator/85772 ||groups.google.com/g/cyberpunk-steam-key-generator-working-check-now-2022?$document ||groups.google.com/g/cyberpunk-steam-key-generator-working-check-now-2022/$document ||ragamer.com^$document ! possible Tech Support Scam ||installmysecurity.com^$document ! "press allow to continue" ||shortnewsinfo.com^$document ! https://github.com/uBlockOrigin/uBlock-issues/issues/1774#issuecomment-1000722777 ||viewty.xyz^$all ||landing.marketstm.com^$document ! https://forums.malwarebytes.com/topic/282206-scam-websites/ ||bs-video.xyz^$all ||video-cd.xyz^$all ||gm-video.xyz^$all ||iamoney.xyz^$all ||vbmoney.xyz^$all ||lstmoney.xyz^$all ||uamoney.xyz^$all ||ecmoney.xyz^$all ||gcmoney.xyz^$all ||xosi.ru/shop-wallets/$document ! 'click allow to continue' scam which redirects to random subdomains when the premission is blocked. Also redirects to TotalAV at the end ||8db3p.leadoesnotknowaboutkukuriko.xyz^$all ||leadoesnotknowaboutkukuriko.xyz^$all ! fake antivirus message ||mcafee5.www-safety.com^$all ||weledying-jessed.com^$all ! https://forums.malwarebytes.com/topic/282376-website-giving-spammy-popups/ ||rplnd10.com^$all ! https://scammer.info/t/youtube-bot/86668 ||kingapp.store^$all ||downloadlocked.com^$document ||advantagecircles.com^$document ! found this while looking for Memz samples - https://user-images.githubusercontent.com/84232764/149638659-8e0e9e91-8d02-4fff-bd0f-af8423550777.png (hxxps://verify-me.club/2004cbf?s1=down1) ||tinyurl.com/45tkeyep^$all ! still alive as of 11/11/2022 - https://app.any.run/tasks/f0474f51-6b14-432b-b1f0-98a1137e359c ||letmik.com^$all ||atandmouse.com^$document ||c.atandmouse.com^$all ! another fake Nitro generator ||pastebin.com/qwUbwYbq^$all ||richinfo.co^$all ||contact.uplevelrewards.com^$document ! fake download website ||tonxis19.amebaownd.com^$all ||hzaowj3.berilata.ru^$document ! https://github.com/DandelionSprout/adfilt/issues/63#issuecomment-1025251202 ! https://github.com/uBlockOrigin/uAssets/issues/11518 ||libertatea.net^$document ! fake human verification scam ! start form - reported for abuse ||q.promotionsonlineusa.com^$all ||reward4spot.com^$all ||www.reward4spot.com^$all ! fake download buttons with popups ||cracked-games.org^$all ||prksism.com^$all ! fake 'no human verification' discord nitro generator ||huffduffer.com^$all ! still alive as of 11/11/2022 - https://app.any.run/tasks/c4a6e7d3-21da-4274-b262-e08dee1bb3cd ||meine.belohnung24.com^$document ||ideen.belohnung24.com^$document ||iphone.belohnung24.com^$document ! another discord Nitro scam ||linktr.ee/FreeDiscordNitroGift^$all ! "press allow to continue" ||www.kuyhaa-mee.com^$all ||kuyhaa-mee.com^$all ||www.upload-4ever.com^$document ||upload-4ever.com^$document ! Fake discord nitro (still alive as of 11/11/2022) ||myget.org/feed/discord-nitro-hack/package/nuget/Free-discord-nitro-codes-2021^$document ||lucymods.com^$all ||gluegames.xyz^$all ! another fake site ||www.aldvingomes.com^$document ||aldvingomes.com^$document ! fake discord nitro ||filevortex.com/1029130^$all ! https://app.any.run/tasks/73236419-3190-47fa-81f0-8a31bcf48a5b ||minutewinner.com^$document ! Yet another fake discord generator ||jellycheat.com^$all ! https://scammer.info/t/paste-your-discord-nitro-scams-here/89880/2 ||discord.birth/kjqsSQDF4qs9f4sK456ds7^$document ! https://github.com/uBlockOrigin/uAssets/issues/11157#issuecomment-1049093327 ||sideload.cc^$all ! survey scams ||credly.com/users/free-discord-nitro-codes/badges^$document ||psp-haxors.com^$all ||gripclicks.com^$all ! https://app.any.run/tasks/a3abdf35-fa15-4115-91fb-cfc5c1e45ff4 ||omnioffers.com^$document ! hxxpx[://]consortiumrecords[.]co/free-tools/download-microsoft-office-365-product-key-crack-updated/ ||foradream.top^$all ||h.therewardboost.com^$all ||b.therewardboost.com^$all ||i.therewardboost.com^$all ||s.therewardboost.com^$all ||c.therewardboost.com^$all ||w.therewardboost.com^$all ||z.therewardboost.com^$all ||g.therewardboost.com^$all ||o.therewardboost.com^$all ||u.therewardboost.com^$all ||v.therewardboost.com^$all ||y.therewardboost.com^$all ||m.therewardboost.com^$all ||x.therewardboost.com^$all ||d.therewardboost.com^$all ||j.therewardboost.com^$all ||p.therewardboost.com^$all ||f.therewardboost.com^$all ||a.therewardboost.com^$all ||e.therewardboost.com^$all ||r.therewardboost.com^$all ||k.therewardboost.com^$all ||n.therewardboost.com^$all ||l.therewardboost.com^$all ||q.therewardboost.com^$all ||www.therewardboost.com^$all ! porn scam? asks for personal info and gets stuck in a loop ! https://tria.ge/260206-ybjr4sa19a/behavioral1 ||dream-singles.com^$document ||www.dream-singles.com^$document ||assets.dream-singles.com^$all ||cdn-assets.dream-singles.com^$all ! even more fake "human verification" ||speedboostpc.com^$document ! redirects to already blocked sites ||coub.com/stories/946163-free-discord-nitro-codes-list-all-valid-with-no-human-verification^$document ! scam browser theme ||chrome.google.com/webstore/detail/discord-free-nitro-free-d/ihdnmkbgjnpbkdcammpfokdmncnicfki^$all ||unlock3r.net^$all ||appbase.best/dboost^$all ! looks very shady ||www.taixiu.bet^$document ||taixiu.bet^$document ! https://github.com/AdguardTeam/AdguardFilters/issues/111843 ||cybop.net^$document ! https://forums.malwarebytes.com/topic/284608-crypto-giveaway-scams/ ||x2-shiba.org/shiba/giveway.php^$document ||ark-today.com/ethgiveaway.html^$document ||ark-today.com/btcgiveaway.html^$document ! https://github.com/DandelionSprout/adfilt/issues/63#issuecomment-1060031240 ||mydirtytinders.com^$all ! yet another fake Discord Nitro Generator ||www.everydaywinner.com^$document ||everydaywinner.com^$document ||www.monumented.com^$document ! looks like Fox News, to promote something which is probably a scam ||www.livingyourbestlife.co^$document ||livingyourbestlife.co^$document ||foxnewsweatherdaily.com^$document ! https://virustotal.com/graph/gae4b79eddfec44439142fec34bf90890609e118340984dbd855b515b1be9cfc9 ||holgerstrehlow.de/discord-nitro-code-generator-no-human-verification.html^$document ! auto-redirect from hxxpx://createwithkrista[.]co/windows/winrar-for-windows-10-64-bit-free-download-with-crack/ ||outto.us^$document ! the rest is blocked ||buymeacoffee.com/getcode/discord-free-nitro-generator-no-human-verification-survey^$all ! YAFNG (Yet another fake Nitro generator) ||nitromexyz.xyz^$all ||grptrac.com^$all ! Yet Another fake discord generator ||pota.site-ym.com/global_engine/download_custom.aspx?fileid=c0f7d962-63d2-4ab2-82dd-7582a79c5ba0.pdf&filename=discord2021_gu-36.pdf&blnIsPublic=2&code=blog&sub=add^$document ||consumerdigitalsurvey.com^$document ! Reddit spam --> already blocked ! Already blocked ||myget.org/feed/hermesses/package/nuget/Free-Discord-Nitro-Hack-No-Human-Verification^$document ||d.promotionsonlineusa.com^$all ! https://forums.malwarebytes.com/topic/285189-scam-warnings-of-trojansviruses-via-web-browser-service-workers/ ||yourwebshield.com^$all ! https://app.any.run/tasks/a8a589e0-2aee-43f5-9fbe-92dc9e4bfec4 ||action.miliated.xyz^$document ! https://github.com/DandelionSprout/adfilt/issues/63#issuecomment-1094359634 ||disq.us/p/2o9pztr^$document ||disq.us/p/2o9qqsl^$document ||disq.us/p/2o9pmyi^$document ||localdates16s.com^$document ||popupchat-live.com^$document ! a "press allow to continue" + fake McAfee ||ultrafastultra.blogspot.com^$all ||tei.ai^$document ||forfrogadiertor.com^$all ! Fake Discord nitro generator ||acreauburn.com/profile/kyrrwgutzctpad/profile^$document ||www.uplevelreward.com^$document ||uplevelreward.com^$all ! even more fake Discord Nitro generators ||coub.com/stories/946163-free-discord-nitro-codes-list-all^$document ||t.co/5N0H4rfCgL?DiscordNitro^$all ||t.co/5N0H4rfCgL^$document ! Google Group --> Discord Nitro generator ||groups.google.com/g/discord-nitro-generator-free-2021-without-human-verification/c/1MKZDSll9uA?msclkid=7bce476ac87a11eca172b94bbb5a5692^$document ||groups.google.com/g/discord-nitro-generator-free-2021-without-human-verification/c/1MKZDSll9uA^$document ||groups.google.com/g/discord-nitro-hack-generator-no-survey-or-verification^$document ||groups.google.com/g/discord-nitro-hack-generator-no-survey-or-verification?msclkid=316e2fa7c87e11ec972f52d4d5e431fd^$document ! https://github.com/AdguardTeam/AdguardFilters/issues/115955 ||37.187.88.137^$document ! https://github.com/AdguardTeam/AdguardFilters/issues/115960 ||onpharmvermen.com^$all ! https://github.com/AdguardTeam/AdguardFilters/issues/115959 ||classpharmenado.com^$document ! https://github.com/AdguardTeam/AdguardFilters/issues/115958 ||sale24-pills.com^$document ! https://github.com/AdguardTeam/AdguardFilters/issues/115957 ! https://github.com/AdguardTeam/AdguardFilters/issues/115954 ||everypdnsharmacy.com^$document ! https://github.com/AdguardTeam/AdguardFilters/issues/115953 ||happypharmproduct.com^$document ! Fake Norton screen ||static.cdnativepush.com/contents/s/69/55/b8/8c4f4e3359518f986fc7970194/0201779526711.png^$all ||static.cdnativepush.com/contents/s/6e/aa/67/726cd9cf6ea6a525bbb628cab3/0303553451413.png^$all ||littlecdn.com/apps/contents/s/e1/43/b6/8d4db17f1838a03992a72e9dbf/01412844174435.png^$all ! a fake MediaFire domain ||walkeryellow141.weebly.com^$all ||www.dealskeeper.com^$document ||h.promotionsonlineusa.com^$document ! ads on hxxp://gestyy[.]com/es8jOv ||m.eegeeglou.com^$all ! Discord Nitro generator (fake) ||montaluce.com/profile/dybiivskjcrpe/profile^$all ||filevortex.com/show.php?cl=*&l=*&u=*&id=*^$all ||y.promotionsonlineusa.com^$document ! ads on a site --> https://virustotal.com/gui/url/0871f217f945c993d8624aadd5e718e9bb740096d13fad74d58b3fc3a4fdfda0 ||ebaaa.xyz^$all ||uprimp.com^$document ! a random popup ||lifeimpressions.net^$popup ||d0063d.lifeimpressions.net^$document ||100800.lifeimpressions.net^$document ||fdb51a.lifeimpressions.net^$document ||3ceeb9.lifeimpressions.net^$document ! https://github.com/AdguardTeam/AdguardFilters/issues/121544 ||trafredirtds.com^$document ! https://web.archive.org/web/20230604184126/https://twitter.com/iam_py_test/status/1538267982551347200 ||may8forstudents.org/free-discord-nitro-codes-list-no-human-verification/^$all ||www.easyrobuxtoday.org^$document ||appinstallcheck.com^$all ||api.pushnami.com/api/push/image/id/61f58059b94aff0015c3e03c^$all ! weird website with some Push Allow To Continue alerts - hxxpx[://]www[.]filefixation[.]com/malwarebytes-pro-crack-serial-keygen-download.html ||filefixation.com^$document ||www.filefixation.com^$document ! ads ||german0.xyz^$all ||wnprt.club^$all ||kerbians.click^$all ! redirects to scams ||sharefast572.tumblr.com^$all ||tumblr.gotohouse.top^$document ||gotohouse.top^$all ! redirected to scams automatically ||loadingdead.netlify.app^$document ||down.myboxloadneed.top^$all ||myboxloadneed.top^$document ! fake download to scams ||alexisfernandez.doodlekit.com^$document ||doodlekit.gotorange.top^$document ! hxxps://iyoutubetomp4[.]com/en/ ||img.pushflow.net/creatives/11/6706/1654098151508-push-preview-img.png^$all ||img.pushflow.net/creatives/11/6706/1654098151508-push-body-img.png^$all ||img.pushflow.net/creatives/11/5543/1646745691054-push-preview-img.png^$all ||justtrck.net/run.php^$document ! https://app.any.run/tasks/8125703c-6fdb-49bc-a18c-918e64e83f4d ||lsmnz.perfordpetre.xyz^$all ||perfordpetre.xyz^$document ! Discord scam ||challonge.com/discordnitrogenerator/^$all ! Push-Allow-To-Continue ||ptaimpeerte.com^$all ! McAfee-themed scam ||d3f068fvt45f1f.cloudfront.net^$all ||eastrk-dn.com^$all ! Fake giveaway ||teenmas46.tistory.com^$all ||teenymi.tistory.com^$all ! https://github.com/DandelionSprout/adfilt/issues/63#issuecomment-1209782781 ! https://app.any.run/tasks/a7cc86ee-a604-4a65-968c-26c237620b2b (nsfw) ||fuckbook.tv^$document ! https://www.youtube.com/watch?v=6e7MsoThffo ||loadnova898.netlify.app^$document ||tonrino.info^$all ||x-delivery.icu^$document ||nextsoft.icu^$all ! https://github.com/DandelionSprout/adfilt/issues/63#issuecomment-1218058597 ||a2ics.eu^$all ! https://github.com/DandelionSprout/adfilt/issues/63#issuecomment-1230939213 ||classicsgirl.com^$document ! https://app.any.run/tasks/a24d7146-479f-4b90-b4d6-c9d6e73257a8 ||pogothere.xyz^$document ||sihighlyrecom.xyz^$all ||czxcm.sihighlyrecom.xyz^$all ||rwanf.sihighlyrecom.xyz^$all ||zosuc.sihighlyrecom.xyz^$all ! https://forums.malwarebytes.com/topic/290022-malware-from-acaptchalesstop/ <-- No proof, but the domain name looks sus ||captchaless.top^$document ||a.captchaless.top^$all ||pshmetrk.com^$document ! https://virustotal.com/gui/url/d86dda38f96243311df2857966c047be0b4097ed4541ebe28cdc0dfc9e4ff4d2/community ! https://app.any.run/tasks/3c8b1d38-de18-488a-9e3f-62b3354c17e8 ||talkweb.org.uk/cl/36889_md/4/5055/3668/710/150935^$document ||haltertrailer.info^$all ||trk-magnam.com^$all ||event.trk-magnam.com^$all ||trk-deserunt.com^$all ||push.trk-deserunt.com^$all ||subscription.trk-deserunt.com^$all ||event.trk-deserunt.com^$all ||alertsx.com^$all ||core.alertsx.com^$all ! Porn scam ||her-cupid.com^$all ||hottieswantu.com^$document ||usabangpalace.com^$all ||offers.usabangpalace.com^$all ||find-singles-online.com^$all ||w86a5jeili53sd6j26lv71h0.find-singles-online.com^$all ! https://forums.malwarebytes.com/topic/290348-fake-mcafee-site/ ! credit to https://forums.malwarebytes.com/profile/62534-chas4/ ||install-network.com^$document ! https://github.com/DandelionSprout/adfilt/issues/63#issuecomment-1257870944 ||netbuilding.com.ar^$document ! Scam shared by https://github.com/piquark6046 (https://app.any.run/tasks/c30445b3-cc48-4039-9b02-26289f798b2f) ||54.37.5.34^$document ! redirects from a hacked website ||rx-qualityshop.com^$all ||canadatrustmed.com^$all ! domains used by adfly for notification spam ! https://github.com/DandelionSprout/adfilt/commit/f60df9e069b404ce56727cc1b734b89ba7241849 ! https://github.com/AdguardTeam/AdguardFilters/issues/132079 ||davisonbarker.pro^$document ||www64.davisonbarker.pro^$document ||www31.davisonbarker.pro^$document ||www10.davisonbarker.pro^$document ||www24.davisonbarker.pro^$document ||www62.davisonbarker.pro^$document ||www87.davisonbarker.pro^$document ||www16.davisonbarker.pro^$document ||www61.davisonbarker.pro^$document ||www50.davisonbarker.pro^$document ||www77.davisonbarker.pro^$document ||www100.davisonbarker.pro^$document ||www85.davisonbarker.pro^$document ||www76.davisonbarker.pro^$document ||www39.davisonbarker.pro^$document ||www28.davisonbarker.pro^$document ||www3.davisonbarker.pro^$document ||www75.davisonbarker.pro^$document ||www78.davisonbarker.pro^$document ||www15.davisonbarker.pro^$document ||www29.davisonbarker.pro^$document ||www70.davisonbarker.pro^$document ||www21.davisonbarker.pro^$document ||www59.davisonbarker.pro^$document ||www25.davisonbarker.pro^$document ||www17.davisonbarker.pro^$document ||www74.davisonbarker.pro^$document ||www99.davisonbarker.pro^$document ||www79.davisonbarker.pro^$document ||www22.davisonbarker.pro^$document ||www94.davisonbarker.pro^$document ||www45.davisonbarker.pro^$document ||www51.davisonbarker.pro^$document ||www98.davisonbarker.pro^$document ||www35.davisonbarker.pro^$document ||www92.davisonbarker.pro^$document ||www12.davisonbarker.pro^$document ||www37.davisonbarker.pro^$document ||www33.davisonbarker.pro^$document ||www68.davisonbarker.pro^$document ||www34.davisonbarker.pro^$document ||davisonbarker.pro/am-push-cps.js$script ||lowrihouston.pro^$document ||www53.lowrihouston.pro^$document ||www44.lowrihouston.pro^$document ||www48.lowrihouston.pro^$document ||www91.lowrihouston.pro^$document ||www57.lowrihouston.pro^$document ||www1.lowrihouston.pro^$document ||www42.lowrihouston.pro^$document ||nathanaeldan.pro^$document ||www97.nathanaeldan.pro^$document ||www61.nathanaeldan.pro^$document ||www48.nathanaeldan.pro^$document ||www4.nathanaeldan.pro^$document ||www86.nathanaeldan.pro^$document ||www84.nathanaeldan.pro^$document ||www50.nathanaeldan.pro^$document ||www39.nathanaeldan.pro^$document ||www16.nathanaeldan.pro^$document ||www44.nathanaeldan.pro^$document ||freddyoctavio.pro^$document ||www63.freddyoctavio.pro^$document ||www70.freddyoctavio.pro^$document ||www16.freddyoctavio.pro^$document ||www36.freddyoctavio.pro^$document ||www21.freddyoctavio.pro^$document ||www68.freddyoctavio.pro^$document ||www72.freddyoctavio.pro^$document ||www86.freddyoctavio.pro^$document ! various domains farmed from adfly ! https://app.any.run/tasks/e18002cc-5207-4834-9e67-08364efb5036 ||toido.arrowtoldilim.com^$all ! https://app.any.run/tasks/07bb037e-3180-40cd-8f59-b7854cabd601/ ||linkedin.com/pulse/free-discord-nitro-generator-verification-maxpro-game-gadget-2022^$all ||cutt.ly/YV9jKsf^$all ||gamegadget2022.blogspot.com^$document ! https://app.any.run/tasks/da8a44c3-965f-4fd6-816d-b5ae16235f62 ||winnenmetje.info^$document ||iphone14.winnenmetje.info^$all ! https://virustotal.com/gui/url/7b40e1b7ffc3b710640ae41c529aff18e4c8cded55391d55c34b601912c5a2a2/community ! https://app.any.run/tasks/f0a198be-f4a4-4414-94c5-21ed61ae0264 ! https://app.any.run/tasks/6600c704-20f5-4643-a9b7-322673aa7eb4 ||vbucks-goo.com^$all ||www.vbucks-goo.com^$all ||www.jpnbgn.com^$document ||789offers.net^$document ||1263dcb80ec5.789offers.net^$all ! https://forums.malwarebytes.com/topic/291952-mb-keeps-finding-same-4-pups/#comment-1541507 ||wilycaptcha.live^$document ||a.wilycaptcha.live^$all ||captchasee.live^$document ||captchatotal.live^$document ! https://app.any.run/tasks/c87a34ca-0d2f-43cb-be6d-8f48506bd723 ||elooksjustli.one^$all ! https://app.any.run/tasks/6bd12a68-ef8e-4e44-9c66-9c8e82cb784c ||2.napublic.com^$all ||napublic.com^$document ||haxbyq.com^$all ||authookroop.com^$document ||s.viiqvmfb.com^$document ! porn-related scams ||flirtclub.life^$all ||bumble-me.com^$document ||localhookup5.com^$all ||i.placefordating.live^$all ||placefordating.live^$all ||eroticmadness.com^$document ||jtdn2.datingtopgirls.com^$all ||datingtopgirls.com^$all ||join-the-dating.com^$document ||18hot.pw^$document ! https://scammer.info/t/discord-nitro-scam/113648 ||132.226.203.60^$all ! popups from shady URL shorteners ||mediasama.com^$document ||ufacw.com^$document ||lyconery-readset.com^$document ||fralstamp-genglyric.icu^$all ! https://app.any.run/tasks/a15bbdd6-64d6-4a49-8457-6fbef1d00872 ||form.run/@fortnite-v-bucks-codes-hack-generator-no-human-verification^$all ||belohnung24.com^$all ! https://app.any.run/tasks/5a76864c-7436-4411-afc8-5937e8d1d147# ||form.run/@free-tiktok-followers-fans-likes-generator^$all ! https://app.any.run/tasks/f7cdecba-0b76-4a5f-9d19-c36a453130dc ! https://tria.ge/240411-xhwjtahh93/behavioral1 ||nationalconsumerscenter.co.uk^$document ||contact.nationalconsumerscenter.co.uk^$document ! https://tria.ge/221208-2zaqwsbg78/behavioral1 ! I got some kind of miner/adware and an adware extension! All in one run! ||manualmaestro.com^$all ||holavpninstaller.com^$document ||cdn4.holavpninstaller.com^$all ||perr.holavpninstaller.com^$document ||client.holavpninstaller.com^$document ! https://forums.malwarebytes.com/topic/292800-posiberchoncom-%C2%A0malwarebytes-please-research-and-update-your-virus-db/ ||posiberchon.com^$all ! https://app.any.run/tasks/68b82f9e-16f5-4514-8140-ac3df58a3114 ||pastebin.com/K5YfahnC^$all ||fastspeed121.xyz^$all ||track.buzz-track.com^$document ||main.smile-keeper.com^$document ! https://app.any.run/tasks/41c5f7b2-250a-4781-86be-e03e56d1a8ed ||telegra.ph/Free-Minecraft-Hacks-No-Virus-Free-Download-08-03^$all ||tlgrph.gotorange.top^$all ||gotorange.top^$all ||puredating.top^$all ! (NSFW) https://app.any.run/tasks/e5a682c3-c4a3-4bb9-abd7-4f6c1cbd22f3 ||telegra.ph/Free-Minecraft-Hacks-No-Virus-Free-Download-07-30^$all ||dating-schedule.com^$document ||onlyfucks1s.com^$all ||d.wonderfuldating.top^$all ||wonderfuldating.top^$all ||milf-book.com^$document ||www.casualdates4you.com^$document ||casualdates4you.com^$document ! an infected VM ||dreamyproducts4u.net^$document ||getarrectlive.com^$all ||get.securedbrowser.net^$document ||securedbrowser.net^$document ||settings.securedbrowser.net^$document ||www.securedbrowser.net^$document ||search.securedbrowser.net^$document ||microsoftedge.microsoft.com/addons/detail/gfbbhkcipmfiidllnalpchabihdgklnl^$document ||microsoftedge.microsoft.com/addons/detail/secured-browse/gfbbhkcipmfiidllnalpchabihdgklnl^$document ||kms-auto.site^$document ||phenotypeguide.com^$all ||onesocialimpactnow.com^$all ||globaledyta.com^$all ! https://app.any.run/tasks/67907c11-6877-4c38-932f-2cf09ee4e434 ||adblock-chrome.net^$all ! https://github.com/uBlockOrigin/uAssets/issues/16000 ! https://app.any.run/tasks/195b871c-b9cd-48f8-a7c1-6a53ea943a4b ||z83z9.com^$document ||videofon.space^$all ||videofen.space^$all ||video7top.com^$all ||click-videov.com^$all ||click-videot.com^$all ||click-videom.com^$all ||click-videok.com^$all ||click-videoc.com^$all ||video7top.site^$all ||videobtc.space^$all ||videoeth.space^$all ||videofun.space^$all ||videofan.space^$all ||videoton.space^$all ||videosol.space^$all ||ythjhk.com^$all ! https://app.any.run/tasks/e0266815-2e00-42cb-b646-fa7dffb4a5e5 ||myget.org/feed/roblox-generator-no-verification/package/nuget/free-robux-generator-no-verification-or-survey-2022-v5153^$all ||deine.belohnung24.com^$all ||spr.belohnung24.com^$all ||expensivesurvey.click^$all ||af.247games.mobi^$document ! various scams from one site ||recodetime.com^$all ||updateinfoacademy.com^$all ! https://forums.malwarebytes.com/topic/293205-alexa-support-scam/ ||twitter.com/smartdotsupport^$all ||privacysearching.com^$document ! probably a Tech Support scam ||bigoven.com/recipe/alexa-helpline-1-855-666-7789-alexa-customer-service-number/2897947^$all ! discord nicro scam ||discordnitrocodegeneratorfree2022nohumanverification.weebly.com^$all ||gainforfree.com^$all ! https://virustotal.com/gui/url/65e7a48f0f2efb758087a0d99e8482a4b3245468e959633493655754fec08f48/community ! https://app.any.run/tasks/58b76078-e35e-46c8-b15e-e187ed375be6 ||bubuxflow.com^$all ! https://virustotal.com/gui/url/9c7b98445c0fd303be8604f383b3c940309068ea88b37d3945f4d34bb42d6c57/community ! (nsfw) https://app.any.run/tasks/a8a191ea-0e54-439f-96fd-c04a04150b06 ||expresscommusa.com^$document ||date.sofortdates69.com^$document ||sofortdates69.com^$document ! https://forums.malwarebytes.com/topic/293293-i-clicked-on-something-and-i-got-redirected-to-malicious-website-help/ ! https://forums.malwarebytes.com/topic/293294-fake-onlyfans-website/ (account required) ! https://app.any.run/tasks/cb1a672e-c3ed-455a-bc84-4b8bc060ee68 ! https://www.hybrid-analysis.com/sample/c3190b42a350a79f2b97af529a8bb57f39b62c9b12367419e71a2d053fb4a5fe ||freeflirtz.com^$document ||sexfriendfdr.freeflirtz.com^$document ! https://app.any.run/tasks/6c4f152f-c5b2-43ab-9b9e-06ae1480c74d ||mnla.biz/resource/dynamic/blogs/20220207_071000_31161.pdf^$all ||cdn.ymaws.com/www.mnla.biz/resource/dynamic/blogs/20220207_071000_31161.pdf^$all ||cldoffers.net^$all ! typical fake "discord nitro generator" ||thunderfiles.co^$document ||g.luckycashzone.com^$document ! https://forums.malwarebytes.com/topic/293412-possible-fake-malwarebytes-number/ ||isixsigma.com/members/malwarebytesmailcxsupport$document ! https://scammer.info/t/viruses-need-to-be-removed-immediately-take-emergency-measures-trojan/117241/3 ||install.sunlifestores.com^$document ! https://virustotal.com/gui/url/2dabab937f09b2892f26c995365f64402574c8aa3e2f9750047131ca7a8d73d6 ! https://tria.ge/230109-14rdrsbd6t/behavioral1 ||lootprime.com^$all ||rdr.mobiletime.net^$all ! https://github.com/AdguardTeam/AdguardFilters/issues/139667 (credit to DandelionSprout for some of these entries) ||yepsimmen.live^$all ||51.68.87.229^$all ! resolve to 51.68.87.229 ||intoobut.live^$document ||logomuado.live^$document ||laxthatpie.live^$document ||tooldidhurt.live^$document ! https://github.com/AdguardTeam/AdguardFilters/issues/139667#issuecomment-1383935774 ||tapwhomjay.live^$all ! https://github.com/AdguardTeam/AdguardFilters/issues/139667#issuecomment-1387103725 ! https://virustotal.com/gui/url/5c74d63d19b8ec82321d352749977e29795a9d074fcdacce3f1c822da28a3bba/detection ! https://github.com/AdguardTeam/AdguardFilters/issues/139667#issuecomment-1398421015 ! https://github.com/AdguardTeam/AdguardFilters/issues/139667#issuecomment-1399002017 ! https://tria.ge/230120-1tlersbg8x/behavioral1 ||totalrecaptcha.top^$all ! https://github.com/DandelionSprout/adfilt/issues/747 ! https://github.com/DandelionSprout/adfilt/commit/f055f89a51e7f9b1bcc58a0013b6207f89594ebe (all credit to DandlionSprout) ||adidascostarica.com^$all ||aloyogaaustria.com^$all ||aloyogacz.com^$all ||asicousutlet.com^$all ||atl-braves.shop^$all ||billabong-turkiye.com^$all ||bosssalescheap.com^$all ||bossusaclearan.com^$all ||bucsjersey.sale^$all ||californiasports.shop^$all ||chacosandalsaustralia.com^$all ||cipomagyarorszag.com^$all ||cityconnect.pro^$all ||clarks-ar.com^$all ||clarks-dk.com^$all ||clarks-pe.com^$all ||clarksirelandshop.com^$all ||clarksoutlet-philippines.com^$all ||clarksoutletecuador.com^$all ||clarkssaleturkiye.com^$all ||clarksuy.com^$all ||clipperton.sk^$all ||collegegameshop.com^$all ||converse-finland.com^$all ||crucialcatch.pro^$all ||crucialcatchshop.pro^$all ||dallascowboys.sale^$all ||fanaticsshop.net^$all ||floridagators.sale^$all ||gaborcanadasale.com^$all ||gaborfactoryoutlets.com^$all ||gaborsaleireland.com^$all ||gaborskodanmark.com^$all ||gaborskonorge.com^$all ||gaborsuomi.com^$all ||gaborsverige.com^$all ||georgiabulldogs.pro^$all ||gheteclarksromania.com^$all ||groundiesshoesuk.com^$all ||gymshark-greece.com^$all ||gymsharksaleus.com^$all ||haglofsrea.com^$all ||haglofsusastore.com^$all ||hitecayakkabi.com^$all ||hitecscarpe.com^$all ||illinoisfightingillini.shop^$all ||iowahawkeyes.pro^$all ||kamikbootsukstore.com^$all ||kenscottshop.com^$all ||kentuckywildcats.shop^$all ||lacostcheapuk.com^$all ||lasport.shop^$all ||longchamp-luxembourg.com^$all ||longchamp-southafrica.com^$all ||longchampbagsonsalecanada.com^$all ||longchampfactoryoutletuk.com^$all ||longchampoutletenligne.com^$all ||longchampoutletsydney.com^$all ||longchampparissoldes.net^$all ||longchampuaedubai.com^$all ||mlbbraves.pro^$all ||mlbjersey.store^$all ||nbaallstarfan.store^$all ||ncaafanshop.com^$all ||ncaajersey.com^$all ||ncaajersey.pro^$all ||ncaajersey.sale^$all ||ncaajerseysstore.com^$all ||ncaashopjerseys.com^$all ||nflgamejersey.store^$all ||nfljersey.pro^$all ||nflnikeshoes.com^$all ||nflsaleshop.com^$all ||nflsalutetoservice.com^$all ||nflsocks.com^$all ||nflstorefan.com^$all ||nflsts.com^$all ||nhlallstar.pro^$all ||nhljersey.sale^$all ||nhlshopfan.com^$all ||nhlshopjersey.com^$all ||onlinestoresshops.com^$all ||oofos-ireland.com^$all ||oofosnorgeoutlet.com^$all ||oofosoutletcanada.com^$all ||oofosoutletmalaysia.com^$all ||oofosoutletonline.com^$all ||oofosshoeaustralia.com^$all ||oofosskorsveriges.com^$all ||pittsburghsteelersshop.com^$all ||psychobunnycolombia.com^$all ||quiksilver-southafrica.com^$all ||quiksilverfactoryoutlet.com^$all ||reebok-chile.com^$all ||reebok-romania.com^$all ||reebokfactoryoutlet.com^$all ||salomon-nederland.com^$all ||salomonaphilippines.com^$all ||salomonashoesnz.com^$all ||salomonespanas.com^$all ||salomonfactoryoutletmadrid.com^$all ||salomonmalaysiawebsite.com^$all ||salomonoutletgreece.com^$all ||salomonoutletsfactory.com^$all ||salomonoutletstoresusa.com^$all ||salomonxapro3d.com^$all ||sapatosclarkportugal.com^$all ||seattlekraken.sale^$all ||sebagoshoesdubai.com^$all ||spraygrousoutlet.com^$all ||swarovskichile.com^$all ||swarovskidubai.com^$all ||swarovskifactoryoutlet.com^$all ||swarovskioutletuk.com^$all ||swarovskiphilippines.com^$all ||swarovskisaleoutlet.com^$all ||tevacolombia.com^$all ||tevagreece.com^$all ||tiendacolumbiachile.com^$all ||tiendaunderarmourmexico.com^$all ||tombradyshop.pro^$all ||tommyhilfigerperth.com^$all ||tumicheapuk.com^$all ||ua-australia.com^$all ||ua-canada.com^$all ||ua-chile.com^$all ||ua-greece.com^$all ||underarmour-israel.com^$all ||underarmour-italia.com^$all ||underarmour-nl.com^$all ||underarmour-nz.com^$all ||underarmour-saudiarabia.com^$all ||underarmourosterreich.com^$all ||vejaoslo.com^$all ||vejaosterreich.com^$all ||xn--conversemaazalar-shc44a.com^$all ||xn--hotiayakkab-p9a38g.com^$all ||xn--vansayakkab-9zb.com^$all ! https://forums.malwarebytes.com/topic/293979-recent-scamware-not-recognized-by-malwarebytes/ ||allreqdusa.com^$all ! NSFW: https://app.any.run/tasks/dff4525c-555a-479e-83ba-c5b2f2d11ab6 ||baconaces.pro^$all ||chrome.google.com/webstore/detail/cats-fanpage/nkhleengjihjncmbkldpfmoankdkhahg^$document ! NSFW: https://app.any.run/tasks/10647999-b75b-42bd-ae49-c7d596f3c797 ||qualitydating.top^$all ||a.curedating.top^$all ||curedating.top^$all ! https://virustotal.com/gui/ip-address/5.181.203.4/relations ||finestdating.top^$document ||datingpoint.top^$document ||vipdatingtime.top^$document ! https://virustotal.com/gui/ip-address/195.201.253.131/relations ||timetopdatings.life^$document ||dateflirt.life^$document ||originalspartner.life^$document ||charmingdating.life^$document ||datingarea.life^$document ||getsexy.life^$document ||findsexy.life^$document ! https://app.any.run/tasks/8ced67f6-f4e6-4fed-b634-86fd93ac4074/ ||darkinfotale.xyz^$all ||hollandcash.nl^$all ||exit.hollandcash.nl^$all ||clean-blocker.com^$all ! https://github.com/DandelionSprout/adfilt/issues/752 ||godpvqnszo.com^$popup ||vipdatingtoday.top^$all ||xxxnewvideos.com^$all ||iseult-aplite.xyz^$all ||img.pushflow.net/creatives/11/5645/1649754393755-push-preview-img.png^$all ||battik-bowwow.xyz^$all ||pshsbscapr.xyz^$all ||cdn.pncloudfl.com/pn/f83/d57/83b/f83d5783b20e21e0de65e6f7f632cde8a29b9ef6.jpg^$all ||click01.pshtrkg.com^$document ||4bd71.trknovi.com^$document ||jergocast.com^$document ||news-pelivo.com^$all ||img.pushflow.net/creatives/11/5645/1649755151938-push-preview-img.png^$all ! https://app.any.run/tasks/cc3be172-9813-4637-914b-533ac2b72299 ||getfreegem.com^$all ||gamingtoolz.club^$all ! from notification scams ||renhadmasandbab.info^$document ||h.curedating.top^$all ||martoysure.live^$all ||goodgollygold.com^$document ! https://github.com/no-cmyk/Search-Engine-Spam-Blocklist/issues/8 ! TODO: verify these entries, hopefully there aren't any more https://github.com/hagezi/dns-blocklists/issues/987 ! https://app.any.run/tasks/e90c2a06-036f-4fff-a36f-dffd0d4048ab ||giftaward.life^$all ! https://github.com/AdguardTeam/AdguardFilters/issues/142492 --> https://github.com/uBlockOrigin/uAssets/commit/fca5436e3e823d73541721867f42dd0712da54a0 ||apkmirror.co^$all ||webogram.org^$all ||webogram.ru^$all ||xn--80affa3aj0al.xn--80asehdb^$all ||telegr.am/user_mgt/login$all ||tgram.ru^$all ||telegramm.site^$all ||web-telegram.net^$all ! other domains not in the uBo commit ||atm-receipts.neocities.org^$document ||apkmirror.net^$document ||github.me^$document ||yandec.ru^$document ||yandex.co^$document ! a test system ||webpick-cdn.s3.amazonaws.com/2%20-%20pending%20massage.jpeg$all ! https://app.any.run/tasks/3f79c271-f68d-48a8-af16-efd001ce7be3 ||mwgtf.hintonjour.com^$all ! https://github.com/AdguardTeam/AdguardFilters/issues/143281 ||understatedworking.com^$all ||jatostepa.com^$all ! https://github.com/hagezi/dns-blocklists/issues/598 ||t-post.com^$all ! https://github.com/hagezi/dns-blocklists/issues/594 ||nirvezal.com^$all ! https://github.com/AdguardTeam/AdguardFilters/issues/144514 ||best-prize.life^$all ||bestbigbonus.life^$all ||bonusgift.life^$all ||bonusscore.life^$all ||greatprizes.life^$all ||mygreatprize.life^$all ||prizeaward.life^$all ||prizesenses.life^$all ||realgift.life^$all ||scorereward.life^$all ||simpleprize.life^$all ||taketheprizes.life^$all ||winearth.life^$all ||winexpert.life^$all ||winmore.life^$all ||winpulse.life^$all ||winsimply.life^$all ! https://github.com/uBlockOrigin/uAssets/issues/17075 ! my analysis: https://app.any.run/tasks/ed301c03-1105-47e5-88d1-66fded6a0a9b ||myspecialdates.com^$document ! https://www.reddit.com/r/uBlockOrigin/comments/11s92xa/badware_risks_page_request_malware/ ||s3.amazonaws.com/extpro/speed4.html$all ||chrome.google.com/webstore/detail/speed-dial/pbclkopbecbmkiijepgjoodiidfkbchn/$document ||www.addonsearch.net^$document ! https://app.any.run/tasks/794fc4f3-e0da-49b0-b29b-304514a8bd2d ||70k-free-robux-generator-no-human-verification.statuspage.io^$all ||bettertool.xyz^$all ! elon musk crypto scam on hacked YouTube channels ! https://app.any.run/tasks/2963db56-bd87-4b82-8b24-97e6e68aef66/ ||x2-promo.net^$all ! https://tria.ge/230318-twrw1ach63/behavioral1 ||teslasend.io^$all ! https://forums.malwarebytes.com/topic/296022-comment-spam-from-my-site/ (account required) ! (my analysis) NSFW https://app.any.run/tasks/cd2d1278-ad10-4c38-8f49-fa34fa675820 ||vipcooldating.top^$all ||f.vipcooldating.top^$all ||i.vipcooldating.top^$all ! https://github.com/durablenapkin/scamblocklist/issues/10 ||adzfree-watch.net^$document ! https://github.com/AdguardTeam/AdguardFilters/commit/57f39538070d7d5e6379da4e58bd02defffa7481 ||ikouthaupi.com^$all ||instreamersdian.com^$all ! https://app.any.run/tasks/31119ba0-9bf8-42e2-8e77-eec9045be865 ||applover.net^$all ! https://app.any.run/tasks/89a5c643-ba0f-4bb6-b953-ef08ee0213ef ||youtubgenerator.w3spaces.com^$all ! https://app.any.run/tasks/482b8fa1-0f24-461a-a4f5-a6996c46ccdc/ ||rewards24.onlinewebshop.net^$all ||locked3.com^$document ||cdn.locked3.com^$document ! https://github.com/durablenapkin/scamblocklist/issues/15 ||rewardsgiantca.com^$document ! https://0xacab.org/my-privacy-dns/matrix/-/issues/90853 ! (my analysis) https://app.any.run/tasks/029760ea-9972-4c3a-8a7e-cca3d7777c0f ||emeraldtrking.com^$all ! https://github.com/StevenBlack/hosts/issues/2271 ||warehousesale.shop^$document ! https://app.any.run/tasks/3137c861-185d-4037-84e9-65cc0adeba15 ||econsultingcoem.com^$all ||bgqcb.econsultingcoem.com^$all ! https://app.any.run/tasks/7626fdcc-20f1-4471-a011-23108f113eca ! https://app.any.run/tasks/4bc28a83-6a39-430a-a74b-246b30ab4ae4 .xyz/1Sm/9.html?*&campaign_id=$document ! https://virustotal.com/gui/ip-address/157.230.4.182/relations ||157.230.4.182^$document ! https://github.com/uBlockOrigin/uAssets/pull/17530 ||rblx.land^$all ! https://github.com/uBlockOrigin/uAssets/issues/17602 ||allprizesforme.com^$all ! https://www.reddit.com/r/uBlockOrigin/comments/12r255v/gamingnewsanalystcom_badware/ ! https://github.com/uBlockOrigin/uAssets/pull/17655 ||gamingnewsanalyst.com^$all ||gamingdebates.com^$all ! https://www.reddit.com/r/uBlockOrigin/comments/12q5o60/repost_fake_dating_site_badware/ ||flirt4free.com^$document ||entrance.flirt4free.com^$popup ! https://www.reddit.com/r/uBlockOrigin/comments/12pues7/fake_123movies_site_leading_to_redirect/ ||123moviesgo.ga^$all ! https://0xacab.org/my-privacy-dns/matrix/-/issues/121793 ||cjtrade4.xyz^$all .xyz/gift_iphone_X/?$document ! https://0xacab.org/my-privacy-dns/matrix/-/issues/121792 ||rplnd60.com^$all ||news-pewuce.com^$all ! from notifications ||totalprotection-2023.store^$all ||closingday2.xyz^$all ||s.viifogyp.com^$all ||viifogyp.com^$document ! https://0xacab.org/my-privacy-dns/matrix/-/issues/121816 ||tradersuper4.xyz^$all ! nitro scam ||tronite.xyz^$all ||locked4.com^$document ||www.locked4.com^$document ! https://www.reddit.com/r/uBlockOrigin/comments/12wqrv5/steamunlockednet_badware/ <-- have not verified sites to be malware! These are just domains ads in my analysis ! https://app.any.run/tasks/9ed7df61-f0a9-49cc-91bc-a3fcc2c59ae1/ ||aluationiamcur.com^$all ||xrlbq.aluationiamcur.com^$all ||awesome-blocker.com^$document ! https://app.any.run/tasks/c9657f58-f49e-4e9e-80bf-9704f0eaa32a (NSFW) ||gbcok.aluationiamcur.com^$all ||www6.renhadmasandbab.info^$popup ||mobilesecuremail.com^$document ! https://github.com/durablenapkin/scamblocklist/issues/38 ||tdsintegrations11.online^$all ||crypto030.online^$all ! NSFW: https://app.any.run/tasks/a1a425ca-7b5d-4774-95bf-c11f8f25685a ||webpick-cdn.s3.us-west-2.amazonaws.com/getlaid.jpeg^$all ||uuksehinkitwkuo.com^$all ||wzzzs.uuksehinkitwkuo.com^$all ! https://github.com/durablenapkin/scamblocklist/issues/40 ||dischargebackhanded.com^$document ||govmedcareers.com^$document ||radiatorcrate.com^$document ||theniemannbest.com^$document ! https://github.com/uBlockOrigin/uAssets/issues/17947 ||pccdirect.site^$all ! youtube typosquatt I found ||you8tube.com^$all /17138/iphone14.html?$document ! https://app.any.run/tasks/494077d1-478b-47e0-871c-b22788a455b6 ||funprizeali.site^$all ! other notification spam ||losbestbsdating2023.com^$document ! discord nitro scam ||techsoftglobals.com^$all ! https://github.com/durablenapkin/scamblocklist/issues/43 ||555sq.com.cn^$document ||prorify.de^$document ||milgenial.uy^$document ||swuso.com^$document ||buyyeezy2023.com^$document ||kingcampoutdoors.co.jp^$document ||imlb2c.com^$document ||felara.com.do^$document ||storagestory.com^$document ||quitasueno.com^$document ||lifestyletrading.co.za^$document ||audiosg.com.sg^$document ||fujibikes.com^$document ||geldencosmeticos.com^$document ||sellfox.com^$document ||iteeus.com^$document ||andamente.pt^$document ||staging.zendrop.com^$document ||courier-tracking.com^$document ||yofi-yofi.com^$document ||stellara.de^$document ||innomediacreate.com^$document ||sehaleservices.com^$document ||decompraschile.com^$document ||salimusic.com^$document ||open-cbd.de^$document ||caraci.it^$document ||shopperexpress.shop^$document ||mila-vica.de^$document ||vinisay.com^$document ||tinkleo.com^$document ||draxu.com^$document ||headsets4business.co.uk^$document ||nosdaarte.com^$document ||babybeddingdesign.com^$document ||coco-vip-shop.com^$document ||xunlei.it^$document ||botsuanah.com^$document ||lojaacasa.com.br^$document ||dashracegear.net^$document ||smartokids.com^$document ||pipopi.com^$document ||lasercutjewelry.net^$document ||carsaratek.com^$document ||xajzfwgs.com^$document ||imagemotorcycles.co.nz^$document ||twinsbio.com^$document ||microgull.com^$document ! https://github.com/hagezi/dns-blocklists/issues/1025 ||msmcompare.com^$all ! https://www.reddit.com/r/uBlockOrigin/comments/13e53jy/badware_movie_sites/ ! https://github.com/uBlockOrigin/uAssets/issues/18333 ||filmshngjbzix.blogspot.com^$all ||mopiez.com^$all ! NSFW: https://tria.ge/230511-1g9xlada3x/behavioral1 ||lynku.mingotime.com^$document ||secret-list.yasdoodl.com^$all ||smcdsecure.com^$all ! https://github.com/hagezi/dns-blocklists/issues/1053 ||i-grade.online^$all ! https://github.com/durablenapkin/scamblocklist/issues/49 ||successglossary.com^$all ||mybestautologin567.com^$all ||microngroup.pro^$all ! https://github.com/durablenapkin/scamblocklist/issues/50 ||abncbp.com^$all ! spam ||locasualx.com^$document ||datingcentral.top^$all ||i.datingcentral.top^$all ! https://tria.ge/230520-nthbwseg41/behavioral1 ||37.1.213.100^$document ||tabloidquantitycosts.com^$all ! account required: https://forums.malwarebytes.com/topic/298281-genshin-impact-scam-websites-to-avoid/ ! my analysis: https://tria.ge/230524-wfaznadg93/behavioral1 ||hoylab.firebaseapp.com^$all ||cloudfront.net/public/dynamo/lockerClick.php?offer=*offer_position$document ||weletmim.com/click?pid=*&offer_id=*&$document ! https://github.com/hagezi/dns-blocklists/issues/1075 ||factorysale2023.com^$document ||onlinestores.factorysale2023.com^$all ||si.factorysale2023.com^$all ||augusthenri.be^$document ! https://github.com/durablenapkin/scamblocklist/issues/54 ||haceroberomaste.com^$all ||nze0xw.haceroberomaste.com^$all ! https://github.com/hagezi/dns-blocklists/issues/1079 ! my analysis: https://app.any.run/tasks/4d88f2f5-5446-4980-8bc9-15e520e96651 ! my analysis: https://app.any.run/tasks/060171c5-6a0f-41db-ba01-27bd8c61e326 ||onlyfanstake.pro^$all ||filedenzu.com^$all ! https://tria.ge/230524-m6b5zacg3y/behavioral2 ||85.192.63.194^$all ! https://www.reddit.com/r/uBlockOrigin/comments/13ub824/trojan_scam_ads_to_block/ ! my analysis: https://app.any.run/tasks/e3720726-f650-434c-b34c-68ce718977ff ||goo.googoodee.com^$all ||vipsupport.festivalmarqueecompany.cyou^$all ||festivalmarqueecompany.cyou^$document ! https://app.any.run/tasks/484b97da-3dff-466a-99c7-c1a7fe4ac385 ||fbshredder.com^$document ||softwaredlfast.top^$all ||softwarebaze.top^$document ||rapidfilesbase.top^$document ! https://app.any.run/tasks/e9aa7e83-283f-4ef3-bb6f-cd98d7df2e1e ||hypercracker.com^$all ! https://github.com/hagezi/dns-blocklists/issues/1098 ||improtants.space^$all ! https://0xacab.org/my-privacy-dns/matrix/-/issues/551938 ! my analysis: https://tria.ge/230531-2tegwsbh3v/behavioral1 ||pdtrax.g2afse.com^$document ||tr.trackingit.site^$all ||trackingit.site^$document ! https://github.com/uBlockOrigin/uAssets/issues/18366 ! my analysis: https://app.any.run/tasks/cf36d3ac-bedd-4cb9-bc9f-ac389b769d20 ||globaladblocker.info^$all ! my analysis: https://app.any.run/tasks/7696196c-7c36-4dcc-aace-cb09f14b6685 ||ourcommonwords.com^$all ||supapush.net^$document ! https://github.com/uBlockOrigin/uAssets/issues/18375 ! nsfw: https://app.any.run/tasks/e3da5e5e-8b6d-4a7f-8165-6439ff68d940 ||www.fulltimesecurityguard.com^$all ! https://github.com/uBlockOrigin/uAssets/issues/18380 ||lgpc.bestextensionegde.com^$all ||bestextensionegde.com^ ! nsfw: https://app.any.run/tasks/49927d07-3f8e-4115-a6e3-476e6aec62c0 ||nodritsissub.com^$all ! https://github.com/uBlockOrigin/uAssets/pull/18388 ||roundyearfun.org^$document ||anyplacehere.me^$document ! https://tria.ge/230605-nfg4zagb63/behavioral2 ||errors.pro^$document ||stucktimeoutvexed.com^$document ! https://github.com/DandelionSprout/adfilt/discussions/779#discussioncomment-6141190 ||dateperfectly.top^$all ||c.dateperfectly.top^$all ! https://github.com/uBlockOrigin/uAssets/issues/18452 ||geminifond.com^$all ! https://virustotal.com/gui/url/7df0f1873fb746b2eb98a9fc8245000222a31db82506d9988adc83f145c80b3a ! my analysis: https://app.any.run/tasks/eb63e697-9df1-425a-814d-5e23858c146f ||umbrellacorporation.id^$all ||push-gabjbib-9138.boustahe.com^$all ||memesfunny.org^$document ||dudialgator.com^$all ||coustaushaw.com^$all ! https://dnstwist.it/ for slack.com ! https://app.any.run/tasks/14cafa37-652e-47dc-b08f-39843f7ef022 ||slackk.com^$all ||galotop1.com^$document ! https://github.com/uBlockOrigin/uAssets/issues/18527 ||together.com^$document ||maturedating.com^$document ! https://github.com/uBlockOrigin/uAssets/issues/18537 ! https://tria.ge/230617-ar39pahb3w/behavioral2 ||whaujimisurvey.top^$all ||eehuzaih.com^$document ! https://tria.ge/230617-ar39pahb3w/behavioral3 ||subscribe-notifications.com^$document ||user0.subscribe-notifications.com^$document ||user1.subscribe-notifications.com^$document ! https://github.com/hagezi/dns-blocklists/issues/1193 ||coinaps.com^$all ! https://tria.ge/230624-phdd8scc7t/behavioral1 ||discordnitro.live^$all ||www.discordnitro.live^$all ||rapidownload.online^$all ||qoaaa.com^$document ||d.rapidownload.online^$all ! https://tria.ge/230624-pw6ypsbc94/behavioral1 ||freevbucks2022.online^$all ! https://tria.ge/230624-p3xcvabd24/behavioral2 ! https://www.hybrid-analysis.com/sample/9cdcea08ed2d28f0618a032fdcac2a0f070020035d54d0e63ae3b90ba9a8cfa3 ||ufile.io/p4nduixt^$all ! unrelated malware ads on the download link ! https://app.any.run/tasks/426cbd81-f441-436c-b227-15224316ce4b ! https://tria.ge/230624-pzryysbc98/behavioral1 ||chromnius.com^$document ||www.chromnius.com^$document ! https://github.com/DandelionSprout/adfilt/discussions/779#discussioncomment-6298369 ! https://tria.ge/230701-q2qdksgh48/behavioral1 ||crummygoddess.com^$all ! https://github.com/uBlockOrigin/uAssets/pull/18736 ||twitter-circle.com^$all ! https://github.com/uBlockOrigin/uAssets/issues/18664 ||family-simulators.io^$all ||familyfornicate.com^$all ! https://github.com/blocklistproject/Lists/issues/1015 ||bigosext9s.com^$document ! popups ||xmegaxvideox.com^$all ||neeglashsurvey.top^$all ! https://github.com/MetaMask/eth-phishing-detect/pull/12960 ||app.uniswap.cam^$document ||claim-booster.xyz^$document ||crypto-claims.io^$document ||notify-metamask.com^$document ! https://github.com/hagezi/dns-blocklists/issues/1255 ||beze.co^$document ||laro.co^$document ||haso.co^$document ||fessy.co^$document ||zatte.co^$document ||lanno.co^$document ||detty.co^$document ! https://tria.ge/230708-zw13kaab69/behavioral2 ||install-check.com^$all ||goph.club^$all ! https://github.com/hagezi/dns-blocklists/issues/1266 ||zat.io^$all ! https://github.com/hagezi/dns-blocklists/issues/1310 ||bcb.game^$all ! scam? notification spam & weird pharmaceutical ads ||us-trendingtoday.com^$document,popup ! https://tria.ge/230718-vydmtscf83/behavioral1 ||truebuyerreview.com^$all ||areyourealhuman.com^$all ||cdn.areyourealhuman.com^$all ! not my analysis: https://app.any.run/tasks/5bc3d455-486d-4d74-9cae-557eeaf69f27/ ! my analysis: https://app.any.run/tasks/fc24d271-a114-4c43-b99b-8bf8e9f6c704 ||eu.gtrxlnd7.com^$all ||gtrxlnd7.com^$document ! https://github.com/durablenapkin/scamblocklist/issues/58 ! https://github.com/hagezi/dns-blocklists/issues/1330 ||hotdebrid.com^$document ||maxdebrid.com^$document ! https://github.com/hagezi/dns-blocklists/issues/409 ||anydebrid.com^$document ! https://github.com/durablenapkin/scamblocklist/issues/59 ! https://github.com/hagezi/dns-blocklists/issues/1335 ||primeleech.com^$all ||www.primeleech.com^$all ! https://app.any.run/tasks/cc0dd977-97e3-4b4a-833b-dfc4d5f0be55/ ||ak.deephicy.net^$popup ||qr-captcha.com^$document ||haffnetworkmm.com^$document ||cdn4.haffnetworkmm.com^$document ||im2easy.site^$document ||downlon.com^$document ! https://tria.ge/230724-z8hfzsha64/behavioral1 ||zubajuroo.com^$all ||singlewomenmeet.com^$document ||only2date.online^$document ||amnotification.com^$all ! https://0xacab.org/my-privacy-dns/matrix/-/issues/646177 ||desbiens123.net^$all ! https://0xacab.org/my-privacy-dns/matrix/-/issues/646168 ||systemoon.co.in^$all ! https://0xacab.org/my-privacy-dns/matrix/-/issues/644871 ||inarilyhukel.info^$all ! https://forums.malwarebytes.com/topic/300664-malwarebytes-premium-subscription-fails-to-detect-infection/ ||prizehub.top^$all ! https://tria.ge/230729-a8fjysba31/behavioral1 ||ambrs.online^$document ||www.ambrs.online^$document ! infected system ||dojtxl6jydd7s.cloudfront.net/*/*/indexp.html$document ||jokekroako.com^$all ||push-ebfhafd-7996.boustahe.com^$document ! https://0xacab.org/my-privacy-dns/matrix/-/issues/646600 ||74les.ru^$all ! fake robux generator ! https://tria.ge/230731-x1nlxsae69/behavioral2 ||94.142.138.131^$all ! anonfiles ads ||browser-app.co^$popup ! https://www.bleepingcomputer.com/news/security/fake-flipperzero-sites-promise-free-devices-after-completing-offer/ ||trkrspace.com^$all ! anonfiles ads ||outhjkm.ezasutuduwife.online^$document ! https://forums.malwarebytes.com/topic/300873-i-keep-getting-pop-ups-from-eudmailcom/ ||eudmail.com^$all ! https://0xacab.org/my-privacy-dns/matrix/-/issues/649649 ! https://tria.ge/230805-rb1bjaee3x/behavioral1 ||thewinjackpot.life^$all ! https://github.com/uBlockOrigin/uAssets/issues/19271 ! https://tria.ge/230805-1pnz4agc7w/behavioral1 ||wbilvnmool.com^$popup ||theod-omq.com^$document ||goatmod.xyz^$all ! https://tria.ge/231022-p48ghaab87/behavioral1 ||propolixte.com^$all ||quinc-rdk.com^$document /nlp/index.php?clickid=*&t1=*&t2=*&t3=*&t4=*&t5=propolixte,propolixte.com,propolis&url_bnm_redirect=$all /click.php?lp=data_upd&site_id=1293|$document $all,domain=goatmod.xyz|metriumoldeb.com ||12ezo5v60.com^$document ! https://github.com/easylist/easylist/pull/16955 ! https://tria.ge/230806-xd58fsdc4t/behavioral1 ||lands.ninja^$document,popup ||6.lands.ninja^$all ||19.lands.ninja^$all ! https://github.com/durablenapkin/scamblocklist/issues/61 ! https://github.com/hagezi/dns-blocklists/issues/1390 ||okdebrid.com^$document ||youdebrid.com^$document ! https://github.com/uBlockOrigin/uAssets/issues/19316 ! https://tria.ge/230810-zq62maag9y/behavioral1 ||uidhealth.com^$all ! https://tria.ge/230810-zzlr2sah5y/behavioral1 ||popgoldblocker.info^$document ||adblockology.net^$all ||download-adblock-zen.com^$document ||blockadsology.net^$document ! https://web.archive.org/web/20230813181452/https://www.bleepingcomputer.com/news/security/uk-gov-keeps-repeating-its-voter-registration-website-is-not-a-scam/ ||householdresponses.com^$document ! https://infosec.exchange/@briankrebs/110889813735728083 ||diligere.co.uk^$document ! https://github.com/MetaMask/eth-phishing-detect/pull/13289 ||optimisim.io^$document ! https://github.com/hagezi/dns-blocklists/issues/1440 ! https://tria.ge/230817-nq2alaha63/behavioral1 ||seasonsofficial.com^$document ! https://github.com/uBlockOrigin/uAssets/issues/19400 ! https://tria.ge/230819-nzqkfshe69/behavioral1 ||video-adblocker.pro^$document ! https://github.com/hagezi/dns-blocklists/issues/1452 ||huuskmesser.de^$all ||huusk-original.com^$all ! https://www.malwarebytes.com/blog/threat-intelligence/2023/08/wooflocker2 ||api.cloudcachestels.com^$all ||api.imagecloudsedo.com^$all ||cdncontentstorage.com^$all ||cdnpictureasset.com^$all ||cloudcusersyn.com^$all ||cloudgertopage.com^$all ||cloudlogobox.com^$all ||logosvault.com^$all ||miniassetcloud.com^$all ! https://github.com/hagezi/dns-blocklists/issues/1457 ||cutty.app^$document ! https://github.com/hagezi/dns-blocklists/issues/1455 ||wintexfashions.com^$all ! https://github.com/AdguardTeam/AdguardFilters/issues/159825 ||i7kctkutdv2c.top^$all ||confirm.i7kctkutdv2c.top^$all ! https://github.com/AdguardTeam/AdguardFilters/issues/159825#issuecomment-1688865198 (credit to dandelionsprout) ://confirm.*.top^$document,popup ||topmoneysurvey.com^$all ||better-than-tinder.com^$all ||awarded-best-vpn.com^$all ||best-finance-now.com^$all ||best-global-apps.com^$all ||best-hornygirls.com^$all ||best-official-app.com^$all ||best-smart-utility.com^$all ||big-players-club.com^$all ||big-prizes-site.com^$all ||big-winnings-spot.com^$all ||bustygirls-online.com^$all ||campwredir.com^$all ||check-you-device.com^$all ||chikasinapp.com^$all ||crazy-win-casino.com^$all ||cute-wet-babes.com^$all ||protect-your-phone.com^$all ||datingpwredir.com^$all ||easy-sex-dates.com^$all ||fast-growing-app.com^$all ||findyourlovesurvey.com^$all ||free-gifts-onweb.com^$all ||freebies-take.com^$all ||your-lucky-day.com^$all ||gambpwredir.com^$all ||girls-wants-you.com^$all ||giveaway-site.com^$all ||global-app-center.com^$all ||global-casino-gaming.com^$all ||grab-your-money.com^$all ||hd-video-app.com^$all ||high-safety-vpn.com^$all ||horny-neighbour.com^$all ||hornygirls-onsite.com^$all ||hornygirlsinapp.com^$all ||jump-path1.com^$all ||jump-path2.com^$all ||redirect-path1.com^$all ||redirect-path2.com^$all ||your-online-casino.com^$all ||hot-girls-around.com^$all ||hot-pretty-chiks.com^$all ||hotgirls-around.com^$all ||how2-become-rich.com^$all ||indiastream-online.com^$all ||juicy-girls-online.com^$all ||loadingscripts.com^$all ||love-connectors.com^$all ||love-territory.com^$all ||wheel-of-luck.com^$all ||mobile-safe-app.com^$all ||most-advanced-vpn.com^$all ||my-casino-now.com^$all ||nice-babes-nearby.com^$all ||nor-pw1.com^$all ||nor-pw10.com^$all ||nor-pw11main.com^$all ||nor-pw12.com^$all ||nor-pw13.com^$all ||nor-pw14.com^$all ||nor-pw15.com^$all ||nor-pw2.com^$all ||nor-pw3main.com^$all ||nor-pw4ad.com^$all ||nor-pw5.com^$all ||nor-pw6.com^$all ||nor-pw7.com^$all ||nor-pw8.com^$all ||nor-pw9.com^$all ||techbytemedia.com^$all ||o863tmto6ocp.com^$all ||oj0in172pri5.com^$all ||online-survey-service.com^$all ||only-sexy-girls.com^$all ||perfectbabe4you.com^$all ||pretty-girls-nearby.com^$all ||privacy-focused-vpn.com^$all ||prize-collecting-site.com^$all ||pw-content.com^$all ||pw-download.com^$all ||pw-red-ad.com^$all ||pw-red-main.com^$all ||pw-red-test.com^$all ||pw-show-ad.com^$all ||pw-show-main.com^$all ||pw-show-test.com^$all ||pwredir-1.com^$all ||pwredir-2.com^$all ||pwredir-3.com^$all ||pwredir-4.com^$all ||pwredir-5.com^$all ||real-hot-profiles.com^$all ||real-hotbabes.com^$all ||redir-pw1.com^$all ||redir-pw10.com^$all ||redir-pw11.com^$all ||redir-pw12.com^$all ||redir-pw13.com^$all ||redir-pw14.com^$all ||redir-pw15.com^$all ||redir-pw2.com^$all ||redir-pw3main.com^$all ||redir-pw4ad.com^$all ||redir-pw5.com^$all ||redir-pw6.com^$all ||redir-pw7.com^$all ||redir-pw8.com^$all ||redir-pw9.com^$all ||rich-people-club.com^$all ||search-top-videos.com^$all ||secret-casino-site.com^$all ||secured-browsing-app.com^$all ||secured-connect-app.com^$all ||shoppwredir.com^$all ||stay-secured-online.com^$all ||stay-virus-free.com^$all ||strip-hotbabes.com^$all ||sweet-alone-girls.com^$all ||testpwredir.com^$all ||three-hundred-bucks.com^$all ||top-awarded-app.com^$all ||top-betting-now.com^$all ||top-cleaner-app.com^$all ||top-gambling-spot.com^$all ||top-mobile-scanner.com^$all ||top-safest-vpn.com^$all ||top-secure-app.com^$all ||top-store-app.com^$all ||top-trend-app.com^$all ||top-video-content.com^$all ||top-wealth-secrets.com^$all ||top-web-secure.com^$all ||topwebportals.com^$all ||users-choice-app.com^$all ||utipwredir.com^$all ||video-streaming-app.com^$all ||vpn-risk-free.com^$all ||vppwredir.com^$all ||web-protected-app.com^$all ||win-big-here.com^$all ||winwin-raffle.com^$all ||your-finance-now.com^$all ||your-survey-services.com^$all ||185.246.188.124^$document ||185.246.188.125^$document ||194.63.140.103^$document ||194.63.143.61^$document ||194.63.143.96^$document ! https://github.com/durablenapkin/scamblocklist/issues/63 ||summersale.online^$all ! https://github.com/hagezi/dns-blocklists/issues/1469 ||crackedkey.org^$all ! https://github.com/hagezi/dns-blocklists/issues/1470 ||mixcrack.net^$all ! https://github.com/hagezi/dns-blocklists/issues/1471 ||kingsoftz.com^$all ! https://tria.ge/230828-zyzbraga22/behavioral1 ||push-ebfhafd-6311.boustahe.com^$all ||push-*.boustahe.com^$document ||nomadsfit.com^$all ||apedodo8.fun^$document ||derytc.click^$all /light/av/nrtn03/index.php?lpkey=$document ! https://tria.ge/230830-l7yjxseb6z/behavioral1 ||push-ebfhafd-5643.boustahe.com^$all ||sys.donecperficiam.net^$document ||nomadsbrand.com^$all ! https://tria.ge/230831-zcwzhaad59/behavioral1 ||system-notify.app^$third-party ||paladiact.com^$all ||pupspu.com^ ||aug3120.rednewly.com^$document ||browsekeeper.com^$document ! https://github.com/hagezi/dns-blocklists/issues/1512 ||online-binomo.com^$document ||binomo-id.pro^$document ||binomoindonesia.com^$document ||www.binomoweb.org^$document ||www.binomo.vip^$document ||binomoweblogin.com^$document ||binomo2022.net^$document ||www.binom0-web.com^$document ||binomo.broker^$document ||binomo-brokers.com^$document ! https://github.com/durablenapkin/scamblocklist/issues/64 ||coinreq.com^$document ! https://tria.ge/230909-m91mqsaf82/behavioral1 ||uplevelrewards.com^$document ||www.uplevelrewards.com^$document ||liveappsearch.com^$document ||www.liveappsearch.com^$document ||wholedailyjournal.com^$all ||fubsoupt.top^$all ||adblocked-supreme.net^$document ! https://tria.ge/230909-tghd1scd3y/behavioral1 ||h.datingcentral.top^$all ! https://github.com/StevenBlack/hosts/issues/2436 ||w61.1piecemanga.com^$document ||fbet.com^$all ! my analysis: https://tria.ge/230910-pysh4ahb47/behavioral1 ! my analysis: https://tria.ge/230910-py86vahb49/behavioral1 ||stemboastfulrattle.com^$all ! https://github.com/AdguardTeam/AdguardFilters/issues/161349 ! https://tria.ge/230913-mb6fbsdh42/behavioral1 /light/QfhuPJ/index.php?lpkey=$document ||best-pc-protect.xyz^$all ! https://tria.ge/231002-nhasnsbb63 ||allsidesguide.com^$all ||sulkvulnerableexpecting.com^$all ||secondquaver.com^$document ! https://github.com/hagezi/dns-blocklists/issues/1658 ! my analysis: https://tria.ge/231004-p3e4kabg8t/behavioral1 ||z-lib.is^$all ! https://www.reddit.com/r/zlibrary/comments/16xtm67/if_you_cannot_download_any_books_then_youre_on/ ||zlib.is^$all ||zlib.to^$all ||zlibrary.to^$all ||zlibrary.is^$all ||z-lib.io^$all ! https://tria.ge/231005-2c2abshf76/behavioral1 ||2ntrfi.torixibre.com^$all ||invv7n.torixibre.com^$all /av_sw.js?uid=*-*-*-*-*&sid=*-*-*-*-*&sd=*==$first-party,script,domain=com|top|xyz /click.php?key=*&zone_id=$document $popup,third-party,denyallow=trbbt.net|turbodownload.net,domain=turbobit.net /landers/mcafee_mac_os_scanner_multilang/alert.png|$image,domain=~mcafee.com|~archive.org ||rmut-glo.brandandgift.com/t/clk?id=$popup,third-party ! https://github.com/hagezi/dns-blocklists/issues/1724 ||healy.world^$document ||healyworld.net^$document ||healy.shop^$document ! https://tria.ge/231021-mvvg6sff95/behavioral1 ||downloads-101.com^$document ||mafens.xyz^$all .xyz/74Ko/7.html?cep=$document .xyz/74Ko/files/images/action_3.gif|$image,first-party ! https://github.com/hagezi/dns-blocklists/issues/1760 ||altrafi.com^$document ||altrafinland.com^$document ||altrasuomi.com^$document ||altrasuomioutlet.com^$document ||asicsale.com^$document ||asicsoutletsuomi.com^$document ||asics-suomi.com^$document ||asicssuomioutlet.com^$document ||balmainsuomishop.com^$document ||carharttsuomi.com^$document ||caterpillarfi.com^$document ||caterpillarsuomi.com^$document ||champion-suomi.com^$document ||championsuomi.com^$document ||columbia-suomi.com^$document ||comfitunderwear-suomi.com^$document ||conversefi.com^$document ||converseinsuomi.com^$document ||converseoutlethelsinki.com^$document ||crossfitsuomi.co^$document ||demoniafinland.com^$document ||demoniasuomi.com^$document ||demoniasuomi.net^$document ||desigualsuomi.net^$document ||dopesnowsuomi.com^$document ||dope-suomi.com^$document ||dopesuomi.com^$document ||footjoy-suomi.com^$document ||footjoysuomi.com^$document ||gym-shark.co.za^$document ||gymsharkaustralia-au.com^$document ||gymsharkcolombia-co.com^$document ||gymsharkcz.cz^$document ||gymsharkczshop.cz^$document ||gym-shark-danmark.com^$document ||gymsharkdublin.com^$document ||gymsharkfinland.com^$document ||gymsharkhungarystore.com^$document ||gym-shark-india.com^$document ||gymsharkinsouthafrica.co.za^$document ||gym-shark-italia.com^$document ||gymshark-italia.com^$document ||gym-sharkmexico.com.mx^$document ||gymsharkmexicostore.com^$document ||gymsharkmexicotiendas.com.mx^$document ||gymshark-no.com^$document ||gymshark-osterreich.at^$document ||gym-shark-philippines.com^$document ||gymsharkshop.cz^$document ||gymshark-sk.sk^$document ||gymsharkslovenijaeu.com^$document ||gymsharkspainstore.com^$document ||gymsharkssuomi.com^$document ||gymsharkstorenyc.com^$document ||gymshark-sweden.com.se^$document ||haglofsoutletsuomi.com^$document ||hanwagsuomi.net^$document ||hellyhansensuomi.net^$document ||icebugfioutlet.com^$document ||icebugsuomi.net^$document ||inov-8suomi.com^$document ||jomafinland.com^$document ||kappasuomi.com^$document ||keds-suomi.com^$document ||kedssuomi.com^$document ||kedssuomishop.com^$document ||kickerssuomi.com^$document ||loakesuomioutlet.com^$document ||lornajanesuomi.com^$document ||lornajanesuomi.net^$document ||louboutin-finland.com^$document ||mizunofi.com^$document ||mizuno-suomi.com^$document ||moonbootssuomi.com^$document ||moonboot-suomi.com^$document ||muckbootsuomi.com^$document ||nikeinsuomi.com^$document ||nikeoutletsuomi.com^$document ||nikesuomi-fi.com^$document ||osirissuomi.com^$document ||osprey-suomi.com^$document ||ospreysuomi.net^$document ||outletadidas.com^$document ||outletadidasfi.com^$document ||outletarcteryx.com^$document ||outletcarhartt.com^$document ||outletjoma.com^$document ||outletlego.com^$document ||outletmizuno.com^$document ||outletsalomon.com^$document ||outletversace.com^$document ||palladiumfi.com^$document ||palladiumsuomishop.com^$document ||pleaserssuomi.com^$document ||pleasersuomi.com^$document ||puma-fi.com^$document ||pumafinland.com^$document ||pumafi-suomi.com^$document ||puma-suomi.com^$document ||pumasuomioutlet.com^$document ||restockssuomi.com^$document ||salmingsuomi.com^$document ||salomonfinland.com^$document ||salomonsuomioutlet.com^$document ||sanuksuomi.net^$document ||sendrasuomi.net^$document ||skims-suomi.com^$document ||tedbakerfinland.com^$document ||tedbakeroutletsuomi.com^$document ||tedbakersuomi.net^$document ||tevafi.com^$document ||teva-finland.com^$document ||tevahelsinki.com^$document ||tevassuomi.com^$document ||tevasuomi.com^$document ||timberlandhelsinki.com^$document ||timberland--suomi.com^$document ||timberlandsuomi.net^$document ||uniqlofinland.com^$document ||uniqlosuomi.com^$document ||vansale.net^$document ||vejasuomi.net^$document ||vessiale.com^$document ||vessisuomi.com^$document ||vivobarefoot-suomi.com^$document ||vivobarefootsuomi.com^$document ||xn--gymsharkespaa-tkb.com^$document ||xn--gymsharksterreich-6zb.com^$document ||youngla-suomi.com^$document ! https://www.bleepingcomputer.com/news/security/bloomberg-crypto-x-account-snafu-leads-to-discord-phishing-attack/ ||altdentifiers.com^$all ! https://web.archive.org/web/20231120125914/https://www.bleepingcomputer.com/news/security/russian-hackers-use-ngrok-feature-and-winrar-exploit-to-attack-embassies/ ! https://tria.ge/231120-qafp3aga52/behavioral1 ! https://infosec.exchange/@iampytest1/111443079100649886 ||cyber-wizard.com^$all ||iboltcyberhacker.wixsite.com^$all ! https://github.com/durablenapkin/scamblocklist/issues/70 ||ekommmedia.com^$document ||try.ekommmedia.com^$document ! https://github.com/RPiList/specials/issues/1369 ||qdyqdym.shop^$all ||buy.qdyqdym.shop^$all ! https://github.com/RPiList/specials/issues/1400 ||america4internationalstudents.com^$document ! https://github.com/RPiList/specials/issues/1404 ||bonprix-sale.$document ! https://github.com/durablenapkin/scamblocklist/issues/73 ||bite-life.com^$all ! scam ||medium.com/@liamm7203/hire-a-hacker-to-change-university-grades-transcripts-lee-ultimate-hac-0ea869b69aca^$all ! possible scam (fake age verification) ||pregnantsimulator.com^$document ||adultonlineplay.com^$document ! https://github.com/RPiList/specials/issues/1422 ||nelyc5h5x.jaynapatel.co.uk^$all ! https://github.com/hagezi/dns-blocklists/issues/2049 ||adidascolombia.net^$document ||adidasfotballsko.com^$document ||adidashungaryhu.com^$document ||adidasperu.com^$document ||adidasschoenen.com^$document ||adidassrbijashop.com^$document ||adidaszagreb.com^$document ||aerosolesshoesoutlets.com^$document ||airjordanbelgique.net^$document ||airjordanmagasinsuisse.com^$document ||aldocanada.net^$document ||aldomontreal.com^$document ||aldozapatos.com^$document ||alessandrozavettijas.com^$document ||alessandrozavettiromania.com^$document ||alessandrozavettiuk.com^$document ||aloyogaaustralia.net^$document ||aloyogabrasil.com^$document ||aloyogasale.net^$document ||aloyogasuomi.net^$document ||altra.ae^$document ||altrabelgie.com^$document ||altradanmarkshop.com^$document ||altraroadshoesnz.com^$document ||altrarunnerjapan.com^$document ||altrashoesdk.com^$document ||altrasverigeshop.com^$document ||annafieldshop.fr^$document ||asicskuwaitsale.com^$document ||asolocipele.com^$document ||asolosko.com^$document ||asportuguesaslatvija.com^$document ||autrybelgique.net^$document ||autryjapan.net^$document ||autrymexico.net^$document ||autryshoes.pl^$document ||autryshoesjapan.com^$document ||autrystore.net^$document ||autryuae.net^$document ||axelarigatojapan.net^$document ||axelarigatomilano.it^$document ||axelarigatooslo.com^$document ||axelarigatotenisice.com^$document ||balancecentrum.eu^$document ||bapebelgium.com^$document ||bapeberlin.de^$document ||bapecanadasale.com^$document ||bapedanmark.net^$document ||bapeeesti.com^$document ||bapeisrael.com^$document ||bapejapanonline.com^$document ||bapelietuva.com^$document ||bapenederland.net^$document ||bapenorgeoutlet.com^$document ||bapeportugal.net^$document ||bapesuisse.com^$document ||bapewien.at^$document ||barbourpolska.com^$document ||barbourpolska.net^$document ||belenkafi.com^$document ||billabong-argentina.com^$document ||billabongcanada.net^$document ||billabongportugal.net^$document ||bocancilowa.com^$document ||botashunterargentina.com^$document ||botashuntermexico.com^$document ||botashuntermujer.com^$document ||bothunterturkiye.com^$document ||bottegavenetasuomi.com^$document ||botycaterpillar.cz^$document ||brooksrunningindonesia.com^$document ||brooksshoesuk.com^$document ||brookssuomioutlet.com^$document ||brookswyprzedaz.pl^$document ||carharttchile.net^$document ||carhartthungary.com^$document ||carharttlatvia.com^$document ||carharttsrbija.com^$document ||carharttsuisse.com^$document ||carharttuae.net^$document ||castanerromania.com^$document ||caterpillarbootscanada.net^$document ||caterpillarchaussure.net^$document ||cerabone.cz^$document ||championbelgique.com^$document ||championberlin.de^$document ||championclchile.com^$document ||championcolombia.net^$document ||championdanmark.com^$document ||championisrael.net^$document ||championjapan.net^$document ||championkuwait.net^$document ||championroma.it^$document ||championslovenija.com^$document ||championuksale.com^$document ||cizmesorel.com^$document ||clarksbuty.pl^$document ||clarksmontreal.net^$document ||clarksportugal.net^$document ||clarksscarpe.it^$document ||clarksshoesaustralia.net^$document ||clarksshoesnz.net^$document ||coccinellepolska.com^$document ||columbiashoesmalaysia.com^$document ||converse-chile.cl^$document ||converseinespana.com^$document ||conversekuwait.com^$document ||converseromestore.it^$document ||converseshoesmalaysia.com^$document ||conversesrbija.com^$document ||conversestoreperu.com^$document ||converseuk.com^$document ||conversezurich.net^$document ||convresesuomi.com^$document ||crocslietuva.com^$document ||crocsuruguay.net^$document ||crocswarszawa.pl^$document ||cycasturkey.com^$document ||dannerbootsfrance.net^$document ||dannerbootsromania.com^$document ||dannerwandelschoen.com^$document ||dc-shoesperu.com^$document ||demoniabootscanada.com^$document ||demoniabootsireland.com^$document ||demoniabudapest.com^$document ||demoniajapan.com^$document ||demoniaportugal.com^$document ||demoniaromania.com^$document ||demoniashoesnorge.com^$document ||demoniastiefel.de^$document ||docsmartensfactoryoutlet.com^$document ||dopeargentina.net^$document ||dopechile.com^$document ||dopedanmark.com^$document ||dopeeesti.com^$document ||dopenorge.com^$document ||dopeportugal.net^$document ||dopesnownederland.com^$document ||dopesnowromania.com^$document ||drmartensbatai.com^$document ||drmartensbot.com^$document ||drmartensbotas.com^$document ||drmartensdamen.de^$document ||drmartensdublin.com^$document ||drmartenssalg.com^$document ||drmartensskroutz.com^$document ||eastpaklietuva.com^$document ||eccomontreal.com^$document ||eccorusland.com^$document ||eccoshoessaleaustralia.com^$document ||etniesshoesireland.com^$document ||fitflopparis.net^$document ||fitflopromania.com^$document ||footjoycanada.net^$document ||footjoygolfshoesuk.com^$document ||footjoyjapan.net^$document ||footjoyoutletmexico.com^$document ||footjoyshoesaustralia.com^$document ||fotbalovyfestival.cz^$document ||geoxargentina.net^$document ||geoxbelgique.com^$document ||geoxgreece.net^$document ||geoxisrael.com^$document ||geoxkuwait.com^$document ||geoxlatvija.com^$document ||geoxmexico.com^$document ||geoxnederland.net^$document ||geoxnorge.net^$document ||geoxportugaloutlet.com^$document ||geoxschweiz.com^$document ||geoxsouthafrica.com^$document ||geoxsrbija.com^$document ||geoxsuomi.com^$document ||geoxuk.com^$document ||geoxuruguay.com^$document ||groundiescanada.net^$document ||groundiesportugal.top^$document ||groundiesschoenennederland.com^$document ||guessfinland.com^$document ||gymsharkrea.com^$document ||gymsharksklep.pl^$document ||gymsharkstorejapan.net^$document ||hanwagoutletstore.com^$document ||hanwagshoesoutlet.com^$document ||hellyhansenargentina.net^$document ||hellyhansenaustralia.net^$document ||hellyhansencanada.com^$document ||hellyhansenchile.com^$document ||hellyhansencolombia.com^$document ||hellyhanseneesti.com^$document ||hellyhansengreece.com^$document ||hellyhansenhrvatska.net^$document ||hellyhansenhungary.com^$document ||hellyhansenireland.com^$document ||hellyhansenjapan.com^$document ||hellyhansenkuwait.com^$document ||hellyhansenlatvija.com^$document ||hellyhansenmexico.com^$document ||hellyhansennederland.com^$document ||hellyhansennorge.net^$document ||hellyhansenparis.net^$document ||hellyhansenromania.net^$document ||hellyhansenschweiz.com^$document ||hellyhansenuk.com^$document ||hellyhansenuruguay.com^$document ||hellyhansenwarszawa.pl^$document ||hokaoutletparis.com^$document ||hokarunnershungary.com^$document ||hoka-soldes.fr^$document ||hokastoreportugal.com^$document ||hummelchile.com^$document ||hunterbootscanada.com^$document ||hunterbootsdublin.com^$document ||hunterbootsjapan.com^$document ||hunterbootsnz.com^$document ||hunterbootsschweiz.net^$document ||hunterfinland.com^$document ||huntergumbootsaustralia.com^$document ||hunterregenlaarzen.com^$document ||inov8boty.cz^$document ||johannisstein.eu^$document ||jomajp.com^$document ||joyaperuventa.com^$document ||joyaromania.com^$document ||joyaschoenen.com^$document ||joyaschuhedeutschland.com^$document ||joyashoeskuwait.com^$document ||joyaskonorge.com^$document ||joyaskorstockholm.com^$document ||kaloszehunter.com^$document ||karenmillenslovensko.sk^$document ||karhuskor.com^$document ||karhusneakersnorge.net^$document ||kedscanada.net^$document ||kedspt.com^$document ||kenzoindonesia.com^$document ||kiplingfrance.com^$document ||lasportivabootsnz.com^$document ||lasportivaclimbingshoescanada.com^$document ||lasportivaklatresko.com^$document ||lasportivamontreal.com^$document ||lasportivawanderschuhe.de^$document ||lecoqsportifparis.fr^$document ||liujoukshop.com^$document ||loakedanmarkshop.com^$document ||longchampbucharest.com^$document ||lottoargentina.net^$document ||lottoaustralia.org^$document ||lottobelgium.net^$document ||lottobulgaria.org^$document ||lottocolombia.net^$document ||lottodanmark.net^$document ||lottofrankfurt.de^$document ||lottoireland.net^$document ||lottokuwait.org^$document ||lottolithuania.org^$document ||lottomexico.org^$document ||lottonorway.net^$document ||lottoportugal.net^$document ||lottoschweiz.com^$document ||lottoserbia.org^$document ||lottoslovakia.sk^$document ||lottosouthafrica.net^$document ||lottosuomi.net^$document ||lottoturkey.org^$document ||lottouruguay.net^$document ||louboutin-polska.com^$document ||lowaapavi.com^$document ||lowabootsaustralia.net^$document ||lowabootsmexico.com^$document ||lowaisrael.net^$document ||lululemonportugal.net^$document ||lululemonsale.de^$document ||mackagedenmark.com^$document ||mackagefemmeparis.com^$document ||mackageireland.com^$document ||mackagejacketcanada.com^$document ||mackageschweiz.com^$document ||magasinhokabelgique.com^$document ||merrellbarbati.com^$document ||merrellsandaalit.com^$document ||merrellsklepy.pl^$document ||michaelkorsargentina.net^$document ||michaelkorsberlin.de^$document ||michaelkorsgreece.net^$document ||michaelkorslatvia.com^$document ||michaelkorssuisse.net^$document ||michaelkorsuruguay.net^$document ||michaelkorswarszawa.pl^$document ||mizunoonsaleuk.com^$document ||mizunosaleportugal.com^$document ||mlbhungary.com^$document ||muckbootsnl.com^$document ||muckbootsosterreich.at^$document ||muckbootsoutletstore.de^$document ||nadejbaletu.sk^$document ||nauticaromania.com^$document ||nauticaukwebsite.com^$document ||nobullbelgie.net^$document ||nobullcanadasale.com^$document ||nobullcrossfitoutlet.net^$document ||nobulldeutschland.de^$document ||nobullgreece.net^$document ||nobullprojectireland.net^$document ||nobullprojectmexico.com^$document ||nobullsrbija.com^$document ||norronabunda.sk^$document ||ohpollyportugal.com^$document ||olukai-france.fr^$document ||osirisfootwearmexico.com^$document ||osirisuk.com^$document ||palladiumfi.me^$document ||panamajack-france.fr^$document ||panamajackonline.sk^$document ||panamajackschweiz.net^$document ||pandorajapan.net^$document ||pandorakorut.com^$document ||pandoraportugal.com^$document ||pandoraringsuk.com^$document ||patagoniapolskasklep.pl^$document ||pitviperbril.com^$document ||pitviperbriller.com^$document ||pitvipergafas.com^$document ||pitviperjapan.com^$document ||pitviperoculos.com^$document ||pitvipersunglassesnz.com^$document ||pleaserchaussure.com^$document ||pleaserchaussures.com^$document ||pleaserheelscanada.com^$document ||procuradoresnavas.com^$document ||quaygreece.net^$document ||quayocchiali.it^$document ||quayonline.net^$document ||quayoutlet.com^$document ||quayparis.com^$document ||quaysouthafrica.net^$document ||quaysstore.com^$document ||quaysuomeksi.com^$document ||rabdanmark.net^$document ||rabhungary.com^$document ||rabonline.net^$document ||rabparis.fr^$document ||rabromania.net^$document ||rabsrbija.net^$document ||raybanslovensko.sk^$document ||redwingoslo.com^$document ||reebokaustralia.com^$document ||rockportbootsireland.com^$document ||rockportjapan.com^$document ||rockportmontreal.com^$document ||rockportnz.com^$document ||rockportontario.com^$document ||rockportoutletortugal.com^$document ||rockportschoenen.com^$document ||rockportshoesmexico.com^$document ||rockporttr.com^$document ||rockportzapatos.com^$document ||russellandbromleynorge.net^$document ||russellnbromleycanada.com^$document ||rvcajapan.net^$document ||ryderwearjapan.com^$document ||ryderwearjapann.com^$document ||safenordicsolutions.com^$document ||saintjamesireland.com^$document ||salmingchile.com^$document ||salmingcolombia.com^$document ||salmingslovenija.com^$document ||salomonenucuz.com^$document ||salomonfinlandoutlet.com^$document ||salomongermany.de^$document ||salomonpraha.com^$document ||salomonshoesbulgaria.com^$document ||salomonstoreuae.com^$document ||sanukdublin.com^$document ||sanukflipflops.de^$document ||sanuknz.com^$document ||sanuksalecanada.com^$document ||sanukschoenen.com^$document ||scarpejoya.com^$document ||scarpelowa.it^$document ||sebagoantwerpen.com^$document ||sebagobruxelles.com^$document ||sebagodeckshoesireland.com^$document ||sebagojapan.net^$document ||sebagosaat.com^$document ||sebagoschoenen.com^$document ||sebagoshoesgreece.com^$document ||sebagozapatos.com^$document ||solovairargentina.com^$document ||solovairbelgique.com^$document ||solovairbelgium.net^$document ||solovairbrasil.com^$document ||solovaircanada.net^$document ||solovairchile.net^$document ||solovairgreece.net^$document ||solovairhrvatska.net^$document ||solovairschweiz.net^$document ||solovairshop.com^$document ||solovairslovenija.net^$document ||solovairsuomi.net^$document ||sorelschoenen.com^$document ||sorelschweiz.com^$document ||stevamaddenpl.com^$document ||stoneislandjapan.com^$document ||stoneislandlietuva.com^$document ||stoneislandsuisse.com^$document ||stoneislandsuomi.org^$document ||stussygreece.com^$document ||stussy-italia.com^$document ||suprainsuomi.com^$document ||suprashoescanada.com^$document ||tedbakereesti.com^$document ||tedbakerireland.net^$document ||tenisiconverseromania.ro^$document ||teniskyunderarmour.sk^$document ||teva-cz.com^$document ||tevaforhandler.com^$document ||teva-polska.com^$document ||thursdaycanada.com^$document ||tiendasairjordanmexico.com^$document ||tiffanyturkiye.com.tr^$document ||timberlandmontreal.net^$document ||tomfordsuomi.com^$document ||tommyhilfigerbunda.sk^$document ||tommyhilfigerdublin.com^$document ||tommyhilfigerjakke.com^$document ||tommyhilfigerjakne.com^$document ||tommyhilfigeronlinecanada.com^$document ||tommyhilfigeroutletargentina.com^$document ||tommyhilfigeroutletnz.com^$document ||tommyhilfigeroutletportugal.com^$document ||tommyhilfigerpatike.com^$document ||tommyhilfigerquebec.net^$document ||tommyhilfigersko.com^$document ||tomsjapan.net^$document ||tomsjapanoutlet.com^$document ||underarmourchaussures.net^$document ||underarmourjas.com^$document ||underarmouroslo.com^$document ||underarmourschuhe.at^$document ||underarmourskroutz.com^$document ||underarmourtrainersuk.com^$document ||undervon.com^$document ||vansdames.com^$document ||vansforsaleuk.net^$document ||vansindonesiastore.com^$document ||vansschoenenbelgie.com^$document ||vansshoesksa.com^$document ||vanssko.com^$document ||vanstenisice.com^$document ||veja.com.gr^$document ||vejaathensgreece.net^$document ||vejabelgium.com^$document ||vejabrasil.net^$document ||vejanorge.com^$document ||vejaoutlet.net^$document ||vejashoes.cz^$document ||vejashoesuk.com^$document ||vejaslovenia.com^$document ||vejazapatoscolombia.net^$document ||vessibelgium.com^$document ||vessijapan.net^$document ||vessischoenen.com^$document ||vibram-es.com^$document ||viking-cnc.com^$document ||viking-solutions.com^$document ||vionicmexico.com^$document ||vivaiabuty.pl^$document ||vivobarefootbrasil.net^$document ||vivobarefootslovenia.com^$document ||xerobarefoot.sk^$document ||xerofootwearuk.com^$document ||xeroshoesaustralia.com^$document ||xeroshoesnz.com^$document ||xn--aloyogamnchen-3ob.de^$document ||xn--asolokengt-y5a.com^$document ||xn--axelarigatokbenhavn-67b.com^$document ||xn--bapeespaa-s6a.com^$document ||xn--billabongtrkiye-8vb.com^$document ||xn--carharttespaa-tkb.com^$document ||xn--clarksespaa-beb.com^$document ||xn--clarkszrich-zhb.com^$document ||xn--dopeespaa-s6a.com^$document ||xn--dopetrkiye-eeb.com^$document ||xn--hellyhansenbelgi-prb.com^$document ||xn--hellyhansenespaa-lub.com^$document ||xn--hellyhansenper-yrb.com^$document ||xn--hellyhansentrkiye-e3b.com^$document ||xn--huntergummistvler-d1b.com^$document ||xn--hunterstvler-2jb.com^$document ||xn--joyaespaa-s6a.com^$document ||xn--norronatrkiye-3ob.com^$document ||xn--solovairmxico-jhb.com^$document ||xn--vejazrich-u9a.com^$document ||yeezybelgique.com^$document ||yeezyireland.com^$document ||yeezyisrael.com^$document ||yeezyuksale.com^$document ||yeti-southafrica.co.za^$document ||youngla-danmark.com^$document ||zapatillasunderarmourchile.com^$document ||zavettiireland.com^$document ! https://github.com/hagezi/dns-blocklists/issues/2081 ||do0cd.com^$all ||doosd.pro^$all ||d0ood.com^$all ! https://github.com/hagezi/dns-blocklists/issues/2178 ||guidesite.info^$all ! https://github.com/hagezi/dns-blocklists/pull/2182 ||cashjuice.com^$document ||esigningapp.com^$document ||fastloanassist.com^$document ||myrequestresults.com^$document ||myresources-join.resourcesify.com^$document ||taxreturnoptions.com^$document ||247lendinggroup.com^$document ||theconsumerhq.com^$document ||banktoday.de^$document ||secureexpressrequest.com^$document ||cashusa.com^$document ||choicecreditrepair.life^$document ||swagbucks.com^$document ||grantsreach.com^$document ! https://github.com/hagezi/dns-blocklists/issues/2228 ||z-lib.id^$document ! https://www.reddit.com/r/Scams/comments/1bfbq5e/emf_neutralizer_is_this_actually_a_thing/ ! https://youtube.com/watch?v=EgvdvfOvdJs ! https://youtube.com/watch?v=VmFzPALkFyo ! https://www.bbc.com/news/technology-55613452 ! https://www.usatoday.com/story/news/factcheck/2020/07/12/fact-check-anti-radiation-shields-do-not-protect-against-emf-emission/5349018002/ ||energydots.com^$document ! https://github.com/durablenapkin/scamblocklist/issues/80 ||produktretter.com^$document ||gratis-eltern-produkttests.com^$document ||produkttest-anmeldung.com^$document ||produkttester-werden.org^$document ||ruecksendungen-gratis.com^$document ! https://github.com/RPiList/specials/issues/1515 ! https://tria.ge/240320-23k12aef2v/behavioral1 ||iioddoy.shop^$all ||shop.iioddoy.shop^$all ||baodan.xyz^$document ||img.baodan.xyz^$image ! https://tria.ge/240320-3qqanaec82/behavioral1 ||ixlcrg.shop^$all ||shop.ixlcrg.shop^$all ||img.gagabao216.com^$image ! https://tria.ge/240321-aqql7sfb49/behavioral1 ||ffuoouw.shop^$all ||shop.ffuoouw.shop^$all ! https://tria.ge/240321-a55dxagg71/behavioral1 ||nnsnnqn.shop^$all ||shop.nnsnnqn.shop^$all ! https://tria.ge/240321-babc1sgh7v/behavioral1 ||rrmuumm.shop^$all ||shop.rrmuumm.shop^$all ! https://github.com/jarelllama/Scam-Blocklist/issues/265 ||luizeva.com^$document ||prostargift.com^$document ||quirkleaf.com^$document ! https://github.com/jarelllama/Scam-Blocklist/issues/264 ||hft-fyfc.com^$document ||sanexer.com^$document ! https://infosec.exchange/@iampytest1/112203822803380750 ||vipbargainhub.com^$all ! https://github.com/jarelllama/Scam-Blocklist/issues/277 ! https://dfpi.ca.gov/2024/03/25/fraudulent-bank-website-scam/ ! my analysis: https://tria.ge/240404-xlg6laga74/behavioral1 ! https://infosec.exchange/@iampytest1/112214528899229692 ||americasfirstnationalbank.com^$all ||beachcitiescommercialbank.com.americasfirstnationalbank.com^$all ||www.beachcitiescommercialbank.com.americasfirstnationalbank.com^$all ! https://tria.ge/240408-bf8kpscb83/behavioral1 ||spacex-invest.org^$all ! https://github.com/jarelllama/Scam-Blocklist/issues/289 ||xcorepips.com^$document ! https://tria.ge/240410-31s5ashh6w/behavioral1 ||x2-invest.com^$all ! https://tria.ge/240411-xhwjtahh93/behavioral1 ||gettechreward.com^$all ! https://tria.ge/240411-1jkqgsdh25/behavioral1 ||gamersahead.com^$all ! https://tria.ge/240412-3nkbmagd63/behavioral1 ||hngfck.com^$document ! https://tria.ge/240413-apvvjagg78/behavioral1 ||mailtknnews.com^$document ||t.mailtknnews.com^$all ||russiagirlsonline.com^$document ||www.russiagirlsonline.com^$document ||charmdate.com^$all ||www.charmdate.com^$all ! owned by the same company, see also https://infosec.exchange/@iampytest1/113074397683569302 ||latamdate.com^$document ||asiame.com^$document ||chnlove.com^$document ||idateasia.com^$document ||charmlive.com^$document ! https://github.com/hagezi/dns-blocklists/issues/2512 ||singingfiles.com^$document ! https://github.com/hagezi/dns-blocklists/issues/2607 ||93mobiles.com^$all ! spam email ||185.106.94.223^$document ! https://tria.ge/240511-qjc1jacc79/behavioral1 ||serenespring.info^$all ||onlyfwb.com^$document ||email.mg.onlyfwb.com^$document ! https://www.bleepingcomputer.com/news/security/microsoft-indias-x-account-hijacked-in-roaring-kitty-crypto-scam-to-push-wallet-drainers/ ||presaIe-roaringkitty.com^$all ! https://github.com/hagezi/dns-blocklists/issues/2889 ||sweet-bonanza-demo.gr^$document ||hfr67jhqrw8.com^$document ||tbao684tryo.com^$document ||5wzgtq8dpk.com^$document ||65spy7rgcu.com^$document ! https://github.com/yokoffing/filterlists/issues/147 ||service-rundfunkbeitrag.de^$document ! spam email -> https://tria.ge/240621-y6rffa1cqe/behavioral1 ||dateflng.com^$all ||bgigdga.dateflng.com^$all ! https://infosec.exchange/@iampytest1/112973906679266779 ||shag2night.com^$document ! spam email -> https://tria.ge/240621-1m4yjawemm/behavioral1 ||findrussiabrides.com^$document ||www.findrussiabrides.com^$document ! spam email -> https://tria.ge/240622-stxtssserh/behavioral1 ||emb-race.info^$all ||clublov.com^$document ! https://tria.ge/240622-wypwjaybpc/behavioral1 ||datingdealshub.com^$all ||www.datingdealshub.com^$all ||mydirtyneighbour.com^$document ||www.mydirtyneighbour.com^$document ! scam email ||bestflirt.fun^$all ! https://github.com/hagezi/dns-blocklists/issues/2999 ||elonweb.org^$all ! https://github.com/hagezi/dns-blocklists/issues/3005 ||dInp2rm.suitablepartner.life^$document ||p𝓸𝘳𝘯𝚔𝘢f.net^$document ||netfucks1.com^$document ||yoursecrethookup.com^$document ||brttre.com^$document ||𝚋yest𝚊r.com^$document ||olosex.pics^$document ! https://tria.ge/240702-1356jascqh/behavioral1 ||adult-gfriend.click^$all ||yourlocaldate.com^$document ! https://github.com/hagezi/dns-blocklists/issues/3068 ||getwavemax.com^$document ! https://github.com/hagezi/dns-blocklists/pull/3083 ||usonkd.com^$document ! https://github.com/hagezi/dns-blocklists/issues/3174 ||sakuradate.com^$document ||amorpulse.com^$document ||datempire.com^$document ! https://tria.ge/240729-3cx4cazgpf/behavioral1 ||breasts-rule.info^$all ||hotmatchlyi.com^$document ||yourexclusiveoffers.com^$document ||clubforsingles.com^$document /ow_static/themes/flirt_clubforsingles/images$third-party ||cupidaffairs.com^$document ||www.cupidaffairs.com^$document ||sttc.cupidaffairs.com^$image ! https://github.com/hagezi/dns-blocklists/issues/3312 ! not my analysis: https://any.run/report/c89740ba0467ed00c1ce3346f1455ed28c02b3b9cd11f7b338822b9f7e0e2a53/ad056e7a-e353-464f-a1ad-1fb2ca7d2ffb ! my analysis: https://tria.ge/240731-137pcs1bqf/behavioral1 ||threejplating.com^$document ||www.threejplating.com^$document ! https://tria.ge/240807-1z6mwsycpc/behavioral1 ||alfagear.info^$all ||nightfordates.com^$all ||luckyfling.com^$all ||flirtingplaza.com^$all ! handles payments ||knupx.com^$all ||echty.com^$all ! https://tria.ge/240811-xsj9jatbrm ||jungefrau.eu^$all ! https://tria.ge/240811-x13qvatepm/behavioral1 ||mynemesis.live^$all ! https://github.com/hagezi/dns-blocklists/issues/3458https://github.com/hagezi/dns-blocklists/issues/3458 ||exclusivebuyz4uu.shop^$document ! https://github.com/hagezi/dns-blocklists/issues/3473 ||reviewgiftfb.com^$document ||ddcad3.reviewgiftfb.com^$all ! https://tria.ge/240824-plfnrs1gqp/behavioral1 ||dollscumnow.eu^$all ! https://tria.ge/240824-pmgx8azdkd/behavioral1 ||englishlang.life^$all ! https://tria.ge/240824-pm3jxszdnd/behavioral1 ||wistfulether.info^$all ||invitingmilfsn2.com^$all ! https://tria.ge/240824-ppg11azelg/behavioral1 ||dark-silence.info^$all ! https://tria.ge/240824-qh9ywatdlq/behavioral1 ||devoutdiscip.info^$all ! https://tria.ge/240824-qj7j5s1hqh/behavioral1 ||unsealedbag.info^$all ! https://tria.ge/240824-qkt1fasaka/behavioral1 ||eerieabyss.info^$all ||lewdcracker93m.com^$all ! https://tria.ge/240824-qv7dhsthrm/behavioral1 ||ar-dent.info^$all ! https://tria.ge/240824-qxmrwsseqb/behavioral1 ||flirttuorist.info^$all ! https://tria.ge/240824-v65raa1frh/behavioral1 ||niightfall.info^$all ! https://tria.ge/240824-wfvn3atfpl/behavioral1 ||change-harlot.life^$all ! https://tria.ge/240824-wh97jathjm/behavioral1 ||virtucams.life^$all ! inspired by https://github.com/ThioJoe/YT-Spammer-Purge/issues/1138 ! https://github.com/hagezi/dns-blocklists/issues/3565 ||snapbabes9.com^$all ||singleflirt.com^$all ||unlimdate.com^$all ||charmfling.com^$all ||exosrw.com^$all ||bestdates.com^$all ! https://tria.ge/240829-zacg3s1gpm/behavioral1 ! https://tria.ge/240829-1d2f2sseme/behavioral1 ||qpow89xji.com^$all ||www.qpow89xji.com^$all ||datingunlimitedtoday.com^$all ||www.datingunlimitedtoday.com^$all ! https://github.com/hagezi/dns-blocklists/issues/3608 ||awesomedealsfinder.com^$document ||www.awesomedealsfinder.com^$document ||rtrcr52.com^$document ||fromstartertofinisher.com^$document ||www.fromstartertofinisher.com^$document ||firmsecurejump.com^$document ||42h.firmsecurejump.com^$document ! https://tria.ge/240903-nrb24awhrb/behavioral1 ||wooqi.win^$all ||tds.wooqi.win^$all ||milfsaround.com^$all ||join.milfsaround.com^$all ||cdn.milfsaround.com^$all ||salbories-symphemes.com^$all ||chemiclk.com^$document ||chaludistrecret.com^$document ||chatnotifier.com^$all ||16hl07csd16.nl^$all ||discreethookups.co.uk^$document ||22mlf09mds22.com^$all ! https://tria.ge/240907-sbn4ya1fke/behavioral1 ||n5n.relationsbuddy.com^$all ||montlusa.top^$all ||ortb.montlusa.top^$all ||track-victoriadates.com^$all ||zephyrlabsora.com^$all ||datehaven.world^$all ! several identical spam emails sent to a honeypot ! https://tria.ge/240908-rs4qaa1bqp/behavioral1 ||aeriview.life^$all ! https://tria.ge/240908-r3nf2stfph/behavioral1 ||oncemanboy.live^$all ! no sandbox ||batrevrig.info^$all ||vowpairmax.live^$all ||impfehut.live^$all ! https://tria.ge/240908-r6svyathjh/behavioral1 ||hfa.hookupsconnect.com^$all ||info-extremechat.com^$all ||promo.info-extremechat.com^$all ||promo3.info-extremechat.com^$all ! https://tria.ge/240908-s5knlstgjp/behavioral1 ||uhe.fitflirts.com^$all ||testars-consin.icu^$document ||flirten.com^$document ! https://tria.ge/240908-s8jwgswhme/behavioral1 ||pt0.flirtyconnection.com^$all ! https://tria.ge/240908-tb2wgavbmp/behavioral1 ||tiamo.life^$all ! twitter/x spam ||jennajoslyn.ru.com^$document ! https://www.bleepingcomputer.com/news/security/sextortion-scam-now-use-your-cheating-spouses-name-as-a-lure/ ||3bigs.com^$all ||savkar.ai^$all ! https://tria.ge/240912-bqh3sstele/behavioral1 ||dgm.cloudflirts.com^$document ||findneighboursonline.com^$all ||uk.findneighboursonline.com^$all ||onlyshagplace.com^$all ! typical push notification scam ("allow notifications to prove you are human") ||tempmail.com^$all ||clunen.com^$document ||deviceconnectnetwork.co.in^$all ||crjf500hubcc73cogkng.deviceconnectnetwork.co.in^$all ! https://github.com/hagezi/dns-blocklists/issues/3804 ||officialconbase.schtwalter.xyz^$all ||freebitcoin.pages.dev^$all ! https://tria.ge/240927-2emjysvgja/behavioral1 ||suc.directaffair.com^$document ! https://tria.ge/240927-2hvdzatanl/behavioral1 ||foxysociety.com^$document ||ogl.foxysociety.com^$document ||dirtyzone.com^$document ! once dairy shop (shutdown in 2022 due to staffing issues), now porn scam... their socials still point to this ||liegeanddairy.com^$all ||loveaholics.com^$all ! spam GitHub discussions thread -> https://tria.ge/241003-ntd98sxdkr/behavioral1 ||seriedfilm.com^$document ||regarder.seriedfilm.com^$document ||sundaydiscounts.lat^$document ||paperartcard.com^$document ! https://tria.ge/241003-n7c94axejr/behavioral1 ||goshopgadget.com^$document ! https://tria.ge/241003-2ns34avalb/behavioral1 ||lwyn.theconversionsguru.com^$document ||deals4you.click^$document ||toysfunzone.com^$document ! https://tria.ge/241004-ar4kfsvcmk/behavioral1 ||fabulousitem.com^$document ! https://tria.ge/241010-zfyx9s1dql/behavioral1 ||mzb.flylocals.com^$all ||ukflirtzone.com^$all ! owned by same company/other front companies (see also the entry for usabangpalace[.]com) ||onlineromanceusa.com^$all ||forumofsecrets.com^$all ||forumofdesires.com^$all ||lustycanadians.com^$all ||onlybangbook.com^$all ||textorsext.com^$all ||fuckbuds.com^$all ||maturedates.com^$all ||fmn.network^$all ||slagnextdoor.com^$all ||sextingbook.com^$all ||shagslags.com^$all ||streetslagsuk.com^$all ||unitedflirtingstates.com^$all ||localsextingsluts.com^$all ||bookofsext.com^$all ||aussiebangclub.com^$all ||flirtyslapper.com^$all ||swipesecrets.com^$all ||foxymatures.com^$all ||ozziebang.com^$all ||shagsexts.com^$all ||sluzzanextdoor.com^$all ||slagplace.com^$all ||chavsgowild.com^$all ||regionbang.com^$all ||fetishmodelnetwork.com^$all ||feetondemand.com^$all ||feetpov.com^$all ||footfetishcardates.com^$all ||goddessfootdomination.com^$all ||goddessfootworship.com^$all ||goddessfootjobs.com^$all ||jerktomyfeet.com^$all ||footfetishpetite.com^$all ||imenacarlisle.com^$all ||officialmiax.com^$all ||kylierosefetish.com^$all ||fetishcustoms.com^$all ||onlymatchcity.com^$all ||fabucams.com^$all ||shybuds.com^$all ! https://infosec.exchange/@iampytest1/113302551493884986 ! https://github.com/DandelionSprout/adfilt/discussions/932#discussioncomment-10930948 ||paradismatch.com^$all ! found by Imre ||bigonyou.com^$all ||chattrummet.com^$all ||datingcashexperts.com^$all ||dejtingpalatset.com^$all ||dejtingrummet.com^$all ||dinnyevenn.com^$all ||ensamkontakt.com^$all ||finnenelsker.com^$all ||flingtalk.com^$all ||flirtseason.com^$all ||hemlighetsportalen.com^$all ||katesingler.com^$all ||lekendating.com^$all ||leklust.com^$all ||meetupz.app^$all ||myfuckfriends.com^$all ||mynextcrush.com^$all ||noenlikerdeg.com^$all ||norskchathub.com^$all ||noticetick.com^$all ||romancestarter.com^$all ||seksuelllyst.com^$all ||singelflirten.com^$all ||singelkontakt.com^$all ||singelogklar.com^$all ||singelplatsen.com^$all ||talknotice.com^$all ||treffraskt.com^$all ||vennlighallo.com^$all ! owned by the same companies as above ||aussieflings.com^$all ||flingmatches.com^$all ||naughtyfriendships.com^$all ||flirtyfindings.com^$all ||mail.213-5-71-141.cprapid.com^$all ||getaffairs.com^$all ||mysexychats.com^$all ||fuckmatches.com^$all ! https://github.com/hagezi/dns-blocklists/issues/3944 ||info-animals.com^$all ! https://tria.ge/241011-rdzssawcqa/behavioral1 ||opdomaines.space^$all ||softicoapps.com^$document ||static.imghst-de.com/*.png^$image ! YouTube video titled "roblox mod menu - download app roblox mod menu in 2024 mediafire link - roblox mod apk" -> https://tria.ge/241018-nrgycaxdql/behavioral1 ||bbobb.net^$all ||download.bbobb.net^$all ||flamefolder.com^$document ||earnyourswag.com^$document ||uk.earnyourswag.com^$document ||j.promotionsonlineusa.com^$all ! https://github.com/hagezi/dns-blocklists/issues/4035 ||containably.com^$document ! other similar sites ||lefttic.com^$document ||oramarian.com^$document ||equiward.com^$document ||termarian.com^$document ||quirize.com^$document ||diuntilard.com^$document ||exouous.com^$document ||arculike.com^$document ! CDN for these scam sites? ||static.bbcrossworld.com^$all ! https://github.com/hagezi/dns-blocklists/issues/4223 ! https://github.com/hagezi/dns-blocklists/issues/4802 ||atlaspvs.com^$document ||bisertravel.com.mk^$document ||blsindiavisa.kr^$document ||cibtvisas.com^$document ||covex.it^$document ||e-indianvisa.com^$document ||etaindiaonline.com^$document ||etaindia.org^$document ||e-touristvisa.com^$document ||etv-in.com^$document ||evisa.express^$document ||e-visa.ie^$document ||e-visaindia.com^$document ||evisaindia.com^$document ||evisa-indian.com^$document ||e-visaindiaonline.com^$document ||evisa-india-online.com^$document ||evisaindiaonline.org^$document ||evisaindia.org^$document ||evisatoindia.org^$document ||e-visums.nl^$document ||globalvisacorp.com^$document ||goindiavisa.com^$document ||indiaeta.com^$document ||india.evisa-agency.com^$document ||india-e-visa.com^$document ||indiae-visa.com^$document ||indiaevisaservice.com^$document ||indiaevisas.org^$document ||indiaimmigration.org^$document ||indianetouristvisacoin.wordpress.com^$document ||indian-e-visa.com^$document ||indian-evisa.com^$document ||indianevisaonline.com^$document ||indianimmigration.org^$document ||indianonlinevisas.org^$document ||indiantravelvisa.com^$document ||indianvisagov.com^$document ||indian-visa.in^$document ||indianvisa.online^$document ||indianvisaonlinegov.com^$document ||indian-visaonline.org^$document ||indianvisa-online.org^$document ||indianvisaonline.org^$document ||indianvisaservice.org.in^$document ||indiaonlinevisa.org^$document ||india.travisa.com^$document ||indiavisa.com^$document ||indiavisa.com.sg^$document ||indiavisa.co.uk^$document ||indiavisainfo.com^$document ||indiavisa.my^$document ||india-visa-online.com^$document ||india-visa-online.org^$document ||india-visaonline.org^$document ||indiavisa-online.org^$document ||indiavisaonline.org^$document ||indiavisa.org^$document ||india-visas.org^$document ||itseasy.com^$document ||ivisa.com^$document ||i-visaindia.com^$document ||jsdimmigration.com^$document ||jsdimmigrations.com^$document ||natvisa.com^$document ||online-eta.com^$document ||smvisa.co.il^$document ||touristvisaonline.com^$document ||traveldocs.com^$document ||travelexpress.us.com^$document ||travelvisabookings.com^$document ||travisa.com^$document ||visacentral.com^$document ||visadone.com^$document ||visafirst.com^$document ||visagov.com^$document ||visasimple.com^$document ||visa-to-india.com^$document ||visatoindia.org^$document ||visumbuitenland.nl^$document ! https://www.trustpilot.com/review/paidwings.ag ! https://www.justanswer.co.uk/ireland-law/f3uhk-signed-dating-site-company-named-paidwings.html ||UK-Mums.com^$all ! promoted by a fake version of the McAfee account - officialmcarfee ||t.me/AIntivirusHQ/MCAFEE^$all ! https://tria.ge/250215-qd3n1a1pgk/behavioral1 ||8pm.simplymatches.com^$all ||info-mymilfs.com^$all ||promo.info-mymilfs.com^$all ||ad-extremesite.com^$all ||www.ad-extremesite.com^$all ! owned by the same company ||bbwdates24.com^$all ! https://github.com/hagezi/dns-blocklists/issues/5534 ||certified-sale.com^$document ! https://tria.ge/250327-rtesjstsbt/behavioral1 ||secretmatureaffair.com^$all ||flirtymoms.com^$all ||naughtymatureflirts.com^$all ! from Yuki ! my analysis: https://tria.ge/250413-m75tnsvtax/behavioral1 ||qgxeqm.unfamiillardates.net^$all ||fuckfinder.com^$document ||www.fuckfinder.com^$document ! same owner ||fun-casualdate.com^$document ! https://tria.ge/250602-zzvpysdr8w/behavioral1 ||bociti.click^$all ||flytomoon.online^$document ||ep2z.flytomoon.online^$document ||casualhookup.com^$document ||www.casualhookup.com^$document ! https://github.com/hagezi/dns-blocklists/issues/6447 ||spinfortune.vip^$document ! a family member was scammed by this company ! https://www.reddit.com/r/Flights/comments/1dcpbrl/discount_flight_website_scam_wwwfarehutzus/ ! https://www.bbb.org/scamtracker/lookupscam?q=all%3Dfarehutz%26from%3D0 ! https://scammer.info/t/farehutz-indian-travel-scammers-who-self-reported-to-scammer-info/170142 ! https://www.scampulse.com/farehutz-reviews ! https://uk.trustpilot.com/review/farehutz.co.uk ! https://www.trustpilot.com/review/farehutz.us?stars=1 ! https://www.trustpilot.com/review/farehutz.ca ||farehutz.us^$document ||farehutz.ca^$document ||farehutz.co.uk^$document ! also owned by the same company ! https://www.reddit.com/r/travel/comments/zygas2/any_experience_with_holidaydealzcom/ ! https://www.reddit.com/r/travel/comments/1nvmh0i/is_holidaybreakz_a_scam/ ! https://www.tiktok.com/@arsalonalderwood/video/7395080532641500458 ! https://www.tripadvisor.com/ShowTopic-g1-i12334-k15116031-o20-Possible_Holiday_Scam-Holiday_Travel.html ! spam: https://web.archive.org/web/20231203215247/https://pcnflightwest.blogspot.com/2018/05/nwa-capt-larry-wade-morrison.html?showComment=1603277821646#c33024045163227171 ! +1-844-414-9223 is the number of air1network.us and flyostudio.com ! it is spammed all over the internet (i.e. https://www.scribd.com/document/665286995/1-844-414-9223-How-to-Book-a-Wheelchair-for-International-Flights-in-Turkish-Airlines), with titles like "How to request assistance on Turkish Airlines?" and "How Do I Select My Seat On British Airways?" - I found this complaint against this number (https://www.bbb.org/scamtracker/lookupscam/1075963) ! mastodon posts ! https://infosec.exchange/@iampytest1/115663214485049568 ! https://infosec.exchange/@iampytest1/115673008851143479 ! https://infosec.exchange/@iampytest1/115675508755253109 ! https://infosec.exchange/@iampytest1/115679298019525586 ! https://infosec.exchange/@iampytest1/115699009370293618 ! https://infosec.exchange/@iampytest1/115699148601687231 ! https://infosec.exchange/@iampytest1/115710085606959759 ! https://infosec.exchange/@iampytest1/115710267139467948 ! https://infosec.exchange/@iampytest1/115710280785788137 ! https://infosec.exchange/@iampytest1/115775768872576946 ! https://infosec.exchange/@iampytest1/115786882391564093 ! https://infosec.exchange/@iampytest1/115786965604713239 ! https://infosec.exchange/@iampytest1/115792755948568855 ! https://infosec.exchange/@iampytest1/115806276757602191 ! bluesky: https://bsky.app/profile/iam-py-test.bsky.social/post/3m7d3yste7222 ||skytravelfly.com^$document ||travodeals.us^$document ||travodeals.co.uk^$document ||travodeals.ca^$document ||holidayglobes.com^$document ||holidaybreakz.com^$document ||holidaybreakz.co.in^$document ||holidaybreakz.co.uk^$document ||holidaybreakz.ca^$document ||winktraveldeals.com^$document ||rawfares.com^$document ||fareslist.com^$document ||unocruise.com^$document ||air1network.us^$document ||flyostudio.com^$document ||airlinesupports.us^$document ||airlinesupports.co.uk^$document ||aircancellation.com^$document ||friendztravel.com^$document ||friendztravel.com.mx^$document ||friendztravel.ca^$document ||friendztravel.co.uk^$document ||skyfarefinder.co.uk^$document ||skyfarefinder.com^$document ||fareleaders.com^$document ||fareleaders.co.uk^$document ||farebuddies.com^$document ||fareoking.com^$document ! spam profiles ||hub.docker.com/u/winktraveldeals$document ||aircancellation.website3.me^$document ||americanairlinescustomerservic.godaddysites.com^$document ||americanairlinescustomerservic.$document ! see wiki\usa514k 1.png and wiki\usa514k 2.png in the repo for screenshots ! formally linked to archive[.]is but links removed due to the presence of malicious code on archive[.]is ! https://infosec.exchange/@iampytest1/115702574009471266 ||cikadron.co.in^$all ||virusscanner.cc^$all ! spam email ! http://vp.nastydollz[.]wiki/?id=91b56efb-b877-4c25-aec4-0441e1a2154c&u=155&t=YmVuY2FydDkwMDFAcHJvdG9uLm1l ! https://hybrid-analysis.com/sample/3c60143510cb918ba7a45995c6b9d21ee7d5b45d0c79b3333413297ff246da2f ! ends in charmdate[.]com ||nastydollz.wiki^$all ||vp.nastydollz.wiki^$all ||singlesrussian.com^$document ||www.singlesrussian.com^$document ! spam email ! https://beno.poundrynloweq[.]com/ ||poundrynloweq.com^$all ||beno.poundrynloweq.com^$all ! owned by Qpid Network ||ukrainianbride.net^$document ||www.ukrainianbride.net^$document ! the root domain of the inital spam domain goes to ukrainelady.net ||ukrainelady.net^$all ! https://tria.ge/260112-ew441adv3c/behavioral1 ||heart-rematcher.life^$all ||fraudate.com^$document ||cbfahah.fraudate.com^$all ||grannyloves.com^$all ||l.grannyloves.com^$all ! https://github.com/hagezi/dns-blocklists/issues/8979 ||websiteinf05.com^$document ||superoptz.com^$document ||mainredirect.top^$document ! https://github.com/hagezi/dns-blocklists/issues/9005 ! evasive: https://tria.ge/260202-2z8mxsfw7f/behavioral1 ||elta.564306.com^$document ! https://www.reddit.com/r/antivirus/comments/1qvzjrq/i_need_help_in_removing_a_trojan_virus_from_my/ ! https://github.com/hagezi/dns-blocklists/issues/9054 ! it's an ad for a PUP (don't install Combo Cleaner, it odviously can't remove this), but it documents this domain: https://www[.]youtube[.]com/watch?v=Ljs2b6isD5Y ||texonnero.co.in^$all ||d61mf78hubcc739qivmg.texonnero.co.in^$all ! Mastodon spam ! https://tria.ge/260206-ybjr4sa19a/behavioral1 ||satisfy-yourself.com^$all ||m.satisfy-yourself.com^$all ||mq.satisfy-yourself.com^$all ||static.satisfy-yourself.com^$all ||holouvery-vality.com^$all ||wishtoserve.com^$document ||date-corner.com^$all ||wcp8i2vke3a4lj4g3v90bm6m.date-corner.com^$all ||romanticboo.com^$document ||positive-daters.com^$all ||wume2vk7f2313j4g3srbdr3u.positive-daters.com^$all ||flingaroundme.com^$all ||w7cipjlb00bcoj4g3b90tft6.flingaroundme.com^$all ! https://hucksters.net/person/gyorgy-gattyan/ ! https://hucksters.net/forum/topic/gyorgy-gattyan-tries-to-takedown-hucksters-net-page/ ! listed in EasyList ||overdates.com^ ! https://github.com/hagezi/dns-blocklists/issues/9141 ||ricardo.zahlung-date.cfd^$document ||zahlung-date.cfd^$document ! https://infosec.exchange/@iampytest1/116111883171991337 ||learnquestverification.blogspot.com^$all ||answhmflj.blogspot.com^$all ||kettledroopingcontinuation.com^ ||humanverify.co.in^$all ||d6d62g8hubcc73c9popg.humanverify.co.in^$all ||answwgieq.blogspot.com^$all ! ---- PUPs ---- ! https://virustotal.com/gui/url/c7e3137c4baaad64dcbbafd1938f581f264944fa1e2c1aa1ebcff77ed2959082/links ! https://safeweb.norton.com/report/show?url=https://www.totalav.com/ultra-deal?exit ! https://virustotal.com/gui/url/a15311f27a16908dfa87b8ce6cf0302d8c8260f32ce7171845fc73bd4d9769d2/detection ! https://virustotal.com/gui/url/dbc664226fd57c865f66bbaeae0d7270904c4ad735d0eb0ead4511e817392943/detection ! https://virustotal.com/gui/domain/www.totalav.com/detection ! https://quttera.com/detailed_report/totalav.com ! https://virustotal.com/gui/domain/totalav.com/community ! https://github.com/VernonStow/Filterlist/issues/3 ! https://discussions.apple.com/thread/8226797 ! https://malwaretips.com/threads/total-av-is-it-a-scam.80362/ ! https://github.com/uBlockOrigin/uAssets/issues/9355 ! https://github.com/notracking/hosts-blocklists/issues/756#issuecomment-1172973042 ! https://tria.ge/230720-3qya9sbh2t/behavioral2 ! https://app.any.run/tasks/cc0dd977-97e3-4b4a-833b-dfc4d5f0be55/ ! https://tria.ge/230724-z8hfzsha64/behavioral1 ! https://www.youtube.com/watch?v=PcS3EozgyhI ! *many* deceptive ads ||totalav.com^$all ||www.totalav.com^$all ! https://virustotal.com/gui/file/7a75c2c9695157772541cd426d057ff382d011a2791bcc3e511d94592ab0dbb7/relations ||api.totalav.com^$all ! Subdomains ||secure.totalav.com^$all ||url.totalav.com^$all ||support.totalav.com^$all ||blog.totalav.com^$all ||track.totalav.com^$all ||ajax.totalav.com^$all ||affiliate.totalav.com^$all ||livechat.totalav.com^$all ||advertisers.totalav.com^$all ||affiliates.totalav.com^$all ||my.totalav.com^$all ||assets.totalav.com^$all ||identity.totalav.com^$all ||login.totalav.com^$all ||download.totalav.com^$all ||static.totalav.com^$all ||adblock.totalav.com^$all ||sso.totalav.com^$all ||webshield.totalav.com^$all ||resources.totalav.com^$all ||signup.totalav.com^$all ||link.totalav.com^$all ||chat.totalav.com^$all ||click.totalav.com^$all ||stats.totalav.com^$all ||search.totalav.com^$all ||aff.totalav.com^$all ||news.totalav.com^$all ||blockpage.totalav.com^$all ||ext.totalav.com^$all ||smtpmail.totalav.com^$all ||articles.totalav.com^$all ||data.totalav.com^$all ||pda.totalav.com^$all ||firmy.totalav.com^$all ||portal.totalav.com^$all ||educa.totalav.com^$all ||cp.totalav.com^$all ||images.totalav.com^$all ||p.totalav.com^$all ||gallery.totalav.com^$all ||webshop.totalav.com^$all ||new.totalav.com^$all ||sklep.totalav.com^$all ||manitoba.totalav.com^$all ||wiki.totalav.com^$all ||pei.totalav.com^$all ||dl.totalav.com^$all ||bbs.totalav.com^$all ||schools.totalav.com^$all ||ts.totalav.com^$all ||hosting.totalav.com^$all ||test.totalav.com^$all ||live.totalav.com^$all ||eng.totalav.com^$all ||forums.totalav.com^$all ||lnx.totalav.com^$all ||lib.totalav.com^$all ||galeria.totalav.com^$all ||cloud.totalav.com^$all ||appauth.totalav.com^$all ||ww.totalav.com^$all ||email.totalav.com^$all ||u002fwww.totalav.com^$all ||shield.totalav.com^$all ||comassets.totalav.com^$all ||ru.totalav.com^$all ||l.totalav.com^$all ||lyncext.totalav.com^$all ||liaoning.totalav.com^$all ||www2.totalav.com^$all ||www1.totalav.com^$all ||imap2.totalav.com^$all ||internet.totalav.com^$all ||smtps.totalav.com^$all ||a.totalav.com^$all ||gin.totalav.com^$all ||supprt.totalav.com^$all ||mailout.totalav.com^$all ||imap1.totalav.com^$all ||mta1.totalav.com^$all ||eml.totalav.com^$all ||help.totalav.com^$all ||phishtest.totalav.com^$all ||math.totalav.com^$all ! other related ||totalwebshield.com^$all ||download.totalwebshield.com^$all ! This is owned by Protected[.]net, who also is responsible for the TotalAV scam. Can not get an exe as it requires me to pay first... ||scanguard.com^$all ||www.scanguard.com^$all ||my.scanguard.com^$all ||secure.scanguard.com^$all ||download.scanguard.com^$all ! An alias for TotalAV ! https://safeweb.norton.com/report/show?url=pcprotect.com ! https://virustotal.com/gui/url/523e692076d4eff5dba80a52bca9c01aa77b4e1dac6598aa78574cab1297497a/community ! https://www.mywot.com/scorecard/pcprotect.com ||pcprotect.com^$all ||www.pcprotect.com^$all ||secure.pcprotect.com^$all ! The company behind the TotalAV scam & pcprotect[.]com ! https://www.facebook.com/protectednet - they basically admitted to it. See https://www.facebook.com/protectednet/photos/a.685704165203904/1199676053806710/?type=3&theater ! Lesson to scammers: Don't post golf balls with the name of the scam product to facebook... ||protected.net^$document ||definition.protected.net^$all ||install.protected.net^$all ||ssprotectltd.com^$all ||www.ssprotectltd.com^$all ! scammers - now hiring ||protected-net.breezy.hr^$document ! A scam adblocker (use uBlock Origin, AdGuard, or even AdBlock Plus. They are all better then TotalAdBlock) ! VirusTotal scan of Android version: https://virustotal.com/gui/file/24ce64dfa6937c5ede674b2ba33d6818bfa9f8bb4d36ff8da9aff39e05b8e41c/detection ! https://apps.apple.com/app/totaladblock/id1564900435 (only two reviews?) ! https://tria.ge/231024-3lc5jace3w/behavioral1 ! https://infosec.exchange/@iampytest1/111292640449421381 ! https://tria.ge/231025-nk2zyagh81/behavioral1 ! scam ads, as per ryanbr of EasyList ||totaladblock.com^ ||www.totaladblock.com^$all ||download.totaladblock.com^$all ||blockpage.totaladblock.com^$all ||stats.totaladblock.com^$all ||affiliates.totaladblock.com^$all ||affiliate.totaladblock.com^$all ||url.totaladblock.com^$all ||api.totaladblock.com^$all ||signup.totaladblock.com^$all ||track.totaladblock.com^$all ||my.totaladblock.com^$all ||support.totaladblock.com^$all ||login.totaladblock.com^$all ! https://infosec.exchange/@iampytest1/111565168288360998 ||totadblock.com^ ! https://app.any.run/tasks/eb07059f-c987-4366-9fed-8abfff016173 ||totaladblock.protected.net^$all ||extension.protected.net^$all ||totaladblocker.xyz^$all ||www.totaladblocker.xyz^$all ! https://virustotal.com/gui/ip-address/34.117.171.15/relations ||34.117.171.15^$document ||totalwebshield.xyz^$document ||www.totalwebshield.xyz^$document ||secure.totalwebshield.xyz^$document ||login.totalwebshield.xyz^$document ||download.totalwebshield.xyz^$all ! as per https://github.com/iam-py-test/my_filters_001/issues/105, I have unblocked the main website but still block the registry cleaner, driver updater, etc ||winzipregistryoptimizer.com^$document ||download.winzipregistryoptimizer.com^$document ! WinZip ads ! https://virustotal.com/gui/url/cad59b610a95e69019638d171c2df89adb7eac183968e102e37396b806fa57bd/community ||winzipdriverupdater.com^$document ||slowness.winzipdriverupdater.com^$document ! https://virustotal.com/gui/url/e5e8624a07064fc3a296dcab3b0b578ac0ed6d841094489e8bec989653deb93c/detection ! https://virustotal.com/gui/ip-address/3.222.136.53/relations ||winzipultimatepccare.com^$document ||www.winzipultimatepccare.com^$document ||winzipdisktools.com^$document ||winzipsystemtools.com^$document ! It is a very bad sign when Windows Defender blocks a file, and it is not a false positive ! https://virustotal.com/gui/url/b27f7a631ee2bcf759ab82fa976980c2704c787ecd21abc8b591b7fc93d96ee1/detection ! https://github.com/iam-py-test/Assets-001/tree/main/PUPs/SpeedCat ! Installer ! https://virustotal.com/gui/file/3f4c860c2689984f7edab62d5a5459840dc9515ec2c7a94b6fea6878481a3992/detection ! https://www.hybrid-analysis.com/sample/3f4c860c2689984f7edab62d5a5459840dc9515ec2c7a94b6fea6878481a3992 ! https://www.hybrid-analysis.com/sample/3f4c860c2689984f7edab62d5a5459840dc9515ec2c7a94b6fea6878481a3992/60f6d24211dc4473a31cd34a ! Other files and the app ! https://virustotal.com/gui/file/792bb2a2bd9f148d0b7dca1a98b4a310a30490c6523fc53a1f1e535e53d62389/detection ! https://virustotal.com/gui/file/57c40a9d2e592d968daa0f092abfa7abe2b41c47eb718adb770bd6930ec0dba4/detection ! https://virustotal.com/gui/file/f395839a00762a5e0428cb2cf596d80c56ba2be78cc3e6a3c89afb5c1f904db9/detection ! https://virustotal.com/gui/file/ff652f10ac6dbf8d4965f6624339c67e02715cf499ad8b26c1a683bd503e4136/detection ! https://quttera.com/detailed_report/pcspeedcat.com ||pcspeedcat.com^$all ! https://virustotal.com/gui/domain/pcspeedcat.com/relations ||cdn.pcspeedcat.com^$all ||vold.pcspeedcat.com^$all ||www.pcspeedcat.com^$all ||dev.pcspeedcat.com^$all ||access.pcspeedcat.com^$all ||vold-cdn.pcspeedcat.com^$all ||envoy.pcspeedcat.com^$all ||www-click-cf.pcspeedcat.com^$all ! Found in the shady Bing ads when searching for ADWCleaner ! Before downloading, ADWCleaner detected no adware. After downloading, ADWCleaner detected adware, which included the program. Program claims that buying the paid version (and entering private data) will fix issues with a clean VM. ! This also adds unneeded start up tasks (why would it need start up tasks?). In total, Malwarebytes detected 99 threats. ! https://virustotal.com/gui/url/681984dd59e84ade5ad3c7b93842dd3b8b759992e7a5f5a1a2aa8dd04f4c823e/community ||mycleanpc.com^$document ! I saw the www in the results ||www.mycleanpc.com^$document ! Found using VirusTotal ||reviews.mycleanpc.com^$document ||m.mycleanpc.com^$document ||shop.mycleanpc.com^$document ||web.mycleanpc.com^$document ||blog.mycleanpc.com^$document ||app.mycleanpc.com^$document ||get.mycleanpc.com^$document ||dev-www.mycleanpc.com^$document ! related domains owned by the company used for paying - obtained when talking to the scammer ||ustechsupport.com^$document ||www.ustechsupport.com^$popup ||mycleanid.com^$document ||www.mycleanid.com^$popup ||iolostore.com^$document ||www.iolostore.com^$popup ! the main website for the company ||realdefen.se^$document ! other 'products' which all appear to be PUPs ||getmydrivers.com^$document ||www.getmydrivers.com^$document ||app.getmydrivers.com^$document ||dev-www.getmydrivers.com^$document ||qa-www.getmydrivers.com^$document ||stopzilla.com^$document ||cyberdefender.com^$document ||www.cyberdefender.com^$popup ||virusfix.com^$document ||www.virusfix.com^$popup ! Owned by them (they admit it) ! 4/12/2022: https://app.any.run/tasks/82c340da-6ab4-4398-86bd-2bd368c018ce ||iolo.com^$document ||www.iolo.com^$document ||secure1.iolo.com^$document ! https://github.com/DandelionSprout/adfilt/compare/c3d04d61c9...4a2d9d2efa ! link on https://www.windowsdispatch.com/fix-system-restore-0x81000203-error-code/ ! https://virustotal.com/gui/url/41ada9c74d64537274173ea01f61fae7c7bdce2d660b64abb11546563fc6bf10/community ! The installer ! https://virustotal.com/gui/file/5d99408fc2f7bc85f2c4bc6dcd762008bfecd5c8dcaaacf9c9bdc2914ddd22b1/detection ! Files related to the PUP program ! https://virustotal.com/gui/file/fcf484d1009b4136c8655d32484babb0a284cbcb112ced7647194aea9e7688df/detection ! https://virustotal.com/gui/file/67252e30a59ddc58c273555bfd306343ec61e3f198a1c2d3eb30d8a93ec4fffa/detection ! https://virustotal.com/gui/file/5ef7eedfa7f283f180c1de80803e8d5c81fee09750ca044f018a098a94ad85c1/detection ! Malwarebytes detection - https://blog.malwarebytes.com/detections/pup-optional-restoro/ ! Screenshots from anaysis - https://github.com/iam-py-test/Assets-001/tree/main/PUPs/Restoro (VM Env: Windows 10, Windows Defender on) ||restoro.com^$all ||www.restoro.com^$all ||techloris.com/go/restoro/$document ||techloris.com/lp/error8.php$document ||techloris.com/go/restoro-download/$document ! https://virustotal.com/gui/file/f019dab3172f6ce7808d45a5b5dea92354352e302219c02a84a280978f6eb166/community ||go.windowsreport.com/Restoro$document ! https://www.bleepingcomputer.com/virus-removal/page/2/ ! https://virustotal.com/gui/url/1a381bcdd30c4fafbe50baa12a0446c18b875e2221330ffe2adec106f14904f4/community ! https://virustotal.com/gui/file/50abca232390db8eb28a17b9fa5386631857c7c14d1b43d0adcdaf90178a4f7c/community ! https://www.mywot.com/scorecard/iobit.com ! https://forums.malwarebytes.com/topic/29681-iobit-steals-malwarebytes-intellectual-property/page/5/#elControls_152972_menu ! https://virustotal.com/gui/url/1a381bcdd30c4fafbe50baa12a0446c18b875e2221330ffe2adec106f14904f4/community ! https://github.com/hagezi/dns-blocklists/issues/1794 ||iobit.com^$document ! Subdomains ||cdn.iobit.com^$document ||stats.iobit.com^$document ||estore.iobit.com^$document ||update.iobit.com^$document ||jp.iobit.com^$document ||store.iobit.com^$document ||download.iobit.com^$document ||www.iobit.com^$document ||clouddownload.iobit.com^$document ||ru.iobit.com^$document ||search.iobit.com^$document ||purchase.iobit.com^$document ||cloud.iobit.com^$document ||interface.iobit.com^$document ||shop.iobit.com^$document ||mobile.iobit.com^$document ||m.iobit.com^$document ||startup.iobit.com^$document ||survey.iobit.com^$document ||checkout.iobit.com^$document ||sdupdate.iobit.com^$document ||giveaway.iobit.com^$document ||uninstall.iobit.com^$document ||de.iobit.com^$document ||codes.iobit.com^$document ||recorder.iobit.com^$document ||ascstats.iobit.com^$document ! download redirects to iobit ||windowserrorfixer.com^$document ||www.windowserrorfixer.com^$document ! itop vpn seems to be made by iobit and comes with bundled installs ||itopvpn.com^$document ||update.itopvpn.com^$document ||api.itopvpn.com^$document ||stats.itopvpn.com^$document ! https://tria.ge/231105-nq2lcsee2v/behavioral1 ||itopupdate.com^$document ||update.itopupdate.com^$document ||stats.itopupdate.com^$document ! https://tria.ge/240511-bb4qysca5x/behavioral2 ||update.downloaditop.com^$document ! https://virustotal.com/gui/file/4efd1bc1bdc12da1bbdc597cf3f37f0c65e582f42e353cf781ac1fe422dfa68c/detection ! https://virustotal.com/gui/file/69d9d162a040888164707b7e44f4709059ad45296a832c077c0dc91afed89c05/detection ! https://virustotal.com/gui/file/fd9dbb971a9995f6d146237933fbe27f18217d3cacbb6da121de4cc9590030be/relations ! https://github.com/iam-py-test/Assets-001/tree/main/PUPs/Restoro ! https://virustotal.com/gui/url/16766e8681f0bf474ec3238d4b6d7f33047f5f368abef0aac13001d2be0a757d/detection ! https://blog.malwarebytes.com/detections/pup-optional-reimage/ ||2-spyware.com/reimage/download$all ||2-spyware.com/download/ReimageRepair$all ! https://virustotal.com/gui/url/16766e8681f0bf474ec3238d4b6d7f33047f5f368abef0aac13001d2be0a757d/detection ||reimageplus.com^$all ! More reimage - new name, new SHA256, new domain? ! https://virustotal.com/gui/url/3493793318d49332b789aba96de7937c468c5f6a20d6fdbf8da87832183c5d07/detection ! https://github.com/iam-py-test/Assets-001/tree/main/PUPs/Restoro_2 ! https://virustotal.com/gui/file/fd9dbb971a9995f6d146237933fbe27f18217d3cacbb6da121de4cc9590030be/relations ||reimage.org^$all ||www.reimage.org^$all ! Nobody names their legit domain after malware and then is detected on VirusTotal ! https://virustotal.com/gui/url/deef544081c813ee971cfa78d8145e5a050ea5eccc3d5718b033d00b64c5f9f4/detection ||reimage.com^$all ! https://virustotal.com/gui/file/af7b36c0f9f48f35315877e3cd5efb83c1a122a043ea9228db7da9c1c3c3120b/community ! https://github.com/iam-py-test/Assets-001/blob/main/PUPs/MediaGet/mediaget_detections.jpeg ||mediaget.com^$all ! found by @DandelionSprout in https://github.com/DandelionSprout/adfilt/issues/253 ||media-get.com^$all ||media-get.ru^$all ||mediagetplus.com^$all ||mgmgmg.com^$all ||23.111.31.137^$document ||23.111.88.207^$document ! https://virustotal.com/gui/file/05f052c64d192cf69a462a5ec16dda0d43ca5d0245900c9fcb9201685a2e7748/detection ! https://virustotal.com/gui/url/f938821627f117b561598186343cf47ce5f75b89b8d149a3efe885f9eba51942/community ! https://virustotal.com/gui/file/a367e0562e612bc66729f3a4676bad849e5c3c32fad8223b5ea991e11604f5fe/details ! ADWCleaner detects malware after execution. File opens webpage with generic 'your system has issues' message ||driveragent.com^$all ! https://virustotal.com/gui/file/61ddc79c421d13052f0acdb838d1a68d98c5e4eda0058f018f72a65474135d08/detection ! https://github.com/DandelionSprout/adfilt/issues/254 ! https://blog.malwarebytes.com/detections/onesafe-software-com/ ||onesafesoftware.com^$all ||vpn.onesafesoftware.com^$all ||blog.onesafesoftware.com^$all ||drivers.onesafesoftware.com^$all ||updates.onesafesoftware.com^$all ||support.onesafesoftware.com^$all ||cdn.onesafesoftware.com^$all ||subscriptions.onesafesoftware.com^$all ||notifications.onesafesoftware.com^$all ||stats.onesafesoftware.com^$all ||www.onesafesoftware.com^$all ! https://virustotal.com/gui/file/a6e89d2bb1c2da1d852fb8e248f39cf7b3d4b0ea05a8d8f343d1b8e74d271d43/relations ||driversupport.com^$document ||front.driversupport.com^$document ||secure.driversupport.com^$document ||aloha.driversupport.com^$document ! "SolveIQ"? ||apps.solveiq.com^$document ||preview.solveiq.com^$document ||auth.solveiq.com^$document ! Taken from DandelionSprout's Anti-malware list - which is at https://github.com/DandelionSprout/adfilt/blob/master/Dandelion%20Sprout's%20Anti-Malware%20List.txt and which is maintained by https://github.com/DandelionSprout - and verified ||driver-soft.com^$all ! https://github.com/blocklistproject/Lists/issues/497 ||pcspeedup.en.softonic.com^$document ||tweakbit.com^$all ||static.tweakbit.com^$all ||www.tweakbit.com^$all ||debuglogs.tweakbit.com^$all ||update.tweakbit.com^$all ||dynamicdownloads.tweakbit.com^$all ||downloads.tweakbit.com^$all ||store.tweakbit.com^$all ||mail.tweakbit.com^$all ! Original inspection ! disable uBlock Origin and go to https://www.google.com/search?q=clean+up+computer+to+run+faster&source=hp&ei=Y4KzYIrUL-rP0PEPqM2liAc&iflsig=AINFCbYAAAAAYLOQcwKl4vglkAEcsALPhO6XEyguHxPP&oq=clean+up+comp&gs_lcp=Cgdnd3Mtd2l6EAEYATICCAAyAggAMgIIADICCAAyBQgAEMkDMgIIADICCAAyAggAMgIIADICCAA6DgguELEDEMcBEKMCEJMCOgsILhCxAxDHARCjAjoFCAAQsQM6CAgAELEDEIMBOggILhDHARCjAjoOCC4QsQMQgwEQxwEQrwE6CAgAEOoCEI8BOggILhCxAxCDAToICC4QxwEQrwE6BQguELEDOggILhCxAxCTAjoICAAQsQMQyQM6BQgAEJIDOgsILhDHARCjAhCTAjoCCC46BQguEJMCUOUoWKCDAWDakwFoAnAAeACAAYoDiAGaFJIBCDAuMTQuMC4xmAEAoAEBqgEHZ3dzLXdperABCg&sclient=gws-wiz ! https://virustotal.com/gui/url/2f44cf878800c082d5fefb8326cf384fe12393ecfcca05e64903c5888f4c762c/detection ! https://virustotal.com/gui/url/c6290089eb08d05375650bfb7778713e1e9443ac1d8d180df44bd8ddd49124f9/detection ! https://virustotal.com/gui/domain/www.pchelpsoft.com/relations ! https://www.mywot.com/scorecard/pchelpsoft.com ! https://safeweb.norton.com/report/show_mobile?name=https://www.pchelpsoft.com/pc-cleaner/lp1-ms-us/?tracking=PH_EN_PP_GO_SE_PCC_US&keyword=speed%20up%20my%20pc&campaignID=ADWORDS&gclid=EAIaIQobChMIsOqVwrTx8AIV9xmtBh17swHGEAAYASAAEgLr1fD_BwE ! https://virustotal.com/gui/url/3cfe4ec34704092b5ad0c03b1f9566b538c11e3e0434a73991cdc2694db26582/detection ! https://www.urlvoid.com/scan/pchelpsoft.com/ ! https://sitecheck.sucuri.net/results/pchelpsoft.com ! https://www.fortiguard.com/webfilter?q=pchelpsoft.com ! Inspection on 23/7/2021 ! https://virustotal.com/gui/url/3cfe4ec34704092b5ad0c03b1f9566b538c11e3e0434a73991cdc2694db26582/detection ! https://safeweb.norton.com/reviews?url=pchelpsoft.com ! https://www.mywot.com/en/scorecard/pchelpsoft.com ! Setup file (installer) - https://virustotal.com/gui/file/7ab506784dcc49c916cdff2076132dafc881ac268e54aba39d6af2ca6ce0c775/details ! Related files ! https://virustotal.com/gui/file/04ef20ed8a783aaa91082865ed99c079cf2bf9f67908d536fdb9e227b19401f0/detection ! https://virustotal.com/gui/file/192dc080f0c52222e03c074e3a38a8b3cc5b31605457fd6acd447bf7488a89d8/relations ! https://virustotal.com/gui/file/40157e1981b97206658667927fbdc484c7e9615591884cfed2d6cadc9e3f1b4c/detection ! A 'driver updater' it wanted me to install - https://virustotal.com/gui/file/965bf402594ee539ce61d2a593c421b1c7ed6e1969369ae4a7866c17b2281a3c/detection ! https://forums.malwarebytes.com/topic/200216-removal-instructions-for-pccleaner/ ! Screenshots - https://github.com/iam-py-test/Assets-001/tree/main/PUPs/PCHelpSoft ! 19/9/2022: https://app.any.run/tasks/3c8b1d38-de18-488a-9e3f-62b3354c17e8 ! 6/11/2022: https://app.any.run/tasks/da8a44c3-965f-4fd6-816d-b5ae16235f62 (https://virustotal.com/gui/file/5475c9cff70482b8b5bf2c31395f9463261313991b41743686e4c8c43e53df0b/detection) ||pchelpsoft.com^$document ||www.pchelpsoft.com^$document ||cloud.pchelpsoft.com^$document ||cda.pchelpsoft.com^$document ||cdn.pchelpsoft.com^$document ||webtools.pchelpsoft.com^$document ||pchelpsoft.net^$document ||www.pchelpsoft.net^$document ! https://virustotal.com/gui/url/27307acb5b127114423ed0d7c63aaed0013d1833f56c158a3b049f8d1c98dcbc/detection ! Download button redirects to advancedsystemrepair.com ||pccleaner.com^$document ! The PUP from this website looks like a past one; maybe a variant or another download location ! https://github.com/iam-py-test/Assets-001/tree/main/PUPs/PCCleaner_1 ||advancedsystemrepair.com^$all ||support.advancedsystemrepair.com^$all ||secure.advancedsystemrepair.com^$all ||lp.advancedsystemrepair.com^$all ||track.advancedsystemrepair.com^$all ||www.advancedsystemrepair.com^$all ||checkout.advancedsystemrepair.com^$all ! Found this PUP on someone else's computer, so I decided to figure more about it. It does look very old; even the UI sometimes looks like Windows 7 despite the VM running 10 ! The (working) installer (from Softonic) - https://virustotal.com/gui/file/863adfe03c1ea35c424817274eabe4eef02fe4a2d6428f8718e61655fb8bc49c/detection ! The program (according to Malwarebytes's IOC report) - https://virustotal.com/gui/file/2aad06624e9b698ec0dc0276b433c606a4858d6585028cd658ae7c697358ffec/detection ! https://blog.malwarebytes.com/detections/pup-optional-slimcleanerplus/ ! All the domains seem to be related to this PUP ! https://virustotal.com/gui/url/f7be15d28340acb7db31f63a62a26bad1253824f2424117a816203950e86fd22/community ||slimware.com^$all ! https://virustotal.com/gui/url/440e39a20d7e01064269dadfc38eafd80c8534f7391f2c1ef7ac41c10d9c4e20/detection ! https://virustotal.com/gui/url/946a5c2295cfef547f162350af93257df55d6b2103a0ce2e84b241cf727a81f6/detection ||slimwareutilities.com^$all ! The executable from the website (https://virustotal.com/gui/file/d9103347f6043f0266a6480b6c794a4ee9f07800db43b6301920fe97587066d2/detection) seemed broken, but this one (maybe an older/newer mirror) works ||slimcleaner-plus.en.softonic.com^$all ! Other TLDs ||slimcleaner-plus.softonic.com.tr^$document ! https://github.com/iam-py-test/investigations/blob/main/2021/11/5/1.md ||windowserrorhelp.com^$document ||certified.windowserrorhelp.com^$document ! Spyhunter is far from legit - and this company sues almost anyone (i.e. Bleeping Computer - https://blog.malwarebytes.com/security-world/2016/02/bleepingcomputer-defends-freedom-of-speech/, Malwarebytes - https://press.malwarebytes.com/2021/09/29/malwarebytes-wins-dismissal-of-enigma-lawsuit-in-final-ruling/) ! https://www.mywot.com/en/scorecard/enigmasoftware.com ! https://github.com/gorhill/uBlock/wiki/Software-known-to-have-uninstalled-uBlock-Origin ! https://en.wikipedia.org/wiki/SpyHunter_(software) ||enigmasoftware.com^$document ||www.enigmasoftware.com^$document ||installer.enigmasoftware.com^$document ||download.enigmasoftware.com^$document ||dl.enigmasoftware.com^$document ||instcfg.enigmasoftware.com^$document ||tt.web.enigmasoftware.com^$document ||myaccount.enigmasoftware.com^$document ||purchase.enigmasoftware.com^$document ||spyhunter.enigmasoftware.com^$document ||spyhunter-update.enigmasoftware.com^$document ||download2.enigmasoftware.com^$document ||spyhunter.com^$document ||www.spyhunter.com^$document ||spyhunter-download-v2.b-cdn.net^$document ! https://tria.ge/230810-2gkhdahd53/behavioral1 ||enigmasoft.net^$document ||rh.downloads.enigmasoft.net^$document ! https://github.com/iam-py-test/my_filters_001/issues/84 ||mackeeper.com^$document ! https://virustotal.com/gui/file/088cbcec6b80eba99eb691968e0f972935aae301e9cb6d1c6133699530dd5621/community ||secure-browser.io^$document ! locks your screen and just creates a link to their website on your desktop. Malware? ||goto.searchproonline.com^$all ||searchproonline.com^$all ! https://github.com/uBlockOrigin/uAssets/issues/11176 ||nearbyme.io^$document ||m.nearbyme.io^$document ! https://web.archive.org/web/20230604193437/https://twitter.com/iam_py_test/status/1488163521540075524 ||outbyte.com^$document ||testedforyou.net^$document ! from an infected VM ||pcsystemfix.com^$document ||lp.pcsystemfix.com^$document ||download.pcsystemfix.com^$document ! article on perflib errors ||xoomber.com^$document ! https://forums.malwarebytes.com/topic/283588-mb-cant-find-malware/ ! https://forums.malwarebytes.com/topic/293374-aasearchtoolshub/ ||searchtoolshub.com^$document ||find.searchtoolshub.com^$all ! Some scam redirects brought me here (https://web.archive.org/web/20230604193632/https://twitter.com/iam_py_test/status/1497351777754050562 - https://virustotal.com/gui/file/2e68dbec330d7ebe567dcbb67a1dffe83f6f0c278664b60f3edeee684edfe7ff/relations) ||drivermax.com^$document ! adware downloader - https://app.any.run/tasks/d1918395-7080-4292-9a71-1059bc7a90cf ||sway.office.com/flj90JK1oswcTJEO^$document ! Bundled installer & PUP ||sysdriverupdater.com^$document ||www.sysdriverupdater.com^$document ! This is just Advanced System Repair Pro ||directbrand.com/dl/asr_regcure.php^$document ! https://blog.malwarebytes.com/threat-analysis/2022/06/forced-chrome-extensions-keep-reappearing/ ||activesearchbar.me^$all ||customsearchbar.me^$all ! https://forums.malwarebytes.com/topic/286395-microsoft-edge-custom-search-bar-extension-redirects-to-rbfastsearchme/ ||rb.fastsearch.me^$all ! https://forums.malwarebytes.com/topic/287338-browser-hi-jacker-royb2fastsearchme/ ||royb2.fastsearch.me^$all ! adware ||pdfconverterpower.net^$document ||searchpoweronline.com^$document ||goto.searchpoweronline.com^$document ||www.searchpoweronline.com^$document ! https://forums.malwarebytes.com/topic/295131-pdfpower-pdfshark-pdfsuperhero-pdftodocpro-pdfmagic/#comment-1556224 ||gifsearchutils.com^$document ||start.gifsearchutils.com^$document ||pdfsharkapp.com^$document ||searchmagiconline.com^$document ||start.searchmagiconline.com^$document ||pdfsuperhero.com^$all ||stats.pdfsuperhero.com^$all ! https://forums.malwarebytes.com/topic/289030-mbam-browser-guard-identifying-malware-but-mbam-not-removing-malware/ ||mysearchengine.co^$document ! https://github.com/AdguardTeam/AdguardFilters/issues/128029 ||freddostagione.com^$all ||search.freddostagione.com^$all ||147.135.253.55^$document ||search.motherpipe.net^$document ||humanverified.net^$all ||video-ad-skipper.com^$document ||search.becovi.com^$document ||luminosoocchio.com^$document ||quick-speedtest.com^$document ||husmicto.com^$document ||splendidus.net^$document ||tutatagliente.com^$document ||osservareimmaginare.com^$document ||desideriosoldi.com^$document ||www.humanverified.net^$document ||search.potestainsula.com^$document ||search.husmicto.com^$document ||search.splendidus.net^$document ||search.tutatagliente.com^$document ||search.luminosoocchio.com^$document ||search.osservareimmaginare.com^$document ||search.desideriosoldi.com^$document ! https://blog.malwarebytes.com/detections/pup-optional-bytefence/ ! https://virustotal.com/gui/file/21dfa4ed47de7007c0fb6eadb3f94d2e847b3f4e301767d2320623f02f0926ba ! https://virustotal.com/gui/file/d41405553da0287be81722125b35405ad90923e7aa0631b5e5c6ab80358355ca ! https://safeweb.norton.com/reviews?url=bytefence.com ! https://www.mywot.com/scorecard/bytefence.com ||download.cnet.com/ByteFence-Anti-Malware/$document ||bytefence.com^$document ! https://www.youtube.com/watch?v=2tW_PDVfT-E ! https://virustotal.com/gui/file/1c45ac42e4486ae5114cf287626ffb02eb03675f667d076d5c8f886ee0016d26/detection ! https://github.com/iam-py-test/Assets-001/tree/main/PUPs/Auslogics_PUP_regclean ! https://virustotal.com/gui/file/a54dffea1703732c3daf043462c289f4c9fc57fb27e1e9cc099b0cc03835940e/detection ! https://forums.malwarebytes.com/topic/199170-false-positive-with-auslogics-boostspeed/#elControls_1116195_menu ||auslogics.com^$all ||www.auslogics.com^$all ! https://virustotal.com/gui/file/1d26c8e2760b9d95e344dc93e4516c88c23bae5af1e888b2769186520f53021d/detection ! https://virustotal.com/gui/url/c9d507f4fe1720bb0b70a799abfd548f315694f59eebea676204da1cbaee4b4f/detection ! https://virustotal.com/gui/file/bba00552bb0a562a00aa70c8425e48bb1b407a72f84df6c8f69f0bf44fabf310/detection ! https://virustotal.com/gui/file/0dcf7e52492de09df39f7b1f7996d61033c6f61b43d38990f43b45dd530dcdb9/relations ! https://www.hybrid-analysis.com/sample/1d26c8e2760b9d95e344dc93e4516c88c23bae5af1e888b2769186520f53021d ! https://www.hybrid-analysis.com/sample/1d26c8e2760b9d95e344dc93e4516c88c23bae5af1e888b2769186520f53021d/60a4789f1522974edf38bd58 ! https://www.hybrid-analysis.com/sample/bba00552bb0a562a00aa70c8425e48bb1b407a72f84df6c8f69f0bf44fabf310 ! https://github.com/iam-py-test/Assets-001/tree/main/PUPs/ashampoo ||ashampoo.com^$document ! https://virustotal.com/gui/url/9979729afeff4472121a6faa8d4a4b7c885a5f391b082d50585bf16929597d4e/community --> https://virustotal.com/gui/file/c9bb2af73703f81a31ae5a3dedbf6eebf404256b679303111c1dedf0e24879db/community ! https://app.any.run/tasks/d2533d89-8e5e-4fc6-b110-bafc153c3636 (my analysis) ! walliant: https://www.youtube.com/watch?v=91w4rzBTP5o ||walliant.com^$document ! clone of another screenlocker adware ||gifsmakerpro.com^$document ||www.gifsmakerpro.com^$document ! https://forums.malwarebytes.com/topic/293346-malwarebytes-not-detecting-virus-highjacking-my-search-engine-in-chrome/ ! https://www.bleepingcomputer.com/forums/t/788099/howdy-yall-i-could-use-some-help-antivirus-and-self-hacking/ ||mobilisearch.com^$all ||mobility-search.com^$all ! another clone of ziprar thing (Adware.SearchLightPro) ||searchlightpro.com^$document ||start.searchlightpro.com^$all ||dsc.searchlightpro.com^$all ! https://forums.malwarebytes.com/topic/283015-pupoptionalwinsweeper ! https://forums.malwarebytes.com/topic/300427-unable-to-start-in-a-normal-mod-of-windows/?do=findComment&comment=1579090 ||solvusoft.com^$document ||www.solvusoft.com^$document ||exefiles.com/*/recommended/winthruster/$document ! random ad ||totalsystemcare.com^$document ||www.totalsystemcare.com^$document ||safebytes.com^$document ||driverassist.com^$document ! browsing YouTube without an adblocker ||customsearchtool.com^$document ||home.customsearchtool.com^$document ||config.customsearchtool.com^$document ||hp.customsearchtool.com^$document ||d3pxa1onb1zy4q.cloudfront.net/custom_search_tool-2022.7.15-fx.xpi^$all ! https://forums.malwarebytes.com/topic/293616-google-doc-fake-extension-not-detected/ (account required) ||gosearches.gg^$all ! https://forums.malwarebytes.com/topic/293620-adwcleaner-wont-run/ ||search-fine.com^$document ! https://github.com/uBlockOrigin/uAssets/issues/16582 (without an adblocker) ||easyprint.app^$document ||cdn.easyprint-cdn.app^$document ! https://virustotal.com/gui/url/c7cdd1eaf651fbf4446d189d91b52b0c6a5811fb70db18b3eec1fa575057163a/detection ||freshysearch.com^$all ||cdn.freshysearch.com^$all ! two search engine hijackers ! https://virustotal.com/gui/url/1ca49bde04ac00c79b259a4a02b041d91c512ca55a6d0e839f69010d0bc32061/detection ||pdftab.com^$document ||cdn.pdftab.com^$document ||findmanualsnow.com^$document ! ran across this while looking for DDNS services ||ww1.pwnz.org^$document ||thesafersearch.com^$document ||get.thesafersearch.com^$all ! The makers of such wonderful programs like "Driver Genius 22" and "PC Cleaner" ||avanquest.com^$document ||www.avanquest.com^$document ||webtools.avanquest.com^$document ! 'Wave browser' which is just a scummy version of Chrome ! https://github.com/DandelionSprout/adfilt/issues/63#issuecomment-968062965 ||wavebrowser.co^$document ||download.wavebrowser.co^$all ||wavebrowser.com^$document ||dl.gowavebrowser.com^$all ||gowavebrowser.com^$document ! DLL Helper ! https://virustotal.com/gui/file/675a72bb2b3ea39beafc73e8faf31b85b58b0dcc169b10649d5f49341936a379 ||dll-helper.en.softonic.com^$document ! search engine hijacker ||manualsdirectory.org^$document ||tab.freshymanuals-site.com^$document ||search.freshy.com^$document ! https://github.com/uBlockOrigin/uAssets/issues/17568 ||wigglewurm.com^$document ||n.wigglewurm.com^$all ! an infected VM --> this extension hijacks the search engine ||getsecurify.com^$document ||www8.getsecurify.com^$document ||chrome.google.com/webstore/detail/browsing-overview-by-secu/njfkgeajknkffkngdmjmjninkbgjedlo/$document ||mysecurify.com^$document ||search.mysecurify.com^$document ||ext.mysecurify.com^$all ! https://github.com/hagezi/dns-blocklists/issues/3163 ||withsecurify.com^$all ||ext.withsecurify.com^$all ||search5.withsecurify.com^$all ||search.withsecurify.com^$all ||securifyguard.com^$all ! an infected VM --> this extension hijacks the search engine claiming it protects your searchs ||privacykeeperapp.com^$document ||get.privacykeeperapp.com^$document ||chrome.google.com/webstore/detail/privacy-keeper/acdkbikhkmpbfdmfmcogpnjchcniiipa^$document ||privacykeepersearch.com^$document ! https://0xacab.org/my-privacy-dns/matrix/-/issues/121797 ||speak-text-tab.com^$document ||search.speak-text-tab.com^$document ! https://github.com/uBlockOrigin/uAssets/issues/17880 ||office.org^$document ! https://github.com/uBlockOrigin/uAssets/issues/17960 ||templatesearch.org^$all ! https://www.bleepingcomputer.com/forums/t/785431/26-pup-found-today-what-to-do/ ||securybrowse.com^$document ||search.securybrowse.com^$document ||ext.securybrowse.com^$all ||chrome.google.com/webstore/detail/my-family-protect-by-secu/ghaojflgonndmkaknkocggkmkbjjbgho^$all ! https://github.com/uBlockOrigin/uAssets/issues/18103 ! (my analysis) https://app.any.run/tasks/4a29352e-fc49-4c59-bb96-0acda5544d53 ||gamefabrique.com^$all ! https://tria.ge/230518-m51f6sae43/behavioral2 ||chrome.google.com/webstore/detail/my-notes-extension/jekjflpbfegfepdioebbpanjkjhcihoi^$document ! https://forums.malwarebytes.com/topic/298186-accidentally-visited-potential-maliciousmalware-website/ ! (my analysis) https://tria.ge/230523-zqkhmahd85/behavioral2 ||doodrdash.com^$all ||thale-ete.com^$document ||dkjfhuyd.fivetrafficroads.com^$all ||chrome.google.com/webstore/detail/weather-in/jpflgehebdhjjcdojdloemfeflelhmoh^$document ||weather-in.xyz^$document ||trk.weather-in.xyz^$document ||search.weather-in.xyz^$document ! linkverse PUP ||linkvertise.download^$document ! https://github.com/StevenBlack/hosts/issues/2339 ||serasearchtop.com^$all ! https://tria.ge/230601-z9q5hsha6v/behavioral1 ||safeplexsearch.com^$all ||addons.mozilla.org/*/firefox/addon/safeplex-search/^$document ! internal ||fontdeterminer.com^$document ! https://tria.ge/230705-n3traaca92/behavioral1 ||ofoseveralyea.info^$all ||ratefinaukncei.info^$all ! adware ||pdfsuperhero.azureedge.net^$all ||pdfconverty.com^$all ! chromium based adware ||gettoptemplates.com^$document ||downloadonelaunchnow.com^$document ! https://tria.ge/230805-1lv91agc6x/behavioral1 ||getconvertmyfile.com^$document ! https://0xacab.org/my-privacy-dns/matrix/-/issues/649666 ! https://tria.ge/230805-rgmydsee8s/behavioral1 ||websearchextension.info^$document ||containers.websearchextension.info^$document ||cloudfront.websearchextension.info^$document ||websearchextension-api.info^$document ||api.websearchextension-api.info^$document ! https://github.com/StevenBlack/hosts/issues/2403 ! https://github.com/StevenBlack/hosts/issues/2408 ||santknow.com^$document ! https://forums.malwarebytes.com/topic/301185-i-ran-galacticshooterexe/#comment-1583465 ||segoonow.com^$document ! https://forums.malwarebytes.com/topic/301473-pupoptionalcoduit/ ||conduit.com^$document ||search.conduit.com^$document ! https://github.com/hagezi/dns-blocklists/discussions/1515 ||techadsology.com^$all ! sells driver updater snake oil ||drivereasy.com^$document ! https://forums.malwarebytes.com/topic/303209-need-help-with-removing-trojan-virusvirtool32/?do=findComment&comment=1594712 ! https://www.koi.ai/blog/4-million-browsers-infected-inside-shadypanda-7-year-malware-campaign ! maybe the same thing? https://www.youtube.com/watch?v=IsGRcAjgKwA ||trovi.com^$document ||www.trovi.com^$document ! https://github.com/iam-py-test/my_filters_001/issues/119 ! https://forums.malwarebytes.com/topic/303863-cryptpkocryptpko1-and-cryptsigcryptsig1-in-registry-and-cant-delete/ ||sensorstechforum.com^$document ! https://tria.ge/231028-pvxzeabb9z/behavioral1s /11/?*&lpkey=*&filename=Click%20to%20view%20the%20file%20links|$document ||ivedmanyyea.org^$document ! snake oil, bundles software ! https://youtube.com/watch?v=bIpYJoE7CxA ! https://spyware.neocities.org/articles/ccleaner ||ccleaner.com^$document ! https://github.com/uBlockOrigin/uAssets/issues/13566 ! https://web.archive.org/web/20220220102436/https://twitter.com/gorhill/status/1352651716265713665 ! https://palant.info/2020/10/28/what-would-you-risk-for-free-honey/ ! https://infosec.exchange/@iampytest1/111069238525172731 ! https://github.com/hagezi/dns-blocklists/issues/4666 ! https://github.com/StevenBlack/hosts/issues/2792 ! https://storage.courtlistener.com/recap/gov.uscourts.cand.441974/gov.uscourts.cand.441974.9.0_1.pdf (see also https://techcrunch.com/2025/01/05/youtuber-legaleagle-sues-paypal-over-sleeping-leech-honey-extension/ and https://infosec.exchange/@iampytest1/113782185134949815) ! https://www.heise.de/news/YouTuber-Mit-Honey-zu-arbeiten-war-sehr-einfach-10225641.html ||joinhoney.com^$document ||honey.io^$document ! from the TLS cert of supra ||joinhoney.app^$document ||joinhoney.co.uk^$document ||joinhoney.com.au^$document ! https://tria.ge/230821-2bt5maad51/behavioral1 ! https://web.archive.org/web/20231120191617/https://forums.malwarebytes.com/topic/304687-pupoptionalfortect/ ! https://infosec.exchange/@iampytest1/110736203666880292 ||fortect.com^$document ||cloud.fortect.com^$document ! https://tria.ge/231121-x5hw8sgc87/behavioral1 ||quickdriverupdater.com^$document ||www.quickdriverupdater.com^$document ||webcf.quickdriverupdater.com^$document ||cf.quickdriverupdater.com^$document ||qip.quickdriverupdater.com^$document ||qdu.quickdriverupdater.com^$document ||d8kkkzr1spalx.cloudfront.net/win/qdu/setup/*/qdurtsetup.exe$document ||dpsro.com^$document ||www.dpsro.com^$document ! https://github.com/collinbarrett/FilterLists/issues/3794 ||rakuten.ca^$document ||ebates.com^$document ||www.ebates.com^$document ! https://github.com/uBlockOrigin/uAssets/pull/17981 ||aadvantageeshopping.com^$document ! https://github.com/iam-py-test/my_filters_001/issues/119 ! https://tria.ge/230817-a16feaee47/behavioral1 ||combocleaner.com^$document ||www.combocleaner.com^$document ||pcrisk.com/files/CCSetup.exe^$document ! tricks users into installing an allowlist - unknown source ||work-ink.github.io^$document ! https://www.reddit.com/r/uBlockOrigin/comments/143k8lm/ ! ||topcashback.co.uk^$document ! ||topcashback.com^$document ! "free registry cleaner" ||download.freedownloadmanager.org/Windows-PC/AML-Free-Registry-Cleaner/$document ! origin unknown (forgot to add a comment here) ! TODO: reverify ||driveridentifier.com^$document ! driverpack ||driverpack.io^$document ||driverpack.tilda.ws^$document ||dwrapper-prod.herokuapp.com^$document ! https://virustotal.com/gui/url/48a9e88e0b6cf59fac14588d252d9bb6b936ec2fd847e832d17fdb76322b35d3/detection ! https://virustotal.com/gui/file/e66db6f687eacf9852542ab583f4d77191965f3a8d6c2e726f4e6b8b83b4f390/detection ! https://virustotal.com/gui/file/93f1afd730eb30421d8e7cae9fc79cbee918c4b0a75d68bf64d34d2cc99d29f0/detection ! To remove, run ADWCleaner (https://malwarebytes.com/adwcleaner) and follow instructions. ||speedupmypcfree.com^$all ! https://virustotal.com/gui/domain/speedupmypcfree.com/relations ||www.speedupmypcfree.com^$all ! https://windowsreport.com/extend-windows-laptop-battery-life/ ! https://www.hybrid-analysis.com/sample/0dd66edadbe93df04f6759e5549d3e76b5bfcb292ba6f6a6139903dd705ced6a ! Tested on VM: Removed by ADWCleaner ! Switched to document as per https://github.com/uBlockOrigin/uAssets/issues/9974 ||driverfix.com^$all ! https://tria.ge/240427-2e441aac8x/behavioral1 ||pdfpilotapp.com^$document ||application.pdfpilotapp.com^$document ||por.pdfpilotapp.com^$document ! https://youtube.com/watch?v=m9d-fXl3Z8k ! my analysis: https://tria.ge/240505-t81dxafb3s/behavioral1 (cloudflared) ||restorex360.com^$document ||www.restorex360.com^$document ! https://github.com/uBlockOrigin/uAssets/issues/24972 ||pcapp.store^$document ! from Alex302: Speed Dial 2 (chrome extension) redirects searchs made through the address bar to Yahoo using these domains ||getxmlisi.com^ ||gotoyahoo.com^ ! https://forums.malwarebytes.com/topic/332457-clientupdatedrivethelifecom-outgoing-connection-is-blocked/ ! https://www.virustotal.com/gui/file/02713f057c41c5f86bdccb7317aef15fd990b07028e065637c244fb7d4749424/detection ! https://www.malwarebytes.com/blog/detections/pup-optional-drivethelife ! https://forum.eset.com/topic/21561-false-positive-driver-talent/ ! not a factor in detection but interesting: https://www.reddit.com/r/sysadmin/comments/3a485n/drive_the_life_a_hidden_gem_or_am_i_missing/ ! sandbox: https://tria.ge/260111-gs27cabt8d/static1 ! reaction to sandbox: https://infosec.exchange/@iampytest1/115874980699384241 ! more posts: ! https://forums.malwarebytes.com/topic/332452-drivethelife-riskware-alerts/ ! https://forums.malwarebytes.com/topic/332406-drivethelifecom-riskware-alert/ ||drivethelife.com^$document ||www.drivethelife.com^$document ||ipr.drivethelife.com^$all ||clientupdate.drivethelife.com^$all ||drivertalent.com^$document ||www.drivertalent.com^$document ! was originally under "Malware and phishing" but is actually a PUP - originally added in https://github.com/iam-py-test/my_filters_001/commit/99b795b4ebc16f4aa185274c9d02e020cf34ae87 ! https://github.com/uBlockOrigin/uAssets/issues/9933#issuecomment-913677276 ||greenadblocker.com^$all ! ---- Spam ---- ! https://forums.malwarebytes.com/topic/281397-how-to-update-my-adwcleaner/ ||24hourhtmlcafe.com^$document ! https://forums.malwarebytes.com/topic/281787-how-many-types-of-malware-are-there/ (https://web.archive.org/web/20211214132150/https://forums.malwarebytes.com/topic/281787-how-many-types-of-malware-are-there/) -> hxxpx[:]//ilovealgarve[.]net[/]web-football-no-agents[/]) ||ilovealgarve.net^$document ! https://web.archive.org/web/20211222121009/https://forums.malwarebytes.com/topic/282084-keeping-laptop-safe/ -> hxxpx[:]//nbgpapartmani[.]com[/]register-web-ball-ufadeal[/] ||nbgpapartmani.com^$document ! https://forums.malwarebytes.com/topic/282082-hi-working-a-spreadsheet-more-than-8-years-history-mb-crashed-it/ (https://web.archive.org/web/20211222121637/https://forums.malwarebytes.com/topic/282082-hi-working-a-spreadsheet-more-than-8-years-history-mb-crashed-it/) -> hxxpx[:]//superagentconcierge[.]com[/]casino-ebet-entrance[/] ||superagentconcierge.com^$document ! https://forums.malwarebytes.com/topic/283348-update-ios-15/ (https://web.archive.org/web/20220202172538/https:/forums.malwarebytes.com/topic/283348-update-ios-15/) ||binaryreviewsrace.com^$document ! https://forums.malwarebytes.com/topic/283347-update-ios-15/ (https://web.archive.org/web/20220202172612/https:/forums.malwarebytes.com/topic/283347-update-ios-15/) ||stormlordpublishing.com^$document ! https://github.com/DandelionSprout/adfilt/issues/63#issuecomment-1120210042 ||fuckbookmobile.com^$document ||www.fuckbookmobile.com^$document ! https://github.com/DandelionSprout/adfilt/issues/63#issuecomment-1179770663 ||disqus.com/by/disqus_AIqzI15v88/^$document ! https://web.archive.org/web/20221007114132/https://forums.malwarebytes.com/topic/290873-whats-the-hottest-temperature-in-your-city/ ||rathbunlakeassoc.com^$document ||ufadeal.info^$document ! https://web.archive.org/web/20221206113456/https://forums.malwarebytes.com/topic/292706-top-cell-phone-apps-and-games-for-your-iphoneo-verjaardagsherinnering-nu/ ! https://forums.malwarebytes.com/topic/292707-spam-post-on-this-forum/ (account required) ||mhapks.com^$document ! GH spam, i.e. https://github.com/tesla-android/issue-tracker/discussions/162#discussioncomment-4551799 ||4.fo^$document ||mylocaldates1s.com^$all ||in.sv^$document ||static.imghst-de.com/eb01eaf3-369a-423f-a31e-c4221a2ca42d.png^$all ||trk-click.pshtrk.com^$document ! https://github.com/DandelionSprout/adfilt/commit/e83dc45b60a61c6097b8c40605855a80e3282901 ||link.sv^$document ! https://virustotal.com/gui/url/6bbc5fc50b84711644db9739cab16fbdd5659b3d6b82dbde0a3a82427e6f03b9/community ||go.sv^$document ! https://virustotal.com/gui/url/1f273d4cd56060082b8a598514f975bf4592a5f6be5f77e05f7c453266edaaad/community ||scuekpza.ws^$document ! https://forums.malwarebytes.com/topic/273013-android-unknown-chrome-hijacker/page/3/#comment-1553668 ||thedrivingtutors.com^$document ! https://forums.malwarebytes.com/topic/286891-my-android-phone-was-connected-to-pc-with-charge-only-when-pc-was-hacked/#comment-1555237 (deleted) ||anonigstalk.com^$document ||bingenerator.one^$document ! https://github.com/hagezi/dns-blocklists/issues/804 ||venezuelabaseballjerseys.com^$document ||italyworldbaseballclassic.com^$document ||storeoregononline.com^$document ||tlstoreonline.com^$document ||storecollegeonline.com^$document ||shoptcuhornedonline.com^$document ||shopsyracuseonline.com^$document ! https://github.com/hagezi/dns-blocklists/issues/1169 ||fuckmebaby.click^$all ! comment spam - endless cloudflare redirects ||getcutt.fun^$document ! https://infosec.exchange/@iampytest1/111485217708664748 ||free-amore.online^$all ||t.affoth2.com^$document ||newfast.pics^$all ! cryptocurrency recovery scammers ||cyberservices.com^$document ! X/Twitter spammer ||t.me/+8q8i5Dl-lws4NTU6^$document ! https://infosec.exchange/@briankrebs/111947916198756986 ||forestver.se^$document ||discord.gg/ctkpaarr^$document ! https://github.com/Mastodon-DE/blocklists/issues/17 ||tambayan.us^$document ! https://www.bleepingcomputer.com/news/security/news-farm-impersonates-60-plus-major-outlets-bbc-cnn-cnbc-guardian/ ||australiannewstoday.com^$document ||bbcnewstoday.com^$document ||bloombergnewstoday.com^$document ||bostonnewstoday.com^$document ||britishnewstoday.com^$document ||canadiannewstoday.com^$document ||chinaworldnewstoday.com^$document ||chroniclenewstoday.com^$document ||cnbcnewstoday.com^$document ||cnnworldtoday.com^$document ||crunchbasenewstoday.com^$document ||dailyexpressnewstoday.com^$document ||dailyheraldnewstoday.com^$document ||dailymirrornewstoday.com^$document ||dailystarnewstoday.com^$document ||dailytelegraphnewstoday.com^$document ||dutchnewstoday.com^$document ||dwnewstoday.com^$document ||europeannewstoday.com^$document ||forbesnewstoday.com^$document ||frenchnewstoday.com^$document ||germaynewstoday.com^$document ||guardiannewstoday.com^$document ||headlinesworldnews.com^$document ||huffingtonposttoday.com^$document ||irishnewstoday.com^$document ||italiannewstoday.com^$document ||livemintnewstoday.com^$document ||maltanewstime.com^$document ||mirrornewstoday.com^$document ||nationalposttoday.com^$document ||neatherlandnewstoday.com^$document ||neweuropetoday.com^$document ||norwaynewstoday.com^$document ||oxfordnewstoday.com^$document ||portugalnewstoday.com^$document ||postgazettenewstoday.com^$document ||republicofchinatoday.com^$document ||reuterstoday.com^$document ||russiannewstoday.com^$document ||scotlandnewstoday.com^$document ||spanenewstoday.com^$document ||switzerlandnewstoday.com^$document ||thedailymailnewstoday.com^$document ||thedailytelegraphnewstoday.com^$document ||theexpressnewstoday.com^$document ||theheraldnewstoday.com^$document ||theindependentnewstoday.com^$document ||theirishtimesnewstoday.com^$document ||theirishtimestoday.com^$document ||themetronewstoday.com^$document ||themirrornewstoday.com^$document ||thequintnewstoday.com^$document ||thestarnewstoday.com^$document ||thesunnewstoday.com^$document ||thetelegraphnewstoday.com^$document ||timesofnetherland.com^$document ||timesofspanish.com^$document ||topeuropenews.com^$document ||topworldnewstoday.com^$document ||turkeynewstoday.com^$document ||walesnewstoday.com^$document ||washingtonposttoday.com^$document ||washingtontimesnewstoday.com^$document ||www.australiannewstoday.com^$document ||www.bbcnewstoday.com^$document ||www.bostonnewstoday.com^$document ||www.britishnewstoday.com^$document ||www.canadiannewstoday.com^$document ||www.chinaworldnewstoday.com^$document ||www.chroniclenewstoday.com^$document ||www.cnbcnewstoday.com^$document ||www.cnnworldtoday.com^$document ||www.crunchbasenewstoday.com^$document ||www.dailyexpressnewstoday.com^$document ||www.dailyheraldnewstoday.com^$document ||www.dailymirrornewstoday.com^$document ||www.dailystarnewstoday.com^$document ||www.dailytelegraphnewstoday.com^$document ||www.dutchnewstoday.com^$document ||www.dwnewstoday.com^$document ||www.europeannewstoday.com^$document ||www.forbesnewstoday.com^$document ||www.frenchnewstoday.com^$document ||www.germaynewstoday.com^$document ||www.guardiannewstoday.com^$document ||www.headlinesworldnews.com^$document ||www.huffingtonposttoday.com^$document ||www.irishnewstoday.com^$document ||www.italiannewstoday.com^$document ||www.livemintnewstoday.com^$document ||www.maltanewstime.com^$document ||www.mirrornewstoday.com^$document ||www.nationalposttoday.com^$document ||www.neatherlandnewstoday.com^$document ||www.neweuropetoday.com^$document ||www.norwaynewstoday.com^$document ||www.oxfordnewstoday.com^$document ||www.portugalnewstoday.com^$document ||www.postgazettenewstoday.com^$document ||www.republicofchinatoday.com^$document ||www.reuterstoday.com^$document ||www.russiannewstoday.com^$document ||www.scotlandnewstoday.com^$document ||www.spanenewstoday.com^$document ||www.switzerlandnewstoday.com^$document ||www.thedailymailnewstoday.com^$document ||www.thedailytelegraphnewstoday.com^$document ||www.theexpressnewstoday.com^$document ||www.theheraldnewstoday.com^$document ||www.theindependentnewstoday.com^$document ||www.theirishtimesnewstoday.com^$document ||www.theirishtimestoday.com^$document ||www.themetronewstoday.com^$document ||www.themirrornewstoday.com^$document ||www.thequintnewstoday.com^$document ||www.thestarnewstoday.com^$document ||www.thesunnewstoday.com^$document ||www.thetelegraphnewstoday.com^$document ||www.timesofnetherland.com^$document ||www.timesofspanish.com^$document ||www.topeuropenews.com^$document ||www.topworldnewstoday.com^$document ||www.turkeynewstoday.com^$document ||www.walesnewstoday.com^$document ||www.washingtontimesnewstoday.com^$document ! https://github.com/hagezi/dns-blocklists/issues/3122 ||likenu.se^$document ! spam wikipedia article (taken down - https://en.wikipedia.org/wiki/Fetish_Cams) ||fetishes.cam^$document ! from https://www.eff.org/deeplinks/2013/01/scanning-documents-patent-trolls-want-you-pay ! redirect from bought up domain: https://hybrid-analysis.com/sample/ee616d42e502581b5c1984b086b97c24114df2dd2fadf4680233a346635e10d0 ||stop-project-paperless.com^$document ||transaction-2007.com^$document ||www.transaction-2007.com^$document ||mediaresmi.com^$document ||fijiluxuryvacation.com^$document ||www.cinemasaver.com^$document ||sedationdentistrycenter.com^$document ||verandasoho.com^$document ||stream-dna.com^$document ||www.goldenstatestimulus.com^$document ||www.bluegatemusicals.com^$document ||xolopbr.com^$document ||getannepro.com^$document ||www.theredbeanannapolis.com^$document ||www.lilxlotus.com^$document ||www.plantitmodern.com^$document ||www.illinoisfiberconnect.com^$document ! https://github.com/hagezi/dns-blocklists/issues/3598 ||miracrookshanks.ru.com^$document ||bethanfreedland.ru.com^$document ! https://github.com/hagezi/dns-blocklists/issues/3601 ||1000fapvids.online^$document ! search engine spam ||n7p28.com^$document ! https://github.com/hagezi/dns-blocklists/issues/4654 ||crm-b2c-26477.de^$document ! https://github.com/hagezi/dns-blocklists/issues/5649 ||upnews.me^$document ||billboardwring.com^$document ! https://infosec.exchange/@iampytest1/114230884762731497 ! https://tria.ge/250326-1bty7avq16/behavioral1 ||swagedge.com^$all ! https://tria.ge/250326-1ng56awjs4/behavioral1 ! https://tria.ge/250326-1ypmzswkw8/behavioral1 ||doctoredits.com^$all ! https://github.com/hagezi/dns-blocklists/issues/5654 ||x2EM.com^$document ! https://github.com/hagezi/dns-blocklists/issues/6597?notification_referrer_id=NT_kwDOBQVKPLQxNzMyNjYyMzAxNjo4NDIzMjc2NA¬ifications_query=reason%3Amention ||cheapgpts.selly.store^$document ||cheapgpt.store^$document ! https://github.com/hagezi/dns-blocklists/issues/6620 ||t1.testname.me^$document ! spammed in comments sections ||adultgames.online^$document ! https://infosec.exchange/@iampytest1/115956392732391541 ||777ad-game.com.pk^$document ! ---- Resource Abuse ---- ! https://github.com/hagezi/dns-blocklists/issues/1990 ! https://infosec.exchange/@iampytest1/111666367575936830 (thanks to ajayyy) ||brightdata.com^$document ||brightdata.de^$document ||bright-sdk.com^$document ||clientsdk.bright-sdk.com^$document ||perr.bright-sdk.com^$document ! https://github.com/badmojr/1Hosts/issues/1831 ||joinmassive.com^$all ||api.joinmassive.com^$all ||geo-network.joinmassive.com^$all ||network.joinmassive.com^$all ! ---- Stalkerware ---- ! copied from https://github.com/AssoEchap/stalkerware-indicators/blob/adae94598f8d628a4af90f9bf323553d3ec683a4/ioc.yaml#L1-L273 - https://github.com/AssoEchap/stalkerware-indicators#license (modified to be in uBo format, removed a few domains) ||phonespying.com^$all ||app.phonespying.com^$document ||copy9.com^$document ||fonetracker.com^$document ||thetruthspy.com^$all ||icloudappe.com^$all ||spyzee.com^$all ||media-sync-a.copy9.com^$all ||media-sync-a.thetruthspy.com^$all ||media-sync-a743.thetruthspy.com^$all ||media-sync-a748.thetruthspy.com^$all ||media-sync-a7xx.thetruthspy.com^$all ||media-sync-a825.thetruthspy.com^$all ||media-sync-a830.thetruthspy.com^$all ||media-sync-a835.thetruthspy.com^$all ||media-sync-a895.thetruthspy.com^$all ||media-sync-a8xx.thetruthspy.com^$all ||media-sync-a910.thetruthspy.com^$all ||media-sync-a915.thetruthspy.com^$all ||media-sync-a920.thetruthspy.com^$all ||media-sync-a925.thetruthspy.com^$all ||media-sync-a930.thetruthspy.com^$all ||media-sync-a935.thetruthspy.com^$all ||media-sync-a940.thetruthspy.com^$all ||media-sync-a941.thetruthspy.com^$all ||media-sync-a942.thetruthspy.com^$all ||my.copy9.com^$all ||my.thetruthspy.com^$all ||phonetracking.net^$all ||protocol-a.copy9.com^$all ||protocol-a.thetruthspy.com^$all ||protocol-a621.copy9.com^$all ||protocol-a696.copy9.com^$all ||protocol-a710.copy9.com^$all ||protocol-a743.thetruthspy.com^$all ||protocol-a745.thetruthspy.com^$all ||protocol-a748.thetruthspy.com^$all ||protocol-a780.copy9.com^$all ||protocol-a785.copy9.com^$all ||protocol-a910.thetruthspy.com^$all ||protocol-a915.thetruthspy.com^$all ||protocol-a920.thetruthspy.com^$all ||protocol-a925.thetruthspy.com^$all ||protocol-a930.thetruthspy.com^$all ||protocol-a935.thetruthspy.com^$all ||protocol-a940.thetruthspy.com^$all ||protocol-a941.thetruthspy.com^$all ||protocol-a942.thetruthspy.com^$all ||protocol-viewer-a.copy9.com^$all ||protocol.copy9.com^$all ||protocol.thetruthspy.com^$all ||secondclone-2d312.firebaseio.com^$all ||setupmail-a.icloudappe.com^$all ||setupmail-a724.icloudappe.com^$all ||setupmail-a743.icloudappe.com^$all ||setupmail-a745.icloudappe.com^$all ||setupmail-a748.icloudappe.com^$all ||setupmail-a910.icloudappe.com^$all ||setupmail-a915.icloudappe.com^$all ||setupmail-a920.icloudappe.com^$all ||setupmail.icloudappe.com^$all ||sync-a.copy9.com^$all ||sync-a.thetruthspy.com^$all ||sync-a7xx.thetruthspy.com^$all ||sync-a8xx.thetruthspy.com^$all ||sync-a925.thetruthspy.com^$all ||sync-a930.thetruthspy.com^$all ||sync-a935.thetruthspy.com^$all ||sync-a940.thetruthspy.com^$all ||sync-a941.thetruthspy.com^$all ||sync-a942.thetruthspy.com^$all ! https://github.com/AssoEchap/stalkerware-indicators/blob/9f656217ab46b2043612808940f4387b651000a9/ioc.yaml#L3937 - under https://github.com/AssoEchap/stalkerware-indicators#license ! my analysis: https://app.any.run/tasks/57cdb248-461e-4dc5-b6b2-2235eec1e098/ ! my analysis: https://virustotal.com/gui/file/5809066a109718683fa1ffe3abcd0e6c9bd5f613279e081e31bc17e628d9bfba/detection ! my analysis: https://tria.ge/230505-27f8mshd2v/behavioral1 ||myspyapps.com^$document ||my-spy-a9c92.firebaseio.com^$document ! Andrews, Jean. CompTIA A+ Guide to Information Technology Technical Support. Available from: Yuzu Reader, (11th Edition). Cengage Learning US, 2022. ! confirmed ||flexispy.com^$document ! https://lgbtqia.space/@alice/112017041119045914 ||clevguard.com^$all ||www.clevguard.com^$all ||images.clevguard.com^$all ||panel.clevguard.com^$all ||public.clevguard.com^$all ||account.clevguard.com^$all ! possible fake page, unclear if related ||clevguard.org^$all ||www.clevguard.org^$all ||images.clevguard.org^$all ! "Remotely Monitor Kid's Device and Activity" - textbook stalkerware ||imyfone.com^$document ! https://techcrunch.com/2024/07/11/mspy-spyware-millions-customers-data-breach/ ||mspy.com^$all ! an ad pretending to be an email on tempmail.email - the "emails" claim to be from Microsoft. It is not known if Spy99 is behind this deceptive advertising, or just happens to be promoted this way. No other service has been promoted via these deceptive ads. ! https://infosec.exchange/@iampytest1/113137078414460638 ||la.quicksightnow.com^$document ||spy99.com^$all ! https://github.com/AssoEchap/stalkerware-indicators/issues/131 ||spyrix.com^$all ||www.spyrix.com^$all ||spyrix-sfk.com^$all ||spyrixweb.com^$all ! no amount of disclaimers undoes "How Can I Read My Boyfriend’s Text Messages Without Touching His Phone?" and "Some apps, like Phonsee, are designed to be hidden and undetectable." - Stalkerware ||phonsee.com^$all ! "Monitor all the activities in the most popular dating apps." ! their support was more than willing to help me install this malware on my (nonexistant) "wife"'s phone, while knowing I did not have "her" consent. The support person claimed the only indicator that she was being spied on was the VPN indicator (why? no idea) ||umobix.com^$all ! ---- Include other lists ---- ! include rules for just uBlock Origin and AdGuard, and the VXVault list !#include special_lists/anti-malware-ubo-extension.txt ! END