antimalware.txt

[Adblock Plus 2.0]
! Title: The malicious website blocklist
! Homepage: https://github.com/iam-py-test/my_filters_001
! Expires: 1 day
! Last updated: 2024-8-16
! Version: 2024816.3
! Description: This list aims to protect against scams, phishing, malware, some stalkerware, and potentially unwanted programs (PUPs). It includes a version of vxvault.net's list, modified by me to work in adblockers.
! Special thanks to all of the people who have helped me maintain this list! Check out https://github.com/iam-py-test/my_filters_001/blob/main/CONTRIBUTORS.md
! Issues url: https://github.com/iam-py-test/my_filters_001/issues
! GitLab issues url (not checked as often): https://gitlab.com/iam-py-test/my_filters_001/-/issues
! Note: This list includes a version of VXVault.net's malware distribution url list, formatted for adblockers, which is at https://github.com/iam-py-test/vxvault_filter

! ---- Malware and Phishing ----

! A Facebook phishing website
! https://www.siteadvisor.com/sitereport.html?url=xn--faebook-64a.com
! https://www.fortiguard.com/webfilter?q=xn--faebook-64a.com
! https://virustotal.com/gui/domain/xn--faebook-64a.com/detection
! https://safeweb.norton.com/report/show?url=xn--faebook-64a.com
||xn--faebook-64a.com^$document

! https://www.joesandbox.com/analysis/422872/0/html
! https://www.siteadvisor.com/sitereport.html?url=strawberry6532210.brizy.site
! https://virustotal.com/gui/url/ac7399fe8dda64a75a77ffc107219fcd90dc9bf2af6bc0893bef5d63b348dfe2/detection
! https://virustotal.com/gui/domain/strawberry6532210.brizy.site/detection
! https://transparencyreport.google.com/safe-browsing/search?url=strawberry6532210.brizy.site
! https://www.urlvoid.com/scan/strawberry6532210.brizy.site/
! https://www.fortiguard.com/webfilter?q=strawberry6532210.brizy.site
! https://sitecheck.sucuri.net/results/strawberry6532210.brizy.site
! https://quttera.com/detailed_report/strawberry6532210.brizy.site
! https://www.google.com/s2/favicons?domain=strawberry6532210.brizy.site
||strawberry6532210.brizy.site^$all
! https://quttera.com/detailed_report/strawberry6532210.brizy.site
! https://www.siteadvisor.com/sitereport.html?url=starlangbank.com
! https://transparencyreport.google.com/safe-browsing/search?url=starlangbank.com
! https://quttera.com/detailed_report/starlangbank.com
! https://www.fortiguard.com/webfilter?q=starlangbank.com
! https://virustotal.com/gui/domain/starlangbank.com/detection
||starlangbank.com^$all

! https://www.joesandbox.com/analysis/424179/0/html
! https://virustotal.com/gui/url/7182b03efde39bf8355a8c9e3ab40e9918a799863b51ead503e212c6b56fcbae/detection
! https://virustotal.com/gui/domain/aloha-news.net/detection
! https://www.siteadvisor.com/sitereport.html?url=http%3A%2F%2Faloha-news.net
! https://safeweb.norton.com/report/show?url=http%3A%2F%2Faloha-news.net
! https://sitecheck.sucuri.net/results/aloha-news.net
! https://www.urlvoid.com/scan/aloha-news.net/
! https://www.fortiguard.com/webfilter?q=aloha-news.net
||aloha-news.net^$all

! https://cyberwarzone.com/whatsapp-phishing/
! https://www.fortiguard.com/webfilter?q=cht-whatsappz.zzux.com
! https://www.fortiguard.com/webfilter?q=zzux.com
! https://www.mywot.com/en/scorecard/zzux.com
! https://www.urlvoid.com/scan/zzux.com/
! https://sitecheck.sucuri.net/results/zzux.com
! https://transparencyreport.google.com/safe-browsing/search?url=zzux.com
! https://safeweb.norton.com/report/show?url=zzux.com
! https://virustotal.com/gui/url/993fb0a37ec2e4b3503bac3b38066dabd040f43a3f47ca99c6839df9bf5dd018/detection
! https://safeweb.norton.com/report/show?url=cht-whatsappz.zzux.com
! https://virustotal.com/gui/url/f89e84af4a187e413fd85b2cc7b604ef1b0b5b3e94c18f039ba1539d593eb898/detection
||cht-whatsappz.zzux.com^$all

! https://github.com/uBlockOrigin/uAssets/issues/8466
! https://virustotal.com/gui/ip-address/91.241.60.117/relations
! https://virustotal.com/gui/url/08e979bb4cde20ad8b711920f0fa604de67911559013f0fc60560990fbbad239/detection
! https://www.siteadvisor.com/sitereport.html?url=91.241.60.117
||91.241.60.117^$all

! https://www.reddit.com/r/mildlyinfuriating/comments/nc9zpe/got_a_paypal_or_should_i_say_paypl_phishing_email/
! https://virustotal.com/gui/url/c0e5466cd2843f75d522093d93cf949259ca618ca2f00aa4952e7700cbf59384/detection
||paypl.com^$all
! https://virustotal.com/gui/url/4531df5b01e2c58f9307fabecc9a17b03c6157bafc8e9af736b278e95c182dc5/community
||payapl.com^$all
! https://virustotal.com/gui/url/91aecb78868044183cbe47614fb43a7e5aecd4b4ae89294a215354bdda2c3602/detection
! https://www.fortiguard.com/webfilter?q=paypaI.com
! https://www.mywot.com/en/scorecard/paypaI.com
! https://safeweb.norton.com/report/show?url=paypaI.com
||paypaI.com^$all

! Used to infect and redirect domains
! https://labs.sucuri.net/signatures/sitecheck/malware-rks_injection/
! https://blog.sucuri.net/2011/01/malware-update-co-cc.html
! https://www.fortiguard.com/webfilter?q=http%3A%2F%2Fgoogle-analytisc.co.cc&version=8
! https://safeweb.norton.com/report/show?url=http%3A%2F%2Fgoogle-analytisc.co.cc
! https://virustotal.com/gui/url/6cc9c5dbd531e82102590df163142db0c248de81b831372a35fb281d90a6c768/detection
! https://www.urlvoid.com/scan/google-analytisc.co.cc/
! https://www.mywot.com/en/scorecard/google-analytisc.co.cc
! https://sitecheck.sucuri.net/results/google-analytisc.co.cc
! Appears offline but per https://github.com/uBlock-LLC/uBlock/issues/1839#issuecomment-852183358 adding anyway
||google-analytisc.co.cc^$all
! https://virustotal.com/gui/url/b3565bedd215978dc3f0e60c82e20f600f4b404343d8a4c89dd336986c941c65/community
! https://www.fortiguard.com/webfilter?q=http%3A%2F%2Foiwdd.co.cc&version=8
! https://safeweb.norton.com/report/show?url=http://oiwdd.co.cc
! https://virustotal.com/gui/url/b0ccfa7eaf148df692177674f5aafeb27792399f4b03d1a75951533f6b7e7e52/detection
! https://www.urlvoid.com/scan/oiwdd.co.cc/
! https://www.mywot.com/scorecard/oiwdd.co.cc
||oiwdd.co.cc^$all
! https://www.fortiguard.com/webfilter?q=http%3A%2F%2Fpojdue.co.cc&version=8
! https://virustotal.com/gui/url/2ba73f2605b7dff79153f65cf94aee57f68e476c92234d0b4d46e29d8c4eaa12/detection
! https://virustotal.com/gui/domain/pojdue.co.cc/detection
! https://www.urlvoid.com/scan/pojdue.co.cc/
! https://www.mywot.com/scorecard/pojdue.co.cc
||pojdue.co.cc^$all

! https://labs.sucuri.net/signatures/sitecheck/malware-magento_shoplift-38-1/
! https://virustotal.com/gui/domain/mcloudjs.com/detection
! https://virustotal.com/gui/url/01a9b775e89304d7ebce8e7e5822d730b043868e09994a17786da0a71ec49691/community
! https://www.siteadvisor.com/sitereport.html?url=mcloudjs.com
! https://www.fortiguard.com/webfilter?q=mcloudjs.com
! https://www.urlvoid.com/scan/mcloudjs.com/
! https://safeweb.norton.com/report/show?url=mcloudjs.com
! https://sitecheck.sucuri.net/results/mcloudjs.com
! https://labs.sucuri.net/blacklist/info/?domain=mcloudjs.com
! https://transparencyreport.google.com/safe-browsing/search?url=mcloudjs.com
||mcloudjs.com^$all

! https://labs.sucuri.net/signatures/sitecheck/malware-redkit/
! https://virustotal.com/gui/url/26a7a5909ca372bc57d68df966fc03b887451a7cf8ae58c5cea92639b4ce2594/detection
! https://virustotal.com/gui/url/78eca70299b830e87ed8f6b3d276e231f2147d5c2817a3586b1ceb5310ea89fa/detection
! https://virustotal.com/gui/domain/wherewedev.com/detection
! https://www.fortiguard.com/webfilter?q=wherewedev.com
! https://www.urlvoid.com/scan/wherewedev.com/
! https://www.mywot.com/en/scorecard/wherewedev.com
! https://safeweb.norton.com/report/show?url=wherewedev.com
! https://sitecheck.sucuri.net/results/wherewedev.com
||wherewedev.com^$all
! https://virustotal.com/gui/url/a9e68e1b4cdd0e2f58dadf4cd5a93a9983a79b600f1423f86cc5f68b0fec729f/detection
! https://www.fortiguard.com/webfilter?q=infinitypr.in
! https://sitecheck.sucuri.net/results/infinitypr.in
||infinitypr.in^$third-party
! https://virustotal.com/gui/url/86e9efc17750d2885c940cf6ff08820aee1bf35f23fc0faac71a05467b13c0e3/detection
! https://www.fortiguard.com/webfilter?q=integra-lernwerkstatt.de
! https://www.mywot.com/en/scorecard/integra-lernwerkstatt.de
! https://safeweb.norton.com/report/show?url=integra-lernwerkstatt.de
! https://sitecheck.sucuri.net/results/integra-lernwerkstatt.de
! https://labs.sucuri.net/blacklist/info/?domain=integra-lernwerkstatt.de
! https://labs.sucuri.net/blacklist/details/?domain=integra-lernwerkstatt.de
||integra-lernwerkstatt.de^$all

! https://virustotal.com/gui/file/5e6c167fc70aee2438f92ac0391dcba5905d989a20134dbb4bc9c3c40f805e74/relations
! https://virustotal.com/gui/url/a0fba2a31b88b8e1d6607971bd05440ee43702327e19d93ba91c705f7189c533/detection
! https://virustotal.com/gui/domain/kjwre77638dfqwieuoi.info/detection
! https://virustotal.com/gui/url/7d1b788cd3afd004b36421ad288b17ca4f2c5ad8e37363022b4f8573c7b77e03/detection
||kjwre77638dfqwieuoi.info^$all
! https://virustotal.com/gui/domain/kukutrustnet777.info/detection
||kukutrustnet777.info^$all
! https://virustotal.com/gui/url/38e39cdaa4d595968e55e4bcaa45818c887257e81ae6020bf2cb77c34a2e55be/detection
! https://www.fortiguard.com/webfilter?q=moch.forweb.pl
! https://safeweb.norton.com/report/show?url=moch.forweb.pl
||moch.forweb.pl^$document

! https://www.joesandbox.com/analysis/431924/0/html#domains
! https://virustotal.com/gui/url/254b1fd9f7536ece07cf5a3747aa2adeccc76e61b1f4e5994c0dc683d0a6db03/detection
! https://virustotal.com/gui/url/be44f0113500882e27eb730cfdad7687fe75ad56c8e9d9b2426273a0eb13e201/detection
! https://www.siteadvisor.com/sitereport.html?url=alphastand.win
! https://www.fortiguard.com/webfilter?q=alphastand.win
! https://safeweb.norton.com/report/show?url=alphastand.win
! https://sitecheck.sucuri.net/results/alphastand.win
! https://quttera.com/detailed_report/alphastand.win
||alphastand.win^$all
! https://www.siteadvisor.com/sitereport.html?url=alphastand.trade
! https://www.fortiguard.com/webfilter?q=alphastand.trade
! https://safeweb.norton.com/report/show?url=alphastand.trade
! https://sitecheck.sucuri.net/results/alphastand.trade
! https://virustotal.com/gui/domain/alphastand.trade/detection
||alphastand.trade^$all

! https://www.joesandbox.com/analysis/413824/0/html#domains
! https://virustotal.com/gui/url/9c1f4fd3af06c7eff8fa0c96c0386acdea17225b7202b87044a5e7895d80f694/detection
! https://virustotal.com/gui/domain/saywowshow.com/detection
! https://safeweb.norton.com/report/show?url=saywowshow.com
||saywowshow.com^$all

! https://forum.mywot.com/reputation-discussions-f5/ridiculous-eth-bitcoin-giveaways-or-instant-invest-t86210.html
||btc-promo.czweb.org^$all
||eth24win.co.nf^$all
||giveaway-eth-btc.webz.cz^$all

! https://www.bleepingcomputer.com/news/security/phishing-impersonates-global-recruitment-firm-to-push-malware/
! https://twitter.com/InQuest/status/1385324245891182592
! https://virustotal.com/gui/url/81913a8a7fa758d7476a13ff03395f31f665addf973adf253c5123fbb8a4caf4/detection
! https://virustotal.com/gui/url/cd77c6e39b0ca34cb7bd0106e769f2a4a019b05f96d608582f4ad7693b604f6a/detection
! https://safeweb.norton.com/report/show?url=powerhousetoys.com
! https://www.siteadvisor.com/sitereport.html?url=https://powerhousetoys.com/opp.txt
||powerhousetoys.com^$all

! https://virustotal.com/gui/url/3961877189248724c33e9d6b0e590b9e11607d27de88cd7f130487719c2e8efd/detection
! https://www.fortiguard.com/webfilter?q=crypto-loot.com
! https://www.mywot.com/en/scorecard/crypto-loot.com
! https://safeweb.norton.com/report/show?url=crypto-loot.com
! https://quttera.com/detailed_report/crypto-loot.com
! https://sitecheck.sucuri.net/results/crypto-loot.com
||crypto-loot.com^$all
! https://www.fortiguard.com/webfilter?q=crypto-loot.org
! https://virustotal.com/gui/url/bed5db125302663b090d4dcf170873a5ff60bbe44d72e451801497751e5a78df/detection
! https://safeweb.norton.com/report/show?url=crypto-loot.org
! https://sitecheck.sucuri.net/results/crypto-loot.org
||crypto-loot.org^$all

! https://github.com/webcompat/web-bugs/issues/74703
! https://www.siteadvisor.com/sitereport.html?url=mysecrethoookup.com
! https://www.fortiguard.com/webfilter?q=mysecrethoookup.com&version=8
! https://virustotal.com/gui/url/ad652f0b682616bb75b6ab31ed6be38fddf4c46b2d2405ea738bbee1a80e85c7/detection
! https://safeweb.norton.com/report/show?url=mysecrethoookup.com
! https://sitecheck.sucuri.net/results/mysecrethoookup.com
||mysecrethoookup.com^$all

! https://virustotal.com/gui/ip-address/104.236.14.145/relations
! https://www.mywot.com/en/scorecard/blogsopt.com
! https://virustotal.com/gui/url/6d9e9d347f3578fe8fea973820a40a0ab760165e613af323b4a025dee339c73e/detection
||blogsopt.com^$document

! https://www.urlvoid.com/ip/103.224.212.247/
! https://www.urlvoid.com/scan/dacenete.com/
! https://www.mywot.com/en/scorecard/dacenete.com
! https://virustotal.com/gui/url/1edf1ec0e4f299ec94a3c4cdfc882795a0a0e77031c866f595e8354120bee802/community
! https://www.siteadvisor.com/sitereport.html?url=Dacenete.com
! https://www.fortiguard.com/webfilter?q=Dacenete.com
! https://safeweb.norton.com/report/show?url=Dacenete.com
! https://yandex.com/safety/?l10n=en&url=dacenete.com
! https://sitecheck.sucuri.net/results/Dacenete.com
||dacenete.com^$all
! https://www.siteadvisor.com/sitereport.html?url=Coolstats1.net
! https://www.urlvoid.com/scan/coolstats1.net/
! https://www.fortiguard.com/webfilter?q=Coolstats1.net
! https://www.mywot.com/en/scorecard/Coolstats1.net
! https://virustotal.com/gui/url/44e1091f194808820ef787750737232f95e7e9ecb17d1605246715645573158e/detection
! https://sitecheck.sucuri.net/results/Coolstats1.net
||coolstats1.net^$all
! https://www.siteadvisor.com/sitereport.html?url=http://ww38.coolstats1.net/?subid1=20210616-0828-13e0-974a-e3edd89fe7ec
! https://virustotal.com/gui/url/4b2c524cd265adaccc0bb0a4ec10f84cbb13f1920a9138f12cc7d87c65c5ca63/detection
||ww38.coolstats1.net^$all

! https://www.pcrisk.com/removal-guides/15423-adf-ly-ads
! https://virustotal.com/gui/url/f984d9289494b526bbac5cb57fc5b9edae210a3f980f3d784f6d1fbb80c0bcb5/detection
! https://virustotal.com/gui/url/300f1d4d3cf0782f029aec0af02817906ecc57d30a61e78b2c01c8e8b693f5d7/detection
! https://safeweb.norton.com/report/show?url=eyourcom.fun
! https://www.fortiguard.com/webfilter?q=eyourcom.fun
||eyourcom.fun^$all
||xcrke.eyourcom.fun^$all
! https://virustotal.com/gui/url/8d91b224b62e8002ab9bfa5314717fc61a2cd2c74e228f26093decdd070bfb0a/detection
! https://safeweb.norton.com/report/show?url=blastnotificationx.com
||blastnotificationx.com^$document

! https://virustotal.com/gui/url/f645599a31b833dcebbfec890361e28a5fb14ba86e6f730d74688d11cfe7f52f/details
! https://www.joesandbox.com/analysis/436433/0/html#deviceScreen
! https://www.mywot.com/scorecard/googe.com
! https://safeweb.norton.com/reviews?url=googe.com
||googe.com^$all
! https://virustotal.com/gui/url/9a34eeed10b62d3aa3698efc8a128e6e87f937982bbcd3d03e50a8ab53b27da9/community
! https://www.mywot.com/scorecard/proasdf.com
! https://safeweb.norton.com/report/show_mobile?name=proasdf.com
||proasdf.com^$document

! https://forum.mywot.com/24626-whatsmyipaddress-com
! https://virustotal.com/gui/url/c8bc45a00aeb7be3ccc68a0cf17e4a6175db761393dee57de32a49338b77ca45/detection
! https://www.fortiguard.com/webfilter?q=appple.com&version=8
||appple.com^$all
||ww1.appple.com^$all

! https://blog.sucuri.net/2021/05/woocommerce-credit-card-skimmer.html
! https://blog.sucuri.net/2018/04/malicious-activities-google-tag-manager.html
! https://blog.sucuri.net/2017/09/hacked-websites-mine-crypocurrencies.html
! https://virustotal.com/gui/ip-address/34.98.99.30/community
! https://pastebin.com/FzHDkSW7
! https://www.fortiguard.com/webfilter?q=albumzips.xyz
! https://safeweb.norton.com/report/show?url=albumzips.xyz
! https://sitecheck.sucuri.net/results/albumzips.xyz
! https://virustotal.com/gui/url/cd2a97abe31697bf1822c505ee9ad267772463230a943fe3fb680af2ba74b327/detection
||ww16.albumzips.xyz^$all
! https://sitecheck.sucuri.net/results/camillesanz.com
! https://safeweb.norton.com/report/show?url=camillesanz.com
! https://virustotal.com/gui/url/f542034f339f53a70bbb0c40a662d49cc37806bc112ef403bac8b4a5d1c02b03/detection
||camillesanz.com^$all
||www.camillesanz.com^$all
! https://labs.sucuri.net/blacklist/details/?domain=africangrey.top
! https://virustotal.com/gui/url/d3feabeb546851be8e449074eaddf2c72e687b92754693aba97f3ae27772a796/detection
! https://virustotal.com/gui/url/917d555cce2e2e6791704d64812cbb203c57201bac559478c334c74c8e392330/detection
! https://www.siteadvisor.com/sitereport.html?url=ribinski.us
! https://safeweb.norton.com/report/show?url=ribinski.us
! https://sitecheck.sucuri.net/results/ribinski.us
! https://labs.sucuri.net/blacklist/info/?domain=ribinski.us
||ribinski.us^$all

! https://twitter.com/gorhill/status/1293239879887970305
!   - via https://github.com/NanoAdblocker/NanoCore/issues/362#issuecomment-704235803
! https://virustotal.com/gui/url/085d0bd9451920bd97eb099fb14e42b8ceccadf79cdf70da0d29e31900262ce1/detection
! https://www.siteadvisor.com/sitereport.html?url=fly-analytics.com
! https://www.fortiguard.com/webfilter?q=fly-analytics.com
! https://safeweb.norton.com/report/show?url=fly-analytics.com
! https://sitecheck.sucuri.net/results/fly-analytics.com
||fly-analytics.com^$all

! https://virustotal.com/gui/user/Placebo
! https://virustotal.com/gui/file/3ff26dfe049d6ea2d608eaf0914e527a798ae018e3918b9d1f025ca47700cb6f/community
! https://virustotal.com/gui/domain/thoughtplus.in/community
! https://virustotal.com/gui/url/626f2608d12b9bddc0ac5148b653290b192b45a79db85c7243b04f5374cd3e67/detection
! https://www.siteadvisor.com/sitereport.html?url=thoughtplus.in
! https://www.fortiguard.com/webfilter?q=thoughtplus.in
! https://safeweb.norton.com/report/show?url=thoughtplus.in
! https://sitecheck.sucuri.net/results/thoughtplus.in
! https://transparencyreport.google.com/safe-browsing/search?url=thoughtplus.in
||thoughtplus.in^$all

! https://www.bleepingcomputer.com/virus-removal/remove-toksearches.xyz-search-redirect
! https://virustotal.com/gui/url/f6e174e4f27f27f27b5f8c3516fcdbea555d9128d50d6e20f6ca2ca8fbf0d37f/detection
! https://www.fortiguard.com/webfilter?q=toksearches.xyz
||toksearches.xyz^$all
! https://www.bleepingcomputer.com/virus-removal/remove-smashappsearch.com-search-redirect
! https://www.bleepingcomputer.com/virus-removal/remove-smashapps.net-search-redirect
! https://www.bleepingcomputer.com/virus-removal/remove-bipapp-chrome-extension
||smashapps.net^$document
||smashappsearch.com^$document

! https://www.bleepingcomputer.com/virus-removal/remove-please-allow-to-watch-the-video
! https://virustotal.com/gui/url/ef88006f1f5beab8ded6b8786870209c1651db831c19e4f49e5ef829c267cac1/detection
! https://www.siteadvisor.com/sitereport.html?url=new-message.live
! https://www.fortiguard.com/webfilter?q=new-message.live
! https://safeweb.norton.com/report/show?url=new-message.live
! https://sitecheck.sucuri.net/results/new-message.live
||new-message.live^$all
! https://virustotal.com/gui/url/098cc8fed90c43af3a4afb4df0d7da9c68b1b2c8a3c73fb9d4506c7f062547f1/detection
! https://virustotal.com/gui/ip-address/95.168.170.165/relations
! https://virustotal.com/gui/url/6a23b2b07941322f9ad5555d97bfd020c2681264d71b5ed6c621f0a6cad6277c/detection
! https://www.fortiguard.com/webfilter?q=private-message.live
! https://safeweb.norton.com/report/show?url=private-message.live
! https://www.mywot.com/scorecard/private-message.live
||private-message.live^$document

! https://blog.malwarebytes.com/a-week-in-security/2021/06/a-week-in-security-june-21-2021-june-27-2021/
! https://virustotal.com/gui/url/d668d18f1cd3b32eea6d717af4655a7e511d5b92403ed71a66d366a4c971c826/detection
! https://therecord.media/dirtymoe-malware-has-infected-more-than-100000-windows-systems/
! https://decoded.avast.io/martinchlumecky/dirtymoe-1/
! https://www.siteadvisor.com/sitereport.html?url=1qw.us
! https://www.fortiguard.com/webfilter?q=1qw.us
! https://safeweb.norton.com/report/show?url=1qw.us
! https://virustotal.com/gui/url/8e4d54adb8cc9b6fe443f17da6b29ef8e367ca1dacae6ac2cf9b2cc665268bde/detection
||1qw.us^$all
! https://www.siteadvisor.com/sitereport.html?url=rpc.1qw.us
! https://www.fortiguard.com/webfilter?q=rpc.1qw.us
! https://safeweb.norton.com/report/show?url=rpc.1qw.us
! https://virustotal.com/gui/domain/rpc.1qw.us/relations
! https://virustotal.com/gui/url/f21b269b690aac8338399bb40408aa8cefa3591dcc9a3f84f5a911f647c8d2f7/detection
||rpc.1qw.us^$all
! https://www.proofpoint.com/us/blog/threat-insight/purple-fox-ek-adds-exploits-cve-2020-0674-and-cve-2019-1458-its-arsenal
! https://virustotal.com/gui/url/5769102f270c1b16ebdc663ad63010d69de2d159117b3736d562dc59944fc6dc/detection
! https://virustotal.com/gui/url/35e34ac62d1ac12fe3146a8a2d6d60300f7a1b97e2922fedb91154243e950cb1/detection
! https://virustotal.com/gui/url/e88a950b22a8582a4761c8b6a26546cd7e92b3175c16bd32d1dd8f61f45a1c58/detection
! https://virustotal.com/gui/url/2bb2d79e789ba930b36960a8a0fbb008ed5cb594406e89507033832da2668870/detection
! https://virustotal.com/gui/url/326384fb6f6e393f8fde813c9cf2be668b68780c0a036d977fc6482fd6364ca1/detection
! ||raw.githack.xyz/SdTC8df7vmDNIUuV1.jpg$all
! https://www.siteadvisor.com/sitereport.html?url=raw.githack.xyz
! https://www.fortiguard.com/webfilter?q=raw.githack.xyz
! https://safeweb.norton.com/report/show?url=raw.githack.xyz
||raw.githack.xyz^$all

! https://virustotal.com/gui/user/Site.safetychecker
! https://virustotal.com/gui/url/7108cfe6953cab08696ae1f9ab2c777b749fb53e7beb5c003756ea522c880f17/detection
||yotube.com^$all
! https://redirectdetective.com
! https://virustotal.com/gui/url/82e7188109152e27f51a97c1bcb935a1cc302736ed20a41ababa6d9239c7f85d/community
! https://safeweb.norton.com/report/show?url=gloos-ves.com
||gloos-ves.com^$all
! https://virustotal.com/gui/ip-address/54.174.112.67/relations
! https://virustotal.com/gui/url/85e357a917a886c9b2791d0c08199c95cd8a50ad003340a8140c04347777ee74/detection
! https://www.fortiguard.com/webfilter?q=zeroredirect1.com
! https://www.mywot.com/en/scorecard/zeroredirect1.com
! https://safeweb.norton.com/reviews?url=zeroredirect1.com
||zeroredirect1.com^$all

! https://www.bleepingcomputer.com/virus-removal/remove-power-app-chrome-extension
! https://virustotal.com/gui/url/6dd9e3edd772497d3db7f61fa0cbd6b81b888dc1e01f95c693edfb3e696b702e/detection
! https://www.fortiguard.com/webfilter?q=searchpowerapp.com
! https://safeweb.norton.com/report/show?url=searchpowerapp.com
||searchpowerapp.com^$document
! https://virustotal.com/gui/url/4cb33835d45743431d20b4c019e09dd1861953440572bf40dd4b2745cb391082/detection
! https://www.fortiguard.com/webfilter?q=lp.searchdimension.com
! https://safeweb.norton.com/report/show?url=lp.searchdimension.com
! https://www.mywot.com/en/scorecard/lp.searchdimension.com
||lp.searchdimension.com^$all
! https://virustotal.com/gui/url/ac7e2f7f5557d6cac58a5250eedb78e5a647b5be6814d595df6b84bf9687e934/detection
! https://www.fortiguard.com/webfilter?q=searchdimension.com
! https://www.mywot.com/en/scorecard/searchdimension.com
! https://safeweb.norton.com/report/show?url=searchdimension.com
||searchdimension.com^$document

! https://blog.malwarebytes.com/exploits-and-vulnerabilities/2020/04/copycat-criminals-abuse-malwarebytes-brand-in-malvertising-campaign/
! https://virustotal.com/gui/url/8faba8050b38887c13c044743c789d9a8e1795098b2c20250bfae80f5d1d2a4f/detection
! https://www.fortiguard.com/webfilter?q=malwarebytes-free.com
! https://safeweb.norton.com/report/show?url=malwarebytes-free.com
||malwarebytes-free.com^$all

! https://forums.malwarebytes.com/topic/276364-please-help-to-remove-jingermycom/
! https://virustotal.com/gui/url/5538837550b6bf93ad0fd8be30a9061d43b8f2097dcdfb6a7d959eaebf6b92f1/detection
! https://www.fortiguard.com/webfilter?q=jingermy.com
! https://safeweb.norton.com/report/show?url=jingermy.com
||jingermy.com^$all


! https://thehackernews.com/2021/07/hackers-spread-biopass-malware-via.html
! https://virustotal.com/gui/url/97b4ed1e2788217aa186f26dbdd13a36544dde101e53ea3382e6a5aa1b9f4081/detection
! https://virustotal.com/gui/ip-address/47.57.140.149/relations
! https://virustotal.com/gui/url/0025d5ba5569ba2ecc29c39236a9b559a212e3ac7404b9af7be62e143175cf5f/detection
! https://virustotal.com/gui/url/94a7b6d048720fe4e837d6027f5019c775d20e5ea761ad03236f85070f08838a/detection
! https://virustotal.com/gui/url/ade8073339365eed03d142d5e57ec528d54294c40fdac08e71d5363d3ba634d0/detection
||update.flash-installer.com^$all
! https://virustotal.com/gui/url/98962a3086cc694e1d62667a718edd6738b233b2b348b1197c141a8ecb251336/detection
||flash-installer.com^$all

! https://virustotal.com/gui/file/4bf58623f91ff9a19c2893061a2a14660f61b2294f976a9d80ab6b3d023c9892/relations
! https://virustotal.com/gui/url/a21f89ebf6c4835a504a92359d23be518b80b9b7bd5417541087d60751d41694/detection
||paymetconfirm.com^$all

! Tech support scammers
! https://www.youtube.com/watch?v=Ooh6bV8FwTo
! https://virustotal.com/gui/url/02071a7a5b71526d41e0f4547b4912368ee6a0920e7d7aaade16fd3f5ca01a87/detection
! https://safeweb.norton.com/report/show?url=systemini-com.tk
||systemini-com.tk^$all
! https://virustotal.com/gui/url/fb85efbc7bf81b10869ddaddd9b3b9471a916b9f8d820d2ccee48712c3e58b9e/detection
! https://www.siteadvisor.com/sitereport.html?url=micropcsupport.com
||micropcsupport.com^$all

! Browser locker
! https://virustotal.com/gui/url/44f957f9350dfc3d9b8ccac23074301c3c20278a787af25a28edd8e15eacb7e1/detection
! https://github.com/DandelionSprout/adfilt/issues/228
||helooworld.us^$all
! Which redirects to 
||www.helooworld.us^$all

! https://virustotal.com/gui/file/081618f7d9c6c92271f8d6bc65c8e13f33dfe9e5022f06aaec95664ee31fead4/relations
! https://virustotal.com/gui/url/efc1177d474e3efe2e9e53fcfbb012c9ae86f64467e38824f6d974d5504647f0/detection
||properlysolutionsco.com^$all

! https://virustotal.com/gui/file/6f236e253720a0b3cf1fdafd111f99ba84e0a2b03ff8453fd747c3d9c8973403/relations
! https://virustotal.com/gui/file/13e8d4557870179e70b7d4f580c9183e9a6eead777af04fc226feb70d9ce76cb/relations
! https://virustotal.com/gui/url/e3fb5d2d13d34c94468df0ecd5825ed28861ccee9f1a1703e4b37a01af2f7caf/detection
! https://safeweb.norton.com/report/show?url=os.telechargercdn.com
! https://www.siteadvisor.com/sitereport.html?url=os.telechargercdn.com
||os.telechargercdn.com^$all

! https://github.com/DandelionSprout/adfilt/issues/244
! The original website
||rblxexploits.net^$all
||www.rblxexploits.net^$all
! Fake notifications 
||usegetmarketings.com^$all
||bestappever4you.com^$all
! This was loaded by a malware extension that was installed
||thecrs.club^$all

! https://virustotal.com/gui/file/67b1a7835687bf5851cf29539b2d0ce90ab30d373edfcf9ee54237026c67df33/relations
! https://virustotal.com/gui/url/1912779d4b9bfd7713239cf6e2ede751c40b38541404b21adb0c595b65356c75/detection
! https://www.siteadvisor.com/sitereport.html?url=uehge4g6gh.2ihsfa.com
! https://safeweb.norton.com/report/show?url=uehge4g6gh.2ihsfa.com
! https://metadefender.opswat.com/results/domain/dWVoZ2U0ZzZnaC4yaWhzZmEuY29t/overview?lang=en
||uehge4g6gh.2ihsfa.com^$all
! https://virustotal.com/gui/url/faee0c9a2d3786dda120ce8b99381878ebf05ca2b4d4a4437118ab2ca8ab49bd/detection
! https://www.siteadvisor.com/sitereport.html?url=2ihsfa.com
! https://safeweb.norton.com/report/show?url=2ihsfa.com
||2ihsfa.com^$all
! https://virustotal.com/gui/url/5cfe3add8396356f1757449074e95fab7b77aeabc405ca0fcebab5b699198d7f/detection
! https://www.siteadvisor.com/sitereport.html?url=listincode.com
! https://safeweb.norton.com/report/show?url=listincode.com
||listincode.com^$all
! https://virustotal.com/gui/url/9ac802ac997e44f7daf814ce163a17884ae59e3dd99e0c39432449af195f90b6/detection
||www.listincode.com^$all

! https://github.com/AdguardTeam/AdguardFilters/issues/88280
! https://virustotal.com/gui/url/5ac4b9c907ee714f1163331bcb9840a472f85809e9730edc03dd88e9d706bcbb/detection
! https://safeweb.norton.com/report/show?url=update-portal.com
! https://www.siteadvisor.com/sitereport.html?url=update-portal.com
||update-portal.com^$all

! https://github.com/AdguardTeam/AdguardFilters/issues/88270
! https://safeweb.norton.com/report/show?url=tw-goldenwinner-57.com
! https://virustotal.com/gui/url/ddec939917a016338c34597563962b9baa10080f62ea0320d8e4b8b21156007e/detection
||tw-goldenwinner-57.com^$all
||www.tw-goldenwinner-57.com^$all

! https://github.com/AdguardTeam/AdguardFilters/issues/80390
! https://virustotal.com/gui/url/1b63e3d8a99633582446d6c095e9350b869dc60716187f714bbdb85d9f06122f/detection
! https://safeweb.norton.com/report/show?url=artebythesea.com
||artebythesea.com^$all
! https://virustotal.com/gui/url/16534bfc6c24e0c30dbac08ea5297ae24f9f9ae90411bc3b608659e1767317a7/detection
! https://safeweb.norton.com/report/show?url=microsoftpods.com
||microsoftpods.com^$all
! https://virustotal.com/gui/url/94b361a89a5c3a43d6013fb8f971e40c9bd3493042343a0ee3626375b4552267/detection
! https://safeweb.norton.com/report/show?url=nashvillegems.com
||nashvillegems.com^$all
! https://virustotal.com/gui/url/2dbc2cf61fa22eec22629f31b731c04eeb4cdc86d589ab36c0c7719b26e60ede/detection
! https://safeweb.norton.com/report/show?url=flawlessdrinking.com
||flawlessdrinking.com^$all
! https://virustotal.com/gui/url/2a213601051b43f18c3f6b6faadf5b65b8375f5c9ffe5cb9fe2c18fe13b0bd2a/detection
! https://safeweb.norton.com/report/show?url=findmyautoparts.com
||findmyautoparts.com^$all
! https://virustotal.com/gui/url/fcd7962a77ae7836f84789452b77d293de0e1a47e91ecfe2c2508bead500197b/detection
! https://safeweb.norton.com/report/show?url=grandpaurbanfarm.net
||grandpaurbanfarm.net^$all
! https://safeweb.norton.com/report/show?url=guide4idiots.com
! https://virustotal.com/gui/url/2f9dfbbc3cde41756691a0b741eb605c7ed81d55733f912dc590808f6ec2cb5e/detection
||guide4idiots.com^$all
! https://safeweb.norton.com/report/show?url=identityofplace.com
! https://virustotal.com/gui/url/987c5c40192b3e6049a8c2523a7f4bba374db1ab7a1418f25dccdba7379674c6/detection
||identityofplace.com^$all
! https://virustotal.com/gui/url/6fb68516452024785cbdb664f5363c7e49ed6a9fd88fe0dce79a157560ec0701/detection
! https://safeweb.norton.com/report/show?url=shpwmy.com
||shpwmy.com^$all

! https://github.com/easylist/easylist/pull/6164
! https://github.com/DandelionSprout/adfilt/blob/a0f6bdcc309cab585502c76ebd70c088995a3d17/Dandelion%20Sprout's%20Anti-Malware%20List.txt#L955-L5713
! https://virustotal.com/gui/url/59077166c998073d0f809f35fb035256e8ee263f2136e783c82cd6017aad4029/detection
! https://virustotal.com/gui/ip-address/192.243.59.12/relations
! https://virustotal.com/gui/url/8041adaabbd884df4712bdfa8794bdbcf37dfaa8f06164bbe6df2ba79c2eaa72/detection
! https://www.siteadvisor.com/sitereport.html?url=dustymural.com
! https://safeweb.norton.com/report/show?url=dustymural.com
||dustymural.com^$all
! https://virustotal.com/gui/ip-address/192.243.59.13/community
! https://virustotal.com/gui/url/5eca62948cb380e8b8def8a250d91210df2c7385799fcc3b9f0b0df28b1fdd1b/community
! https://www.siteadvisor.com/sitereport.html?url=disappearanceinspiredscan.com
! https://safeweb.norton.com/report/show?url=disappearanceinspiredscan.com
||disappearanceinspiredscan.com^$all

! https://forums.malwarebytes.com/topic/277965-your-system-is-infected-with-3-viruses/
! https://github.com/DandelionSprout/adfilt/issues/262
||lucdream.com^$all
||beastbuying.com^$all
||kokotrokot.com^$document
! contains porn
||pesoaniz.com^$all
! Fake popups
||rtb-8.novitrk1.com^$all
||cu27t-evo29lution.xyz^$all
||doneonline.xyz^$all
||possessedcrackinghart.com^$all
||typiccor.com^$all
||apsolutamente.com^$all
||time4news.net^$all
||secureleadsforever.com^$all
||pushmeup.art^$all
||eu.pushmeup.art^$all
||trc.artofads.co^$all
||pc-my-protection.xyz^$all

! https://forums.malwarebytes.com/topic/278166-my-website-is-labelled-as-dangerous-by-malwarebytes/
! https://virustotal.com/gui/url/68ccee4530342ae6ea690a0ef786f040a3d9a0d1bfc08c4b857af71ac8e90954/detection
! https://virustotal.com/gui/url/14cfdccc23aac9ffaf051675efcda240f2e83a5cd34403e412f0f2959e42a536/detection
! https://www.siteadvisor.com/sitereport.html?url=serena-west.com
||serena-west.com^$all
||www.serena-west.com^$all

! https://forums.malwarebytes.com/topic/278209-removal-instructions-for-socialsearchconverter/
||socialsearchconverter.com^$all
||install.socialsearchconverter.com^$all
||feed.socialsearchconverter.com^$all
||api.socialsearchconverter.com^$all
||notify-service.com^$all
||install.stream-all.com^$all
||stream-all.com^$all

! Malware - see https://github.com/DandelionSprout/adfilt/issues/267
||codedexchange.com^$all
||trkk4.com^$all
||us1.trkk4.com^$all

! https://www.youtube.com/watch?v=xOw1vct-wHg
! https://virustotal.com/gui/url/95f8db6ff866ba200658f9c25c8a5484ca4f771ae3ac3aba8694129a7f18ec0f/detection
! Dead
||hpprintersupportservice.com^$all
||how.hpprintersupportservice.com^$all
! Not dead yet - https://github.com/uBlockOrigin/uAssets/issues/9933
||1redirb.com^$all
! https://github.com/uBlockOrigin/uAssets/issues/9933#issuecomment-913677276
||greenadblocker.com^$all

! https://github.com/blocklistproject/Lists/issues/456
! https://virustotal.com/gui/url/383e601492df662f7612beea0e02d336a3ee39e864db40d03fe72d4f3fe4c2e4/detection
||discorcl.link^$all

! https://blog.malwarebytes.com/threat-intelligence/2021/09/the-many-tentacles-of-magecart-group-8/
||adaptivestyles.com^$all
||anduansury.com^$all
||bootstrapmag.com^$all
||cdncontainer.com^$all
||fileskeeper.org^$all
||foodandcot.com^$all
||freshdepor.com^$all
||hottrackcdn.com^$all
||mechat.info^$all
||paypaypay.org^$all
||gctatic.com^$all
||googletagmanages.com^$all
||gstaticx.com^$all
||googletagmaneger.com^$document
||googleusescontent.com^$document
||googlutagmanager.com^$document

! https://github.com/AdguardTeam/AdguardFilters/issues/95582
! https://virustotal.com/gui/url/3323920fe31aaa6724441edc7bd395232194c52967480a95039fb35bcb3d7ac2
! https://virustotal.com/gui/url/93011523cfdd4defbccbe5fff351acac2bb6fdddba6420cc69d81cc9f9dd7f61
||discord-give.com^$all
||www.discord-give.com^$all
! https://virustotal.com/gui/url/145c4bdadca86dfb9560668f2cec835f75c248af41b8842687ad89dce8d2aed0
||communitytradeoffer.com.ru^$all
! https://www.siteadvisor.com/sitereport.html?url=dlscord-app.info
||dlscord-app.info^$all
! https://virustotal.com/gui/url/51da56828b0cd9d4d4514feb74038aefb01dc4188da398f1666983766914c156
||steamcommnity.com.ru^$all
! https://virustotal.com/gui/url/83ce8c920a22c9550591e52839fd540ee7a37b941e3419780b17e195fcfb9b28
! https://virustotal.com/gui/url/81880d767bab8515cf71ce37ebe7b56d8448184b96999f6cc4ce70d2b6c68949
||steamdiscord.com^$all
! https://virustotal.com/gui/url/0a8ea816672728b0e9869f65e4788471880746a65f3f8f2215789d0edfe278d3
||discord-app.net^$all
! https://virustotal.com/gui/url/0314bd2bb4874cad7a39346c83c421d87208be4bca6c0dc2f804f0a902b18cfc
||steancommynitu.com^$all
! Copied over from https://github.com/DandelionSprout/adfilt/commit/260f840b773b04d7397c6c40d86cf7e2887768d8 (credit to https://github.com/DandelionSprout)
||cabura.loan^$all
||csgocup.ru^$all
||discord.foundation^$all
||discrod.ru^$all
||eslpro.ru^$all

! https://github.com/DandelionSprout/adfilt/issues/63#issuecomment-927151458
! https://virustotal.com/gui/url/a7fb846c9f8aefecbe0ffda1aecbb6a3d257f0b31a9b922aa49d494af0f0c112
||findyour-realsex2.com^$all
! https://virustotal.com/gui/url/0680f0ae763476f2aa0b844b6f64a1ca4b6c63e0c7f6880ab5f121ad406b2d2e/detection
||your-dreams-girls2.com^$all
! https://virustotal.com/gui/url/4047b3b1b6af03839835b31cffbc5d52eff7c6f01c23cf3330a1000c61b66c0f
! https://virustotal.com/gui/url/4a2cff70405ed300ad14b2294eb06c9adff5354911f70229085deecc7048637b
||yourbigexplosivewin.life^$all
! https://virustotal.com/gui/url/ff99d9ba468539c01896ef8b380819c07b8af40792d83beccea2d76064ebf781
! https://virustotal.com/gui/url/134a3e4324ca33c19c529aa554ff193a96b48ae6213323a957f5752641a8014e
||bestdatinglocal1.com^$all
! https://virustotal.com/gui/url/385edcca4e25f51083f593a4041f834fee5c903a93f5f66eab50f65df61c811c
||sexcontact-store1.com^$all
! https://virustotal.com/gui/url/7574cd8789b7ac7b78e4efe778ab6228a8b8c79301740247b5738bc62f208883
||superdatenow3.com^$all
! https://virustotal.com/gui/url/a7f1c2d1c02cc824bb93c1ba1d147d9fc1464bb3a4aeb937922d6bbdec84ffff
||findlocalgirlnow.com^$all
! https://virustotal.com/gui/url/c5126c3b175c6fa50d96443ecca99b75c881420248ec020c7cd567715839410a
! https://github.com/uBlockOrigin/uAssets/issues/10075
||the-crypto-genius.net^$all
||www.the-crypto-genius.net^$all
! Redirect
||learning-base.club^$all

! https://github.com/DandelionSprout/adfilt/issues/287#issue-1013759704
||youtuba.com^$all
||polyhymnia-mar.com^$document
||virpropcnow.xyz^$all
||avprotectionoverview.com^$document

! https://virustotal.com/gui/file/294b8db1f2702b60fb2e42fdc50c2cee6a5046112da9a5703a548a4fa50477bc/relations
! https://virustotal.com/gui/ip-address/160.202.163.100/relations
! https://virustotal.com/gui/url/3818bac5233b17d11c0744005712a5761596f33ac54c23565eb08b5496323d48
||microsoftkernel.com^$all
||update.microsoftkernel.com^$all
! https://virustotal.com/gui/url/7709e9dff92c359c920e31866268a04489a67fc2e415bbc8c20cea8604387121
||hksupd.com^$all
||amazon.hksupd.com^$all
! https://virustotal.com/gui/url/c8da0d48ea7be9444411840955f2a658c3f6fbfd3dcc87df29fe0c13a6b9b604
||microsofthk.com^$all
||update.microsofthk.com^$all

! https://virustotal.com/gui/url/956c451fe61038377026bee53c4eeff67ab3efe69f5c4c6e22b3c1dbde10ced1
! https://virustotal.com/gui/url/8c1e1a8a80c515d411b4e22d36ddb0535427c73f2b7c8b3ae7a672ad208c89b2
! https://virustotal.com/gui/url/681dfdb12bcaa2facfb6eefe51d671387f111134f1661e336d63c5e6b207aa10
||bilalimtyaz.co^$document

! https://virustotal.com/gui/url/efdaf6927a66f267f8e834a1d685e76025f3c8ad29b8d950289ceb43c18a3477
||machinesalaver.net^$all
! https://github.com/DandelionSprout/adfilt/issues/63#issuecomment-938682090
||eliteexteriorsystems.com^$all

! https://github.com/DandelionSprout/adfilt/issues/63#issuecomment-940500664
! redirect chain
||captcha-smart.top^$all

! https://github.com/DandelionSprout/adfilt/issues/63#issuecomment-944642656
||allblock.net^$all

! https://hybrid-analysis.com/sample/691fb304c88929435950c157c1789bc7004e2163a3188cf2fff1124cfa5f00f8/60f6dbfae50e5603767b8f32
! https://virustotal.com/gui/url/b141c859a1246a250183b212cea2e6ed30d90477adc5ae8f3277516f68071396
! https://virustotal.com/gui/url/5b4dc980802a96c630e76148aab4f2cbe7a196d39ffce9a7e3c95bcdc082b64a
||micuenta01.github.io^$all

! https://virustotal.com/gui/url/64babbfb323b40df5b768265183886fbed60ea92234da1a2e4b85acfdceaf0aa
! https://virustotal.com/gui/url/4f827d8be6d25fa88c1ebe74800b6743d7e289b0f904b6f3445486b3ccac2797
||tristreamstv.com^$all

! https://blog.malwarebytes.com/threat-intelligence/2021/10/q-logger-skimmer-keeps-magecart-attacks-going/
||pinokio.online^$all
||sitetraffic.site^$all
||spacecom.site^$all

! https://github.com/uBlockOrigin/uAssets/issues/10181
||nbryb.com^$all
||onemacusa.com^$all
||realnetnews.com^$all
||rogueleader.org^$all
||suggestive.com^$document

! found when searching for "iam-py-test" on Google - starts at hxxpx[:]//google-yandex[.]info[/]iam-py-test
! https://github.com/iam-py-test/investigations/blob/main/2021/10/24/1.md
! https://github.com/DandelionSprout/adfilt/issues/63#issuecomment-950351144
||google-yandex.info^$all
||cloud-apps.store^$all

! https://virustotal.com/gui/url/2e874f308e1202ce4deb4068d029675c8487bed465f3bd34aeefb4a84c6b767f
! https://virustotal.com/gui/url/859be64d71834dba1693b079ec85f77edcd06124031c65178838555fea31efd7
||dliscord.com^$all

! https://github.com/blocklistproject/Lists/issues/537
! https://github.com/blocklistproject/Lists/issues/538
||gosuslugi.contact^$all
||gosulugl.ru^$all
||gosuslugee.ru^$all
||gosmslugi.ru^$all
||gosuslugji.ru^$all
||gosuslugi.agency^$all
||gosulgi.ru^$all
||gosoogi.com^$all
||gosulvgi.ru^$all
||gosusnugi.ru^$all
||gosuslugi-kultura.ru^$all
||ciel-goshugi.com^$all
||www-gos-uslugi.ru^$all
||gosusluslugi.ru^$all
||gosuslugi.xyz^$all
||gosushlugi.ru^$all
||vgosuslugi.ru^$all
||gos-uslug.ru^$all
||gosuslugigov.ru^$all
||gosuslugi.uk^$all

! https://threatpost.com/chrome-deliver-malware-as-legit-win-10-app/175884/
! https://www.rapid7.com/blog/post/2021/10/28/sneaking-through-windows-infostealer-malware-masquerades-as-windows-application/
||cleancrack.tech^$all
||s4.cleancrack.tech^$all
||clickmatters.biz^$document

! https://forums.malwarebytes.com/topic/280266-removal-instructions-for-search-streamly/
||search-streamly.com^$document
||feed.search-streamly.com^$all
||api.search-streamly.com^$all

! https://virustotal.com/gui/file/574a56656b6cf687d912baeedeeb176f0a7e58ad15ad4ab43c3cd630d9cceab2/relations
! https://virustotal.com/gui/url/8cb8c13da88b7b50a7cae47233a3c385a0208f0dccf119044f775e0a464de3a2
||telegraf.top^$all

! https://github.com/iam-py-test/investigations/blob/main/2021/11/3/1.md#domains
||youutube.com^$all
||youvetube.com^$document
||www.youvetube.com^$all
||mediadlvr.com^$document
||safejokesearch.com^$all
||www.safejokesearch.com^$all

! https://blog.malwarebytes.com/threat-intelligence/2021/11/credit-card-skimmer-evades-virtual-machines/
! https://virustotal.com/gui/url/229181849ae5d036ff997645e9cf708d4fe96337d6e68e780777aee382fdccf1
||webflows.net^$all
||web.webflows.net^$all
||librarysetr.com^$all
||js.rawgit.net^$all
||rawgit.net^$all
||iofrontcloud.com^$all
||alligaturetrack.com^$all
||getambassador.net^$all
||st.adsrvr.biz^$all

! https://virustotal.com/gui/file/f657dd8b99b9fa047c524f055984dfb1f9886cc97c788c8ebb9e63537f327c1a/community
! https://virustotal.com/gui/file/676de5f6ff737af6e73a00caf93767cc9af16e6e6bd50016b5bd03ffa097c373/community
||dl02.s3.amazonaws.com/installers/693123/oi_agree-free-dvd-ripper-platinum.exe$all
||dl02.s3.amazonaws.com/installers/852091/oi_swfdeczip.exe$all
||dl02.s3.amazonaws.com/installers/415643/m1btpwzw9bc.exe$all
||dl02.s3.amazonaws.com/installers/388327/ycf45qdlvsc.exe$all
||dl02.s3.amazonaws.com/installers/848253/InfraRecorder.exe$all
||dl02.s3.amazonaws.com/installers/630249/oi_calctime4f.exe$all
||dl02.s3.amazonaws.com/installers/790203/crazy-ball.exe$all
||dl02.s3.amazonaws.com/installers/760905/tmnttheme.exe$all
||dl02.s3.amazonaws.com/installers/$document

! https://virustotal.com/gui/ip-address/2.56.59.42/relations
||cha1se.my03.com^$document

! https://virustotal.com/gui/file/c465550320e3625e430f8745c8c8b8664a202e24dbe51ed4e5dcd0af25960420/community
||caenet.s3.amazonaws.com/apps/dexway/dexway.setup.msi^$all

! https://virustotal.com/gui/url/a2524bba49ae71297d2b408b30d058700d9c80b5b1154924cafe190ec3e605a6/detection
||newrrb.bid^$all

! https://virustotal.com/gui/file/6146dfe56dcb49e1b843624a44e204754e15625a4f94b230b59a5cafc924f618/community
||bursakulis.com^$all

! https://github.com/iam-py-test/investigations/blob/main/2021/11/24/1.md
||macsoftwarez.com^$all
||namilon.xyz^$document
! C2s
||toa.mygametoa.com^$all
||mygametoa.com^$document

! https://forums.malwarebytes.com/topic/281074-pup-mysearchengineco-firtefox/
! https://virustotal.com/gui/ip-address/172.67.222.254/relations
! https://virustotal.com/gui/url/781a2d763b034c9610ab9832bdc2692aced3d86c6b7296ea72579da7b68dc073
||631e69eb.ainans.com^$all

! https://scammer.info/t/quantum-ad-blocker-trojan/84204
||quantumadblocker.com^$document

! https://github.com/uBlockOrigin/uAssets/pull/10662
||api.crm.duominuo.com^$all
||static.duominuo.com^$all
||wnl.duominuo.com^$all
||duominuo.com^$all

! https://virustotal.com/gui/url/269d374b629d7896da1f9e7449bd5afecf6284a9a564244f96a71e5192363635
||lowseelan.com^$all

! https://virustotal.com/gui/file/50fd813cf8fe981e6aee179f8ba394e5527c5128b84c328f9f8347cd994bbc42/community
||dl02.s3.amazonaws.com/installers/747947/oi_picasa38-setupexe.exe^$all
! https://virustotal.com/gui/file/2ea599605c4d65902943f12e1114a71af7a40fa7dffbf018b0ee3e7a61aaeaa3/community
||dl02.s3.amazonaws.com/installers/424531/2gzbsoj4gxb.exe^$all

! https://forums.malwarebytes.com/topic/281264-malware-bytes-scam-number-1-315-996-0560/
||tradeford.com/us853558/malwarebytes-customer-service-1-315-996-o56o_p1049357.html^$all

! https://github.com/DandelionSprout/adfilt/pull/395
! https://www.huorong.cn/info/1531309921141.html
||kuaizip.com^$all
! https://www.huorong.cn/info/1618397948649.html
! ||zhuangjizhuli.com^$all
! ||zhuangjizhuli.net^$all
! https://github.com/uBlockOrigin/uAssets/pull/9656
||geekotg.com^$all
||qq789.com.cn^$all
! https://www.huorong.cn/info/1526627586130.html
||xiaobaixitong.com^$all
! https://www.huorong.cn/info/1577158839403.html
||daque.cn^$all
! https://www.huorong.cn/info/1598957552515.html
||dabaicai.com^$all
! https://www.huorong.cn/info/1617368984641.html
||qqfzn.com^$all
! https://github.com/uBlockOrigin/uAssets/pull/10017
||flash.cn^$all

! https://virustotal.com/gui/file/1d29ecde092f21ea0dd05b9f42531be1ed2207d6ebb9b463517f4c9508ff24a7/community
||fire.hypersys-server.com.ar^$all

! https://github.com/uBlockOrigin/uAssets/pull/10774
! https://bbs.kafan.cn/thread-2222478-1-1.html
! https://bbs.kafan.cn/thread-2221903-1-1.html
! https://bbs.kafan.cn/thread-2221781-1-1.html
! https://bbs.kafan.cn/thread-2220230-1-1.html
||ts-group.com^$all
! https://bbs.kafan.cn/thread-2221419-1-1.html
||2345.eyunsou.com^$all
! https://www.huorong.cn/info/1627034201698.html
! https://bbs.kafan.cn/thread-2217785-1-1.html
||win.zjwhr.top^$all

! https://twitter.com/Cryptolaemus1/status/1468266929014157316
||lartmana.com^$all

! https://github.com/blocklistproject/Lists/issues/588
||procrackerz.org^$all
||freeprosoftz.com^$all
||pccrackbox.com^$all
||365crack.com^$all
||cracklabel.com^$all
||keystool.com^$all
||pcwarezbox.com^$all
||installcracks.com^$all
||10crack.com^$all
||reallcrack.com^$all
||hit4crack.com^$all
||crackproductkey.com^$all
||profullversion.com^$all
||vcracks.com^$all
||crackswall.com^$all
||crackthere.com^$all
||crackpcsoft.net^$all
||crackserialkey.co^$all
||keygenfile.net^$all
||maliksofts.com^$all
||proappcrack.com^$all
||flstudiocrack.org^$all
||scracked.com^$all
||crackpropc.com^$all
||crackwinz.com^$all
||cyberspc.com^$all
||crackedpcs.com^$all
||ayeshapc.com^$all
||crackintopc.com^$all
||crackhomes.com^$all
||zslicensekey.com^$all
||cracksmad.com^$all
||iamactivator.com^$all
||crackproduct.com^$all
||excrack.com^$all
||mahcrack.com^$all
||get4pcs.com^$all
||genuineactivator.com^$all
||keygenwin.com^$all
||thiscrack.com^$all
||crackedroot.com^$all
||crackspro.co^$all
||topcracked.com^$all
||mycrackfree.com^$all
||crackfullpro.com^$all
||starcrack.net^$all
||procrackpc.com^$all
||crackknow.com^$all
||crackpro.org^$all
||4howcrack.com^$all
||crackshere.com^$all
||crackdj.com^$all
||cracksray.com^$all
||crackkits.com^$all
||trycracksoftware.com^$all
||fullcrackedpc.com^$all
||cracktopc.com^$all
||crackkey4u.com^$all
||rootcracks.org^$all
||idmfullcrack.info^$all
||fileserialkey.com^$all
||licensekeyup.com^$all
||thecrackbox.com^$all
||rootcracks.co^$all
||cracksway.com^$all
||clevercracks.com^$all
||shahzifpc.com^$all
||idmpatched.com^$all
||getprocrack.co^$all
||autocracking.com^$all
||productkeyfree.org^$all
||chcracked.com^$all
||cracksdat.com^$all
||patchcracks.com^$all
||activationkeys.co^$all
||serialsofts.com^$all
||piratpc.com^$all
||prosoftlink.com^$all
||cracksole.com^$all
||finalcracked.com^$all
||activatorpros.com^$all
||organiccrack.com^$all
||zscracked.com^$all
||abbaspc.org^$all
||allsoftwarekeys.com^$all
||genuineserials.com^$all
||pfcbwp.com^$all
||softwar2crack.com^$all
||xforce-cracks.com^$all
||procracks.net^$all
||productkeyforfree.com^$all
||crackgrid.com^$all
||licensekeysfree.com^$all
||goharpc.com^$all
||crackedmod.com^$all
||crackvip.com^$all
||crackedpc.org^$all
||activatorwin.com^$all
||whitecracked.com^$all
||softwarance.com^$all
||kalicrack.com^$all
||bypassapp.com^$all
||ziapc.org^$all
||zgamespc.com^$all
||cracksoon.com^$all
||boxcracked.com^$all
||procrackkey.co^$all
||activationkey.org^$all
||newproductkey.com^$all
||protoolscrack.net^$all
||download4mac.com^$all
||serialkeypatch.org^$all
||premiumsforum.com^$all
||profreefiles.com^$all
||filespremium.com^$all

! https://github.com/uBlockOrigin/uAssets/pull/10854
||37.1.209.213^$all

! https://forums.malwarebytes.com/topic/281936-malware-campaing-distribuition-malicious-link/
||10dimensions.com^$all

! malware - https://bazaar.abuse.ch/sample/a12d74b1756d49531e21f755fef2049ab6c83626f0834cb945c781c39d40a177/
||crackedable.com^$all

! hxxpx[:]//crackpropc[.]com/winrar-crack/ - https://bazaar.abuse.ch/sample/4f4376563cfc35d3fb0b4f857674729727b5f959235fe39daa928a1d4a28649a/
||wastyuioytryiuoytryiuopuytryuioewr5t678i.s3.amazonaws.com^$all

! https://github.com/uBlockOrigin/uAssets/pull/10997
||jinshanduba.org.cn^$all
||phpstat.cntcm.com.cn/phpstat/count/abceffgh/abceffgh.js^$all

! https://bazaar.abuse.ch/sample/357226dff2f3309f8271b5a7c2cc816aa8fb779275357dce9b98b30357951210/
||download-srvr.xyz^$all
||cybermicto768jubileejhsye6yt6543.s3.us-east-1.amazonaws.com^$all

! https://bazaar.abuse.ch/sample/932fcccda7c8e576eb914b446646883cfdb439fe4c7306905ea005555be5e2bb/
||hopelandishomeground1098alone43jk.s3.amazonaws.com^$all

! https://bazaar.abuse.ch/sample/9dfd1e4d88c586107f341620c9682710a414f34e2086aab363661f8eb8031202/
||gigapurbalingga.net^$all
||rigrosehostingz.xyz^$document

! https://forums.malwarebytes.com/topic/282207-how-to-remove-pupoptionalbrowserhijack-and-pupoptionallockhomepage/
! (20/12/2022) https://github.com/AdguardTeam/AdguardFilters/issues/137498
||find-it.pro^$all

! fake Flash Player
||new-meet-dating.life^$document
||wellhello.com^$document

! https://github.com/blocklistproject/Lists/issues/600
||avomas.me/rbBvg78^$all
||choicemonitor.top^$document
||italtrack.checkitemtt.top^$all
||checkitemtt.top^$document
||conv-alida-recapiro-com.preview-domain.com^$document

! https://forums.malwarebytes.com/topic/282353-peruvian-netflix-phishing/
||juandfar.github.io^$all

! https://bazaar.abuse.ch/sample/d696d27429f51199a8b88b7a332cfa2c05d6cf6a875a88046a8764a290bf588f/
||slidehostdowny.xyz^$all

! https://twitter.com/TheDFIRReport/status/1477687477821489157
||rest.healthy2fit.com^$all
||api.healthy2fit.com^$all
||rest.mcghealthcare.org^$all
||rest.neckbackpainrelief.org^$all

! https://github.com/uBlockOrigin/uAssets/issues/11157
||sideload.net^$all
||stcverify.com^$all
||verify.stc.tools^$all
||1980s.click^$all
||0x41414141.net^$all
||yatsura.0x41414141.net^$all
||chrome.google.com/webstore/detail/ultimate-ad-eraser/hkmfdialkjnljbcnincgpollobclebaf^$document
||ultimate-eraser.com^$document

! https://virustotal.com/gui/url/747b8465c517261eb6c5bc1a6c4fa281dc309caecf4a283f9bfb4fe2ba795bd0
||mailsecure-helpdesk.azurefd.net^$all

! https://scammer.info/t/discord-nitro-scam-23/87273
||discqrdapp.com^$all

! VirusTotal typosquatt
||virusttotal.com^$document

! https://blog.malwarebytes.com/threat-intelligence/2022/01/patchwork-apt-caught-in-its-own-web/
||bgre.kozow.com^$all

! https://blog.malwarebytes.com/web-threats/2022/01/card-skimmers-strike-sothebys-in-brightcove-supply-chain-attack/
||cdn-imgcloud.com^$all

! https://twitter.com/pr0xylife/status/1483380330652487680
||plus-x.xsrv.jp^$all
||senior.tims.se^$all
||mecaglobal.com^$all
||mymicrogreen.mightcode.com^$all
||ariesnetwork.co.uk^$all
||animalkingdompro.com^$all
||bitcoin-up.fomentomunivina.cl^$all
||cr.almalunatural.com^$all

! https://virustotal.com/gui/file/cfb15322084d6292f43038a69b0e017b809f178b7c85c310f8effdb37a3eb9a3/community
||florafawnamusic.com^$all

! https://virustotal.com/gui/file/63a46fa06e1bd31832daa958d3a706fd86fbe8f7a2897dc19e52516e4a2066d5/relations
||goyaluat.vmesh.in^$all

! https://virustotal.com/gui/file/3b0158eb80a4ce6aefbab643c3ca57253d265c8c82754c4a7e31dbd64b5aa48f/relations
||actividades.laforetlanguages.com^$all
||laforetlanguages.com^$document

! https://virustotal.com/gui/file/80b5c38471c54298259cec965619fccb435641a01ee4254a3d7c62ec47849108/relations
||111439d.com^$all
||intrasvp.com^$all
||paulbau.com^$all
||peninsularbottling.com^$all
||spoilnet.com^$all
||thebeardedbrocksblends.com^$all
||wokpy.com^$all
||www.111439d.com^$all
||www.intrasvp.com^$all
||www.paulbau.com^$all
||www.peninsularbottling.com^$all
||www.spoilnet.com^$all
||www.thebeardedbrocksblends.com^$all
||www.wokpy.com^$all

! https://www.bleepingcomputer.com/news/security/a-look-at-the-new-sugar-ransomware-demanding-low-ransoms/
||cdn2546713.cdnmegafiles.com/data23072021_1.dat^$all

! https://github.com/uBlockOrigin/uAssets/issues/11574
||rutracker-org.appspot.com^$all

! https://virustotal.com/gui/url/c25fe34c05cc8e9136027a67c277e175a5d6e35af921ee37bad98bdfeea6a2f9/community
||6201375e287cc50016414168.2go.me^$all
||splendid-fallacious-anaconda.glitch.me^$all

! https://virustotal.com/gui/file/568cfb6f770f6fbec1f18595bb78183e1fb5d2e7086f747230f2706ce29ed381/relations
||www.tzkaxh.com^$all

! https://github.com/uBlockOrigin/uAssets/pull/11744
||greencracks.com^$all
||procrackerz.com^$all
||crackfix.net^$all
||zcracked.com^$all
||cracksoftware.org^$all
||downloadpc.net^$all
||pcfullcrack.org^$all
||keygenpc.com^$all
||up4pc.com^$all
||hitproversion.com^$all
||cracktube.net^$all
||iplogger.org/2Acru6^$all
||yourpcnotification.com^$all

! https://virustotal.com/gui/url/bd46572625a7d66dac92a3674fb9b8d31ef855b3229ab8ac650e8d198981ed1e/community
||www.takiparkrb.site^$document

! https://github.com/uBlockOrigin/uAssets/issues/12194
||fulptube.org^$all

! https://bazaar.abuse.ch/sample/d7308dab0110ae3bc79fd15024f5ccfcbd6e676b7c42b27a0112506e8357a6dc/ --> https://app.any.run/tasks/bc53e7a9-5fd7-4682-894d-11e48e9ea89a#
||www.pccrackworld.com^$all
||pccrackworld.com^$all

! https://virustotal.com/gui/file/f158c883db7803a14c124e29a3adb1b72cca3168d904f7cee2a6ebbbdc535ca3/relations
||winfrey2024.com^$all
||www.winfrey2024.com^$all
||bisbenefits.solutions^$all

! https://virustotal.com/gui/url/a7c6db453eaaafa9450ff12b5e85d81c8fc096912f1d9c295a908bd5c02ef3bd/community
||okra-grouper-hny2.squarespace.com^$all

! https://virustotal.com/gui/url/34512642d5d361717a97c817fbf65c008d4cc903a2c7ae641820a9d1e0fca5e0 --> https://app.any.run/tasks/5fb54e2b-1857-45ea-9656-bb4e185d47ab
||pirate4.life^$all

! https://virustotal.com/gui/file/439db5f69b49091964c335c5977bc6dbf8aa41398d0240410dfeb898add7dace/relations
||891706.com^$all
||www.njgummys.com^$all

! https://virustotal.com/gui/url/48fca83cbb6dc2f75f0e8a1546d4f396a5914502ead0060a0eefb2ed580a8c09 (seems down but no reason not to block it)
||vww-robiox.com^$all

! https://virustotal.com/gui/url/169c42480ba36ed07c5895da489593248c6da52e54a7c382748258aa798d8ee1
||littleluxuriesshop.com^$all

! https://github.com/AdguardTeam/AdguardFilters/issues/111970
||a23-trk.xyz^$all

! https://forums.malwarebytes.com/topic/285132-outgoing-trojan-2dodddnsnet/
||2dod.ddns.net^$all

! https://decoded.avast.io/janrubin/parrot-tds-takes-over-web-servers-and-threatens-millions/
||clickstat360.com^$all
||statclick.net^$all
||staticvisit.net^$all
||webcachespace.net^$all
||syncadv.com^$all
||webcachestorage.com^$all
||parmsplace.com^$all
||xomosagency.com^$all
||lawrencetravelco.com^$all
||accountablitypartner.com^$all
||codingbit.co.in^$all
||fishslayerjigco.com^$all
||avanzatechnicalsolutions.com^$all
||integrativehealthpartners.com^$all
||wwpcrisis.com^$all
||markbrey.com^$all
||nuwealthmedia.com^$all
||pocketstay.com^$all
||fioressence.com^$all
||drpease.com^$all
||refinedwebs.com^$all
||spillpalletonline.com^$all
||altcoinfan.com^$all
||hill-family.us^$all

! https://bazaar.abuse.ch/sample/b959fb160dac2a15b8e65c15e2b1738d356c03e13623588bc70aab825c57660a/
! https://app.any.run/tasks/5fcd7eda-1f8b-4e99-80f9-5429d6044d16
||freeversioncrack.com^$document
||top3hostngc.xyz^$all

! another malware website
||gamesrar.co^$all

! https://virustotal.com/gui/url/e47d6ed8866072e58d28b93dd0c7b06d148e5139c1dbe219a16ba288ba14f93c/community
||nolhivaranfaruonline.com^$all

! https://virustotal.com/gui/url/d9a2be341e814e16c837b215cac13b30add4aba14eec06f4b6d400d0a0409ce3/community
||anthracnosis-jackscrew-rubine.s3.eu-central-003.backblazeb2.com^$all

! https://www.bleepingcomputer.com/news/security/unofficial-windows-11-upgrade-installs-info-stealing-malware/ (dead but may undie)
||windows11-upgrade11.com^$all

! https://virustotal.com/gui/url/b56536f2753c28e251a16e85e960e503e1a0fa7460225daba497734b091ef3d6/community --> https://app.any.run/tasks/0d8b025d-ba39-4f88-b83d-db3274b62f49
||codesbro.com^$document

! https://forums.malwarebytes.com/topic/286125-riskware-when-doing-a-google-search/
||flydogy.com^$all

! https://bazaar.abuse.ch/sample/a5c87433df7f9a01cd7140d0882e6f227c62076b14d92f6fd9ab3e0570b596ee/
||portabledownloads.com^$all
||jetiparfilezho.xyz^$all

! https://forums.malwarebytes.com/topic/286435-malwarebytes-reporting-riskware-through-powershell-every-minute/
||wmail-service.com^$all
! https://forums.malwarebytes.com/topic/292561-website-blocked-due-to-riskware/
||counter.wmail-service.com^$all

! https://app.any.run/tasks/f0cf926b-dd19-4209-9e0c-a1ae1855a77b/
||telegra.ph/Free-Repacks-04-30^$all
! https://app.any.run/tasks/4ff53b3b-551f-4a5f-a303-c5938d31c376
||telegra.ph/Injector-By-Vap-04-30^$all

! https://forums.malwarebytes.com/topic/286715-emailed-html-file-phish-appears-is-somehow-bypassing-browserguard/
||etools.page^$document

! https://bazaar.abuse.ch/sample/07a496254e53741aa86e2292f1fce40bf04690504d8cda443d000133099ca107/
||startcrack.co^$all
||slamicrep.cfd^$all
||lectedacivilia.cfd^$document

! https://virustotal.com/gui/url/6764a8e44b5fa318bbf85df6eb6d083a20fc7090b85b0d43068b8f934ad9b2c2 --> https://virustotal.com/gui/file/10dbb4692e34a6f3ca1cf82668a87b1204aa1548c139d88240680d3b82473510
||www.enjpc.com^$all
||enjpc.com^$all
||uploadev.org/hkoarfyqyne8^$all
||nholinolout.tk/0d94969df6099021ed5f897a4144a946wOXvweYgLQgLx-WSJE8uNrZlSB0R8yPrpXhu/-Download-E33Hwwp-QbvNGlXIoS^$all

! https://virustotal.com/gui/url/ea37961ff4ba03a3f50b537668b97e7e682a4d6c2a980504ed4be8d4f593fd96 --> https://bazaar.abuse.ch/sample/727a3154e9862b477a4d556940a8fb47fb7f8dd955102ef7738bc32b587076f5/
||latestsoftz.com^$all

! https://twitter.com/ankit_anubhav/status/1531258779899047938
||textbin.net/raw/2tgh7yhhzs^$all
||rick63.publicvm.com^$all

! https://twitter.com/Artilllerie/status/1534076124829036544
||bbleepingcomputer.com^$document
||bleepingc0mputer.com^$document
||bleepingccomputer.com^$document
||bleepingcimputer.com^$document
||bleepingcmoputer.com^$document
||bleepingcmputer.com^$document
||bleepingcommputer.com^$document
||bleepingcomouter.com^$document
||bleepingcompiter.com^$document
||bleepingcompouter.com^$document
||bleepingcompputer.com^$document
||bleepingcomptuer.com^$document
||bleepingcompurer.com^$document
||bleepingcomputee.com^$document
||bleepingcomputeer.com^$document
||bleepingcomputerr.com^$document
||bleepingcomputet.com^$document
||bleepingcomputor.com^$document
||bleepingcomputre.com^$document
||bleepingcomputrr.com^$document
||bleepingcomputter.com^$document
||bleepingcomputwr.com^$document
||bleepingcompuuter.com^$document
||bleepingcompuyer.com^$document
||bleepingcompyter.com^$document
||bleepingcomupter.com^$document
||bleepingconputer.com^$document
||bleepingcoomputer.com^$document
||bleepingcopmuter.com^$document
||bleepingcoputer.com^$document
||bleepingcpmputer.com^$document
||bleepingocmputer.com^$document
||bleepingvomputer.com^$document
||bleepingxomputer.com^$document

! https://blog.malwarebytes.com/threat-intelligence/2022/06/makemoney-malvertising-campaign-adds-fake-update-template/
||ankgomag.xyz^$all
||ankltrafficexit.xyz^$all
||clicksdeliveryserver.space^$all
||cryptosuite.pro^$all
||daiichisankyo-hc.live^$all
||gettime.xyz^$all
||hilllandings.xyz^$all
||jillstuart-floranotisjillstu.art^$all
||keitarotrafficdelivery.xyz^$all
||makemoneyeazzywith.me^$all
||makemoneywith.us^$all
||mizuno.casa^$all
||money365.xyz^$all
||nawa-store.com^$all
||nippon-mask.site^$all
||openphoto.xyz^$all
||selfadtracker1.online^$all
||traffic.selfadtracker1.online^$all
||zerocryptocard.shop^$all
||185.220.35.26^$document
||188.225.75.54^$document
||185.220.33.3^$document
||185.230.140.210^$document
||188.227.107.121^$document
||188.227.107.92^$document

! https://bazaar.abuse.ch/sample/7a1ac49143e4dc8d3e7f3d033b1b382b3120bfdebfbaf3a304ab2f086456a896/
||telegra.ph/Install-3-06-11^$all
||mediafire.com/file/eeqo14m9t7mqvdr/Install.rar/file^$all

! https://bazaar.abuse.ch/sample/fc03d6fa6787c0e6fee51af9c567bc1febf642bdfd6fd91ee99348b0a2cdf947/
||goo-gl.me/C_Cleaner^$all
! ads
||lulachu.com^$document
||zoomstreakstream.com^$all

! https://twitter.com/malwrhunterteam/status/1539964420607971328
||business-page-appeal-126-73125.web.app^$all

! https://scammer.info/t/phishing-my-account-will-be-blocked/100783
||bit.do/terewebmqil^$document

! https://scammer.info/t/fake-discord-nitro-generator/99942
! https://bazaar.abuse.ch/sample/afc4c49625b8c888e7e4958ec95cf0a79baf48736d71b0cac2bb2fc5f1c99279/
||importadoracandy.com^$all

! YouTube video on a probably hacked channel --> https://bazaar.abuse.ch/sample/786947bd41f7be120bc82fd563b5658ff319bcb45f8e3a35e9e4c62a03ef103e/
||telegra.ph/Sony-Vegas-Pro-19-Crack-06-28-3^$all
||mega.nz/file/nWhSiBRQ#DfJfKPJFf6EiWI3vrVp2IvbBgbsmAqIid9l0H_e3ngE^$all

! https://virustotal.com/gui/file/8014510ba4ca11285598396ec7f36058ce42b2fdd4fd80004c1f1c84933126f1/detection
||byltly.com/24hrsg^$all
||sbnue.com^$document

! https://forums.malwarebytes.com/topic/287876-im-posting-a-malware-to-ask-if-anyone-know-the-type-of-this-malware/
||cdn.adx1.com/df60634899739d9c8ce9ae33940358dd.jpeg^$all
||cdn.adx1.com/8b678aab9185cb333cc7c1bf3442adcb.jpeg^$all
! https://app.any.run/tasks/85cfa904-06c4-4603-82ec-7a3db8db8df9
||comfortykive.xyz^$all
||tjzaj.comfortykive.xyz^$all
||safefastfreesmart.rest^$document
||rewards-giant.uk^$all
||www.rewards-giant.uk^$all
! (14/11/2022) https://app.any.run/tasks/508eecd4-0573-433f-9888-ea4bfe10e5d5
||ewoverth.buzz^$all
||fbuww.ewoverth.buzz^$all
||cemgf.ewoverth.buzz^$all
||paylk.ewoverth.buzz^$all
||krtbw.ewoverth.buzz^$all
||lyirs.ewoverth.buzz^$all
||stijy.ewoverth.buzz^$all
||pwazc.ewoverth.buzz^$all
||uxdpj.ewoverth.buzz^$all
||jxaox.ewoverth.buzz^$all
||fqdbx.ewoverth.buzz^$all
||qakbs.ewoverth.buzz^$all
||wfarv.ewoverth.buzz^$all
||tepmv.ewoverth.buzz^$all
||ivuvh.ewoverth.buzz^$all
||rqsyl.ewoverth.buzz^$all
||hhqdq.ewoverth.buzz^$all
||eysei.ewoverth.buzz^$all
||jdmhf.ewoverth.buzz^$all
||xdgip.ewoverth.buzz^$all
||qdudm.ewoverth.buzz^$all
||xdnpv.ewoverth.buzz^$all
||ytsiw.ewoverth.buzz^$all
||aqxzv.ewoverth.buzz^$all
||akawl.ewoverth.buzz^$all
||pvrqg.ewoverth.buzz^$all
||oyffo.ewoverth.buzz^$all
||woorz.ewoverth.buzz^$all
||whqqm.ewoverth.buzz^$all
||apgib.ewoverth.buzz^$all
||bsrhu.ewoverth.buzz^$all
||lipwq.ewoverth.buzz^$all
||yzivj.ewoverth.buzz^$all
||cgwvb.ewoverth.buzz^$all
||zijim.ewoverth.buzz^$all
||fvpki.ewoverth.buzz^$all
||deqkr.ewoverth.buzz^$all
||qtngs.ewoverth.buzz^$all
||jgdvx.ewoverth.buzz^$all
||vovle.ewoverth.buzz^$all
||oqcqa.ewoverth.buzz^$all
||nruzo.ewoverth.buzz^$all
||cnwlv.ewoverth.buzz^$all
||waneo.ewoverth.buzz^$all
||fmrdm.ewoverth.buzz^$all
||pzktf.ewoverth.buzz^$all
||uivzc.ewoverth.buzz^$all
! look-alike domains on the same IP, some with AV detections
||sweredth.buzz^$document
||reamsan.buzz^$all
||ecityalittl.buzz^$document
||toftheussi.xyz^$document
||sfriend.buzz^$document
||ewallowi.buzz^$all
! trys to install extension
||antivirushub.co^$all

! https://virustotal.com/gui/url/081c3fe5d843567d0b5a1f7b2efd6592eded82d8a6b0a4283760c53b06b9d009/community
||coinbase-buysell-cryptocurrency.yolasite.com^$all

! https://virustotal.com/gui/file/b7a7b969380d611b8f21f457e3d56b472cd4634fc11b016c0f5e70a15ddd2363/community
||wearenotbbystealer.nl^$document

! https://virustotal.com/gui/url/88c6f47ec835274fa193c5540a570dc53421fcfdc5d0408f8a8215ff9ec561bf/community
||share.getcloudapp.com/nOuXRll9^$all
||nolajaymesrealtor.com^$all

! https://virustotal.com/gui/url/0f08c044228d8d5cf50356deeadea492d78fd691735df5438f118c52a622267b/community
||planebux.xyz^$all

! someone shared this SMS with me --> https://web.archive.org/web/20220707215749/https://twitter.com/iam_py_test/status/1545164642346930176
||amazon-security-info.lnk.to^$all

! https://bazaar.abuse.ch/sample/b41a79633a38811e378ce4e3e05cbaf086791272ae55c87eafa845eb655994a9/
||telegra.ph/Best-tutorial-04-30^$all
||gg.gg/11nfvn^$all
||mediafire.com/file/iqamfvx8teaq9y2/SoftwareInstaller.rar/file^$all
||77.91.102.23^$all

! https://bazaar.abuse.ch/sample/5c795e31f7130c2c15ed1fbcb300bea7266f64e10f68cfc9a2f139f2a25a9532/
||crackload.net^$all

! https://virustotal.com/gui/url/b57caaf8abc72075c0e194177af30ec2059f57ed944d23adc2e1f925bb9b4880/community
||pegaz-paragliding.com^$all

! https://virustotal.com/gui/url/a927a3bd0b3c6e016e29bf31d4d217977e2d41bb87fc555eb92f96ecab62e7f7/community
||jinjarsoft.com^$all

! https://forums.malwarebytes.com/topic/288670-im-getting-website-blocked-due-to-trojan/
||clayroot2016.linkpc.net^$all

! https://twitter.com/stephenlacy/status/1554697077430505473 shared by HoJeong Go
||ovz1.j19544519.pr46m.vps.myjino.ru^$all

! https://virustotal.com/gui/file/36d0988bbecc52a81edde05ecf40562ce878dcf4eb273691a134f825bbc16f34/detection
||telegra.ph/INSTALLER-07-22-2^$all
||bit.ly/3b39wkA^$all
||mediafire.com/file/b0shvy4kbs26yro/Installer.rar/file^$all

! https://virustotal.com/gui/file/bf7050e71da2ed976d1298a9732c78aeba04db079848da295b4ed0ec0cac4e35/community
||telegra.ph/autotune-pro-07-16^$all
||telegra.ph/file/b98cb101d9b7798329580.jpg^$all

! https://virustotal.com/gui/file/de78cb6a65184a6011d7dee1dc1e48a60d936208718448158f656919c29856e4
||bit.ly/3PzDpaL^$all
||mediafire.com/file/r4fodu1r8tk0f5s/spotify_premium.rar/file^$all

! https://virustotal.com/gui/file/f776b6341455d570e098f76b6ca38c4e6c47603070d367885d45619795f6fe17
||robloxscript.site^$all

! https://virustotal.com/gui/file/601e3b16384fcfc7fc27b76f9367316fa38681b402d62569b963490496f9f17f
||software-universe-pro.space^$all

! https://forums.malwarebytes.com/topic/289086-antivirus-keeps-telling-me-blocked-3523615979-and-cant-find-a-solution/
! https://forums.malwarebytes.com/topic/289935-hijackautoconfigurlprxysvrrst-backdoorfarfli-in-registre-key/
||35.236.159.79^$all

! https://bazaar.abuse.ch/sample/78bcb53e3e0bca3655038c80eb9339d94f4a52b614b2ae072c171925099bcca8/
! https://virustotal.com/gui/file/6679a9fafa55cd95f682e35649413de7d36e81d7eb77736f888d98e5ac4ccf91
||telegra.ph/Download-Page-07-30^$all
! same malware?
||greponozy.com/1Gcf^$document
||underthfeoveu.monster^$all
||ndandinter.hair^$all

! https://forums.malwarebytes.com/topic/289257-browser-randomly-tries-to-go-to-iluhruhruxyz/
||iluhruhru.xyz^$all

! https://virustotal.com/gui/url/277ab53e753d552ec350aa812bc94345c84346ce52ca03f89979bfbe9a1ae000/community
||rb.gy/itouxx^$all
||es-sign-caieyna-b65164.ingress-florina.ewp.live^$all

! https://forums.malwarebytes.com/topic/289254-reoccuring-website-blocked-due-to-malwaretrojan-message/
||104.155.207.188^$all

! https://forums.malwarebytes.com/topic/289555-malwarebytes-reporting-riskware-and-trojan-through-powershell-every-second/
||45.227.254.52^$document

! https://twitter.com/MBThreatIntel/status/1567604533458780160
||hgoawa.xyz^$all
||31.44.6.123^$all

! https://virustotal.com/gui/url/d40409e8995dd91b3ab6c154cfa84a94c3a11013262825a88861d1611d9212c8/community <-- Dead
! https://virustotal.com/gui/url/52b396fc9afd28864a7c7ac91faaef4be1f001b2aa45a33ad53e0f38172fa4e3/community
||tegraokulary.pl^$all

! https://forums.malwarebytes.com/topic/289986-what-is-plusclick/
||plusclick.biz^$all

! https://virustotal.com/gui/file/fe3f662947b072546eea1183ff626e851cb99a50a406dbe28a520078f38a84df
||telegra.ph/Download-09-07-6^$all

! https://virustotal.com/gui/file/31172f3d213210267adccd9e625a15f9713006812a3e20538425fba996e8889a
||mediafire.com/file/kvp9izio4r4hqly/Roblox+Hack.zip/file^$all

! https://bazaar.abuse.ch/sample/a674c8d984fe21bdbf03a9cafabe8963f0b471155655943299ef9695b836c307/
||telegra.ph/Clip-Studio-Crack-Latest-Version-08-15^$all

! https://virustotal.com/gui/url/94532535b8591efdebf95cf3c463f4b6116c76a354320676d38ab1384d40d26f/community
||sukudoanalytica.com^$all

! https://twitter.com/UK_Daniel_Card/status/1573038624853082128
! https://twitter.com/MBThreatIntel/status/1571949584943054848
||parrable.com^$all
||h.parrable.com^$all

! https://twitter.com/MBThreatIntel/status/1573059941619081221
||guyacave.fr/js/tiny_mce/themes/modern/validate.js^$all

! https://web.archive.org/web/20230604181959/https://twitter.com/iam_py_test/status/1573078196010078210
||telegra.ph/An-article-on-How-To-Download-Crack-and-Hack-For-Free-08-12^$all

! https://bazaar.abuse.ch/sample/7205488fe5a1d3d05f0734af8b156d5c1603e9334b407845eb5545950e7b9acc/ (credit to https://bazaar.abuse.ch/user/1169961/)
! https://app.any.run/tasks/ed58332c-913b-4a8e-8d17-e55c4fb40b76 (my analysis)
||85.31.46.80^$document

! https://virustotal.com/gui/url/dff608d10ce1c5d441e7d3d9e848d81302e26dcce121f984f2d1c2e341852a82/community
||medijaplus.com/wp-admin/network/ATOPSpA/^$all

! https://forums.malwarebytes.com/topic/290797-drive-by-typosquat/
||login.mimecast.cm^$document

! https://web.archive.org/web/20230604182346/https://twitter.com/iam_py_test/status/1578112473768644611
||pastebin.com/DyG0qkdA^$document
||bit.ly/3EhFS7k^$document
! new
||bit.ly/3W5iqkk^$all
||mediafire.com/file/48babb7qlspz6dd/Adobe+Photoshop.rar/file^$all

! https://twitter.com/GossiTheDog/status/1582690317886578688
||www.garmin-download.com^$all
||garmin-download.com^$all

! https://virustotal.com/gui/url/d56c2ac37804bb6016c6666697b34ed0e95ad1a36ca2bd8b9db78c1e13f8ae81/community
||objectstorage.us-sanjose-1.oraclecloud.com^$all

! https://virustotal.com/gui/url/cf647bc81b76bd4857b34fe9a6dbec1f695b3bb8910e8cd000fa16e48d8c0c4c/community
||cgi-wscalfahostingde.bondlayer.site^$all
||i4rry-tiaaa-aaaag-aaycq-cai.ic0.app^$all

! https://bazaar.abuse.ch/sample/9d5e04f46fc4e4340b2d4c5f2044584826e016347388ec35cc9805d36c7546f1/
||95.214.53.31^$document

! https://tria.ge/221104-xnqwhsbhfp/behavioral1
||clipper.guru^$all

! https://forums.malwarebytes.com/topic/291771-facebook-hacked-and-suspicious-link-sent-out/
||monkey.redirectmaster.com^$all
||xe2w.com^$all

! https://virustotal.com/gui/url/dd3ef709e1415894e7b12f3245e91fb3993b197b34e854a2bf58d5e4ff1a8768/community
||flyrine.com^$all

! https://virustotal.com/gui/url/6a1435a75c9199af6c37df495fb6b05965e57ada5b617e0651efa13e51ae746b/community
! https://virustotal.com/gui/url/8425e5c13e3c0ee58fc0ed21cd3695ad4ef1962a32d90f2b3d34cc280e0c248b
||chungwoo.futuroinfo.co.kr^$all

! https://github.com/AdguardTeam/AdguardFilters/issues/134355
! https://github.com/DandelionSprout/adfilt/commit/32ea69e5a7c632bc2cd739fba4ee256e8a9e8abf (all credit to https://github.com/DandelionSprout)
||1000girl.com^$all
||1000islandsinfo.com^$all
||100blackmenkc.org^$all
||10co.biz^$all
||10woomul.com^$all
||141angel.com^$all
||168av.com^$all
||1800fdlowers.com^$all
||1800fl9owers.com^$all
||1800flowerx.com^$all
||1800tlowers.com^$all
||2d-plus.com^$all
||2m5f.com^$all
||30mercantil.com^$all
||3mvs.com^$all
||4hu59.com^$all
||99bricks.com^$all
||ab-automobile.de^$all
||abc13news.com^$all
||abcyamath.com^$all
||aboutarc.com^$all
||abuhamzahfx.com^$all
||abwkoeln.de^$all
||biosaude.co^$all
||accessdiscounts.com^$all
||accountingservice.com^$all
||accountionline.com^$all
||acethematch.com^$all
||additude.org^$all
||addyourlink.net^$all
||adminbookings.com^$all
||admindiploma.co.uk^$all
||admiralmarket.com^$all
||adriod.com^$all
||advancaauto.com^$all
||aegiscrew.com^$all
||aerepostal.com^$all
||aergerforum.de^$all
||aetnaretriedhealth.com^$all
||aetnastudentehalth.com^$all
||aetnasyudenthealth.com^$all
||afshagemstone.com^$all
||aging.realmadridlive.in^$all
||air-careductcleaning.com^$all
||aj3000.org^$all
||ajmsewing.co.uk^$all
||akintor.com^$all
||alabamamedicaid.org^$all
||alamoinsurancegroup.com^$all
||allsttae.com^$all
||alojamientogratuito.info^$all
||altesino.com^$all
||alumacarsuncity.com^$all
||alvincommunitycollege.com^$all
||amazonaus.com^$all
||amcestey.com^$all
||amecstry.com^$all
||americameagle.com^$all
||americanghostsandhauntings.com^$all
||americanlegion.net^$all
||americanwingsnorcross.com^$all
||amienmelody.com^$all
||ammica.com^$all
||anabolicalternative.com^$all
||anactor.net^$all
||anandasoftbd.com^$all
||anccestary.com^$all
||anchormotor.com^$all
||androiddp1.com^$all
||andyreinold.com^$all
||angrydl.com^$all
||anheiserbusch.com^$all
||animerunkkari.net^$all
||anningten.de^$all
||antennebayer.de^$all
||antiqueforhire.com^$all
||childrenwish.ca^$all
||anuex.com^$all
||anugrahjaya.com^$all
||aouttrader.com^$all
||appdeploy.de^$all
||appe.indainbank.in^$all
||applebees.cm^$all
||appleidpassword.com^$all
||appleisider.com^$all
||appolloprism.com^$all
||apppleseeds.com^$all
||appschoolgrid.co.uk^$all
||apqconstruction.com^$all
||apv-thermotech.de^$all
||arcanedevice.com^$all
||areopostel.com^$all
||ari-model.com^$all
||arielaudio.com^$all
||aristokraftcabinets.com^$all
||arizonadollandtoymuseum.com^$all
||arnoldmartinezgallery.com^$all
||artdesignweb.com^$all
||artediez.com^$all
||artofconway.com^$all
||asicsrunningshoe.com^$all
||askalligence.com^$all
||asperdental.com^$all
||aspspider.info^$all
||atlassion.net^$all
||aturealbum.com^$all
||audble.co.uk^$all
||audiopoisk.com^$all
||audioquartet.com^$all
||auitotrader.com^$all
||australien-embassy.de^$all
||autobk.com^$all
||babajfinserv.in^$all
||autopartsguru.com^$all
||autoscvout24.de^$all
||avanteboatsales.co.uk^$all
||avg.cm^$all
||avipreview.com^$all
||awardsdecals.com^$all
||awardswlwct.com^$all
||b5o.com^$all
||ba.upyim.co^$all
||baadhuset.com^$all
||babybud.de^$all
||bagandbow.com^$all
||baileycar.com^$all
||bananajacks.com^$all
||banankofamerica.com^$all
||bankencryption.com^$all
||barrellab.com^$all
||barrettsoutdoor.co.uk^$all
||basicware.com^$all
||bathandbodywash.com^$all
||bbletche.com^$all
||bcbsillinois.com^$all
||bccstx.com^$all
||bcins.com^$all
||beachsideboatrentals.com^$all
||beardmiller.com^$all
||beatthestreak.com^$all
||bedbedandbeyond.com^$all
||befancyhair.com^$all
||beilgries.de^$all
||bejaminbluemchen.de^$all
||benifits.org^$all
||bernslaihomes.co.uk^$all
||berwww.com^$all
||bestamericanstocks.com^$all
||bestcanadian.com^$all
||besthesda.net^$all
||bestwestner.com^$all
||bext.co.uk^$all
||bherb.com^$all
||bhojpurimovie.com^$all
||biblioteka-bg.com^$all
||bilabong.de^$all
||biosmoothpro.com^$all
||biovidasaude.com^$all
||birdscapes.com^$all
||bitsize.com^$all
||bittrex.cm^$all
||blackedram.com^$all
||blackmendigital.com^$all
||blauer-engel-koeln.de^$all
||blissmassagetherapy.com^$all
||blogesupri.patons.ca^$all
||blogs-pot.com^$all
||blurau.com^$all
||bmwsarasota.com^$all
||bnbcnews.com^$all
||boating-ed.com^$all
||bobberslive.com^$all
||bobybuilder.com^$all
||bokkinmg.com^$all
||bolivianland.net^$all
||boobking.cm^$all
||boohoi.com^$all
||bookfromnet.com^$all
||booking.pixelextended.me^$all
||booksandmarks.com^$all
||boostbobile.com^$all
||bootrep.com^$all
||boottownusa.com^$all
||bootyplanet.com^$all
||bossmovies.com^$all
||bostonterrierden.com^$all
||bothers.com^$all
||bottlecapgames.com^$all
||boxmoviez.com^$all
||boy-drive.net^$all
||bppkoing.com^$all
||braillealphabet.org^$all
||brainlly.com^$all
||brigdebase.com^$all
||briteledtech.com^$all
||brosdway.com^$all
||brotherprinter.com^$all
||bsswift.com^$all
||bt666.com^$all
||burnsidedigital.com^$all
||bwmbank.de^$all
||bzp.net^$all
||cabesp.com^$all
||calebpressley.com^$all
||calvertschool.com^$all
||cambridgeebook.com^$all
||cannel24.de^$all
||cantireu.ca^$all
||captialonedirect.com^$all
||carapowersports.com^$all
||carecredet.com^$all
||carnart.com^$all
||carolinatrustfederalcreditunion.com^$all
||carthorsemachinery.com^$all
||cartridgesshop.co.uk^$all
||casinovale77.com^$all
||casualxl.com^$all
||catharijnebioscoop.nl^$all
||cbej.com^$all
||cdlebjihad.com^$all
||cellutissue.com^$all
||centerblog.com^$all
||centerhillhouseboatrentalandcharter.com^$all
||cercoamicivip.com^$all
||charlestywritt.com^$all
||chartoulette.com^$all
||chasefreedomvisa.com^$all
||chasschwab.com^$all
||chathopper.com^$all
||chaumiereonline.com^$all
||cheapnikeshoes.com^$all
||chefsouls.com^$all
||chengsgardenct.com^$all
||childrencare.com^$all
||chinaautoparts.com^$all
||chlipfih.de^$all
||choctawwildlife.com^$all
||choicepriveleges.ca^$all
||choigame24h.net^$all
||christianbooksummaries.com^$all
||christiansocialnetwork.net^$all
||chuckychesse.com^$all
||cicda.com^$all
||cinemavf.org^$all
||citimortgage.cm^$all
||clarin.cm^$all
||clarires.com^$all
||claritta.net^$all
||clashofclanhacks.com^$all
||classmatess.com^$all
||clerverbot.com^$all
||clikurl.com^$all
||cloudbar.org^$all
||cloudmail.ontatio.ca^$all
||clubemusicas.com^$all
||clubterracan.net^$all
||cogeca.ca^$all
||collectioncentre.com^$all
||collegeoftheozarks.com^$all
||colonnialpenn.com^$all
||colordrives.com^$all
||columbusstoreeq.com^$all
||comcmast.net^$all
||comicstee.com^$all
||comkp.org^$all
||commomlit.com^$all
||comstaples.com^$all
||confusion.co.uk^$all
||consunercellular.com^$all
||continentalcredito.com^$all
||convertapdftoword.com^$all
||cookiecliker.com^$all
||coolgearing.com^$all
||correo.foot-news.co^$all
||costcobusinessphone.com^$all
||cottagechicbymargie.com^$all
||cottonflower.com^$all
||countrybros.com^$all
||countrylifegifts.com^$all
||courtreporting.com^$all
||covermania.com^$all
||covid-10.onario.ca^$all
||cps-pc.de^$all
||crackact.org^$all
||craigsdlist.com^$all
||crazynudistbeach.com^$all
||creativemindsacademyfl.com^$all
||credditonebank.com^$all
||cricket.info^$all
||crowddream.com^$all
||cruiseadventures.com^$all
||crystaldiskinfo.com^$all
||crystallinks.com^$all
||cstress.net^$all
||cumonlucy.co.uk^$all
||cumsex.com^$all
||cumsnap.com^$all
||cursodeunhasdecoradas.com^$all
||cvs.cm^$all
||cvshealthsurcey.com^$all
||cyberhostvpn.com^$all
||d25.net^$all
||dafearsoft.org^$all
||daftzex.com^$all
||dailynation.co.uk^$all
||dakofurniture.co.uk^$all
||damagedpictures.com^$all
||datingwall.com^$all
||davesandbusters.com^$all
||davidaustinroses.de^$all
||davidsonfirealarms.com^$all
||davinailsandspa.com^$all
||dealaday.com^$all
||debain.org^$all
||debide.com^$all
||defloreation.com^$all
||degowo.de^$all
||dekstophut.com^$all
||demo.europadonna.de^$all
||demo.halimcan.de^$all
||dentistfinder.com^$all
||desicorner.net^$all
||destokage.com^$all
||detailreviews.com^$all
||detroitk12.com^$all
||detroitlion.com^$all
||deutschewell.de^$all
||europadonna.de^$all
||gesundheitkatalog.de^$all
||hanseatischesweinkontor.de^$all
||hbo.cm^$all
||hypoverensbank.de^$all
||academicassociation.in^$all
||deviantaet.com^$all
||dgumarket.com^$all
||dhifaaf.com^$all
||dibujosdelos80.com^$all
||dicoverycove.com^$all
||dictionarg.com^$all
||dieaertze.de^$all
||diebahnd.de^$all
||diesimsens.de^$all
||digitaldigsads.com^$all
||dippegucker.de^$all
||directnergy.com^$all
||disany.com^$all
||discdb.com^$all
||disconcerting.com^$all
||discountrires.com^$all
||discunttire.com^$all
||disnneychannel.com^$all
||distorwatch.com^$all
||dixks.com^$all
||diycondensermics.com^$all
||djwacho.de^$all
||dkroger.com^$all
||dlv4.com^$all
||com-download-stat.us^$all
||docteach.org^$all
||documany.com^$all
||documentodoestudante.com^$all
||dofant.com^$all
||dolcegabanna.com^$all
||dollarentacar.com^$all
||dollygals.com^$all
||domionspizza.com^$all
||donaldrussel.com^$all
||donvenmuehle.com^$all
||dotcomdirectory.com^$all
||doversaddley.com^$all
||drbbble.com^$all
||drivenmotorsportsales.com^$all
||drocherway.com^$all
||droplox.com^$all
||droptv.com^$all
||drssbarn.com^$all
||ds4you.de^$all
||dsca85.com^$all
||dsneyland.com^$all
||ducusign.com^$all
||durgapurgovtcollege.org^$all
||dutchbilbs.com^$all
||dvrv.com^$all
||dyptiqueparis.com^$all
||dysma.de^$all
||dzlibrary.com^$all
||easternbikes.de^$all
||ebieomachines.com^$all
||ebookbinary.com^$all
||ecentennialcollege.ca^$all
||ecoediciones.com^$all
||ecoinspeed.com^$all
||ecread.com^$all
||edge.metropcs.co^$all
||educacionbc.com^$all
||eduparkpublishinghouse.com^$all
||eevb.com^$all
||efsll.com^$all
||einv.com^$all
||eknigu.org^$all
||elcactus.com^$all
||eletterhead.com^$all
||elevationsj.com^$all
||ellasontreeservice.com^$all
||ellisiland.org^$all
||elreydelfalafel.com^$all
||elwinpure.com^$all
||empak.de^$all
||emperorinfo.com^$all
||emulespana.net^$all
||enbto.com^$all
||energybrokerconsultants.com^$all
||enfmail.com^$all
||engineerbob.com^$all
||enigaluce.com^$all
||enyergy.com^$all
||eoonext.com^$all
||epicgamis.com^$all
||epph.com^$all
||eppicard.cm^$all
||erotic-flowers.com^$all
||erotic99.com^$all
||es-toyaqui.com^$all
||esmallbusinessgrants.net^$all
||esperiqn.com^$all
||esty.com^$all
||esuracnce.com^$all
||eternityflowercreations.com^$all
||ethioporn.com^$all
||ethtrada.com^$all
||etimology.com^$all
||euronets.com^$all
||events.compres.us^$all
||everdaycarry.com^$all
||evil-unveiled.com^$all
||evtools.info^$all
||exberian.com^$all
||excelmission.com^$all
||3daxis.co^$all
||exiperan.com^$all
||experianokta.com^$all
||expertworx.com^$all
||expieeian.com^$all
||explorors.com^$all
||expreien.com^$all
||exragazze.com^$all
||exrpessscripts.com^$all
||eyebuidirect.com^$all
||ezbiodiesel.com^$all
||ezgreatoffers.com^$all
||ezprogram.com^$all
||eztvseries.com^$all
||ezzpassmd.com^$all
||fabswiingers.com^$all
||faceb00k.com^$all
||facialsgalleries.com^$all
||facilisoft.com^$all
||faircompaines.com^$all
||fairplayhorse.com^$all
||fakehab.com^$all
||faketaxi.org^$all
||fashionchurchsuits.com^$all
||fashiondressstore.com^$all
||fashionsnetwork.com^$all
||fasilhd.com^$all
||fastcash500.com^$all
||fastlaneltd.com^$all
||fatbike-motor.com^$all
||fatwa1.com^$all
||faxsports.com^$all
||fcbs-inc.com^$all
||fedbizopps.org^$all
||fellfootfarm.co.uk^$all
||ferel.com^$all
||fertagus.com^$all
||ffrontgate.com^$all
||fiars.com^$all
||fightmove.co.uk^$all
||filecloud.monster^$all
||filezila.com^$all
||filmfreestream.net^$all
||filmox.org^$all
||findmymobike.com^$all
||findrc.com^$all
||finleyfurst.com^$all
||fionagary.com^$all
||fireking.us^$all
||firhouse.com^$all
||firstnationalc.com^$all
||firstthirdbank.com^$all
||fivestarautomotiverepair.com^$all
||fivethirteight.com^$all
||flagstarwholesale.com^$all
||flightconsolidator.com^$all
||flightlcub.com^$all
||flipkartjob.com^$all
||flipnormals.com^$all
||flixbruns.de^$all
||floormakers.com^$all
||florida-fishingcharters.com^$all
||flowermodels.com^$all
||flugzeugsupermarkt.de^$all
||fluxrp.com^$all
||flygpoolen.com^$all
||fmhogar.com^$all
||fmword.net^$all
||fnsbsd.com^$all
||focusbangla.com^$all
||fodocuments.info^$all
||followx.com^$all
||food-stamps-apply.com^$all
||foosewheels.com^$all
||footballflags.com^$all
||forceporn.com^$all
||foreverybella.com^$all
||forexclient.com^$all
||forexengines.com^$all
||formacioncorreos.com^$all
||formaua.com^$all
||forslaebyowner.com^$all
||forstinger.de^$all
||fotobugil.com^$all
||fotoescalera.com^$all
||fotoporst.de^$all
||foyerjeansturm.com^$all
||fraigslist.com^$all
||franciscajoias.com^$all
||franklhammondiii.com^$all
||frebmd.org.uk^$all
||freddiesfinespirits.com^$all
||free-iphone6s.com^$all
||freeconferenceline.com^$all
||freedomkia.com^$all
||freefre.com^$all
||freelanceeditors.com^$all
||freemovie.com^$all
||freemovies.net^$all
||freemoviesonline.com^$all
||freenortonsecurity.com^$all
||freeplaysex.com^$all
||freeprogz.com^$all
||freeshoutbox.com^$all
||friedmanshoes.com^$all
||friendsinfo.net^$all
||fronteerair.com^$all
||frontgatd.com^$all
||fsuwebmail.com^$all
||ftrontgate.com^$all
||fuckhoes.com^$all
||fudelidade.com^$all
||fullyloadednews.com^$all
||fumformobile.com^$all
||funkysexycool.com^$all
||furnitureking.com^$all
||furukawa-cooking.com^$all
||futaplay.com^$all
||gadisbandung.com^$all
||galerievitesse.com^$all
||gallagherstudents.com^$all
||gallerialighting.com^$all
||gameartisan.com^$all
||gamesloft.com^$all
||garden-flags.com^$all
||garndinroad.com^$all
||gastrodocs.info^$all
||gautengonline.com^$all
||gaylar.com^$all
||gbbox.com^$all
||geacorn.com^$all
||geamail.com^$all
||geapplaince.com^$all
||gedichtsbilder.de^$all
||gemini-usa.com^$all
||gemvera.com^$all
||generadordememes.com^$all
||genwigs.com^$all
||geogiaboot.com^$all
||geometro.com^$all
||geoxkorea.com^$all
||gerardfashion.com^$all
||getchaselnk.com^$all
||getjeeping.com^$all
||getmsguide.com^$all
||getmypopcornnow.com^$all
||getmytranscrpit.com^$all
||gettereward.com^$all
||ggodyear.com^$all
||ghostsearch.com^$all
||gibsonrv.net^$all
||gidonline.net^$all
||giftsforunow.com^$all
||giganits.com^$all
||giphy.cm^$all
||girls-party.com^$all
||glamrockbeauty.com^$all
||glassdoir.com^$all
||glasssoor.com^$all
||glendeedogrescue.co.uk^$all
||globalifeinc.com^$all
||glomp.com^$all
||gmauo.com^$all
||gmboree.com^$all
||gmglobalconnec.com^$all
||gmsexp.com^$all
||gnctraining.com^$all
||gnet7.com^$all
||gnpschandigarh.com^$all
||go-guy.com^$all
||gobdeals.com^$all
||goldclubslot.com^$all
||gomiyashiki-osouji.com^$all
||goodcheat.com^$all
||googglemail.com^$all
||google.ssvt.se^$all
||googlecal.com^$all
||googlefish.com^$all
||googleidle.de^$all
||goole.com.vn^$all
||goopgle.com^$all
||goracertech.com^$all
||goralpolishdeli.com^$all
||gordanfoodservice.com^$all
||got-corgis.com^$all
||gottorent.ca^$all
||graberbkinds.com^$all
||grabetblinds.com^$all
||gracehillision.com^$all
||granddentalpc.com^$all
||grassrootsmeasures.com^$all
||greandhra.com^$all
||greatbulletin.com^$all
||greatlesson.com^$all
||greatrating.com^$all
||greenvaporco.com^$all
||greyhoundbuslines.com^$all
||grillsandgreens.com^$all
||grinandbakeit.com^$all
||grupograncolombia.com^$all
||grupomnemon.com^$all
||gsmatena.com^$all
||gtuts.com^$all
||guicc.com^$all
||gulfmonster.com^$all
||hack-game.net^$all
||halilou.com^$all
||hallsdawghouse.com^$all
||halys.com^$all
||hamburgschool.org^$all
||handrbloock.com^$all
||hangkhung.com^$all
||hao1131.com^$all
||harfordlife.com^$all
||harpers-property.co.uk^$all
||hatventures.net^$all
||haveringfireplaces.co.uk^$all
||hawaiianaor.com^$all
||hboow.com^$all
||hcomicbooks.com^$all
||hd-sex-videos.com^$all
||hdmedicalexams.com^$all
||hdmovi3s.com^$all
||hdsupplsolutions.com^$all
||hdwallpaperslist.com^$all
||hdww.com^$all
||healthtechni.com^$all
||healthypetstore.net^$all
||heaphotels.com^$all
||heathyliving.com^$all
||helixcharter.com^$all
||hellsangelsusa.com^$all
||hensly.com^$all
||hermesairport.com^$all
||hewittresorce.com^$all
||highcash.org^$all
||hillcountrysanmarcos.com^$all
||hiwaytractor.com^$all
||hobbylobby.cm^$all
||hobyto.com^$all
||holidayproperty.com^$all
||holidycheck.at^$all
||hollywoodmoviez.net^$all
||homescapeonline.com^$all
||hongkongsthelens.co.uk^$all
||hoopsuite.com^$all
||hosfordbrothersconcrete.com^$all
||hot-deal.co.uk^$all
||hotelcentr.com^$all
||hotelesdoux.com^$all
||hotelsit.com^$all
||hotnewhiphoo.com^$all
||hotnsil.com^$all
||hottwitterwives.com^$all
||houseofnightseries.co.uk^$all
||howisavedthousands.com^$all
||hpinstankink.co.uk^$all
||hpsupportphonenumber.com^$all
||hqjt.com^$all
||htmail.co.uk^$all
||httpexample.com^$all
||hu0.com^$all
||humaneassocofclarkcounty.com^$all
||humouron.com^$all
||hvanah.com^$all
||hxymall.com^$all
||i80auto.com^$all
||ibuycard.com^$all
||iclovd.com^$all
||ideed.ca^$all
||identtyguard.com^$all
||idlebrsin.com^$all
||idoline.org^$all
||ifetel.com^$all
||igansupport.org^$all
||iheartmandalas.com^$all
||iidcgwalior.com^$all
||imageshake.de^$all
||importadoravehicular.com^$all
||inchirieriregimhotelier.net^$all
||indonesiaigo.com^$all
||infonavid.com^$all
||infoum.com^$all
||innotech-maschinenbau.de^$all
||inrussia.org^$all
||insectflix.com^$all
||insidewireman.com^$all
||insovenz.de^$all
||inssigniaproducts.com^$all
||instantsteetview.com^$all
||investopidia.com^$all
||inwexcel.com^$all
||iphonedevtools.com^$all
||iraresource.com^$all
||irlanguge.com^$all
||ishifusion.com^$all
||islandbluecoffee.net^$all
||islandsresturants.com^$all
||isseg.com^$all
||issstenet.com^$all
||itcompraenusa.com^$all
||iteachkinder.com^$all
||itunse.com^$all
||izak.com^$all
||jackwolfkins.de^$all
||jacobsfuneralhome.com^$all
||jailbait-gallery.net^$all
||janethepsychic.co.uk^$all
||jaspe.com^$all
||jcpenmey.com^$all
||jcpenneybenefits.com^$all
||jcpenneyey.com^$all
||jd.cm^$all
||jehblue.com^$all
||jeporady.com^$all
||jerrysappliancecenter.com^$all
||jewelpak.com^$all
||jimmygaorestaurant.com^$all
||jimmysfarmtoys.com^$all
||jira.hannoverscheallgemeinezeitung.de^$all
||jkhols.com^$all
||jlibrary.org^$all
||jmxded100.net^$all
||joannamartinewoolfolk.com^$all
||joaobidu.com^$all
||joblana.com^$all
||joovideo.us^$all
||journeykids.com^$all
||jquerylenslider.com^$all
||jspecialjapan.com^$all
||juanselaverde.com^$all
||jumpstar.com^$all
||juzzbunker.com^$all
||kascarpet.net^$all
||kayoutlets.com^$all
||kbshengyi.com^$all
||kelleyservices.com^$all
||keyrug.com^$all
||keysschools.net^$all
||keystonehoops.com^$all
||keywebtracker.com^$all
||keywordadvisetoolplus.com^$all
||kholsrebates.com^$all
||kickoff.cm^$all
||kindfirls.com^$all
||kit-co2.com^$all
||kitchenmusings.com^$all
||kiwihelme.de^$all
||klana.co.uk^$all
||klaser.com^$all
||kobemo.com^$all
||kodiakproduce.com^$all
||koklsfeedback.com^$all
||komunitaspeduliumatdalung.com^$all
||koon.net^$all
||kootra.com^$all
||kpry.com^$all
||krca.net^$all
||kusakabehifuka.com^$all
||kyxc.com^$all
||kzdress.com^$all
||laarsens-basingstoke.co.uk^$all
||laguiadelocio.com^$all
||lakecumberlandfishingguide.com^$all
||lakeserenespa.com^$all
||landgirlscookeryschool.co.uk^$all
||landhausmitpfiff.de^$all
||lankantunes.com^$all
||lapels.org^$all
||larka.de^$all
||lasierratiresutah.com^$all
||latexanzug.com^$all
||laubergeduvieuxcrozet.com^$all
||lawh.com^$all
||leakz.net^$all
||leapinginto5thgrade.com^$all
||learn.movibaz.us^$all
||learnpack.co.uk^$all
||legavy.com^$all
||legumeloyalist.com^$all
||leipomokauppa.com^$all
||lepac.com^$all
||lesbiot.com^$all
||lezgame.com^$all
||lianasims2.de^$all
||lifellinescreening.com^$all
||lightyearapp.live^$all
||likoer43.de^$all
||linkbaru.com^$all
||linkdin.ca^$all
||linuxdeal.com^$all
||liqudition.com^$all
||liscensecoach.com^$all
||livescom.com^$all
||livetvonlinefree.com^$all
||livingcomforts.com^$all
||llivet.com^$all
||loandaministration.com^$all
||login.reserveamerica.co^$all
||loitech.de^$all
||lojabau2mao.com^$all
||lojaodoreal.com^$all
||lorenagostosa.com^$all
||losingface.com^$all
||louisvuitten.com^$all
||louisvuittin.com^$all
||loveherbal.com^$all
||loverscaughtontape.com^$all
||lowcostparceldelivery.com^$all
||lowe4s.com^$all
||lpaodata.net^$all
||lunettesde.com^$all
||lutherancommunitygrace.net^$all
||luxerycard.com^$all
||lyncdiscoverinternal.ualbera.ca^$all
||lynes-shoes.com^$all
||lyodsbank.com^$all
||m2e6.com^$all
||mabcalculo.com^$all
||maderaplasticamx.com^$all
||madereriasaltillo.com^$all
||maestriasinternacionales.org^$all
||magento.expedia.cm^$all
||magento.fanmail2u.de^$all
||magento.gibco.de^$all
||magento.trannydating.nl^$all
||magoosfurniture.com^$all
||mahabaliexpress.com^$all
||makingfreinds.com^$all
||makisushi.net^$all
||malrboro.com^$all
||maluch.com^$all
||mamapho1.com^$all
||manage.polka-dot.co^$all
||mandourpharmacy.com^$all
||maneige.ca^$all
||manheimauto.com^$all
||manitobaparks.ca^$all
||mannakbbq.com^$all
||manoffashion.com^$all
||mantrafilms.com^$all
||manytears.com^$all
||manyvidd.com^$all
||marisaodonto.com^$all
||maritimeway.com^$all
||marketpalce.com^$all
||marketplace.biosaude.co^$all
||marrottvacationclub.com^$all
||maruces.com^$all
||mascy.com^$all
||mathrubhmi.com^$all
||matomefun.net^$all
||mauriciodenassau.com^$all
||maximcolombia.co^$all
||mbenzusa.com^$all
||mbwjk.de^$all
||mcatbui.net^$all
||mceyecenter.com^$all
||mcgraww-hill.com^$all
||mcjrotc.com^$all
||mckinleyspubri.com^$all
||mdtp.us^$all
||meaganslaw.com^$all
||medherb.de^$all
||medialine.org^$all
||mediasenso.com^$all
||mediationcenter.com^$all
||medicinelodgepom.com^$all
||medigov.com^$all
||medschoolhell.com^$all
||meficare.com^$all
||mega-hookup.com^$all
||megacinemaflix.com^$all
||melbourneactingstudio.com^$all
||mellatmobile.com^$all
||meloxicamsideeffects.org^$all
||metalartsinc.com^$all
||meubelmarkt.com^$all
||meuconsorciobb.com^$all
||mic-river.com^$all
||midasbuy.co^$all
||midiuser.net^$all
||mightylayoutboys.com^$all
||migranteducation.com^$all
||mijaliscomexrestaurant.com^$all
||mijntoeslagen.com^$all
||mili010.com^$all
||minecraft2.com^$all
||minicottage.com^$all
||minnesotagoldendoodles.com^$all
||missgided.com^$all
||mitkindernwachsen.de^$all
||mixreqq.com^$all
||mlgn3usa.com^$all
||mmrafricanfashions.com^$all
||mnspeoplesystem.co.uk^$all
||mobileblitz.com^$all
||mobilehacktool.com^$all
||mobilehomepartstore.com^$all
||mobilr.com^$all
||modestogold.com^$all
||modsey.com^$all
||moenygram.com^$all
||mojsng.com^$all
||mollinsburncarsales.co.uk^$all
||momentsoflife.com^$all
||momsrings.com^$all
||monasteriodepoio.com^$all
||monesupermarket.com^$all
||monyorder.com^$all
||mortgae.com^$all
||motogris.com^$all
||motorjacket.com^$all
||motorradcenter.de^$all
||motorradpartner.com^$all
||motosu.de^$all
||mountaincrestapartments.com^$all
||mountviewchandigarh.com^$all
||moviestube10.com^$all
||mp3juicess.biz^$all
||mpcclubcard.com^$all
||mrtravelers.com^$all
||msephora.com^$all
||muisjes.com^$all
||mujerlunabella.net^$all
||muktimap.co.uk^$all
||multipicatoin.com^$all
||multiquality.tech^$all
||multuimap.co.uk^$all
||mundoftp.com^$all
||musicans-place.de^$all
||musleblaze.com^$all
||mutedvods.com^$all
||blackberry.cm^$all
||carfax.cm^$all
||myaarpmwdocare.com^$all
||myancesty.com^$all
||myanthropologie.com^$all
||myapclassroom.com^$all
||mybkexpiernce.com^$all
||mybodysoul.com^$all
||mybooing.com^$all
||mycarrer.com^$all
||mycips.com^$all
||mycreditonecard.com^$all
||mydicksportinggoods.com^$all
||myebookmaster.com^$all
||myeverydayrewards.com^$all
||myfappening.org^$all
||myfinco.com^$all
||myfirstdegree.com^$all
||myftdi.com^$all
||myhbc.com^$all
||myherbelife.com^$all
||myjobsscotland.co.uk^$all
||mykohs.com^$all
||mylacountybenefit.com^$all
||myliferouch.com^$all
||mynait.ca^$all
||myoceanictwc.com^$all
||mypaneras.com^$all
||mypayback.de^$all
||myqnascloud.com^$all
||myscence.com^$all
||mysunywcc.com^$all
||mythaistlouis.com^$all
||mytruidenity.com^$all
||myvglicredential.com^$all
||myvirtualterminal.com^$all
||myvweizon.com^$all
||myxrt.com^$all
||nactar.com^$all
||nados.co.uk^$all
||nahro.com^$all
||nalcbp.com^$all
||nanacalistar.com^$all
||nanitv.com^$all
||nanoxnutriceuticals.com^$all
||naoffroad.com^$all
||napkimcuong.com^$all
||nartube.com^$all
||nationpage.com^$all
||naturebois.com^$all
||navyfereral.org^$all
||nbkonline.com^$all
||ncscu.com^$all
||neckheavy.com^$all
||nedspipeandsteel.com^$all
||nehalembay.com^$all
||nehra.org^$all
||neipets.com^$all
||neopoets.com^$all
||nesecitountrabajo.com^$all
||nesteggtrailers.com^$all
||netflflix.com^$all
||netflifx.com^$all
||networkredundancy.com^$all
||neuropsicologiacordoba.com^$all
||nevadaspca.com^$all
||newkindofmotherhood.com^$all
||nextflex.com^$all
||nflflagfootball.com^$all
||niagaragazette.com^$all
||nichewines.com^$all
||nigerialatestnews.com^$all
||nikene.com^$all
||nissenusa.com^$all
||niuqiu.com^$all
||njtutoriales.net^$all
||noborobo.com^$all
||nodesjs.org^$all
||nomorerobocalls.com^$all
||nooder.com^$all
||northpoleicecreamshop.com^$all
||norto.com^$all
||nortofn.com^$all
||norwoodcadillac.com^$all
||novadevelooment.com^$all
||novorojencek.com^$all
||carmax.cm^$all
||skyteam.cm^$all
||pcmag.cm^$all
||nexxt.cm^$all
||tillys.cm^$all
||nuken.com^$all
||nursingsa.com^$all
||nutricroq.com^$all
||nutriksystem.com^$all
||nylottery.com^$all
||nyulangoners.com^$all
||o-shohousen.com^$all
||o2tvseriea.com^$all
||obesityonline.org^$all
||obobettermann.de^$all
||oceach.org^$all
||octupus-versand.de^$all
||odincoin-ag.com^$all
||odrivers.com^$all

! https://virustotal.com/gui/url/ca6883e44a103ed205b6225d866719bc51a9301aca937d336dc38610e46c7ea2/community
||58.252.203.71^$all

! a "Yahoo" email claiming I will be locked out if I don't "correct my email"
||yahooo-mail-service.webflow.io^$all

! https://app.any.run/tasks/1dafbc8d-84d8-4e42-a96a-fffdc9d644e7/
||kmspico-official.xyz^$all

! https://forums.malwarebytes.com/topic/292016-keep-getting-outbound-website-blocked-due-to-trojan-cant-find-threats/
||humman.art^$all

! https://www.fortinet.com/blog/threat-research/new-rapperbot-campaign-ddos-attacks
||185.216.71.149^$all

! I misspelled virtualbox's website, landed here
||virutalbox.org^$all
||get.safety-search.com^$all
||safety-search.com^$document

! https://app.any.run/tasks/2de64615-6df3-457f-bfb8-3e207b44667c
||mega.nz/file/2kIAhSSS#RfpDvKxaabLwA-3WA9Qm7HOsYHQg1_g3oMEykkNrZMY^$all
||mega.nz/file/2kIAhSSS^$document
||116.202.5.101^$all

! https://forums.malwarebytes.com/topic/292218-malwarebytes-says-that-vbcexe-is-a-virus-please-help/
! https://threatfox.abuse.ch/ioc/840342/
||193.106.191.160^$all

! https://github.com/AdguardTeam/AdguardFilters/issues/134903
||znakomy.club^$all
||smartlink.name^$all

! https://app.any.run/tasks/2309c8ba-3e9f-41f2-8a5c-f15f7411ac58#
||www.sadeempc.com^$all
||sadeempc.com^$all
||iplogger.org/2AnXe7^$all
||bit.ly/Password-1234-FullSetups^$all
||iplogger.com/Sadeempcfullversins^$all

! https://www.youtube.com/watch?v=xwJJkvIsEJQ
||torrent-protection.com^$all
||downloadfilearea.com^$document

! https://app.any.run/tasks/e5ba6bf3-98ee-46bf-b9ee-406b1bbebe1f
||u8gr576y.cfd^$all
||rotf.lol/BDFG-KZTP-QAYW^$all
||88.198.106.9^$all
! https://app.any.run/tasks/89b3e663-ea70-43fe-89f0-af05c1c9af2e
||95.217.31.208^$all

! https://forums.malwarebytes.com/topic/292452-strange-malwareconnections/
||ns1usaupload.myphotos.cc^$document

! https://github.com/AdguardTeam/AdguardFilters/issues/135924
! https://github.com/DandelionSprout/adfilt/commit/31a32bcef8cfef97a6403f308d64c1991c6b4e8b
! credit to https://github.com/DandelionSprout
||abazelfan.com^$all
||abburmyer.com^$all
||abyamaskor.com^$all
||acelacien.com^$all
||adsvids.com^$all
||agaenteitor.com^$all
||ajestigie.com^$all
||almareepom.com^$all
||alspearowa.com^$all
||amexcadrillon.com^$all
||amgardevoirtor.com^$all
||amoddishor.com^$all
||ardsdusknoiron.com^$all
||arrlnk.com^$all
||arswabluchan.com^$all
||arwartortleer.com^$all
||arwhismura.com^$all
||aslaironer.com^$all
||aslaprason.com^$all
||asnoibator.com^$all
||astkyureman.com^$all
||astoecia.com^$all
||atgallader.com^$all
||attrapincha.com^$all
||audmrk.com^$all
||augnolru.com^$all
||ausoafab.net^$all
||bechatotan.com^$all
||belickitungchan.com^$all
||benumelan.com^$all
||beskittyan.com^$all
||betalonflamechan.com^$all
||betimbur.com^$all
||betjoltiktor.com^$all
||betotodileon.com^$all
||bett2you.org^$all
||bigsport.today^$all
||breakingfeedz.com^$all
||businessenviron.com^$all
||byambipoman.com^$all
||cadbitff.com^$all
||chemitug.net^$all
||civadsoo.net^$all
||clicktracklink.com^$all
||comivolo.com^$all
||consoupow.com^$all
||countriesnews.com^$all
||daizoode.com^$all
||davaifoa.com^$all
||desabrator.com^$all
||dfsdkkka.com^$all
||dodurantom.com^$all
||doflygonan.com^$all
||domakuhitaor.com^$all
||dosamurottom.com^$all
||dugothitachan.com^$all
||dukirliaon.com^$all
||dulillipupan.com^$all
||duponytator.com^$all
||ewoutosh.com^$all
||eyenider.com^$all
||faestara.com^$all
||fdiirjong.com^$all
||fiinann.com^$all
||fiinnancesur.com^$all
||finance2you.org^$all
||finnnann.com^$all
||flymob.com^$all
||forlumineontor.com^$all
||forunfezanttor.com^$all
||forzigzagoonom.com^$all
||fregtrsatnt.com^$all
||funnysack.com^$all
||gdasaasnt.com^$all
||geedoovu.net^$all
||geejooji.com^$all
||getsurv2youu.com^$all
||gfsdloocn.com^$all
||ggetsurveey.com^$all
||gggtrenks.com^$all
||gillynn.com^$all
||gkjoanks.com^$all
||glersakr.com^$all
||gloaphoo.net^$all
||gloolrey.com^$all
||gloudsel.net^$all
||goomaphy.com^$all
||groguzoo.net^$all
||growebads.com^$all
||gtoonfd.com^$all
||haunigre.net^$all
||higheurest.com^$all
||hoanoola.net^$all
||hrenbjkdas.com^$all
||inabsolor.com^$all
||inboldoreer.com^$all
||incorphishor.com^$all
||inkingleran.com^$all
||inpage-push.com^$all
||interdfp.com^$all
||intorterraon.com^$all
||itemolgaer.com^$all
||itgiblean.com^$all
||itnuzleafan.com^$all
||ittorchicer.com^$all
||itzekromom.com^$all
||jeehathu.com^$all
||karsauwi.xyz^$all
||koapsuha.net^$all
||kogutcho.net^$all
||lauhoosh.net^$all
||leethalo.net^$all
||leezoama.net^$all
||loralana.com^$all
||lowdodrioon.com^$all
||lowdurantom.com^$all
||lowlatiasan.com^$all
||lowstaryur.com^$all
||mauchopt.net^$all
||meagplin.com^$all
||meet4youu.com^$all
||mekstolande.com^$all
||moakaumo.com^$all
||moksoxos.com^$all
||mygtmn.com^$all
||naisoops.net^$all
||newprofitcontrol.com^$all
||nieveni.com^$all
||oackoubs.com^$all
||oaphoace.net^$all
||offmachopor.com^$all
||omanala.com^$all
||omasatra.com^$all
||omchimcharchan.com^$all
||omnidokingon.com^$all
||onclickads.net^$all
||onclickrev.com^$all
||onclickserver.com^$all
||onelivetra.com^$all
||onwasrv.com^$all
||onxatutor.com^$all
||oodrampi.com^$all
||oopsoans.xyz^$all
||opcharizardon.com^$all
||opchikoritaan.com^$all
||opchikoritar.com^$all
||opclauncheran.com^$all
||osspalkiaom.com^$all
||ossrhydonr.com^$all
||otrwaram.com^$all
||outaipoma.com^$all
||outseylor.com^$all
||overonixa.com^$all
||overswaloton.com^$all
||overzoruaon.com^$all
||overzubatan.com^$all
||paiwhoki.com^$all
||parumal.com^$all
||pipeschannels.com^$all
||propvideo.net^$all
||psaudous.com^$all
||psoukesh.com^$all
||ptewarin.net^$all
||qarewien.com^$all
||rhendam.com^$all
||ridsilry.net^$all
||rmndme.com^$all
||rndchandelureon.com^$all
||rndmusharnar.com^$all
||roduster.com^$all
||roosteem.net^$all
||rouinfernapean.com^$all
||rtmark.net^$all
||rtrgt2.com^$all
||saimifoa.net^$all
||seevustu.xyz^$all
||serconmp.com^$all
||shoubsee.net^$all
||show-review.com^$all
||sportevents.news^$all
||staixooh.com^$all
||stastips.net^$all
||surv2you.net^$all
||survey2you.org^$all
||tauvoojo.net^$all
||teefuthe.com^$all
||thoamike.xyz^$all
||timecrom.com^$all
||toateeli.net^$all
||toglooman.com^$all
||toshelmeton.com^$all
||tosuicunea.com^$all
||totentacruelor.com^$all
||totogetica.com^$all
||touroumu.com^$all
||tovanillitechan.com^$all
||trads.io^$all
||trenhsmp.com^$all
||trewnhiok.com^$all
||ugroocuw.net^$all
||unampharostor.com^$all
||unbeedrillom.com^$all
||unexeggutorer.com^$all
||ungolbator.com^$all
||untimburra.com^$all
||uparceuson.com^$all
||uplucarioon.com^$all
||uponarticunoer.com^$all
||upregisteelon.com^$all
||urmavite.com^$all
||uwhuglup.net^$all
||vamsoupowoa.com^$all
||vethojoa.net^$all
||vuftouks.com^$all
||whaxanso.net^$all
||whizista.xyz^$all
||wumpeeps.net^$all
||wynather.com^$all
||yacurlik.com^$all
||yarlnk.com^$all
||yonabrar.com^$all
||zagtertda.com^$all
||zoawufoy.net^$all
||139.45.197.239^$all

! https://forums.malwarebytes.com/topic/292537-phishing-x-3/ (account required, credit to https://forums.malwarebytes.com/profile/126832-bradraynor/)
||13ee53.codesandbox.io^$document

! https://forums.malwarebytes.com/topic/292570-malwarebytes-blocked-trojanexe-am-i-safe/
! https://threatfox.abuse.ch/ioc/1024382/
||185.234.247.238^$all

! https://forums.malwarebytes.com/topic/292568-ironmodalcom/
||ironmodal.com^$all

! https://app.any.run/tasks/fbb04c5d-ce57-4eaa-937b-20b014ed7c19#
||rsmerchantservices.com^$all
||oolomos.com^$all
||privacy-tools-for-you-453.com^$all
||gcrpgqhhmf.com^$document
||bestsmartfind.com^$all

! https://app.any.run/tasks/df07016b-df4a-47d2-8ef4-3764547ccb7b (website)
! https://app.any.run/tasks/30bb18a1-ea92-4208-91a1-e1b964930fa5 (file)
! https://threatfox.abuse.ch/ioc/1028938/
||rebrand.ly/McAfeeSecurity2022ActivateDownload^$all
||45.15.157.132^$all

! this is totally not what online malware sandboxes are for, but
! https://tria.ge/221205-15q5dsfb9z/behavioral1#network
||adthereis.buzz^$all
||ftrec.adthereis.buzz^$all
! subdomains
||czudf.adthereis.buzz^$all
||dlaho.adthereis.buzz^$all
||uyfox.adthereis.buzz^$all
||bukwg.adthereis.buzz^$all
||vriuj.adthereis.buzz^$all
||qcfhr.adthereis.buzz^$all
||vmvyu.adthereis.buzz^$all
||sxvne.adthereis.buzz^$all
||tzoca.adthereis.buzz^$all
||vqzao.adthereis.buzz^$all
||stypo.adthereis.buzz^$all
||rzukq.adthereis.buzz^$all
||buvaf.adthereis.buzz^$all
||kmkab.adthereis.buzz^$all
||ecgax.adthereis.buzz^$all
||tfseo.adthereis.buzz^$all
||pydqn.adthereis.buzz^$all
||jspov.adthereis.buzz^$all
||xdaxi.adthereis.buzz^$all
||cxyyv.adthereis.buzz^$all
||rzhxs.adthereis.buzz^$all
||ihclh.adthereis.buzz^$all
||mzqyv.adthereis.buzz^$all
||ovanj.adthereis.buzz^$all
||nnkjm.adthereis.buzz^$all
||zcuea.adthereis.buzz^$all
||mnqre.adthereis.buzz^$all
||vnzdj.adthereis.buzz^$all
||bxauc.adthereis.buzz^$all
||drauy.adthereis.buzz^$all
||gkgfw.adthereis.buzz^$all
||ribsl.adthereis.buzz^$all
||czhif.adthereis.buzz^$all
||cupyx.adthereis.buzz^$all
||ypnjk.adthereis.buzz^$all
||agexq.adthereis.buzz^$all
||ojhjn.adthereis.buzz^$all
||mrmgk.adthereis.buzz^$all
||hwkjq.adthereis.buzz^$all
||povvx.adthereis.buzz^$all
||pkciz.adthereis.buzz^$all
||drpgq.adthereis.buzz^$all
||inrtc.adthereis.buzz^$all
||tifrl.adthereis.buzz^$all
||lqgqc.adthereis.buzz^$all
||hlrjd.adthereis.buzz^$all
||dqnib.adthereis.buzz^$all
||ydhet.adthereis.buzz^$all
||izszd.adthereis.buzz^$all
||lshph.adthereis.buzz^$all
||cclct.adthereis.buzz^$all
||mzstz.adthereis.buzz^$all
||hzuhg.adthereis.buzz^$all
||qkefc.adthereis.buzz^$all
||furbf.adthereis.buzz^$all
||aealu.adthereis.buzz^$all
||imolc.adthereis.buzz^$all
||gjzsn.adthereis.buzz^$all
||rvoko.adthereis.buzz^$all
||jfope.adthereis.buzz^$all
||kngev.adthereis.buzz^$all
||fkpbd.adthereis.buzz^$all
||atyqv.adthereis.buzz^$all
||tfkbt.adthereis.buzz^$all
||ghevg.adthereis.buzz^$all
||mtvam.adthereis.buzz^$all
||zsa0i.adthereis.buzz^$all
||pxzib.adthereis.buzz^$all
||bbpky.adthereis.buzz^$all
||xtfaq.adthereis.buzz^$all
||ggyjx.adthereis.buzz^$all
||wqweo.adthereis.buzz^$all
||ycxds.adthereis.buzz^$all
||vpemr.adthereis.buzz^$all
||updsl.adthereis.buzz^$all
||pnwut.adthereis.buzz^$all
||svgpj.adthereis.buzz^$all
||afmqv.adthereis.buzz^$all
||fcwli.adthereis.buzz^$all
||bejnh.adthereis.buzz^$all
||uzvfz.adthereis.buzz^$all
||eapmj.adthereis.buzz^$all
||hiaxn.adthereis.buzz^$all
||nglkk.adthereis.buzz^$all
||04pl0.adthereis.buzz^$all
||xbufq.adthereis.buzz^$all
||kfchx.adthereis.buzz^$all
||eqtzo.adthereis.buzz^$all
||xkrws.adthereis.buzz^$all
||rabyl.adthereis.buzz^$all
||vrrip.adthereis.buzz^$all
||yrjrq.adthereis.buzz^$all
||oimxs.adthereis.buzz^$all
||mnlnd.adthereis.buzz^$all
||lubpm.adthereis.buzz^$all
||uvcbk.adthereis.buzz^$all
||bhqgv.adthereis.buzz^$all
||jzewf.adthereis.buzz^$all
||edbek.adthereis.buzz^$all
||bmvbj.adthereis.buzz^$all
||wmsxu.adthereis.buzz^$all
||mfxzk.adthereis.buzz^$all

! https://scammer.info/t/i-made-a-game-can-you-test-play-discord-trojan/114861
! https://tria.ge/221208-n68plshh69/behavioral1
||mediafire.com/file/bu394h0oi025wpt/ExtremeUpdate.exe/file^$all
||kqnfkpoccicxiudstqonfotuwsrhuxkwhqjjfsbjhonoubrccy.nl^$all

! https://app.any.run/tasks/82e6d95e-3fd5-4bf6-873e-3d7379d495e3
! https://app.any.run/tasks/25665331-97a5-49a8-9381-eda377347ee5/
||bit.ly/fitgirl-repacks-site^$all
||fitgirl-repacks-site.org^$all
||bluemediafiles.top^$all

! https://forums.malwarebytes.com/topic/292825-outgoing-connection-blocked-due-to-trojan-vbcexe/
||na.luckpool.net^$all

! https://forums.malwarebytes.com/topic/292876-detected-trojan-windowsmicrosoftnetframeworkv4030319applaunchexe/
||tininshassama.xyz^$all

! https://forums.malwarebytes.com/topic/292840-file-detected-windowsmicrosoftnetframeworkv4030319aspnet_compileexe/
||line.publicvm.com^$all
||209.209.41.33^$all
||onedrive.live.com/Download?cid=8BDBA39CCF6B0487&resid=8BDBA39CCF6B0487%21115&authkey=AKzKYXDKF87dXao^$all

! https://bazaar.abuse.ch/sample/a3cafe7d2d20180460c2e581b215d63519a691de2781a66349fd57ea3e5fcfdf/ (https://bazaar.abuse.ch/user/86185858/)
||194.58.108.112^$all

! https://github.com/uBlockOrigin/uAssets/issues/15990
||vlcdownloads.com^$all

! https://github.com/uBlockOrigin/uAssets/issues/16017
! https://app.any.run/tasks/5474c73a-c247-4837-bfd1-a35d08332a5a
! https://app.any.run/tasks/213d5660-7bba-4da6-b9a4-9539201b213c
||t20boltmig.click^$document
||offsebike.cyou^$all

! https://virustotal.com/gui/url/2eeeeba08305b13c205d66f7d9cd6a853bc491688d0e91c0381613066b2566a3/community
||storageapi.fleek.co/65d6137a-aa68-4f10-9b8d-3763e277f165-bucket/fav/indexxxxxx.html^$all

! https://virustotal.com/gui/url/f297b1523c8c0ac766edeccbc5fb099f1c7bd031c29f837a1701e0a1f71a8651/community
||desinvca.ru^$all

! https://github.com/AdguardTeam/AdguardFilters/issues/136390
||glthub.org^$document

! https://forums.malwarebytes.com/topic/293043-fake-notepad-website-with-fake-installer/ (login required)
! credit to https://forums.malwarebytes.com/profile/284536-liteiton/
||nothfnw.shop^$document

! https://github.com/uBlockOrigin/uAssets/pull/16038
||microauth.ru^$all

! https://forums.malwarebytes.com/topic/293076-google-docs-extension-malware/
||goog.goodsearchez.com^$document
||goodsearchez.com^$document

! https://forums.malwarebytes.com/topic/293086-i-keep-getting-data-crypto-mining-trojans-in-my-chrome-extensions-folder/
||daggerhashimoto.eu.nicehash.com^$all

! https://virustotal.com/gui/url/02dc78a55d22ccb88c5609813f90be62723531ba26be696df8259f9820dcae3b/community
||plazaboulevard.com.br^$all

! https://bazaar.abuse.ch/sample/dd022ea963e777dec7fbb6c3f84893961c60a0b72fa26152416a9e75e9879c5d/
||142.93.198.232^$all

! https://virustotal.com/gui/file/9108e1d22d74bc5397b8886edc4f0a84b8906436a648ef8a86f30cf7e08978dd/detection
||bit.ly/3zKpp8y^$all
||mediafire.com/folder/bftfjxk7na4m8/Setup^$all
||mediafire.com/file/kfjdexcnso6l3uk/Installer.rar/file^$all

! https://virustotal.com/gui/file/8b526ce6c0637c72799d1f1944f5d77a821d896c2ffe01cd8c391ed37a175f76
||telegra.ph/TeamViewer-11-16^$all
||gg.gg/teamviewer-prem-free^$all
||mediafire.com/file/z0mvgi2bjbotamf/TeamViewerPremium.rar/file^$all

! https://virustotal.com/gui/file/1727a5f6484628f4493ac2befaf48b47d88376128992c2787959c00b306da048/detection
||bit.ly/3VtsAd2^$document
||mediafire.com/file/umf43herutudu71/After+Effects.rar/file^$all

! https://github.com/DandelionSprout/adfilt/discussions/163#discussioncomment-4502840 (with no adblocker, I got an ad which downloaded https://virustotal.com/gui/file/7c4c570fb381176736d956ee84c5fb01b6e4638fe122e7a2e1f7335d08edb1d6/detection)
||ecomefuk.xyz^$all

! https://app.any.run/tasks/f4e39100-c15b-4cd3-9a2c-3401df4435d4
! https://tria.ge/221227-3mk7jagg99
||thyr65qw.cfd^$all
||5rd5tgh.cfd^$all
||116.203.121.167^$all

! https://www.hybrid-analysis.com/sample/f2e12223da0ae00323260f8dadbdd1596f7ce8fcd2e2520fde0aefc6fd19a88b
! https://tria.ge/221228-3ez1qabh74/behavioral2
! https://virustotal.com/gui/file/0814d32e07768c5387774d03108ea27ff132d4aee72d3f1fc98a6d78ab74d628
||wkcrack.com^$all
||neonhost.click^$all
||157.230.87.146^$all
||sigmarole.cyou^$all
! https://threatfox.abuse.ch/ioc/847757/
||77.73.134.24^$all
! https://app.any.run/tasks/acb995d6-45ba-4680-8c39-b96b7a8574d8
||rotf.lol/2p9fmd8k^$all
||65.108.249.43^$all

! https://github.com/iam-py-test/investigations/blob/main/malware/oceanofgames.com.md
||oceanofgames.com^$all
||easy-learn-tech.info^$all
||51.68.154.128^$all

! https://virustotal.com/gui/url/c4c4913c27814d34be86ee1394ba7706190a2b9f59adade86eaa05126b3258fc/community
||securewebauths.com^$all

! https://virustotal.com/gui/url/25c1299a47deee16de446a1e984b668779afe55cd5429639a112fe8cb6509b68/community
||colorflys.com^$all

! https://app.any.run/tasks/5bdcb423-d8a6-4c4a-bee0-e4817415d96e
! https://virustotal.com/gui/file/f82251f78347ba9a0a0fe6efee7fdfb4a07ef133ec29d4fb816116b194c4f4a2/detection
||116.203.3.152^$all

! shared by https://github.com/JobcenterTycoon
||funnycrack.com^$all

! https://app.any.run/tasks/5f9ddba3-9d5d-45a6-8ab1-37eaca832b2a/
! https://tria.ge/230103-s79qhsfb2z/behavioral2
||gigapurbalinggaa.com^$all
||cutt.ly/V2fZo0l^$all
||bit.ly/3Z8fkxh^$all
||stone10.xyz^$all
||143.198.211.93^$all
||blakbooot.click^$all
||p1nkroze.click^$all
||5.75.173.242^$all

! https://github.com/AdguardTeam/AdguardFilters/issues/139106 (credit to DandelionSprout)
||loadingnow.me^$all
||gsecurecontent.com^$all
||pressizer.net^$all
||sapino.net^$all
||44.236.213.34^$document
||52.24.156.12^$document
||52.25.6.134^$document
||100.20.13.49^$document

! https://tria.ge/230104-qdn6lsfh34/behavioral2
! https://tria.ge/230104-qcf4lsbb81/behavioral2
! https://www.hybrid-analysis.com/sample/a2f1e5de0f6a32a2b202a973b4deebb0f3f3fd0c16001a010594ced932b17a07
! https://virustotal.com/gui/file/a2f1e5de0f6a32a2b202a973b4deebb0f3f3fd0c16001a010594ced932b17a07/detection
||1weset6y.cfd^$all
! https://threatfox.abuse.ch/ioc/1064537/
! https://threatfox.abuse.ch/ioc/1064536/
! https://threatfox.abuse.ch/ioc/1064660/
||88.119.161.188^$all
||88.119.161.19^$all

! https://forums.malwarebytes.com/topic/293448-brute-force-password-attack-on-email-server-from-ip-address-9820013539/?do=findComment&comment=1547922 (account required)
! https://www.abuseipdb.com/check/68.60.77.128 
! delist once there have been no new reports in one week. Probably pointless to list in the first place
||68.60.77.128^$all

! https://app.any.run/tasks/37850881-daef-455e-a60d-7b1a11438955 (just a 7zip download???)
||fitgirlrepack.games^$document
||floppyredirect.click^$all
||losstub.icu^$document

! https://app.any.run/tasks/bdf92208-3c4b-4673-b4f4-4d59299d1201
||fitgirl-repacks.proxy2link.com^$document

! https://app.any.run/tasks/73e0b109-7648-4d44-ac89-c2abd5c0b8f0
||nortvpn-app.com^$document

! https://github.com/hagezi/dns-blocklists/issues/166
||nielviok.cf^$document,popup
||kallarann.gq^$document,popup
||jandin.gq^$document,popup
||web.quoabide.top^$document,popup
||milfme.com^$document,popup
||web.zoneimage.site^$document,popup
||dylacha.tk^$document,popup
||waumari.tk^$document,popup
||web.tumbleceq.in^$document,popup
||web.squirmaccess.site^$document,popup
||track.findb.news^$document,popup
||web.zoombleat.top^$document,popup
||web.grittyago.xyz^$document,popup
||wineshasi.cf^$document,popup
||web.spywax.site^$document,popup
||xonanere.ga^$document,popup
||karindal.ga^$document,popup
||web.aeratevenal.site^$document,popup
||web.cannondate.top^$document,popup
||deugahat.gq^$document,popup
||web.acidicadorn.top^$document,popup
||leelabea.cf^$document,popup
||beladra.cf^$document,popup
||web.actgrovel.site^$document,popup
||ysiquaarac.ga^$document,popup
||web.grincanis.site^$document,popup
||web.spurtparole.top^$document,popup
||llantana.ml^$document,popup
||web.datelovetime.xyz^$document,popup
||lhamad.gq^$document,popup
||web.jazztunnel.top^$document,popup
||quinete.ga^$document,popup
||web.blandfain.site^$document,popup
||web.hanfallow.online^$document,popup
||web.groupabet.site^$document,popup
||tracking.lovematchflirt.com^$document,popup
||tracking.latedreamdate.com^$document,popup
||web.gristwattle.online^$document,popup

! https://bazaar.abuse.ch/sample/971a53dd3d17c44c1f4b21e33c0c161aed411ebb8c4d7f5a47c3cc68849340a5/
||skynetx.com.br^$all
! https://app.any.run/tasks/45e3bc2d-8e87-47b6-b233-cf8bfecbd5b7
||cdt2023.ddns.net^$all

! https://app.any.run/tasks/425c595f-3f93-4d54-abaf-29b7d8c78e1b#
||bit.ly/3G1xJTO^$all
||upload.ee/files/14795098/Installer.rar.html^$all
||upload.ee/download/14795098/e163e4d865031c40167f/Installer.rar^$all

! https://github.com/uBlockOrigin/uAssets/pull/16283
||galeden.cn^$all

! https://virustotal.com/gui/url/ba238fade1efae3c4a22a777ea6d8e7876911ba2762a38e9068be025dae64642/community
! https://app.any.run/tasks/fc749190-7a49-4f62-bfcb-b4262ba6fe8b (my analysis)
||coda.io/d/_dgQ7smav5EW/AP_suCWI^$document

! https://virustotal.com/gui/url/d53cb0004ee89defa498483920b97ff3b414748e05ce7a5af65136b06b19ef6f/community
||tidy-mark.com^$all
||grethychashi.pro^$all
||www.grethychashi.pro^$all

! https://forums.malwarebytes.com/topic/293729-help-please-a-file-trojan-keeps-coming-back-when-i-reboot-my-computer/
||phtgnx.top^$all
||cdn.phtgnx.top^$all
||progriu.top^$all
||cdn.progriu.top^$all

! https://tria.ge/230114-ra56dsch4w/behavioral2
||er76njy.click^$all
||vghu896yh.cfd^$all
! https://threatfox.abuse.ch/ioc/1068340/ and https://threatfox.abuse.ch/ioc/1068341/
||146.70.86.11^$all
||69.46.15.158^$all

! https://github.com/uBlockOrigin/uAssets/issues/16339
||dgemanowhot.com.ua^$all
||onandeggsiswe.com.ua^$all
||ormoredeta.xyz^$all

! https://forums.malwarebytes.com/topic/293881-hijackautoconfigurlprxysvrrst-backdoorfarfli/
||g.agametog.com^$all
||agametog.com^$document

! https://bazaar.abuse.ch/sample/13b4cf644bcb21bc1fe99e77bc919b8114ce44e6f0cca5872b689185c57606bc/
! my analysis (all credit to whoever originally reported this)
! https://www.hybrid-analysis.com/sample/3e79dfe786d64834eca9f37d68c01d433ebbe90bb6f2ca58c0daaf9f8a85f059
! https://tria.ge/230116-1vskgaeb63/behavioral2
! https://threatfox.abuse.ch/ioc/1062895/ and https://threatfox.abuse.ch/ioc/1062522/
||domifybot.com^$all
||79.137.206.138^$all

! https://blog.sucuri.net/2023/01/finding-removing-malware-from-weebly-sites.html
||circuitingratitude.com^$all

! https://forums.malwarebytes.com/topic/294262-fake-firefox-update/ (account required)
! credit to https://forums.malwarebytes.com/profile/3800-porthos/
||84df4578bffsd.info^$all

! https://forums.malwarebytes.com/topic/294335-repeated-blocked-website-trojan-compromised-logs/
||dellenshop.top^$document

! https://forums.malwarebytes.com/topic/294253-infected-paranoid/#comments
||fuzionblox.com^$all

! https://forums.malwarebytes.com/topic/294374-might-have-a-virus/
! https://forums.malwarebytes.com/topic/294372-suspicious-file/
! https://threatfox.abuse.ch/ioc/1073271/
! (my analysis) https://app.any.run/tasks/96fff8ad-199e-4a03-aea3-410214ed18f4
||194.36.177.164^$all

! https://github.com/blocklistproject/Lists/issues/918 (all but one appear dead but added anyway)
||notldoy.xyz^$all
||blendepr.org^$all
||blendevr.org^$all
||blender3d-software.net^$all

! https://github.com/uBlockOrigin/uAssets/issues/16558
! (my analysis) https://tria.ge/230130-pl42csac69/static1
||driveusercontent.us^$document

! https://forums.malwarebytes.com/topic/294473-malware-not-detected-in-malwarebytes/ (account required)
! (my analysis) https://app.any.run/tasks/14b9da67-7f1e-49ff-b73d-26a5d263efbf/
||135.181.41.147^$all

! https://github.com/DesktopECHO/T95-H616-Malware
||ycxrl.com^$all
||ycxrldow.com^$all
||cbphe.com^$all
||cbpheback.com^$all

! https://bazaar.abuse.ch/sample/89da2eee6af1c267e164bd9b24866bcac56588fe67efaf3bdb9aa98afa8cf990/
! https://bazaar.abuse.ch/sample/7df24f04c4df829cd9e643cd9be596d0996b79d1fbb9422c75a17741f10414a4/ (all credit to abusech)
||pusgpaxnddw.top^$all
||qlmhxmwlyhr.top^$all
||qmudnleqjjx.top^$all

! https://github.com/AdguardTeam/AdguardFilters/issues/141376
||watch-online.7oc5b1i3v4iu.top^$all
||7oc5b1i3v4iu.top^$all

! from internal discussion
! https://urlhaus.abuse.ch/url/2524904/
! (my analysis) https://tria.ge/230201-nxx7hsda77/behavioral2
! https://threatfox.abuse.ch/ioc/1067729/
||82.115.223.46^$all

! https://forums.malwarebytes.com/topic/294558-google-customer-reward-program/
||21bustqisw2.top^$document

! from search results
||331454283.jirikrcmar-photography.cz^$all
||jirikrcmar-photography.cz^$document
||dh4jf8fjs.affiliatemarketing.news^$all
||affiliatemarketing.news^$document

! https://forums.malwarebytes.com/topic/294619-trojan-hijack-browser/
! https://app.any.run/tasks/9cdd662f-9642-4406-8797-03f021ce6370
! https://tria.ge/230203-pmtl1saf9t/behavioral1
||ccleaner-download.xyz^$all
||35.181.110.225^$all
||service-domain.xyz^$all

! https://twitter.com/KesaGataMe0/status/1621321884012019712 (https://github.com/AdguardTeam/AdguardFilters/commit/cc46c1f0f0c2a71e989c697fb382cdd68621d366)
||www-biccamera-com.jycfmf.com^$all

! https://virustotal.com/gui/url/7edda570d0f8fae48fac53194950c93137721d5535829d88add851c9bf42a0e2
! (my analysis) https://app.any.run/tasks/1da745f3-0a79-44b4-9490-0ce55609f1e2
||un-titled.co/remain/DNS/index.php$document

! https://virustotal.com/gui/url/7aa7958a7cb1509cd70a8c935c6c3eb96c46f2fc7b05cb3862f9bd9299308627/community
! (my analysis) https://app.any.run/tasks/e795f6aa-589a-4b6f-8352-403b055bdf5d
||hotmail-107217.weeblysite.com^$all

! NSFW: https://app.any.run/tasks/84fe2ec3-067b-4095-8a4f-e74636671351
||message.okaynotification.com^$all
||okaynotification.com^$all
||notice.okaynotification.com^$all
||click.okaynotification.com^$all
||update.okaynotification.com^$all
||now.okaynotification.com^$all
||readnow.okaynotification.com^$all

! https://app.any.run/tasks/04b2bc07-923b-4890-8587-02e360d01ae0
||morecash.click^$all
||gamebee.club^$document

! https://forums.malwarebytes.com/topic/294675-mygov-scamfraudpersonal-detail-theft-alert/ (account required)
! (my analysis) https://app.any.run/tasks/463e490a-12bb-4afd-a496-f5500177b794/
||quickttax.top^$all

! https://github.com/AdguardTeam/AdguardFilters/issues/142226
! https://app.any.run/tasks/91ca9115-952b-479f-8f9d-360e096e558b
||qfdsq.inghesatin.com^$all
||blockadsez.info^$all
||wickedhumankindbarrel.com^$all
||videoadblockerpro.com^$all
||watchadfree.info^$all
||stop-adblocker.info^$all
||ia9j0.top^$all
||yk946.top^$all
||ayybt.top^$all
||yz9iy.top^$all
||9sgqi.top^$all
||pivoms.live^$all
||ys2fr.top^$all
||9elo3.top^$all
||zjvw7.top^$all
||z4r0w.top^$all
||8yqet.top^$all
||wheeshoo.net^$document
||justquiz39.pushalert.co^$all
||easyadblocker.info^$all
||wbofc.top^$all
||x435f.top^$all
||w6got.top^$all
||xk9tx.top^$all
||wiruv.top^$all
||xpdep.top^$all
||shoesauto3.xyz^$document

! https://forums.malwarebytes.com/topic/294740-trojans-will-not-disappear-and-mb-wont-stop-blocking-websites/
! https://threatfox.abuse.ch/ioc/1078147/
||194.87.216.194^$all
! https://www.malware-traffic-analysis.net/2023/02/03/index.html
||yes2food.com^$all
||advertising-check.ru^$all
||softs-lab.ru^$all
||62.204.41.176^$all
||176.113.115.177^$all

! https://threatfox.abuse.ch/ioc/1078856/
! https://twitter.com/1ZRR4H/status/1623067548781539339
||79.137.248.136^$all
||79.137.206.31^$all
||85.192.40.253^$all
||mediafire.com/file/4n5bc37ank892fh/Expert-PC_2023.rar/file^$all

! https://github.com/uBlockOrigin/uAssets/issues/16704
! https://app.any.run/tasks/dbfbbaca-9fd5-4466-8a29-9e0519b77589
! https://virustotal.com/gui/file/f202337f99c730eef56d3be2a7fb92d74c9b5adac799fb0564bc9264f2784f5c/relations
||vserpg.ru^$all

! https://github.com/hagezi/dns-blocklists/issues/324
||teslacar.io^$all

! https://app.any.run/tasks/bcd4633b-931e-4bfc-a874-24d04a136036
||wlbss.inghesatin.com^$all
||xe5j8.inghesatin.com^$all
||ggjt8.inghesatin.com^$all
||world-games.click^$all
||bynsd.top^$all
||8eatj.top^$all
||7ya1q.top^$all
||bhnx4.top^$all
||899h3.top^$all
! https://app.any.run/tasks/53948f39-666f-4083-aa4e-bd5f215d29e2
||dykbo.inghesatin.com^$all
||cqw59.top^$all
||ajfgq.top^$all
||8lmm7.top^$all
||ifmom.top^$all
||yhvua.top^$all
||dejig.live^$all

! https://github.com/iam-py-test/my_filters_001/issues/109
||btc.latest-articles.com^$all
||en.firstgooal.com^$all
||en.rawafedpor.com^$all
||news.istisharaat.com^$all
||ust.aly2um.com^$all
||filestack.live^$all
||0-4.top^$all
||012.bond^$all
||5pm.am^$all
||77w.pw^$all
||7la.la^$all
||9ge.ge^$all
||b-d.bond^$all
||b-i-t-l-y.co^$all
||b-ly.link^$all
||b-y.by^$all
||bit-ly.is^$all
||bit-ly.mobi^$all
||bitly.best^$all
||bitly.email^$all
||bitly.gold^$all
||bitly.network^$all
||c-lick.click^$all
||c-you.cyou^$all
||cc-z.cz^$all
||co-o.co^$all
||cr-7.cc^$all
||cutlinks.biz^$all
||cutlinks.ca^$all
||cutlinks.mobi^$all
||cutlinks.org^$all
||cuturls.net^$all
||d-ev.dev^$all
||fco.to^$all
||fmo.fm^$all
||g-l.gl^$all
||g-y.gy^$all
||gob.co.il^$all
||gov-cn.cloud^$all
||gov.co.ve^$all
||h-air.hair^$all
||i-cu.icu^$all
||i-io.io^$all
||i-n-fo.info^$all
||i-s.is^$all
||icx.cx^$all
||ii-ii.ru^$all
||ilc.lc^$all
||isn.is^$all
||isx.sx^$all
||j-e.je^$all
||l-o.loan^$all
||l-ol.lol^$all
||lbz.bz^$all
||m-n.mn^$all
||mvc.vc^$all
||n-g.ng^$all
||n-z.nz^$all
||obz.bz^$all
||oo-o.co^$all
||oo.coffee^$all
||psu.su^$all
||qis.is^$all
||s-k.sk^$all
||s-b.sb^$all
||s-sh.sh^$all
||sy-s.systems^$all
||t-o.to^$all
||tiny-url.mobi^$all
||ufox.info^$all
||u-mu.mu^$all
||uxe.luxe^$all
||vms.ms^$all
||vv-vip.vip^$all
||vvg.vg^$all
||w-me.me^$all
||w-tw.tw^$all
||w-ws.ws^$all
||wac.ac^$all
||wci.ci^$all
||wst.st^$all
||xx-yz.xyz^$all

! https://github.com/blocklistproject/Lists/issues/933
||jNKmS0zFuEh.click^$all
||pjljo54uk.click^$all
||v1asy4ncr.click^$all
||p5tvhrlw30h.click^$all
||8narwi309.click^$all
||sbjjzdwqg41ps.click^$all
||lrhxz60alkjtik.click^$all
||tvbxrr4ym3.click^$all
||8ebtdbsjsu.click^$all
||eicxz6jfjaw.click^$all

! https://virustotal.com/gui/url/90ec9d3b01d045ba7917ba09722d9063803cf318d08de907e77d421800ed1cc4/community
! (my analysis) https://app.any.run/tasks/f14b7082-e3b1-4a98-84fc-e3c5e3d3b35c
||s44-fhvb.web.app^$all

! https://app.any.run/tasks/77b6a223-4c81-4798-9dc0-a747de6e0f6d
||crackshash.com^$document
||czgovd.com^$all
||pufgilsofp.sbs^$all
||bstnwswrld.com^$document
||news-wobuda.com^$all
||ztzguv.com^$all
||thbstvd.com^$all
||notyfrom.info^$document
||flymylife.info^$all
||ms-82.flymylife.info^$all
||ms-52.flymylife.info^$all
||54trck.xyz^$all
||cxvfh.gesgloven.com^$all
||jorjfordmust.sbs^$all

! https://app.any.run/tasks/f03aaba8-7c21-4316-a6db-cbb9bdbb1db6
! https://app.any.run/tasks/d142bf7d-0363-4bf2-9795-66423bbc9eac
||origincrack.com^$all
||uerqelim91ut.click^$all
||klwukospapf.click^$all
||9bghqk3avg2gnh.click^$all
||6t09fag307ep.click^$all
||bit.ly/3S7o1VK^$all
||mega.nz/file/5w4QWZCR#pYyDSqxzjS4LzhLW9ZYvAWzxhuM3rPGh0wl7r64tDLs^$all
||mega.nz/file/AwQghbKa#GAcaJZR9cIRl3lRWYZhD5gkHtGL8Y63fKOAnCbM-9FU^$all
! https://tria.ge/230216-sgsz3shg3w/behavioral2
! https://threatfox.abuse.ch/ioc/1077934/
||83.217.11.27^$all
! https://virustotal.com/gui/ip-address/77.73.134.35/relations
||77.73.134.35^$all
! https://twitter.com/TrackerC2Bot/status/1620944031030075392
! https://threatfox.abuse.ch/ioc/1077935/
||83.217.11.28^$all

! https://forums.malwarebytes.com/topic/295115-trojan-downloaders-not-detected-by-malwarebytes/ (account required)
! https://virustotal.com/gui/file/a0626a283b6e2cbcacfbcc06c21691aff5e3386d43a76909304b2b0bacf8f45a/relations
||176.57.150.117^$all

! fake tor browser - https://app.any.run/tasks/679e9afa-eb19-4414-a086-e280a779a448
! https://tria.ge/230217-xd8nksgc9x/behavioral2
||ru-torproject.ru^$all
||anapatformacion.org/modules/file/tor/tor-browser.zip^$all

! https://github.com/uBlockOrigin/uAssets/issues/17400
! https://github.com/uBlockOrigin/uAssets/pull/16764#issuecomment-1493992669
! https://app.any.run/tasks/15000d62-df3c-41c4-95fa-b27480049e2d#
||dwnfile.fun^$all
||mpraven.org^$document
||xfiley.me^$all

! https://github.com/uBlockOrigin/uAssets/issues/15937
! https://github.com/uBlockOrigin/uAssets/issues/15937
! https://virustotal.com/gui/url/a70d88ffc974f8d9cc5c3561938e95435d20a12a555e8c10d638d2bee5292165
||install1nstall1.com^$all
||kochava.com^$all
||neptunclicks.com^$all
||arakusus.com^$all
||imgfil.com^$all
||urlcod.com^$all
||tiurll.com^$all
||neppe.studio^$all
||startex3download.com^$all
||gowtos.com^$all
||lomogd.com^$all
||nosnou.com^$all

! https://virustotal.com/gui/url/8ffac07f327a1bc605278ac9cdbc1f6a00ae2efd9d7111ad38790e6031e74072/community
! (my analysis) https://app.any.run/tasks/69b1e739-fa82-487f-92c8-5ba368b25481
||steam.steampoweredartwork.com^$all
||steampoweredartwork.com^$all

! https://github.com/AdguardTeam/AdguardFilters/issues/142771
||wgreplay.fun^$all

! https://virustotal.com/gui/file/aaa1beed5908f05cd7e4dc405ec763deecd6177b0bf78f0faa9cd54eed14bc34/detection
||mesoftwares.vip^$all
||drive.google.com/uc?export=download&confirm=no_antivirus&id=11WhDE3Xy7c5AkKS24P0EzS8S8LUNjIAY^$all

! https://app.any.run/tasks/82180609-bf2b-4565-88cd-e3cb2c8e6456/ (someone else's anyrun, credit to them)
||rebrand.ly/30p0zqg^$all
||telegra.ph/Download-Link-11-24-17^$all
||mediafire.com/file/3sdq84zpxzmoio5/Setup_%2528PAS%2524_5577%2529.rar/file^$all
||95.217.14.200^$all

! https://app.any.run/tasks/1aa45c59-b90f-47a2-8fb9-7915a377055a/
||46.48.76.120^$all

! https://forums.malwarebytes.com/topic/295202-windows-powershell-keeps-popping-up-randomly-and-closing/
! https://virustotal.com/gui/file/d3c9371a1456fd7c4551e18b0c1172a597f86c97e2864bc0b1be632c48da9697/relations
||ahoravideo-blog.com^$all
||ahoravideo-cdn.com^$all
||ahoravideo-endpoint.com^$all
||ahoravideo-endpoint.xyz^$all
||ahoravideo-schnellvpn.com^$all
||ahoravideo-schnellvpn.xyz^$all
||bideo-blog.com^$all
||bideo-cdn.com^$all
||bideo-chat.com^$all
||bideo-chat.xyz^$all
||bideo-endpoint.com^$all
||bideo-endpoint.xyz^$all
||bideo-schnellvpn.com^$all
||bideo-schnellvpn.xyz^$all
||fairu-blog.com^$all
||fairu-cdn.com^$all
||fairu-chat.com^$all
||fairu-chat.xyz^$all
||fairu-endpoint.com^$all
||fairu-endpoint.xyz^$all
||fairu-schnellvpn.com^$all
||fairu-schnellvpn.xyz^$all
||privatproxy-blog.xyz^$all
||privatproxy-cdn.xyz^$all
||privatproxy-chat.com^$all
||privatproxy-endpoint.xyz^$all
||privatproxy-schnellvpn.com^$all
||wmail-blog.xyz^$all
||wmail-cdn.xyz^$all
||wmail-chat.xyz^$all
||wmail-endpoint.xyz^$all
||wmail-schnellvpn.com^$all
||wmail-schnellvpn.xyz^$all

! http://vxvault.net/ViriFiche.php?ID=44753
||adobetmcdn.net^$all

! https://forums.malwarebytes.com/topic/295239-unsure-if-anything-has-been-done/
||tiktok.ti3fsaa.cloud^$all
||ti3fsaa.cloud^$document
! https://app.any.run/tasks/fc4768ad-8cc8-4af7-bd44-d91f5d8c258e
||polo.thegadgetguru.club^$all
||thegadgetguru.club^$all
||setupspeedyhighlyinfo-file.info^$document
||startd0wnload22x.com^$all
||skillfactsim.com^$all
||burningpushing.info^$third-party
! https://urlscan.io/result/ff16e3ca-7cc9-48aa-9028-dae2e7769419/
||catomernsuents.com^$all

! https://www.welivesecurity.com/2023/03/01/blacklotus-uefi-bootkit-myth-confirmed/
||xrepositoryx.name^$all
||erdjknfweklsgwfmewfgref.com^$all
||harrysucksdick.com^$all
||heikickgn.com^$all
||frassirishiproc.com^$all
||myrepository.name^$all
||egscorp.net^$all

! https://forums.malwarebytes.com/topic/295534-rtp-outbound-connection-on-googlewikipedia/
||eatablehelprut.com^$all

! https://forums.malwarebytes.com/topic/295590-malwarebyes-blocks-webite/
||mignished-sility.com^$all

! https://forums.malwarebytes.com/topic/295626-hyjecrgernebultcom-malware-removal-disguised-as-mcafee/
||hyjecr.gernebult.com^$document,xhr,script

! https://forums.malwarebytes.com/topic/295631-blocked-website/
||curvyalpaca.cc^$third-party

! domains farmed from adfly
||zxbfm.ooumoughtcall.com^$all
||ooumoughtcall.com^$document
||s2cp.xyz^$all

! https://github.com/RPiList/specials/issues/948#issuecomment-1458739160
||yuppdownload.com^$all

! https://github.com/AdguardTeam/AdguardFilters/issues/145513
||4b34eusvcxsdublb6f.runoj.click^$all
||runoj.click^$all
! https://github.com/AdguardTeam/AdguardFilters/issues/145513#issuecomment-1468676678
||aesch-mko.com^$document,popup
||agapios-gla.com^$document,popup
||ahura-maz.com^$document,popup
||altwi-cha.com^$document,popup
||artax-evn.com^$document,popup
||balor-ghn.com^$document,popup
||ermin-oxj.info^$document,popup
||gargi-xba.com^$document,popup
||gloos-zus.info^$document,popup
||gronw-zis.com^$document,popup
||harib-eir.info^$document,popup
||heily-nin.com^$document,popup
||iorwe-qmf.com^$document,popup
||kuno-gae.com^$document,popup
||laurentia-kor.com^$document,popup
||menelaus-col.com^$document,popup
||nicomachus-mac.com^$document,popup
||orige-duo.com^$document,popup
||phara-gte.com^$document,popup
||quinctus-isb.com^$document,popup
||sindr-yet.com^$document,popup
||redirect.newprogrammatic.click^$document
||3.231.116.86^$document
||54.237.193.255^$document

! random malware
||moresknock.click^$document
||b7iexw24.cfd^$all
||u1500oyc.cfd^$all
||nzjal5ou.cfd^$all
||krimahoriz.click^$all
||telegra.ph/Software-2023-02-21-6^$document
||en.bestadultdatinglist-com.ru^$document
||fuckbookmobile.org^$document
||theparlornextthef.com^$all
||dtsdr.theparlornextthef.com^$all
||palons.live^$all
||alertci.click^$all
||9ijgfdc4rf56.click^$all
||nbsb7nr44.cfd^$all
||pingatinga.click^$all
||srinaboglad.click^$all
||bvnie.taitlastwebegan.com^$all
||taitlastwebegan.com^$all
||162.243.164.175^$all
||jikabotlan.click^$all
||trackyouswin.com^$all
||tgbhi8i.click^$all
||justfreesetuphere.xyz^$all
||hit5k.one^$all
||zdr566yh.click^$all
||getnomadtblog.com^$all
||urhandups.xyz^$all
||qtgsr.taitlastwebegan.com^$all
||yt93231mn.click^$all
||aswedfcv6ty.click^$all
||i3edtgyu.cfd^$all
||ko04rf8.cfd^$all
||dr6ghyu7.click^$all
||entry4hide.cyou^$all
||ovhoq.nkingwitheaam.com^$all
||nkingwitheaam.com^$all
||niceelitdating.top^$document,popup
||b.niceelitdating.top^$all
||bigosext1s.com^$document

! https://github.com/DandelionSprout/adfilt/issues/808
||jonathanbartz.com^$all
||jp.imonitorsoft.com^$all
||junk-bros.com^$all
||kepw.org^$all
||kristinee.com^$all
||lakeside-fishandchips.com^$all
||108.61.242.65^$all
||146.70.78.43^$all
||87.120.254.39^$all
||45.150.108.213^$all
||92.204.160.240^$all

! https://www.reddit.com/r/uBlockOrigin/comments/1212vbf/badware_risks_fake_tor_browser_site/
||tor-browser-rus.ru^$all

! https://www.reddit.com/r/uBlockOrigin/comments/1204r6t/this_should_probably_be_blocked_if_i_must_say/
||adblockers.b-cdn.net^$all
||pleasetrack.com^$all

! https://github.com/hagezi/dns-blocklists/issues/809
||getsupport-lcloud.com^$all

! https://github.com/uBlockOrigin/uAssets/pull/17424
||octopus-warriors.com^$all

! https://forums.malwarebytes.com/topic/296601-syswow64cmdexe-continous-alert-from-malwarebytes/
||doorspa.shop^$all

! malware
||official-expert.org^$document
||file-uploud.site^$document

! https://github.com/durablenapkin/scamblocklist/issues/31
||balkeryswep.online^$all

! https://github.com/durablenapkin/scamblocklist/issues/29
||youtubee.com^$document
||youtunbe.com^$document
||twiiiter.com^$document
||twitterr.com^$document
||goglle.com^$document
||toyrube.com^$document
||yahhhoo.com^$document

! https://forums.malwarebytes.com/topic/296944-malware-blocked-when-doing-a-google-search/
||prodfliying.com^$all

! https://threatfox.abuse.ch/ioc/1104536/
||js.msedgeupdate.com^$all
||msedgeupdate.com^$all

! https://app.any.run/tasks/00d5d80b-3924-4421-8780-7ba796d7b825
! https://tria.ge/230420-anfn8agb9z/behavioral1
||portalproveedores.com.mx^$all
! https://threatfox.abuse.ch/ioc/1063263/ https://threatfox.abuse.ch/ioc/1028975/
||45.15.157.131^$all

! https://github.com/durablenapkin/scamblocklist/issues/36
||ledgerlivewallets.com^$all
||nanoweb3-rarityledgertech.com^$all
||ledger-liveweb3app.com^$all
||shop-nanox.com^$all
||ledgerlive.mobi^$all
||ledgerlives.live^$all
||ledgers.network^$all

! https://blog.morphisec.com/in2al5d-p3in4er
||cv-builder.site^$all
||siamaster.com.mx^$all

! https://www.reddit.com/r/uBlockOrigin/comments/1304khl/badware_sites/
||actionclassicgames.com^$document
||allin1convert.com^$document
||allinonedocs.com^$document
||anytimeastrology.com^$document
! https://github.com/uBlockOrigin/uAssets/blob/fc2d7bd065b3e79d945fcfdc0da73ff33f6ea089/filters/badware.txt#L3038-L3044 (hopefully I understood the license right, if not, I can delete this)
||myway.com^$all

! https://forums.malwarebytes.com/topic/297334-our-company-website-shows-riskware-from-a-different-domain/
||life.judyfay.com^$all
||xjquery.com^$all

! https://virustotal.com/gui/url/f68044fcf6f1a22b4b1d06cae0dddefa4bd7282377ba16a2a6222379414a6073/community
! https://app.any.run/tasks/ea625e50-b943-4e69-ae48-03231219b07f (my analysis)
||139.224.13.184^$all

! https://www.bleepingcomputer.com/news/security/new-atomic-macos-info-stealing-malware-targets-50-crypto-wallets/
||amos-malware.ru^$all

! https://app.any.run/tasks/5fddd235-4433-4376-9a75-39a28b018f6b
||realtorstrust.com^$all

! https://app.any.run/tasks/d40fc871-4942-4acd-8d6a-d8f4baae1f32
||kuyhaa-me.id^$all
||omnicad.click^$all
||oppodlfile.click^$all
||bit.ly/40K0ug0^$document
||mediafire.com/file/ztx9xrm611hw3z1/NewSetup_Use_2023_Password.rar/file^$all
||37.220.87.68^$all

! https://github.com/durablenapkin/scamblocklist/issues/37
! (my analysis) https://app.any.run/tasks/21412739-6fc1-4a9e-9b35-ad2d8224bb46
! (my analysis) https://tria.ge/230502-nebwkaag58/behavioral1
! (my analysis) https://www.hybrid-analysis.com/sample/d293ec55b0425e8731b17b814b5d9c9abe73b9ee10f8ae808f1ec0f4a969aebe
||youtubebplan.com^$all
||www.youtubebplan.com^$all

! https://forums.malwarebytes.com/topic/297425-annoying-outbound-443-malware/
||87cibrsm009t2lj.buzz^$all

! https://forums.malwarebytes.com/topic/297570-phishing/ (account required)
||0.drroham.ir^$all
||drroham.ir^$document

! shared by ryan
||updatefreecompletelytheproduct.vip^$all

! https://github.com/hagezi/dns-blocklists/issues/1013
||revanced.io^$all

! https://www.reddit.com/r/uBlockOrigin/comments/139u3yf/malicious_domain_to_block_used_by_hacked_manga/
||gdpr.web0.eu^$third-party

! https://forums.malwarebytes.com/topic/297655-malware-and-popup-in-my-pc/?do=findComment&comment=1566331
||threatdetect.org^$all

! https://www.malwarebytes.com/blog/threat-intelligence/2023/05/fake-system-update-drops-new-highly-evasive-loader
||qqtube.ru^$all
||xxxxxxxxxxxxxxx.ru^$all
||activehdd.ru^$all
||oled8kultra.ru^$all
||xhamster-18.ru^$all
||activessd6.ru^$all
||activedebian.ru^$all
||shluhapizdec.ru^$all
||04042023.ru^$all
||clickaineasdfer.ru^$all
||moskovpizda.ru^$all
||pochelvpizdy.ru^$all
||evatds.ru^$all
||click7adilla.ru^$all

! https://virustotal.com/gui/file/dd45a0f40e75b051871fefd4ddb1ce6dcf130d4e172010c0753e01c1a6523666/relations
||zexeq.com^$all
||colisumy.com^$all

! https://virustotal.com/gui/url/4cbb55b62fe8bc2acdaa79d3c4fd3a6d33c0d5eed287bbe655fc117c6bdeb0a3/community
! (my analysis) https://app.any.run/tasks/2de7c1a5-bfe4-4b48-a1e5-b7d8c059cbd0
! (my analysis) https://tria.ge/230512-xhsg6agd4v/static1
||0ffice-3-6-5.ltd^$all
||87.121.221.106^$all

! https://tria.ge/230512-tj6jmadg34
||37.220.87.66^$all
||45.9.74.99^$all

! https://github.com/hagezi/dns-blocklists/issues/1039
||revolut-pl-id.com^$all

! https://github.com/durablenapkin/scamblocklist/issues/47
||elontesla23.pro^$all
||join2musk.com^$all
||teslabrc.com^$all

! https://forums.malwarebytes.com/topic/297825-not-sure-if-i-am-being-hacked/?do=findComment&comment=1567599
||redirection-to-the-offer.info^$document

! https://github.com/uBlockOrigin/uAssets/issues/18115
||maxstream.video/*.php$document
||needyscarcasserole.com^

! https://github.com/durablenapkin/scamblocklist/issues/52
||baltic79.wordpress.com^$all
||visoedifica.com^$all
||balticpipe.wordpress.com^$all
||kneel-offers.com^$all
||dunkansp.info^$all
||finnews7.wordpress.com^$all
||tbg-lmtd.com^$all
||crm2.tbg-lmtd.xyz^$all
||tbg-lmtd.xyz^$all
||fazpowerdenet.tumblr.com^$all
||dgbdhvqpwvplersqjytw.dunkansp.info^$all

! (my analysis) https://tria.ge/230519-1bgzmagd36/behavioral1
! (not my analysis) https://threatfox.abuse.ch/ioc/1115696/
||drive.google.com/uc?export=download&confirm=no_antivirus&id=1A9NdUYUf5k-qcrYlGfffVBqql6g4bLfv^$all
||195.123.227.138^$all

! https://github.com/uBlockOrigin/uAssets/issues/18141
||skytils.net^$all
||skyblockmaniacs.net^$all
||fragbots.net^$all

! https://virustotal.com/gui/url/36d76f53c996bad26ba5656fb33557814a0ddbb55f43c8836daa964d3815db9e/community
! (my analysis) https://app.any.run/tasks/76eeda9c-a72f-4743-83b3-a49f80d0a1ce
||steelseries.club^$all

! https://github.com/badmojr/1Hosts/issues/1407
||easynavigation.site^$document

! https://forums.malwarebytes.com/topic/298168-domclickextxyz
||domclickext.xyz^$all

! https://github.com/hagezi/dns-blocklists/issues/1071
||hard-configurator.com^$all

! https://github.com/uBlockOrigin/uAssets/issues/18206
||fitgirl.cc^$document

! https://github.com/uBlockOrigin/uAssets/issues/18205
||fitgirlrepacksite.com^$document

! https://tria.ge/230525-z8rpnacd92/behavioral2
! https://bazaar.abuse.ch/sample/a76c4f346a0f72cc1fcf8c471abb0ecd2e914c5863a4f4556d884212f8d3b2fb/
||185.209.161.89^$all
||telegra.ph/FL-Studio-05-10^$all

! spam on Malwarebytes forums (taken down)
! https://app.any.run/tasks/c084b570-6946-4878-ab48-8db1dc4ed659
! https://tria.ge/230530-m4zhgshb97/behavioral2
||activatorscrack.com^$all
||ed5tfdhjy.click^$all
||mjko06yh.cfd^$all
||bh998ik.click^$all
||maper.info^$all
||79.137.202.161^$all
||78.46.248.198^$all
||78.47.9.120^$all
||162.55.212.236^$all
||45.159.189.105^$all

! https://www.reddit.com/r/uBlockOrigin/comments/134b450/please_add_adblock_badware/
||softronline.click^$all

! https://github.com/mitchellkrogza/phishing/pull/232#issuecomment-1570214480
||bibtu.com^$all
||xajibur.ru^$all
||ponafet.ru^$all
||baarspo.ru^$all
||crophysi.ru^$all
||gimoguvi.ru^$all

! https://github.com/uBlockOrigin/uAssets/issues/18332
||goglel.com^$all

! https://virustotal.com/gui/url/0ed4615c9ee045c652ae76001f55252a665cacbea0ed623909f8a780cbfd564d/community
! my analysis: https://app.any.run/tasks/0d2fac2a-6485-4d2d-941c-782acfddd966
||mreilly.s3.eu-central-003.backblazeb2.com^$all
||zen-leakey.138-68-80-63.plesk.page^$all

! https://tria.ge/230601-z9q5hsha6v/behavioral1
||softwave.cc^$all

! https://github.com/uBlockOrigin/uAssets/issues/18353
||easylist.club^$all
||ww38.easylist.club^$all

! https://virustotal.com/gui/url/36a5536b1c4ca42b01b31bce4ec0be95192c7204cd83461c3dddff151266ba7b/community
! my analysis: https://tria.ge/230602-t1vhpach4z/behavioral1
||jp6yze3jwx6462c537686e2.inetpr.ru^$all

! https://virustotal.com/gui/url/cb86e12e4d066b4f7b497bf7c9cef0f264db0161cdd55daf91589fd10e97c659/community
! my analysis: https://urlscan.io/result/d059b7b2-f30b-4930-8afd-b0a0fddef658/
||transporting-api-dlhl.crufaoci.org^$all

! https://palant.info/2023/06/02/how-malicious-extensions-hide-running-arbitrary-code/
||tryimv3srvsts.com^$all

! https://forums.malwarebytes.com/topic/298691-my-aspnet-website-infected-with-some-wired-malware/
||usaday.biz^$all
||abu.usaday.biz^$all
||us.usaday.biz^$all
||onepro.club^$all
||c822c1b63853ed273b89687ac505f9fa.onepro.club^$all
||738aa8d3bc02eb8712acd0eb2cf6dfd5.onepro.club^$all
||241fe8af1e038118cd817048a65f803e.onepro.club^$all
||ba9bf05693b9fa202d922dd43a08f281.onepro.club^$all
! https://tria.ge/230607-m9fmkaac6w/behavioral1
||rewardarium.com^$document
! https://tria.ge/230607-m9fmkaac6w/behavioral2
||acarcheartheles.com^$document

! malware on youtube - https://bazaar.abuse.ch/sample/4d152234f168692459b482981f469e96e4f933360295cd64f5089370a4b07118/
||boraflow.click^$all
! https://tria.ge/230607-zarl1aff36/behavioral1
||65.21.240.228^$all

! more malware on YT - https://bazaar.abuse.ch/sample/bb02043cb749f91364f655b35404dc37e517d6aa7cdcbf474bee1fa6be5abe5f/
! https://tria.ge/230607-z5gqaaga69/behavioral2
||telegra.ph/T-Soft-06-02^$all

! https://github.com/StevenBlack/hosts/issues/2250#issuecomment-1582846967
! my analysis: https://app.any.run/tasks/b359cc64-2f3b-44e9-8d60-ebe6f9788bf8
||skinport.com.mx^$all

! https://virustotal.com/gui/file/c1fd1add4ffabaa9e5ab244b5fa4b14aba53af379d5d59ae38f9e16e27fc1360/community (shared by JaffaCakes118)
||doenerium.kqnfkpoccicxiudstqonfotuwsrhuxkwhqjjfsbjhonoubrccy.nl^$all

! https://forums.malwarebytes.com/topic/298978-potential-threat-blocked-website-appears-malicious-scan-says-virus-free/
||garuq.com^$all

! https://bazaar.abuse.ch/sample/d41166f1c8bbd3c6bbac0f5c96c4dc867d501c3ce5aeb056686ffa28652facef/ (not my sample, credit to r3dbU7z)
! my analysis (dropped file): https://tria.ge/230611-paf56ahg4v/behavioral2
! my analysis (dropped file): https://app.any.run/tasks/e1f1f0fa-8d92-4270-b422-801cfe91d189
||josemonila.ddnsfree.com^$all

! https://github.com/StevenBlack/hosts/issues/2358
||assistant-chronopost.com^$all
! https://virustotal.com/gui/ip-address/213.226.123.202/relations
||canadapost-tracking.net^$document

! https://github.com/badmojr/1Hosts/issues/1482
||aoikerala.in^$all

! https://virustotal.com/gui/file/7840cb8d12d3a20f265802531f19e7d58928167a37a58b631fa468d78e417a14/community
! my analysis: https://app.any.run/tasks/864669a8-c96e-4971-9810-1427b4343120
||promo-cccleaner.org^$all
||5.42.66.3^$document

! https://tria.ge/230623-r72t8sfe33
||45.15.159.27^$all

! https://tria.ge/230623-25exssae3x/behavioral1
! https://app.any.run/tasks/036fbeb1-adc1-4f00-93ec-aa337f7b05dd
||scholadvice.com^$all
||pejik.com^$all
||bthp.com.pk^$all
||dokumentasoluciones.com^$all
||208.67.104.60^$all

! https://forums.malwarebytes.com/topic/299263-claims-to-be-google-bard-ai/ (account required)
||sites.google.com/view/newbardai^$all

! https://forums.malwarebytes.com/topic/299557-malware-sample-suspected-crypto-stealer/ (account required)
! my analysis: https://tria.ge/230629-tq712aeb59/behavioral1
||infinitycrypto.app^$all
||store1.gofile.io/download/direct/d8c2a667-c088-4a39-9cdd-efe0b47d735c/InfinityWallet-Setup.exe^$all
||infinitywallet-dapps.b-cdn.net^$all
||167.86.74.95^$all

! https://github.com/uBlockOrigin/uAssets/pull/18686
||roundyearfun.com^$all

! https://github.com/uBlockOrigin/uAssets/issues/18678
||nekogram.org^$all
||t188telegram.xyz^$all
||websocket40001.hgspz.com^$all
||netkefu.hgspz.com^$all
||imganalyze.hgspz.com^$all
||www.tellegrom.xyz^$all

! https://forums.malwarebytes.com/topic/299589-suspicious-file/ (account required)
! my analysis: https://tria.ge/230630-tngfaseg9t/behavioral1
||biustargamez.itch.io^$all
||213.255.247.174^$all

! https://forums.malwarebytes.com/topic/299435-help-with-redirects-on-my-google-browser/
||searchokay.com^$document
||srvtrck.com^$document
||r.srvtrck.com^$all
! malware infection:
! Edge Extension: (Apps) - C:\Users\User2\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pejhfhcoekcajgokallhmklcjkkeemgj [2023-06-24] [UpdateUrl:hxxps://extappupdate.com/crx/updates.xml] <==== ATTENTION
! Edge HKLM\...\Edge\Extension: [pejhfhcoekcajgokallhmklcjkkeemgj] - C:\\apps.crx [2022-11-27]
! CHR Extension: (Apps) - C:\Users\User2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pejhfhcoekcajgokallhmklcjkkeemgj [2023-06-24] [UpdateUrl:hxxps://extappupdate.com/crx/updates.xml] <==== ATTENTION
||extappupdate.com^$all
! CHR DefaultSearchURL: Profile 1 -> hxxps://find.fnavigate-now.com/results.aspx?d=092122&n=9998&q={searchTerms}&gd=RD1002806&searchsource=58
||find.fnavigate-now.com^$document

! https://tria.ge/230707-zfx1zacf4s/behavioral1
! https://tria.ge/230709-z9e29aga59/behavioral1
! https://tria.ge/230711-xsyf6abf3y/behavioral2
||5.42.86.86^$all
||77.105.147.158^$all

! https://virustotal.com/gui/url/ff883d9b80c27b78b2b303c12d3e57d5a2664ac35ccf41fdd6bbdbfbb97b613f/community (credit to IceFlame)
! my analysis: https://app.any.run/tasks/c386fa43-f566-4df4-a7d9-61f387da92f3
||southbayleadgen.com^$all

! https://app.any.run/tasks/2e736410-ed5d-4c7e-9eb2-79ee3c578f37
||ezsoftware.fun^$all
! https://tria.ge/230710-yhtkwsec9y/behavioral2
||185.106.93.193^$all

! https://github.com/AdguardTeam/AdguardFilters/issues/155936
||truanet.com^$document

! https://www.malwarebytes.com/blog/threat-intelligence/2023/07/malicious-ad-for-usps-phishes-for-jpmorgan-chase-credentials
||logictrackngs.com^$all
||super-trackings.com^$all
||web-trackings.com^$all
||tracks4me.biz^$all
||forgetrackng.com^$all

! https://virustotal.com/gui/url/18581d709d6be180d2cd174b888202020b54b086aa1efc9365ea6ebf742d0217
! my analysis: https://app.any.run/tasks/827c21c1-e63b-4fad-9000-2955bc5b81e3
||chijkkkll.pages.dev^$all
||decentrall.online^$all

! https://tria.ge/230711-tmceyshg22/behavioral2
||thepcworlds.com^$all
||tdamassoficial.com^$all
||t.me/rifbef734frbe43jfef^$all
||t.me/eagl3z^$all
||193.27.90.10^$all
||5.75.211.167^$all
/PASSWD_2023_ThePcworldsPublics.rar|$all

! https://tria.ge/230711-yl3yqsaf52/behavioral1
! https://tria.ge/230711-1gyjkaag79/behavioral1
||reserchvpn.com^$all

! https://app.any.run/tasks/5de2b47e-fc4e-489b-a6b6-04454c4b61de
! https://tria.ge/230711-1xcxssbh5z/behavioral1
||razesoft.mdetecnologia.com^$all

! infected VM
||lvsgj.ourmarketingefi.info^$all
||allcommonstories.com^$all
||m.allcommonstories.com^$all

! https://github.com/uBlockOrigin/uAssets/issues/18963
||fitgirl-repack.com^$all

! https://forums.malwarebytes.com/topic/300219-outbound-traffic-alerts-from-malwarebytes/
! not my analysis: https://app.any.run/tasks/586f952d-141e-4dae-a4c4-73523cde2f5a/
! not my analysis: https://app.any.run/tasks/523b7f48-dae3-4854-b944-1facb01f8645/
||62.182.156.148^$all
! https://forums.malwarebytes.com/topic/301834-pretty-sure-i-have-a-nasty-rat-msbuild-outgoing-being-blocked-constantly/
||spexjs.com^$document

! https://app.any.run/tasks/1aabe39d-a1f9-41e4-81b3-9e84a174ffc5
||95.216.94.138^$all

! malware download
||kellmda.click^$all

! many malware YouTube videos
||te.legra.ph/Download-07-02-11^$all
||telegra.ph/Download-07-02-11^$all

! malware
||lorealis.vip^$document

! https://tria.ge/230717-phq1bscd4y/behavioral2
||85.208.139.35^$all
||95.216.94.138^$all

! https://urlhaus.abuse.ch/url/2684551/
||updateadobeflash.website^$all

! https://www.bleepingcomputer.com/news/security/hackers-exploiting-critical-wordpress-woocommerce-payments-bug/
||194.169.175.93^$all

! https://github.com/hagezi/dns-blocklists/issues/1327
||bgrfmi.com^$all
||bpdnct.com^$all
||bphfmm.com^$all
||eweukr.com^$all
||gycqna.com^$all
||hcafpg.com^$all
||ingzhe.com^$all
||irtvro.com^$all
||jggjh.com^$all
||mnawew.com^$all
||nlxini.com^$all
||nvcrcf.com^$all
||qmsvnh.com^$all
||ritedn.com^$all
||rrtype.com^$all
||vgrcxa.com^$all
||vgsksc.com^$all
||whcfmp.com^$all
||xyzgnc.com^$all
||jhzhis.com^$all
||udwuyw.com^$all
||zayatr.com^$all

! https://forums.malwarebytes.com/topic/300300-inbound-connections-attempts-sfc-found-corrupt-files-am-i-infected/
||zappiehost.com^$all
||tchangway.hk^$all

! https://virustotal.com/gui/url/044d4e3d1e58f48e42cfb936d6ce3ab244bc85b8f0b1d5a84f3916584156bbd2/community
! my analysis: https://app.any.run/tasks/9ead09a0-6f56-477b-8a27-9a85c5a803e6
||bafkreibm2c232v5uuz7vkxcdkwdjye6oaoasxg5zkye7y3oyodm6olulou.ipfs.dweb.link^$all
||lkalzzop.online^$all

! https://virustotal.com/gui/url/1696219caa54a048bb1fa0c1e95aaf80b7336ddcbdcca5a2c24ae2847a62cd03/community
! https://app.any.run/tasks/bce8c275-c977-46ee-bf0b-df5b0d9b2386
||softwarextra.com^$all
! https://tria.ge/230720-29xy6sba84/behavioral1
||tds-packages-update.com^$all
||168.119.178.159^$all

! https://virustotal.com/gui/url/b3657b1279397010fa1735997ddd8605ff2093d50147387b5bf2ef5abace0509/community
! my analysis: https://tria.ge/230720-3lb78sbb48/behavioral1
||tracking-express-ups.com^$all

! malware download: https://virustotal.com/gui/url/8d6014420a75e2f33b9a2c1c2e33984df5e6ce0a178c8275af498251f02f1500/detection
||nht42we.click^$all
||3efrewss.click^$all
! https://tria.ge/230721-y239fahc9y/behavioral2
||gstatic-node.io^$all
! https://virustotal.com/gui/url/ad56257de36b1955113d7894423cc4d5b37d07ed5ade66b1fad5e73b830b1467/detection
||freesoftonic.cc^$all
||kitchx.click^$all
||ki8hy78.click^$all

! not my analysis: https://tria.ge/230721-bh1mwaca9x/behavioral2 (credit to Neiki)
||cdn-prok.site^$document

! https://tria.ge/230719-sww1aahh3z/behavioral2
||igsufb.top^$all

! https://app.any.run/tasks/87d4e9bb-6697-4a2e-9323-fa5b403ed161/ (not my analysis)
! my analysis: https://tria.ge/230723-pzsv9aef9y/behavioral2
||45.9.74.141^$all
||45.9.74.166^$all

! not my analysis: https://tria.ge/230723-zxzacshc8y/behavioral1
||168.119.51.197^$all

! https://github.com/blocklistproject/Lists/issues/1051
||posthu-parcel.com^$all

! https://tria.ge/230724-w9z6mshb5t/behavioral1
||fast.dope.autos^$document
||gesmart.site^$all
||sanseemp.com^$document
||upgrade-phone.club^$all
! https://virustotal.com/gui/ip-address/207.154.243.69/relations
||update-smart.club^$document
||cleaner-update.club^$document
||speedupdate.club^$document
||good-update.club^$document

! https://forums.malwarebytes.com/topic/300624-trojan-scr/ (account required)
||eclatearns.documentbusinesses.online^$all
||documentbusinesses.online^$document

! https://virustotal.com/gui/url/f62b759f779f1c100fb67073edc12ccf1c955466603fbecac871e8942d1d6c04/community
! my analysis: https://app.any.run/tasks/d8e8ee8f-9132-4adf-a656-db398ff6570b/
||formulagile.xyz^$all

! https://forums.malwarebytes.com/topic/300693-fake-steam-login/ (account required)
||csgofloat.br.com^$all

! https://virustotal.com/gui/file/48987d9c89542a8cb4f8d34eb34902a4762cc8643c0e491deb6115907db4887b/detection
||licensevilla.com^$all
||kemmakhao.click^$all
||24.199.69.78^$all
! https://tria.ge/230730-23lybsbf53/behavioral2
||trapmusics.xyz^$all
||hopvibestravel.co.za^$document
||49.13.60.242^$all

! https://github.com/uBlockOrigin/uAssets/issues/19248
! https://www.reddit.com/r/uBlockOrigin/comments/15hxgnd/why_ublock_blocks_revanced/
||revanced.net^$all

! https://forums.malwarebytes.com/topic/300835-infected-android-chrome-popups-sycaratecom-and-psequeldegastecom/
||psequeldegaste.com^$all

! https://0xacab.org/my-privacy-dns/matrix/-/issues/648114
! https://tria.ge/230805-s5szzsde27/behavioral1
||thehipsteragency.com^$all

! https://github.com/uBlockOrigin/uAssets/issues/19287
||keen-chaussure.fr^$document
||keen-france.fr^$all
||keenshoesfrance.com^$document
||keenfrance.fr^$document
||keen-fr.com^$document
||keen-chaussures.com^$document
||keenfrancefr.com^$document
||keenfr.com^$document
||keen-chaussures.fr^$document

! https://github.com/hagezi/dns-blocklists/pull/1405
||pnsys.info^$all
||drto.info^$all

! https://tria.ge/230810-1l7ysshc39/behavioral1
||dowloadkeepfilezzz.website^$all
||dowloadslek2.website^$popup

! https://virustotal.com/gui/url/5e2bca9dd17e62cc262c1b690311a5585dc8833be8907012560f875948cd1b56/community
||firebasestorage.googleapis.com/v0/b/atualizarcontratos.appspot.com/o/WEBLOCK01.html$all
! my analysis: https://tria.ge/230815-ntkr1scd9z/behavioral1
||gerentesbp.live^$document

! https://forums.malwarebytes.com/topic/301391-can-you-check-if-im-infected/
! https://forums.malwarebytes.com/topic/301390-possible-malware-ransomware-targetting-digital-ads-managers/ (account required)
! https://tria.ge/230819-mm3htaaf9x/behavioral1
||dropbox.com/scl/fi/r3firsxixp8h4qv69gurt/A.Objectives-of-Facebook-Marketing-AD-Campaign-2023-NEW-Obag-Handbags.zip$all

! https://0xacab.org/my-privacy-dns/matrix/-/issues/651731
! https://tria.ge/230819-2dtlwaeb3w/behavioral1
||ttschmidt.de^$all
||ionos.es.ttschmidt.de^$all
||mail.ionos.es.ttschmidt.de^$all
||www.mail.ionos.es.ttschmidt.de^$all

! https://virustotal.com/gui/url/1047e6ba16911079c6d9864f20014160a6f8595fcc9bec477e969ea9aee02e75/community
! my analysis: https://tria.ge/230821-m1ph4seb6w/behavioral1
||tfdee.tempurl.host^$document

! https://github.com/hagezi/dns-blocklists/issues/1467
! https://tria.ge/230824-njm5dsdg2z/behavioral1
||revanced.info^$all

! https://virustotal.com/gui/url/9a4ac61a77f8bbf751b94f4ba1d0196cce57cf3bb5cb05fb030033ae42c7e67d/community
! my analysis: https://tria.ge/230829-mw1qksfa41/behavioral1
||changzhoujijinxuexi.cn^$all
||qftwpl.icu^$all

! https://www.bleepingcomputer.com/news/security/childrens-snack-recalled-after-its-website-caught-serving-porn/
||appykidsco.com^$document

! https://github.com/hagezi/dns-blocklists/issues/1532
||corrpls-it-cl.top^$all

! https://www.youtube.com/watch?v=DUbemJF_3zE
/wp-admin/Install.exe|$document

! https://www.bleepingcomputer.com/news/security/evil-telegram-android-apps-on-google-play-infected-60k-with-spyware/
||telegrnm.org^$all
||sg.telegrnm.org^$all

! https://www.bleepingcomputer.com/news/security/free-download-manager-site-redirected-linux-users-to-malware-for-years/
||fdmpkg.org^$all
||deb.fdmpkg.org^$all

! from DandelionSprout
||mobiilipaivitys.com^$all

! https://github.com/hagezi/dns-blocklists/issues/1574
||blogspot.edolio5.com^$document
||pdfviewer.app^$document
||efsyn.news^$document
||zougla.news^$document
||tvxs.news^$document
||lubentv.com^$document
||emvolio-gov.gr^$document

! https://github.com/AdguardTeam/AdguardFilters/issues/161711
||yourfirstfunnelchallenge.com^

! https://github.com/libre-tube/LibreTube/issues/4409#issuecomment-1722268425
||libretube.app^$all

! https://virustotal.com/gui/url/51a5c613fa07f8301aa68fa16e7307dbf3bf0b0dcfa015632895d7ebf7ca36d3/community
! my analysis: https://tria.ge/230918-nj1eqagh7x/behavioral1
||bookingcomdetails.$document

! from alex-302 (https://listauthorschat.slack.com/archives/C010PK1A022/p1695126381709399)
||urnigarted.com^$all

! from ryanbr (https://listauthorschat.slack.com/archives/C05G8V3NERH/p1695384508520369)
! https://infosec.exchange/@iampytest1/111110261616364360
! https://github.com/AdguardTeam/AdGuardSDNSFilter/issues/1488
!!! ||bsc-dataseed1.binance.org^
||ioiubby73b1n.com^

! https://github.com/hagezi/dns-blocklists/issues/1615
||zlibrary-africa.se^$all

! https://infosec.exchange/@iampytest1/111128685460057192
||uspscd.com^$all

! https://github.com/hagezi/dns-blocklists/issues/1631
||nightnitroglass.com^$all
||whitelinetosplit.com^$document
||from.whitelinetosplit.com^$all
||bluesmallbutterfly.com^$document
||0.bluesmallbutterfly.com^$all

! https://www.bleepingcomputer.com/news/security/fake-bitwarden-sites-push-new-zenrat-password-stealing-malware/
||bitwariden.com^$all
||crazygameis.com^$all

! https://github.com/hagezi/dns-blocklists/issues/1640
||uskjnx.top^$all
||usplod.top^$all

! https://github.com/DandelionSprout/adfilt/discussions/779#discussioncomment-7137675
||pl.coe777.com^$document
||86pmafno21mst.com^$all
!#if ext_ublock
ostrowlubelski.pl##^responseheader(location)
!#endif
!#if adguard
||ostrowlubelski.pl^$removeheader=location
!#endif

! https://virustotal.com/gui/domain/login-office365.info/community
||login-office365.info^$all

! https://virustotal.com/gui/url/69605c3cbd15c8e60dd1f96874f84ae23c73c87bcba7e2b9273e43262f38f2c9/community
! my analysis: https://tria.ge/231002-nx5xcshg8s/behavioral1
||tr22k8eo3d4l9rtt7ezm.uv2y.ru^$all

! https://web.archive.org/web/20231002133931/https://forums.malwarebytes.com/topic/302965-rtp-detection-trojan/
||178.20.47.114^$all

! https://github.com/dhowe/AdNauseam/issues/2405
! my analysis: https://tria.ge/231002-r1qtdsbf71/behavioral1
||reepittens.com^$all
! my analysis: https://tria.ge/231002-r3eh5sbf9y/behavioral1
||torixibre.com^$all
||qyt8pi.torixibre.com^$all
! my analysis: https://tria.ge/231002-r6zcqadd47/behavioral1
||anybodyproper.com^$document
||violationphysics.click^$all
! my analysis: https://tria.ge/231002-r8fndsdd57/behavioral1
||buadss.com^$all
||dateadore.com^$document

! https://github.com/hagezi/dns-blocklists/issues/1652
||scribdbook.top^$all
||librilibs.com^$all
||dleggere.com^$all
! my analysis: https://tria.ge/231002-w6m2xadg3s/behavioral1
||xn4iqv.succyarthyry.com^$all
! https://virustotal.com/gui/domain/succyarthyry.com/relations
||kxkxgw.succyarthyry.com^$all
||581358.succyarthyry.com^$all
||2ntrfi.succyarthyry.com^$all
||fjvv2i.succyarthyry.com^$all
||hyjecr.succyarthyry.com^$all
||mkhvuv.succyarthyry.com^$all
||37yito.succyarthyry.com^$all
||0wvghk.succyarthyry.com^$all
||invv7n.succyarthyry.com^$all
||nze0xw.succyarthyry.com^$all
||ixzc4t.succyarthyry.com^$all
||bdhze4.succyarthyry.com^$all
||hzgsp3.succyarthyry.com^$all
||qwwnvw.succyarthyry.com^$all

! https://urlhaus.abuse.ch/url/2716031/
! my analysis: https://tria.ge/231003-neebpaca39/behavioral1
||meshitislaw.com^$all
||uploaddeimagens.com.br^$all
||coloradokibosafarihostel.co.tz^$all

! https://urlhaus.abuse.ch/url/2716407/
! my analysis: https://tria.ge/231004-va4t4sdb3x/behavioral1
||qpurrybeatmecamtest.ddns.net^$all
||www.transportesevaristomadero.com/profilecontent/*.exe$document

! https://virustotal.com/gui/file/3b08d4a26c787252cf1a485ae91982e9afd5bee4324402737dcb519b68a1c224/relations
! added after email - unsure where I found this in the first place
||millionjobs.works^$all

! https://github.com/libre-tube/LibreTube/issues/4409
||libretube.net^$all
||libretube.$document
||libretubeapk.$document

! https://securityintelligence.com/posts/x-force-uncovers-global-netscaler-gateway-credential-harvesting-campaign/
||jscloud.ink^$all
||jscloud.live^$all
||jscloud.biz^$all
||jscdn.biz^$all
||cloudjs.live^$all

! https://virustotal.com/gui/url/c7f655bd7dfc420f022a96a30214460372a6ab74d6ed24ada16809bb9bf3dfa8/community
! my analysis: https://web.archive.org/web/https://tria.ge/231008-w9akzsfb7v/behavioral1
||weibo-b5game.com^$all

! https://tria.ge/231009-m46lssed76/behavioral1 (cloudflared)
||videocampaign.co^$document
||myreloads.com^$all
||viimsical.com^$document
||s.viimsical.com^$popup
/fkB225bp9B03IzhMTD-qV-nJq3iBCLf19BrRGtaIxfU/?cid=$popup,third-party
/ZslvDO9tazAAM8cZhxdHFHsjpLRRnkJZ1AOLiLfLja8/?clck=*&sid=$document
||inroadslab.com^$all
||happeningurinepomposity.com^$document
||instantgreenapp.com^$document
||free.instantgreenapp.com^$document
||secure.instantgreenapp.com^$document

! https://github.com/uBlockOrigin/uAssets/issues/20036
||www.ssp.sp.gov.br/ead/report/video/video_$document
||www.ssp.sp.gov.br/ead/auth/video/video_$document
||googleseo.life^
||js.eventbr.xyz/vip/crazy.js
||br.zmdesf.cn/br.js
||a5jogo.club^$all
||v37870.com^
||coe777.com^
||sites.uft.edu.br/topama/news.php$document
||pmf.sc.gov.br/arquivos/br.php^$all
! https://web.archive.org/web/20231010220704/https://tria.ge/231010-1rdl5sfg68/behavioral1
||tiger.qnews.media^$third-party
||imbolexabc.top^$all
||s8bet.com^$document

! https://www.fortinet.com/blog/threat-research/Iz1h9-campaign-enhances-arsenal-with-scores-of-exploits
||194.180.48.100^$all
||2.56.59.215^$all
||212.192.241.72^$all

! https://tria.ge/231014-mgpprscc8y/behavioral1
||unawarelinkedlaid.com^$all
||unacceptableironicaldrone.com^$all
||suchbasementdarn.com^$all
||beakerweedjazz.com^$all
||pcsafetysurvey.com^$all
||veritiesgarlejobade.com^$all
||amazingcontent.site^$all
||loading.amazingcontent.site^$all
||6chd.loading.amazingcontent.site^$all
||cadrctlnk.com^$document
||clickmint3.online^$all
||e9a53154b4.com^$all
||50b1f7a005.e9a53154b4.com^$all
||systemsecurity.click^$all
||i39ay.top^$all
||pupur.pro^$all
||alleubreakyailb.click^$all
||karoon.xyz^$all
||eu.karoon.xyz^$all
||kident.xyz^$all
||news-sitogi.com^$all

! https://github.com/hagezi/dns-blocklists/issues/1703
||metabrastaxenis.com^$all
||ouisuamprert.com^$all
||scincormatize.com^$all
||nobistech.net^$all

! https://github.com/hagezi/dns-blocklists/issues/1706
||qlsn5.ru.com^$all

! https://github.com/durablenapkin/scamblocklist/issues/66
||arduino.uk.eu.org^$all

! https://github.com/hagezi/dns-blocklists/issues/1708
||bestcrutches.com^$all

! https://infosec.exchange/@briankrebs/111261826129123343
! https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
||ķeepass.info^$all
||ķeepass.$document

! https://forums.malwarebytes.com/topic/303708-worried-about-drive-by-download-from-typoed-address/ (parked)
||oldreddit.com^$document

! https://virustotal.com/gui/url/7fac2ed0a0a33321bb46c53455d754d0275f23f747d437aa7fb5080dc722c59e/community
||qrone1vs.top^$all

! https://forums.malwarebytes.com/topic/303710-caspolexe-causing-website-blocked-due-to-riskware-in-malwarebytes/
||iniwork.4cloud.click^$document

! https://tria.ge/231022-r7pjxahh3w/behavioral1
||idolforloves.sbs^$document

! https://github.com/hagezi/dns-blocklists/issues/1744
! https://github.com/uBlockOrigin/uAssets/pull/20247
||magiskzip.net^$all
||magiskmanagerroot.com^$all
! https://github.com/topjohnwu/Magisk/issues/3435
||magisk.download^$all
||magiskmanager.com^$all
||magisk.$document,domain=~topjohnwu.github.io
||magiskzip.$document,domain=~topjohnwu.github.io
||magiskmanagerroot.$document,domain=~topjohnwu.github.io
||magiskmanager.$document,domain=~topjohnwu.github.io
||magiskcn.$document,domain=~topjohnwu.github.io
||magiskroot.$document,domain=~topjohnwu.github.io
||magiskapp.$document,domain=~topjohnwu.github.io
! something I found
||magisk.info^$all

! https://github.com/hagezi/dns-blocklists/issues/1743
||securescanmtde.com^$all
/de-avira/?uclick=*&uclickhash=$document

! fake
/@100-legal-free-discord-nitro-generator-no-human-verification|$document

! https://github.com/durablenapkin/scamblocklist/issues/68
! https://tria.ge/231023-1xm3rsaa86/behavioral1
||ninzatool.pw^$all
||powerboostup.com^$all
||www.ontajdu3js.com^$document
||arty2night.com^$all
||p.arty2night.com^$all
/click?pid=*&sub1=$document
||quiztionnaire.biz^$all
||iphone.quiztionnaire.biz^$all
||offer-select.com^$document
||rewardflux.com^$document
||app.rewardflux.com^$document

! https://infosec.exchange/@iampytest1/111292640449421381
! https://tria.ge/231024-3lc5jace3w/behavioral1
||herew-lmq.com^$document
||findbestop.com^$document
||kenant.xyz^$all
/74Dl/7.html?cep=$document
||thefinanceadvice.com^$all
||adblock1.com^$all
||install.adblock1.com^$all
/3-blck-thefinadv-2clks.html?kw=$document
||newupdatesnow.com^$all

! https://forums.malwarebytes.com/topic/303782-new-threat-it-downloads-two-rar-files/#comment-1596622 (account required)
! https://forums.malwarebytes.com/topic/303784-malicious-script/ (account required)
! my analysis: https://tria.ge/231025-ner8jsgh51/behavioral1
||dms1708.art^$all
||154.223.16.114^$third-party
||oliga.canadacentral.cloudapp.azure.com^$document
||dropbox.com/scl/fi/q0wq1lha5o0rkgdy9rdr4/m.zip$document

! https://tria.ge/231025-nk2zyagh81/behavioral1
||set4theupdatesforever.click^$document
||supportversion.set4theupdatesforever.click^$all
||goads.pro^$document

! https://github.com/paulgb/BarbBlock/issues/41
||bblck.me^$document

! https://github.com/braveinnovators/url-blocklist/issues/3#issuecomment-1783421420
||perevod-a.shop^$document

! https://tria.ge/231027-2hkvjaae4w/behavioral1
||ad-blocking24.net^$document
||dwnld-here.com^$document
||thatmonkeybites3.com^$document
||download-portal-now.com^$all
||kerant.xyz^$all
/74Ib/7.html?cep=$document

! https://forums.malwarebytes.com/topic/303877-trojanbitcoinminer-cant-be-removed/
! https://virustotal.com/gui/file/1045127280b64e5d8e7af1efc347089f759860222f1373349d8c4aa1449918db/relations
||stratum-eu.rplant.xyz^$all

! https://tria.ge/231102-m8cjhsch24/behavioral1
||walknotice.com^$all
||thedentadsi24.com^$all

! https://github.com/uBlockOrigin/uAssets/issues/20389
||ruiukp.top^$all

! https://virustotal.com/gui/url/6afece7c72420223ae6f1700d02c8bee4806a335d23ab120522accba5e45250d
! my analysis: https://tria.ge/231102-nctnlach68/behavioral1
||synergyproz.com^$all
||apparaatbeheer-online-abnamro-icscards.codeanyapp.com^$all
||apparaatbeheer-online-abnamro-icscards.$document

! https://bazaar.abuse.ch/sample/b842080ef401cb64de4b9c7d823ef60b0ed4f4bbd42431fbf26db940ece9f4f1/
! my analysis: https://tria.ge/231102-nggjtsch93/behavioral2
||mouseoiet.fun^$all

! https://bazaar.abuse.ch/sample/9fbd818dc28ea5561278e873bd9b6deb896d4fbaac86209903bdeaad55c6c31a/
! my analysis: https://tria.ge/231102-npbnjsda74/behavioral2
||ddos.dnsnb8.net^$all

! https://www.bitsight.com/blog/unveiling-socks5systemz-rise-new-proxy-service-privateloader-and-amadey
||109.230.199.181^$all
||185.141.63.172^$all
||193.242.211.141^$all
||212.8.242.211^$all
||109.236.85.145^$all
||190.2.135.77^$all
||151.80.38.159^$all
||217.23.6.51^$all
||217.23.9.168^$all
||37.187.122.227^$all
||51.159.66.125^$all
||109.236.88.134^$all
||datasheet.fun^$all
||109.236.81.104^$all
||176.31.254.229^$all
||185.141.63.2^$all
||185.141.63.4^$all
||185.141.63.84^$all
||185.141.63.85^$all
||188.165.192.126^$all
||188.165.192.18^$all
||188.165.195.130^$all
||195.154.174.130^$all
||195.154.176.206^$all
||195.154.176.209^$all
||195.154.178.238^$all
||195.154.188.211^$all
||195.154.235.51^$all
||195.154.241.165^$all
||195.154.242.37^$all
||195.154.243.38^$all
||195.154.251.21^$all
||195.154.251.99^$all
||195.154.252.221^$all
||195.154.253.49^$all
||37.187.142.187^$all
||37.187.143.172^$all
||37.187.148.204^$all
||62.210.204.131^$all
||88.80.145.110^$all
||88.80.145.142^$all
||88.80.147.200^$all
||88.80.147.205^$all
||88.80.147.36^$all
||88.80.148.219^$all
||88.80.148.33^$all
||88.80.148.8^$all
||91.121.171.208^$all
||91.92.111.131^$all
||91.92.111.132^$all
||91.92.111.133^$all
||91.121.30.185^$all
||94.23.58.173^$all
||217.23.5.14^$all

! https://github.com/durablenapkin/scamblocklist/issues/69
||98kk89.com^$document
||42gixk.98kk89.com^$all
||9vzn29.98kk89.com^$all
||nzxsxn.98kk89.com^$all
||aaodp.com^$all
||9vyzdk8.lvditoys.com^$all
||p8ydfra.lvditoys.com^$all
||qz94.com^$all

! https://virustotal.com/gui/url/c80163bbcc0ddd2e27263730a2a2f65ab0f0ede295d8ce0d6c4dc012ca158e44/community
! my analysis: https://tria.ge/231108-15zfrsfd77/behavioral1
||arzo.ge^$document
||0nlinesigning.groupletter.io^$all

! https://forums.malwarebytes.com/topic/304272-browser-guard-claiming-malware-on-regular-google-search-pages/
||matchgoalsam.com^$all

! https://www.malwarebytes.com/blog/threat-intelligence/2023/11/malvertiser-copies-pc-news-site-to-deliver-infostealer
! https://github.com/hagezi/dns-blocklists/issues/1823
||argenferia.com^$all
||realvnc.pro^$all
||corporatecomf.online^$all
||cilrix-corp.pro^$all
||thecoopmodel.com^$all
||winscp-apps.online^$all
||wireshark-app.online^$all
||cilrix-corporate.online^$all
||workspace-app.online^$all
||11234jkhfkujhs.site^$all
||11234jkhfkujhs.top^$document
||94.131.111.240^$all
||81.177.136.179^$all
||74.119.192.188^$document

! https://github.com/uBlockOrigin/uAssets/issues/20553
! https://tria.ge/231110-pftcnsgg26/behavioral1
||donwnaloadezzal.cfd^$all
||downloadlekem.sbs^$all
||stopadblocker.pro^$document
||chaffewerbureaks.com^$document
||videoadblocker-pro.net^$document

! https://github.com/avast/ioc/pull/56
||bombay.com.ar^$all
||ultracomb.com.ar^$all
||limpiadorpucho.com.mx^$all
||coacalco.gob.mx^$all
||navarro.gob.ar^$all
||pruebasbonsai.com.ar^$all
||pnt.info.pl^$all
||ilogicinstitute.com^$all
||my.hoqer.com^$all
||chapasanpedro.com^$all
||usesoft.net^$all
||calzadosiris.com^$all
||ingenieriainsitu.com^$all
||paolomorettifurs.com^$all
||www.fefoncrecer.com^$all
||autoscuola-momo.ch^$all
||tcastro.com^$all
||www.steadyrun.com^$all
||moussedanslabouche.com^$all

! https://tria.ge/231112-pprv7sfb9v/behavioral1
||paxert.xyz^$all
.xyz/74Kq/7.html?cep=$document
||track.local-hotsite.com^$document
||downloading-free.com^$document

! https://github.com/hagezi/dns-blocklists/issues/1819
||anacondastoresaleau.com^$all
||anacondasale.com^$all

! https://github.com/hagezi/dns-blocklists/issues/1825
||youcineapp.com^$all
||magistv.video^$all
||tele-latino.com^$all
||telelatino.app^$all
||youcineapk.org^$all
||btvapp.net^$all
||youcine.one^$all
||youcinetv.app^$all
||youcinetv.page.link^$all
||latino9.com^$all
||fadfatest.pneydn.com^$all
||pandoramain-1794008345.us-west-2.elb.amazonaws.com^$all
||romatotti520.oicp.io^$all
||pandorabackup-1322908155.us-west-2.elb.amazonaws.com^$all
||pcn.panddna.com^$all
||ok3.mflve.com^$all
||apz.bsaldo.com^$all
||abcr.ftsym1.com^$all
||fadfa.gdalieyw.com^$all

! https://github.com/hagezi/dns-blocklists/issues/1824
||more-power-tool.com^$all
||ryzen-master.com^$all
||atiflash.ru^$all
||polaris-bios-editor.ru^$all
||btc-tools.ru^$all
||techpowerup-gpu-z.com^$all
||sapphiretrixx.com^$all
||srbpolaris.ru^$all
||clockgen64.com^$all
||balena-etcher.com^$all
||nvidiainspector.ru^$all
||evga-precision.com^$all
||riva-tuner.com^$all
||nvflash.ru^$all
||atikmdagpatcher.com^$all
||overdriventool.ru^$all

! https://virustotal.com/gui/url/caf096b6a0f7abe29ad126a21545f49418cc003c298a56ac6c967053483d2748/community
||185.196.9.161^$all
! https://tria.ge/231118-wbk9tsfb86/behavioral1
||49.13.94.153^$all
||steamcommunity.com/profiles/76561199571056594^$all

! https://virustotal.com/gui/domain/miccrossoffit.online/community
||miccrossoffit.online^$all

! https://github.com/uBlockOrigin/uAssets/issues/20760
||cloudtrck.com^$all

! https://tria.ge/231119-pvcngaag41/behavioral2
||badbull.pro^$all

! https://virustotal.com/gui/url/009ab0b4a357017cb0c3f948c04f6a79e5252f4a91511ad28f8a411ec7f4adfb/community
! my analysis: https://tria.ge/231120-pn8gkagg71/behavioral1
||server31.weebly.com^$all

! https://www.eff.org/deeplinks/2023/11/low-budget-should-not-mean-high-risk-kids-tablet-came-preloaded-sketchyware
||adups.com^$all
||fota5p.adups.com^$all

! https://research.checkpoint.com/2023/malware-spotlight-into-the-trash-analyzing-litterdrifter/
||ozaharso.ru^$all
||nubiumbi.ru^$all
||acaenaso.ru^$all
||atonpi.ru^$all
||suizibel.ru^$all
||dakareypa.ru^$all
||ahmozpi.ru^$all
||nebtoizi.ru^$all
||squeamish.ru^$all
||nahtizi.ru^$all
||crisiumbi.ru^$all
||arabianos.ru^$all
||gayado.ru^$all
||quyenzo.ru^$all
||credomched.ru^$all
||lestemps.ru^$all
||urdevont.ru^$all
||hoanzo.ru^$all
||absorbeni.ru^$all
||aethionemaso.ru^$all
||aychobanpo.ru^$all
||ayzakpo.ru^$all
||badrupi.ru^$all
||barakapi.ru^$all
||boskatrem.ru^$all
||brudimar.ru^$all
||decorous.ru^$all
||dumerilipi.ru^$all
||heartbreaking.ru^$all
||judicious.ru^$all
||karoanpa.ru^$all
||lamentable.ru^$all
||procellarumbi.ru^$all
||ragibpo.ru^$all
||raidla.ru^$all
||ramizla.ru^$all
||samiseto.ru^$all
||superficial.ru^$all
||talehgi.ru^$all
||undesirable.ru^$all
||valefgo.ru^$all
||vasifgo.ru^$all
||vilaverde.ru^$all
||vloperang.ru^$all
||zerodems.ru^$all
||geminiso.ru^$all
||sabirpo.ru^$all
||andamanos.ru^$all
||triticumos.ru^$all

! account required: https://forums.malwarebytes.com/topic/304730-cryptocurrency-scam-12/
||tesla3-model.com^$all

! https://virustotal.com/gui/url/1af9948601134e81fabeecd7eb553524153396b6f98f26f3062ba0a2f9b3e91f/community
! https://virustotal.com/gui/url/e0bada977a3a1e2da13785d8ab03ebe2111f517aa0431e0162296a3cad739452/community
||213.248.43.54^$document

! https://virustotal.com/gui/file/e09af83cfccf4bcc8a51fda76e5fa10e9d0d838aededb6f339551f8363797dc2/community (credit to JaffaCakes118)
||listpoints.online^$all
||retghrtgwtrgtg.bounceme.net^$all
||listpoints.click^$all
||datastream.myvnc.com^$all
||gservicese.com^$all
||center.onthewifi.com^$all

! https://virustotal.com/gui/url/a2daa5d31b78d2c0c0fd62acc4eec2c8168f1314a13c4c6be8a3d6a5e3520677/community
! my analysis: https://tria.ge/231121-r47ajsfb34/behavioral1
||activat-webmail-serivico.top^$all

! https://forums.malwarebytes.com/topic/304802-malware-affecting-chrome/
||abyssalforge.top^$all
||qltuh.abyssalforge.top^$all

! https://github.com/RPiList/specials/issues/1353
||khw6g09fx28k.cfd^$all
||49gw5gonj143k.click^$all
||djxd2ox30l7.click^$all
||vtreanext.click^$all
||theratgamez.com^$all
||fwkldh.click^$all
||gyhguflo.click^$all
||hfjdfurhhd.xyz^$all
||4rf5tgfdfy.click^$all
||rt54erdfgh.pro^$all
||dew3hy6.cfd^$all
||bgtrjuy6.cfd^$all
||mjiu876tyh.pro^$all
||lsdkjh.xyz^$all
||nafsdwas.click^$all
||ki987yth.pro^$all
||d589nenr.cfd^$all
||mi5cr46kg.click^$all
||9iujhfre3.cfd^$all
||asdhkl.click^$all
||se5vy6.click^$all
||9iuh5tyh.cfd^$all
||cvasdf.click^$all
||vgcj2rzjd.cfd^$all
||jgtek990e.click^$all
||nnnsjhsh.click^$all
||clabzeroby.net^$all
||cvbnrtgf8u.cfd^$all
||juy6asert67.click^$all
||jkghfdt.xyz^$all
||dfhduh.xyz^$all
||k50c8s2p7.cfd^$all
||p0jrmnpr7.cfd^$all
||jnh4afbw7.click^$all
||xzr9uauq.cfd^$all
||1lu98dcf0.cfd^$all
||bn6h9d7tr.cfd^$all
||hyt5ytr.click^$all
||t67uyhgf.co^$all
||crack4hit.com^$all
||hit4pc.click^$all
||4vz6ew1li.cfd^$all
||exs7oilq14cz6.click^$all
||3zo0grlgm.cfd^$all
||7nalhxb28rmm.cfd^$all
||hjdhhfdh.click^$all
||dk9vqq64cp14e.click^$all
||losf8uo304l.click^$all
||ntxkddng28vq7.cfd^$all
||kjr3y14yt.click^$all
||a1lky06jn.cfd^$all
||l97hha31f8h.cfd^$all
||cwz20w14xn0.click^$all
||tnzcwlf284.cfd^$all
||dialogfosti.click^$all
||myonlyland.com^$all
||kinovizbx.xyz^$all
||hw1ip330zc.click^$all
||ix1n0li6u7273.cfd^$all
||vgfrrtc.click^$all
||vablecable.click^$all
||jiuppppml.click^$all
||zvotg9ceh.cfd^$all
||huqiinxy.click^$all
||wtechfullsetup.xyz^$all
||closerscopy.net^$all
||freeinstallcpc.xyz^$all
||l1ihpb0dz521ol.cfd^$all
||nccenbkdr1063.cfd^$all
||a18n5nh14xos.click^$all
||b5mtuo30dqu.click^$all
||galvu301.click^$all
||5tbyvf27hc.cfd^$all
||gotechfiles.xyz^$all
||getintopcc.pro^$all
||poiqhawq.click^$all
||ygabgga.click^$all
||eyhdjyst.click^$all
||rosterfile4u.click^$all
||cfmarker.click^$all
||azxdr4erf.xyz^$all
||xitrbgq.click^$all
||ym2f4o2f.cfd^$all
||cfgy6tg.pro^$all
||hji98ik.click^$all
||pqlbh88z7.cfd^$all
||i3s5qfuvs.cfd^$all
! missing from list
||topkeygen.com^$all
||piratesfile.com^$all
||rootscrack.com^$all
||cracksmat.com^$all
||crackedsoft.org^$all
||crackxpoint.com^$all
||crackerzpro.org^$all
||crackfinal.com^$all
||wazusoft.com^$all
||crackzoom.com^$all
||activators4windows.com^$all

! https://github.com/RPiList/specials/issues/1351
||klassischefahrschule.com^$document

! not my analysis: https://tria.ge/231123-1wzp6sde7z/behavioral1
||marinhoassessoria.com^$document

! https://github.com/hagezi/dns-blocklists/issues/1864
||revanced.to^$document

! https://virustotal.com/gui/url/ecf1a475d84de38187831b4fb25167812117ea7b4ab22ce46dc6d36d822004fd/community
! https://virustotal.com/gui/url/fbc0e8828a4d86410e1c3fbf698bdda7e3e3c8d0ff1785adcfec181c967426ca/community
||67.217.57.54^$all
||89.190.156.180^$all

! https://virustotal.com/gui/url/f28bcf22fbd189fd87322da0b915ce32a700ed1bccd53f1e21552c04a8c2d229/community
||servegame.com^$document
||modulo.servegame.com^$document

! https://github.com/DandelionSprout/adfilt/discussions/932#discussioncomment-7694946
||easypark-id.com^$all
||easypark-no.org^$all

! https://www.malwarebytes.com/blog/threat-intelligence/2023/11/associated-press-espn-cbs-among-top-sites-serving-fake-virus-alerts
||octob.azureedge.net^$all
||lzi.azureedge.net^$all
||tinlc.azureedge.net^$all
||bm-rb.azureedge.net^$all
||foluo.azureedge.net^$all
||vpv-ger.azureedge.net^$all
||trackmaster.cc^$all
||protectsystemtools.life^$all
||securitypatch.life^$all
||real-time-system-monitoring.life^$all
||threatdetectorhub.life^$all
||threatdetectorhub.online^$all
||vulnerabilityassessments.life^$all
||strike-it-lucky.space^$all
||golden-opportunity.xyz^$all
||stroke-of-luck.xyz^$all
||blessed-with-luck.space^$all
||system-scan-tool.space^$all
||system-security-scan.buzz^$all
||system-security-scan.net^$all
||system-scan-tool.online^$all
||trk6.kokamedia.com^$all
||tracklinker.space^$all
||trackmenow.life^$all
||trackify.world^$all
||trackinghub.info^$all
||trkmyclk.xyz^$all
||trk-server.xyz^$all
||34.74.68.195^$all
||systemmeasures.life^$all
||xyzcreators.xyz^$all

! https://github.com/AdguardTeam/AdguardFilters/issues/167470 (from ghajini)
||hotkabachok.com^

! https://github.com/durablenapkin/scamblocklist/issues/71
||dbmobile-phototan.de^$all

! https://virustotal.com/gui/url/69a1570512a5694049a9444ab6c0dd73432f3685894eb3d4d1e7dba7ce99766d/community
||ne-correos.top^$document

! account required: https://forums.malwarebytes.com/topic/305116-fake-software-homepage/
||unikey.vn^$document

! https://cert.gov.ua/article/6276584
||104.194.130.185^$all
||109.234.156.180^$all
||128.140.123.187^$all
||149.248.76.158^$all
||152.89.198.77^$all
||193.106.175.11^$all
||195.85.115.195^$all
||212.193.48.80^$all
||213.227.154.170^$all
||217.12.206.218^$all
||45.129.14.157^$all
||45.143.136.123^$all
||45.144.28.76^$all
||45.87.154.158^$all
||78.24.222.162^$all
||85.208.107.228^$all
||91.203.193.162^$all

! https://github.com/hagezi/dns-blocklists/issues/1893
||register.akamaized.ca^$all

! https://github.com/hagezi/dns-blocklists/issues/1899
||online-cloud.info^$document
||store5.gofile.io^$document

! https://github.com/RPiList/specials/issues/1373
||tintinsolve.fun^$all

! https://github.com/RPiList/specials/issues/1372
||marricoyes.online^$all

! https://github.com/hagezi/dns-blocklists/issues/1905
||ycybdp.com^$all

! https://forums.malwarebytes.com/topic/305420-website-blocked-due-to-malware-microsoft-windows-as-stopped-responding/
! https://threatfox.abuse.ch/ioc/1140249/
||194.26.135.180^$all

! https://github.com/hagezi/dns-blocklists/issues/1909
||up-nowservice.com^$all

! https://infosec.exchange/@iampytest1/111568435119045533
||fraavy.com^$document

! https://virustotal.com/gui/domain/base-usps.top/community
||base-usps.top^$all

! https://virustotal.com/gui/url/2670873ba07eea2c617ad3e34284bdea56730cd83ae70dd84b7c333b027f4ce7/community
||121.37.215.155^$all

! https://github.com/RPiList/specials/issues/1377
||pertidose.site^$all

! https://github.com/RPiList/specials/issues/1378
||verstolini.site^$all

! https://virustotal.com/gui/file/c9491f5eb282daf6b536f515cc9e1032af62919e727442c4e7ecbca2e9d8f8b0/community
||91.215.85.23^$all
||89.23.98.92^$all

! https://github.com/DandelionSprout/adfilt/discussions/932#discussioncomment-7872103
||betzykrisesenter.no^$document
||citra2010oslo.no^$document
||digiter.no^$document
||easydisplay.no^$document
||kjaerra.no^$document
||kontrast1.no^$document
||norskmatkultur.no^$document
||norskoffroadteknikk.no^$document
||nyematoghelse.no^$document
||securmarksykkel.no^$document
||thecoolgirl.no^$document
||topshineauto.no^$document
||vossblues.no^$document
||yttersiden.no^$document

! https://github.com/gchq/CyberChef/issues/1668
||forensicswiki.xyz^$document

! https://virustotal.com/gui/url/c367518781d3ec29f156e24ee04c24c0f54bd5c3467812f6cd56dc791f8beea8/community
||thumbzoner.com^$all
! https://tria.ge/231220-abydhaadfn/behavioral1
||offalrouts.xyz^$all
||mirrorvine.store^$all
! https://tria.ge/231220-abydhaadfn/behavioral2
||pushub.net^$all

! https://github.com/DandelionSprout/adfilt/discussions/932#discussioncomment-7873648
||monetrizer.online^$document
||monetrizer.com^$document

! https://github.com/RPiList/specials/issues/1398
||deutschebank-kundendienst.comidrekt.net^$all
||comidrekt.net^$document

! https://github.com/hagezi/dns-blocklists/issues/1977
||energie-portal-24.de^$document

! https://github.com/RPiList/specials/issues/1395
||streamjumpstart.com^$document

! https://github.com/RPiList/specials/issues/1396
||thebeneclinic.com^$document

! https://github.com/hagezi/dns-blocklists/issues/1986
||energieausweis-online-erstellen.de^$document

! https://tria.ge/231227-yrr4esfbh5/behavioral1 (cloudflared)
||givelabs.monster^$all

! https://www.bleepingcomputer.com/news/security/blockchain-devs-wallet-emptied-in-job-interview-using-npm-package/
||flickthebean.onrender.com^$document

! https://tria.ge/231228-w2dyfafadq/behavioral1
||fitgirl-repacks.to^$all
||fitgirl-repacks.$document,domain=~fitgirl-repacks.site
||mediatrackerr.com^$document

! https://github.com/RPiList/specials/issues/1405
||casinos-austria.install-app.com^$document

! https://tria.ge/231229-pvf1wshae9/behavioral1 (CloudFlared)
||haxnode.net^$all
||cleinpuz.cfd^$document
||tech-pros.pro^$document

! https://github.com/uBlockOrigin/uAssets/pull/21658
||fitgirlrepackz.com^$all
||fitgirlrepackz.$document

! https://threatfox.abuse.ch/ioc/1226308/
||updates.adobe-soft.$document

! https://tria.ge/231229-2sx8lscch5/behavioral2 (CloudFlared)
||liwishacks.com^$all
||reviveincapablewew.pw^$all
||opposesicknessopw.pw^$all
||politefrightenpowoa.pw^$all
||chincenterblandwka.pw^$all

! https://forums.malwarebytes.com/topic/306164-phishing-wells-fargo/ (account required)
||lnformationalerts.info^$all

! https://github.com/RPiList/specials/issues/1407
||zustellungkontrolle.net^$all

! https://github.com/RPiList/specials/issues/1411
||sanityflash.mom^$document

! https://virustotal.com/gui/url/c7677f1b43e9b266a4542936cd947e0ccc89cf59c6270aaf2baad4de47e3ae8f/community
||89.23.96.177^$all
! https://tria.ge/240106-v9k62secc5/behavioral1
||91.215.85.23^$all

! https://github.com/RPiList/specials/issues/1413
||msdownloadhub.mdx-ux.com^$document

! https://github.com/hagezi/dns-blocklists/issues/2017
! https://github.com/badmojr/1Hosts/issues/1655
! https://github.com/StevenBlack/hosts/issues/2552
||duchessefit.com^$all

! https://github.com/Dogino/Discord-Phishing-URLs/pull/25
||steamcommuaity.com^$all

! https://virustotal.com/gui/domain/booking.com-panel.com
! https://virustotal.com/gui/url/c81a065a1344395a7329764a30729280dfd01f6ccb18fedb692d1b21590e614c
||com-panel.com^$document
||booking.com-panel.com^$all
||mail.com-panel.com^$document
! https://virustotal.com/gui/ip-address/158.160.5.182/relations
||account-booking-pulseapp.com^$document
||admin-login-account.com^$document
||extranet-admin.com^$document
||booking-admins.com^$document
||158.160.5.182^$document

! https://github.com/RPiList/specials/issues/1420
||galactiq.life^$document
||mediago.io^$document
||sehprotokoll.com^$document
||smartlifeguides.top^$document
||kleinezeitung.co^$document
||gesundheitleber.com^$document
||oe24.co^$document
||busterry.com^$document
||bullionbreeze.xyz^$document

! https://github.com/avast/ioc/pull/57
||185.215.113.66^$all

! https://virustotal.com/gui/url/3828695bc16bb9d0bfab17eb5c15e5fe9e8b30bb6cb948655a6a55466b9dc187/community
||telegcrmz.fit^$all
! https://virustotal.com/gui/url/53efa35943a9b0bbcc4f966791e992052ac647a883c81a43bb86dd94bbbbd48d/community
||telegcrmz.work^$all
||telegcrmz.$document,domain=telegcrmz.*
! https://virustotal.com/gui/url/cf88de3dc23272e078a7412c64b12e038cd8b9dc1beb07be6ac3f017919aa09b/community
||telejracm.fit^$all
||telejracm.$document,domain=telejracm.*
! https://www.virustotal.com/gui/ip-address/103.119.3.17/relations
||www.telegreem.club^$document
||telejracm.work^$document
||telejracm.club^$document
||telejrzmn.cc^$document
||teleptrm.fit^$document
||teleptrm.work^$document
||telegzzem.club^$document
||telegzzem.fit^$document
||telegzzem.work^$document
||telegrnne.work^$document
||telegrnne.fit^$document
||telegrnne.club^$document
||telegcrmz.club^$document
||telegreem.club^$document
||telegreem.work^$document
||telegreem.vip^$document
||telejrzmn.work^$document
||telejrzmn.club^$document
||telegcrenn.fit^$document
||telegcrenn.club^$document
||telegrczm.work^$document
||telegrczm.fit^$document
||teleggcam.club^$document
||teleggcam.fit^$document
||teleggcam.work^$document
||www.telegceam.club^$document
||www.teleqpcam.club^$document
||teleqrinm.cn^$document
||teleqrinm.com.cn^$document
||www.teleqpamn.work^$document
||www.teleqrinm.club^$document
||www.teleqpcam.work^$document
||teleqpcam.work^$document
||teleqpcam.club^$document
||teleqpcam.fit^$document
||teleprannn.cc^$document
||telegbrm.work^$document
||telegbrm.club^$document
||telebriun.work^$document
||teleqpcn.fit^$document
||teleqpcn.club^$document
||teleqpcn.work^$document
||teleqrenm.cc^$document
||teleqpamn.fit^$document
||teleqpamn.club^$document
||teleqpamn.work^$document
||teleqrinm.club^$document
||teleqernm.cc^$document
||teleprium.fit^$document
||www.teleprium.fit^$document
||teleprannn.vip^$document
||teleprannn.club^$document
||www.teleqernm.fit^$document
||telegceam.club^$document
||telegceam.work^$document
||teleppram.club^$document
||teleqrenm.work^$document
||teleqrenm.club^$document
||www.telegczim.work^$document
||www.telegczim.vip^$document
||telegrcmn.cc^$document
||teletrean.cc^$document
||telegruim.top^$document
||telegczim.work^$document
||telegczim.club^$document
||telegczim.vip^$document
||www.telegczm.vip^$document
||teleprium.work^$document
||teleprium.club^$document
||www.telegczm.fit^$document
||telepamn.cc^$document
||telegczm.vip^$document
||telegczm.club^$document
||telegczm.fit^$document
||tgelegrean.cc^$document
||teleqriem.vip^$document
||telegpem.club^$document
||telegirmn.vip^$document
||telebrzm.vip^$document
||teleqcmn.work^$document
||teleqcmn.fit^$document
||teleqcmn.club^$document
||teleqernm.fit^$document
||teleqernm.club^$document
||telegirmn.cn^$document
||www.telegirmn.cn^$document
||telegwam.work^$document
||www.telegwam.work^$document
||telegcmn.cc^$document
||teletrpm.club^$document
||teleprazm.club^$document
||telegirm.cc^$document
||www.telebriun.work^$document
||tglegmn.work^$document
||telegpem.fit^$document
||telegpem.work^$document
||tgelegrean.work^$document
||teletrpm.fit^$document

! https://github.com/hagezi/dns-blocklists/issues/2041
||east-trading.shop^$document

! https://github.com/RPiList/specials/issues/1425
||post4at.live^$document

! https://github.com/Dogino/Discord-Phishing-URLs/pull/26
||steamcommuniitny.club^$all
||steamcommuniitny.$document

! https://tria.ge/240120-1dgrmshdc6/behavioral2
||mirfakpersei.top^$document
||alvsx.mirfakpersei.top^$document
||flameforgesmith.top^$all
||alvsx.flameforgesmith.top^$all
||cdnstatic.flameforgesmith.top^$all
/ps/ps.js?&edg=true&sw=&fullscreen=true&pl=true&pp=false&id=*&sm=space-robot&click_id=*&sub_id=*&appspot=&d=$script,first-party,domain=top
||xhkls.flameforgesmith.top^$all
||press-here-to-continue.com^$all
||canopusacrux.top^$all
||xhkls.canopusacrux.top^$all

! https://github.com/hagezi/dns-blocklists/issues/2077
||apple-analyser.com^$all
||22.imohub.workers.dev^$all
||imohub.net^$all
||apple-health.org^$all

! https://cyberplace.social/@GossiTheDog/111828587052755003
||195.35.19.138^$all

! https://github.com/uBlockOrigin/uAssets/issues/22200
! https://github.com/hagezi/dns-blocklists/pull/2175
||privacyguides.io^$all
||poperblocker.com^$all

! https://github.com/uBlockOrigin/uAssets/issues/22268
||skinboxs.com^$all

! https://gist.github.com/GossiTheDog/f1079fe5486b2e7ac61d2e069caa67d4
||pq.hosting^$all

! https://github.com/hagezi/dns-blocklists/issues/2133
||demolishabolish.com^$document

! https://github.com/AdguardTeam/AdguardFilters/issues/172569
||acareewityjh.com^$all
||accedenonre.xyz^$all
||adeditiontowritingef.net^$all
||adiingsinspiringt.net^$all
||ajorinryesoperty.com^$all
||alsoextraorduki.info^$all
||alukizeiasnin.com^$all
||amwoukrkskillso.com^$all
||anadthefoaedf.info^$all
||ankingwithear.com^$all
||aoldosgertyong.info^$all
||ardoqxdinqucirei.info^$all
||arnofourgugtj.info^$all
||arrowabhbtalst.info^$all
||arrowtoldilim.com^$all
||artistictastesnly.info^$all
||asifiwoeryjtyj.info^$all
||asosettoourma.info^$all
||aspectsofc.hair^$all
||asqerongtheco.info^$all
||astellihandl.xyz^$all
||atabaseiwo.top^$all
||atedlittleme.xyz^$all
||ationiamcur.com^$all
||ationslieemrger.info^$all
||atthewon.buzz^$all
||aukndaspirati.com^$all
||aysesuretobea.com^$all
||biscussexbug.xyz^$all
||blicatedlittle.xyz^$all
||bnfgnbheavynuo.info^$all
||britingsynt.xyz^$all
||careewituhinlarg.com^$all
||cathyimmediates.xyz^$all
||cenceevent.club^$all
||compathered.xyz^$all
||connectedithco.com^$all
||consukultingeca.com^$all
||conversitym.com^$all
||councernedasesium.com^$all
||dblueclaockbro.info^$all
||declinerybelfa.buzz^$all
||dedalloverwithth.net^$all
||dheircrhnerdgfd.info^$all
||directuklyecon.pics^$all
||disguishedbri.com^$all
||dmanas.buzz^$all
||dollapsedshe.info^$all
||dukerationpe.com^$all
||dwouldmakefe.info^$all
||eamsauknda.com^$all
||eastfeukufunde.com^$all
||ebelfarewesbegi.com^$all
||echildren.buzz^$all
||ectresultofthep.info^$all
||edassiumw.xyz^$all
||editiontowrit.info^$all
||edrubyglo.buzz^$all
||edstevermotorie.com^$all
||edverys.buzz^$all
||eesihighlyrec.xyz^$all
||efgrghhindhimi.info^$all
||efvtgbnanddescri.info^$all
||ehappy.buzz^$all
||eighing.space^$all
||eisasbeau.buzz^$all
||eitcuyjfromthe.info^$all
||emydreamsa.com^$all
||emyresumef.hair^$all
||endream.buzz^$all
||enectedithco.com^$all
||entoftheusysian.com^$all
||entsiwoulukdli.com^$all
||epededonemil.info^$all
||eretheseantyjyt.info^$all
||erpringash.xyz^$all
||erukentaspectsof.com^$all
||ervantasrelate.info^$all
||esterdayauol.info^$all
||etingefifort.info^$all
||etingplansfo.buzz^$all
||etorealiukzem.com^$all
||etyrthonrong.info^$all
||eukworektobe.pics^$all
||evenuewasadi.xyz^$all
||everefor.buzz^$all
||evermoto.xyz^$all
||everwiththinleav.net^$all
||ewmeofmukindwo.com^$all
||ewrevenuewasad.info^$all
||exibilitukydtea.xyz^$all
||forgotteddisgui.com^$all
||fortdaukthw.hair^$all
||fukermalasas.info^$all
||getnizationedr.info^$all
||getseavailan.xyz^$all
||gettllingovert.info^$all
||goveragemlz.club^$all
||gtdjidencenha.info^$all
||gukthwaalsoex.info^$all
||hableleader.xyz^$all
||hatwasallokmv.info^$all
||heinndonfgnorh.info^$all
||heodeidsofhnm.info^$all
||hereabithec.xyz^$all
||himloabercuacroos.info^$all
||historiousmor.xyz^$all
||hoisquit.buzz^$all
||houldthinkh.buzz^$all
||humanske.space^$all
||iamcurrently.com^$all
||iasninancuka.com^$all
||ibilitukydteamw.com^$all
||ictastesnly.buzz^$all
||ifefashionismscold.com^$all
||ileesidesu.hair^$all
||ingforanopportu.com^$all
||inghesatin.com^$all
||ingspondingco.com^$all
||iolintohimselfas.info^$all
||ionakasulbackgrou.com^$all
||ionscormatio.com^$all
||iratiotyuknsye.com^$all
||ishnfguseaches.info^$all
||itearamajo.com^$all
||jhldtogerghottulering.info^$all
||jlkladirtlseivi.info^$all
||jtffjwecouldle.info^$all
||kabuukimuuki.com^$all
||kectivetraining.info^$all
||kefeagreatase.info^$all
||kelpmetoreali.com^$all
||kentinedaug.xyz^$all
||kenwellsgrpo.com^$all
||kitwkuouldhukel.xyz^$all
||kmodukuleqasfo.info^$all
||kmyunderth.com^$all
||kolpihvfongrou.info^$all
||krkskillsombin.com^$all
||ksehinkitw.hair^$all
||ktobedirectu.xyz^$all
||ktobedirectuklye.com^$all
||lattemptaqwe.club^$all
||lemopaserawecas.com^$all
||leqasforsalesrep.info^$all
||liondolularhene.info^$all
||liukzemydream.com^$all
||llsombineukdwit.com^$all
||longmansuchcesu.com^$all
||ltingecauyuksehi.com^$all
||lubinoobi.com^$all
||majorinryes.com^$all
||majorinryesopert.com^$all
||manisation.org^$all
||mcurrentlysearc.com^$all
||mediatesupervis.com^$all
||mementrandingsw.com^$all
||mentbradshed.com^$all
||mentrandingswon.com^$all
||mentseconom.xyz^$all
||miredindeed.net^$all
||mnndnnbnn.com^$all
||monopolicycr.com^$all
||mplayeranydw.net^$all
||muheodeidsoan.info^$all
||mwoukrkskills.xyz^$all
||myxomater.space^$all
||mzsdeauxdwh.info^$all
||naborutmyrq.top^$all
||nahrghhaondb.info^$all
||natallcolumnsto.info^$all
||ncelewasgildeda.net^$all
||ncukanking.com^$all
||ndeedeisasbeautiful.net^$all
||ndencesch.xyz^$all
||ndsragedwithb.info^$all
||nedtolethimbevx.com^$all
||nereherewetem.info^$all
||nerewdeerofhi.info^$all
||nergyflexibilit.pics^$all
||nerybelfaste.xyz^$all
||neukdwithmefe.com^$all
||ngswonden.xyz^$all
||nkitwkuouldhu.com^$all
||nmabigyello.xyz^$all
||nonimoomi.com^$all
||nopportunitytostar.com^$all
||normaticalaccu.com^$all
||notquiteso.buzz^$all
||nowledconsideu.com^$all
||npracticalwhic.buzz^$all
||nryesopertyv.com^$all
||ntaspectsofcukorp.com^$all
||ntheworldw.buzz^$all
||ntualkentined.xyz^$all
||nverewereal.info^$all
||oathihakennails.info^$all
||oefanyorbesttn.info^$all
||ofchildr.buzz^$all
||offerentlyport.xyz^$all
||ojapanelm.xyz^$all
||omefukmendat.xyz^$all
||onalhedgelnham.com^$all
||onopolicycr.xyz^$all
||onopolicycreat.com^$all
||onsukultingecauy.com^$all
||oratefinaukn.xyz^$all
||oratefinauknceiwo.com^$all
||ordukinarilyhu.info^$all
||osiextantlyvfhn.info^$all
||otheruigfsfohi.info^$all
||oughtanothingfruitie.net^$all
||oukfareputfeablean.com^$all
||ouldlikukemyfu.com^$all
||ovogofteonafterw.info^$all
||panyinadiingsinspi.com^$all
||placugceofres.info^$all
||playeranydwould.info^$all
||ploddingtotogcb.info^$all
||pmetorealiukze.xyz^$all
||pohsoneche.info^$all
||precially.space^$all
||pringed.space^$all
||puldhukelpmet.com^$all
||racterdeilbsweet.info^$all
||rainingukmod.info^$all
||ratiotyuknsye.pics^$all
||rbiscussexb.xyz^$all
||reckedmane.xyz^$all
||rentlysearchin.com^$all
||responsidejo.xyz^$all
||rgentssep.xyz^$all
||rgyflexibilitu.com^$all
||ricewaterhou.xyz^$all
||ritingsynther.com^$all
||rthfeoveukrnme.com^$all
||runkingoutinteah.info^$all
||ruralled.space^$all
||rurelanderpurgan.com^$all
||salesrepreswse.info^$all
||sandothesooile.info^$all
||searchforanop.com^$all
||seemyresumefo.com^$all
||seinpoundaymid.com^$all
||semblyjustingex.com^$all
||seoopersedu.xyz^$all
||shoecamedmghm.info^$all
||smetotrea.xyz^$all
||smurtyards.space^$all
||ssdwellsgrpo.info^$all
||starvardsee.xyz^$all
||stellihandles.hair^$all
||subsectivexe.xyz^$all
||sultingcoe.buzz^$all
||swordhilte.buzz^$all
||sysianedukera.com^$all
||tasesetitoefany.info^$all
||tbrohwnmyest.info^$all
||tebilaterde.xyz^$all
||tedithconsukult.com^$all
||tesupervis.hair^$all
||texcepededo.info^$all
||tfoollowingba.info^$all
||tgandmotivat.com^$all
||thaitingshos.xyz^$all
||thaoheakolons.info^$all
||thegravehthh.info^$all
||theharityhild.buzz^$all
||thrememboer.info^$all
||ticaframeofm.xyz^$all
||tionpecialukizei.com^$all
||tivatingotheremplo.com^$all
||tooaastandhei.info^$all
||toolsahoulofd.info^$all
||tostaracare.com^$all
||tsapphires.buzz^$all
||tuallyenitwasbr.com^$all
||tunitytostara.com^$all
||tureukwore.xyz^$all
||tydevelelastic.com^$all
||tyyeastfeukufund.com^$all
||uadthenborea.info^$all
||uchadmir.buzz^$all
||uewasadirectresu.info^$all
||ughtsustacheds.com^$all
||uinground.com^$all
||ukelpmetoreali.pics^$all
||ukentaspe.xyz^$all
||ukindwouldm.xyz^$all
||ukrnmentofth.com^$all
||ukseseemyres.xyz^$all
||uktureukworekto.com^$all
||ukwasanasosetet.net^$all
||ularhenewrev.info^$all
||ulyhvfadchos.info^$all
||umeformorede.xyz^$all
||upervisofosev.xyz^$all
||uwledconside.xyz^$all
||uytdwhitdoe.info^$all
||uyuksehinkitwku.com^$all
||vbriverafter.xyz^$all
||verwiththinleave.net^$all
||wasanasosett.info^$all
||wasanasset.buzz^$all
||wedonhisdhiltew.info^$all
||withmefeyauknaly.com^$all
||wukbgater.buzz^$all
||yauknalyticafra.com^$all
||yhukelpfulinot.info^$all
||yidbyhersle.xyz^$all
||yremovementxv.com^$all
||ysearchingfo.xyz^$all
||yticaframeofm.com^$all
||yvaluationiamcur.com^$all
||34.195.224.242^$all
||54.225.185.110^$all
&lp=not_robot_$document

! https://cyberplace.social/@GossiTheDog/111929647559740363
||193.233.193.65^$all

! https://github.com/hagezi/dns-blocklists/pull/2175
||97tool.github.io^$document
||apkzpure.com^$document
||wattfo.com^$document
||networkpcigniter.com^$document
||cpmpri.com^$document
||karan.mobi^$document
||manizx.com^$document
||mobdrovip.com^$document
||theapkhunter.com^$document
||ehallpasses.info^$document

! https://github.com/hagezi/dns-blocklists/pull/2173
||wtmbook.com^$document

! https://github.com/hagezi/dns-blocklists/pull/2176
||kmspico.de.download.it^$document
||kmspico.to^$document
||official-kmspico.com^$document
||dlhk.acehprov.go.id^$document
||softwared.click^$document
||kmsauto.org^$document
||kmsauto.pw^$document
||kmsavto-net.ru^$document
||kmsauto.xyz^$document

! https://github.com/hagezi/dns-blocklists/pull/2184
||safety-andro1d-n0tice.co^$all
||unhaka.com^$all
||safety-andr-sys.info^$all

! https://github.com/hagezi/dns-blocklists/pull/2192
||13001.ru^$document
||ctrl02.ru^$document
||12001.ru^$document
||supos911.org^$document
||supos123.org^$document

! https://github.com/hagezi/dns-blocklists/pull/2213
! https://github.com/hagezi/dns-blocklists/pull/2212
||dhl-de-track-ui.cc^$all
||dhl-de-track-uo.cc^$all
||dhl-de-track-uu.cc^$all

! https://github.com/hagezi/dns-blocklists/pull/2211
||eyx092.github.io^$document
||davbuckgenerator.weebly.com^$document
||gemsforfree.com^$document
||hackzone.me^$document

! https://github.com/DandelionSprout/adfilt/commit/2b0705861bde02511e1fdd72edf470b2811ecb8c#r138964973
||githubtalentcommunity.online^$all
||jobs.githubtalentcommunity.online^$all

! https://github.com/hagezi/dns-blocklists/pull/2221
||modyolo.com^$all
||googlesavedata.ru^$all

! on url from https://github.com/easylist/easylist/issues/18489#issuecomment-1962261575, appears to be malvertising
||thaudray.com^$all

! https://github.com/xRuffKez/dns-blocklists/commit/9cf8a68e82a5fed10991a2e0a34bf84265960ce7
||giveawayscord.xyz^$all

! https://github.com/durablenapkin/scamblocklist/issues/76
||fundatingquest.fun^$all
||i.fundatingquest.fun^$all
||b.fundatingquest.fun^$all
||a.fundatingquest.fun^$all
||h.fundatingquest.fun^$all
||f.fundatingquest.fun^$all
||c.fundatingquest.fun^$all
||e.fundatingquest.fun^$all
! https://tria.ge/240224-zxewqafc9v/behavioral1
||sharlalias.click^$all
||mysuperdatingforyou.life^$all
||chat-o-live.com^$all
! https://tria.ge/240224-1ygx5sgc8v/behavioral1
||rozaholshouser.cfd^$all
! https://tria.ge/240224-2lmtasgh3v/behavioral1
||eshaalfawson.shop^$all
! https://tria.ge/240225-qwh3badf7t/behavioral1
||kristidamon.beauty^$all
! https://tria.ge/240227-njbflafh8z/behavioral1
||bethanytunks.skin^$all
||localdatez.com^$all
! https://tria.ge/240227-n4apssga94/behavioral1
||leoniaivey.site^$all
! https://tria.ge/240229-bc1qpahg3t/behavioral1
||brooklynalam.mom^$all
! https://tria.ge/240229-pc7e5age5x/behavioral1
||alisonsweigert.mom^$all
! https://tria.ge/240301-vmx74aaf67/behavioral1 (cloudflared)
||alexiaurlanza.skin^$all
! https://tria.ge/240402-nthmnagg5z/behavioral1
||lonnabritton.skin^$all
||datingcompass.fun^$all
||a.datingcompass.fun^$all
! fake users with profile pics stolen from porn site, payment required before contacting/replying to these users
||40PlusShag.com^$all
||delivery.40plusshag.com^$all

! https://github.com/hagezi/dns-blocklists/pull/2251
||foreverinprofitmaking.com^$document
||pp.45-61-158-129.cprapid.com^$document
||globalserviceslogistics.com^$document
||luxurysgift.com^$document
||athletic-harmony.com^$document
||knkpublishingsoftware.com^$document

! spam email -> https://tria.ge/240229-psnyqahe45/behavioral1
||obses-sion.info^$all

! https://github.com/AdguardTeam/AdguardFilters/issues/173830
||midsummer.pw^$all
||mb38.com^$all

! https://github.com/braveinnovators/ukrainian-security-filter/pull/7
||sportloto-1.co^$document
||retiva-bet777.com^$document
||parik24.win^$document
||oshad24.biz.ua^$document
||monoslot3.com^$document
||diamondclub.casino^$document

! email spam
! https://tria.ge/240301-xm9x1abg6s/behavioral1
||jammingdate.life^$all
||madchenradar.life^$all
||honey-love-here.com^$all
! https://tria.ge/240302-1sdnjahg6s/behavioral1
||hotmarydate.life^$all
! https://tria.ge/240305-nezbvsec94/behavioral1
||naughty-webs.life^$all
! https://tria.ge/240305-nq59jsef93/behavioral1
||hookarts.life^$all
||mx2.hookarts.life^$all
! https://tria.ge/240305-nyp8aseh65/behavioral1
||tacky-canopy.info^$all
||mail.tacky-canopy.info^$all
! spam sending servers
||176.123.11.26^$document
||141.11.178.3^$document
||91.199.133.104^$document

! https://cyberplace.social/@GossiTheDog/112031492191698112
||193.17.183.123^$all

! https://github.com/hagezi/dns-blocklists/pull/2271
||heytrhrerght.buzz^$document
||meryruytss.buzz^$document
||rus-loto.premium-gifts-2024.xyz^$document
||s7txw.removalsinrotherham.co.uk^$document
||suiueopzgd.dlnhighpressurecleaningservicesltd.co.uk^$document
||tutyutyutyu.buzz^$document
||v9xq2.shop^$document

! https://github.com/uBlockOrigin/uAssets/issues/22757
||jobs.trustaffingpartners.com^$document,popup

! https://github.com/hagezi/dns-blocklists/issues/2288
||revancedapps.com^$all
||revancedapp.download^$all
||www.revancedapp.download^$all

! https://github.com/uBlockOrigin/uAssets/issues/22765
||free-service.hubside.fr^$all
||freezimail.hubside.fr^$document
||zimbrafreemail.hubside.fr^$document
||zimbra-inbox.hubside.fr^$document
||free-mobile241.hubside.fr^$document
||compte-free.hubside.fr^$document
||pointsfreemobile.com^$document
||espacefidelitefree.fr^$all
||free-mob2584.hubside.fr^$all
||web-free.hubside.fr^$all
||zimbra-free-com.hubside.fr^$all
||zimbra-free-com.$document,domain=~translate.goog
||free-mobi20i2582.hubside.fr^$all
||zimbra-free-email.hubside.fr^$all
||freezimbra.hubside.fr^$all
||web0mail.hubside.fr^$all
||free-mobile0021547.hubside.fr^$all
||free-information.hubside.fr^$all
||mobiles.hubside.fr^$all
||freemailzimbra.hubside.fr^$all
||rivita3106felibgcom.hubside.fr^$all
||info-free.hubside.fr^$all
||emails-free.hubside.fr^$all
||freema.hubside.fr^$all
||free-zimbra.hubside.fr^$all
||free-mobile1540478.hubside.fr^$all
||freewebzim.hubside.fr^$all
||acceder-a-mon-free.hubside.fr^$all
||my-acount-free.hubside.fr^$all
! my analysis: https://tria.ge/240305-2bg53abb8x/behavioral1
||shopflarehub.com^$all

! https://github.com/hagezi/dns-blocklists/issues/2293
! https://www.bleepingcomputer.com/news/security/hacked-wordpress-sites-use-visitors-browsers-to-hack-other-sites/
||dynamiclink.lol^$all
||dynamic-linx.com^$all

! https://github.com/RPiList/specials/issues/1500
||casino-ice.fun^$document
||fortuneadvert.com^$document
||lalielynaualish.com^$document

! https://github.com/hagezi/dns-blocklists/issues/2304
||vast-conexxion.com^$all
||bllthbatnthes.life^$document
||kuualosd.bllthbatnthes.life^$all

! https://tria.ge/240309-p8f8tagc55/behavioral1
||arcanecheat.com^$all
||www.arcanecheat.com^$all
||95.216.253.55^$all

! https://github.com/hagezi/dns-blocklists/issues/2313
||moddetail.com^$document
||cvbuilder.staging.standout-cv.com^$document
||liveinfo.xyz^$document
||ww3.weweekly.us^$document
||timesofeuropnews.com^$document
||cards2024.org^$document
||getaccess.w3spaces.com^$document
||ourhealthy.life^$document
||klospike.online^$document
||re-captha-version-3-16.live^$document
||kimona01.com^$document
||getspins.info^$document
||storage.canalblog.com^$document
||vbbv.store^$document
||vibuxion.top^$document
||rangerbow.world^$document
||qrcodes.pro^$document
||a.re-captha-version-3-16.live^$document

! https://github.com/hagezi/dns-blocklists/issues/2317
||rewards-emirates.com^$document

! https://blog.sucuri.net/2024/03/new-malware-campaign-found-exploiting-stored-xss-in-popup-builder-4-2-3.html
||traveltraffic.cc^$all
||ttincoming.traveltraffic.cc^$all
||cloudsonicwave.com^$all
||host.cloudsonicwave.com^$all

! https://www.virustotal.com/gui/url/f1018be1c6ed9a283196e9ecba431b24d21b74b08a005008cfc94a98cbc63cb7/community
||steam-card50.com^$all
! my analysis: https://tria.ge/240312-z5778sah9w/behavioral1
||stseam.ru^$all
||www.stseam.ru^$all

! https://github.com/durablenapkin/scamblocklist/issues/78
||usspaqn.top^$all
||uspw.usspaqn.top^$all

! https://github.com/hagezi/dns-blocklists/issues/2339
||9-9-8.com^$document
||b.9-9-8.com^$document

! https://infosec.exchange/@jeromesegura/112090382122783994
||aksoaiapk.com^$all
||trelconf.com^$all
||avr-energie.com^$all

! https://github.com/hagezi/dns-blocklists/issues/2341
! my analysis: https://tria.ge/240313-zf3apaac75/behavioral1
||uk-news.pro^$document

! https://github.com/hagezi/dns-blocklists/issues/2344
||bnidigital.com^$document
||zillify.cfd^$document
||today.free.nf^$document
||nextmrolympia.com^$document
||an1.is^$document

! https://github.com/hagezi/dns-blocklists/issues/2345
||spacex-starship.org^$all

! https://tria.ge/240315-p28dqagf5z/behavioral1
||spacexgive.org^$all

! https://tria.ge/240318-a5v58sca59/behavioral1
||ccukycu-alert.online^$all

! https://github.com/hagezi/dns-blocklists/issues/2365
||new-s24.click^$document

! https://github.com/blocklistproject/Lists/issues/1199
||steamcommumtiy.com^$document

! https://github.com/hagezi/dns-blocklists/issues/2381
||wwss.pages.dev^$document

! https://github.com/hagezi/dns-blocklists/issues/2405
||usps-delivery-a.com^$all

! https://github.com/uBlockOrigin/uAssets/issues/23084
||fitgirltorrent.com^$all
||fitgirltorrent.$document

! https://github.com/durablenapkin/scamblocklist/issues/81
||sxlph.site^$document
||globe.sxlph.site^$document

! https://tria.ge/240401-nwc5ysea52/behavioral1
||doge-coin24.org^$all

! https://github.com/hagezi/dns-blocklists/issues/2425
||fling-trainer.com^$document

! https://github.com/hagezi/dns-blocklists/issues/2422
||sonicglyde.com^$document

! https://infosec.exchange/@jeromesegura/112214506870744443
! https://www.malwarebytes.com/blog/threat-intelligence/2024/04/bing-ad-for-nordvpn-leads-to-sectoprat
||nordivpn.xyz^$all
||besthord-vpn.com^$all
||45.141.87.216^$all

! https://github.com/durablenapkin/scamblocklist/issues/82
||account-cfe.mx^$document

! https://vid.puffyan.us/watch?v=h0_L4BApOdA
! my analysis: https://tria.ge/240409-2aenjsee49/behavioral1
! my analysis: https://tria.ge/240409-2bwnfsaa5z/behavioral1
||gooq1e.com^$all
||ecmokdtj.com^$document
||apk.ecmokdtj.com^$document

! https://github.com/hagezi/dns-blocklists/issues/2506
||grapheneos.fr^$all

! https://unit42.paloaltonetworks.com/cve-2024-3400/
||172.233.228.93^$all
||144.172.79.92^$all
||nhdata.s3-us-west-2.amazonaws.com^$all
||66.235.168.222^$document
||110.47.250.103^$document
||126.227.76.24^$document
||38.207.148.123^$document
||147.45.70.100^$document
||199.119.206.28^$document
||38.181.70.3^$document
||149.28.194.95^$document
||78.141.232.174^$document
||38.180.128.159^$document
||64.176.226.203^$document
||38.180.106.167^$document
||173.255.223.159^$document
||38.60.218.153^$document
||185.108.105.110^$document
||146.70.192.174^$document
||149.88.27.212^$document
||154.223.16.34^$document
||38.180.41.251^$document
||203.160.86.91^$document
||srgsd1f.842b727ba4.ipv6.1433.eu.org^$all
||edcjn.57fe6f5d9d.ipv6.1433.eu.org^$all
||srgsdf.842b727ba4.ipv6.1433.eu.org^$all
||45.121.51.2^$all

! https://github.com/jarelllama/Scam-Blocklist/issues/314
||dehoe.top^$all

! https://infosec.exchange/@jeromesegura/112294111264356672
! my analysis: https://tria.ge/240418-zee4rsfe2x/behavioral1
||notilon.co^$all
||sivaspastane.com^$all
||utm-adrooz.com^$all
||startupzonechanpatia.com^$all

! from Ryan Brown
||popupblocker-download.com^$document
||popupblockernow.com^$document
||popupgoldblocker.net^$document
||popupsblocker.org^$document

! https://github.com/hagezi/dns-blocklists/issues/2549
||sadostic.pl^$document

! https://forums.malwarebytes.com/topic/311280-hacked-by-discord-scam/
! my analysis: https://tria.ge/240425-vpgywsda35/behavioral1
! my analysis: https://www.hybrid-analysis.com/sample/15f5fd080befe91766cb1b31f3a6af15e6dfb63c80a0d00ec8b85ca0c5940504?environmentId=160
||cosmicbetrayers.com^$all
||www.cosmicbetrayers.com^$all
||4.228.216.231^$all

! https://github.com/RPiList/specials/issues/1554
||myhermes-sendungs.com^$document

! https://archive.is/EDp03
! https://tria.ge/240427-1vhehahg3x/behavioral1 (CloudFlared)
! https://www.virustotal.com/gui/file/0f810bea02ae97cb015dc0de510892f3f83a9ddc969c1f261adf8a8bd5716862
! https://bazaar.abuse.ch/sample/0f810bea02ae97cb015dc0de510892f3f83a9ddc969c1f261adf8a8bd5716862/
! https://urlhaus.abuse.ch/url/2829815/
||torontohack.fun^$all
||mediafire.com/folder/ux0dk7ist85e1/F0LDER^$all
||mediafire.com/file/7os5cx2x4rp70nm/UPL0ADER.7z/file^$all
||productivelookewr.shop^$all
||tolerateilusidjukl.shop^$all
||shatterbreathepsw.shop^$all
||shortsvelventysjo.shop^$all
||incredibleextedwj.shop^$all
||alcojoldwograpciw.shop^$all
||liabilitynighstjsko.shop^$all
||demonstationfukewko.shop^$all

! https://forums.malwarebytes.com/topic/311316-rtp-detection-outbound-connection-from-explorerexe/
! https://threatfox.abuse.ch/ioc/1263183/
||greatnessappreviews.com^$all

! https://forums.malwarebytes.com/topic/311502-windows-10-infected-with-malware-that-malwarebytes-cant-find/
||percumannue.com^$all

! https://infosec.exchange/@th3_protoCOL/112360917153667995
||appauthentiflcator.digital^$all
! TODO: Recheck (was dead when added)
||authentlcatcodes.icu^$all

! https://github.com/RPiList/specials/issues/1559
||dlhpostsup.top^$all

! https://www.virustotal.com/gui/url/52e1dc85a5cec6eb0410bfa2884ee4d55a1934dc0b451a4e29cdba26ae840b9b/community
! my analysis (behind CloudFlare): https://tria.ge/240507-zpcrdsfc7w/behavioral1
||mundotatuajes.info^$all
||mine.mundotatuajes.info^$all

! https://rmceoin.github.io/malware-analysis/2024/05/07/clearfake2.html
||akademipraktik.com^$all
||rtattack.baqebei1.online^$all
||valentinedaycard.com^$all

! from D4niloMR
||redecanaistv.dev^$document

! https://github.com/StevenBlack/hosts/issues/2650
! https://tria.ge/240511-p57xcsbf55/behavioral1 (behind CloudFlare)
||urdxh.com^$all

! https://github.com/uBlockOrigin/uAssets/issues/23655
||hypernitro.ru^$all
||nitrohunt.com^$all

! scam text: "Since the package does not have a house number, the package transportation is interrupted, please update  https[://]urgug[.]com"
||urgug.com^$all

! https://forums.malwarebytes.com/topic/311937-infected-by-a-game-sent-via-discord/
||awabi.prairievoidly.top^$all
! CNAME
||1b14e0ee42d5e195c9aa1a2f5b42c710.com^$document

! https://community.snowflake.com/s/article/Communication-ID-0108977-Additional-Information (via https://cyberplace.social/@GossiTheDog/112536508653320169)
||104.223.91.28^$document
||198.54.135.99^$document
||184.147.100.29^$document
||146.70.117.210^$document
||198.54.130.153^$document
||169.150.203.22^$document
||185.156.46.163^$document
||146.70.171.99^$document
||206.217.206.108^$document
||45.86.221.146^$document
||193.32.126.233^$document
||87.249.134.11^$document
||66.115.189.247^$document
||104.129.24.124^$document
||146.70.171.112^$document
||198.54.135.67^$document
||146.70.124.216^$document
||45.134.142.200^$document
||206.217.205.49^$document
||146.70.117.56^$document
||169.150.201.25^$document
||66.63.167.147^$document
||194.230.144.126^$document
||146.70.165.227^$document
||154.47.30.137^$document
||154.47.30.150^$document
||96.44.191.140^$document
||146.70.166.176^$document
||198.44.136.56^$document
||176.123.6.193^$document
||192.252.212.60^$document
||173.44.63.112^$document
||37.19.210.34^$document
||37.19.210.21^$document
||185.213.155.241^$document
||198.44.136.82^$document
||93.115.0.49^$document
||204.152.216.105^$document
||198.44.129.82^$document
||185.248.85.59^$document
||198.54.131.152^$document
||102.165.16.161^$document
||185.156.46.144^$document
||45.134.140.144^$document
||198.54.135.35^$document
||176.123.3.132^$document
||185.248.85.14^$document
||169.150.223.208^$document
||162.33.177.32^$document
||194.230.145.67^$document
||5.47.87.202^$document
||194.230.160.5^$document
||194.230.147.127^$document
||176.220.186.152^$document
||194.230.160.237^$document
||194.230.158.178^$document
||194.230.145.76^$document
||45.155.91.99^$document
||194.230.158.107^$document
||194.230.148.99^$document
||194.230.144.50^$document
||185.204.1.178^$document
||79.127.217.44^$document
||104.129.24.115^$document
||146.70.119.24^$document
||138.199.34.144^$document
||185.248.85.14^$document

! https://github.com/hagezi/dns-blocklists/issues/2854
||joathath.com^$document
||mp3y.info^$document

! https://infosec.exchange/@jeromesegura/112577106338279545 (all credit to Jérôme Segura)
! ads created by "Richard L Riddle Jr", "Brian Hammes", and "Alexander Gubbens" respectively (all fake names)
||angryip.paulistasolar.com.br^$document
||angryipsca.com^$document
||odvanced-ip-scanner.com^$document

! https://infosec.exchange/@goretsky/112589441999545249 (all credit to Aryeh Goretsky)
||lightssplash.shop^$document
||wildwestshine.com^$document

! https://github.com/hagezi/dns-blocklists/issues/2908
||newincomingmessage.com^$document
||zaz4o.securesolidlink.com^$document
||re-captha-version-3-277.buzz^$all
||inboxtext.com^$document

! https://github.com/hagezi/dns-blocklists/issues/2923
||meltedpleasandtws.shop^$all

! https://github.com/hagezi/dns-blocklists/issues/2925
||31xx527.top^$document

! https://github.com/hagezi/dns-blocklists/issues/2936
||midjourney.co^$all

! https://github.com/hagezi/dns-blocklists/issues/2933
||gameportal.casa^$document

! https://github.com/hagezi/dns-blocklists/issues/2934
! https://www.hybrid-analysis.com/sample/df38db6d31b68f19714bfb27b591a1ad778840ac8182cc0c7dfb6405aeb47c6e
||gimp.zendesk.com^$all
! redirect
||truefortnite.com^$document

! https://github.com/hagezi/dns-blocklists/issues/2954
||kmsauto.uno^$all

! https://tria.ge/240620-wcbf1szcle/behavioral1 (behind CloudFlare)
||kmspico.io^$all
||uploader-rars.com^$document
||rcfor4ht.top^$all

! https://github.com/hagezi/dns-blocklists/issues/2955
||kmspico.ws^$all
||kms-full.com^$all
||kms-tool.com^$all
||kmsauto.info^$all
||officialkmspico.com^$all
||ultrasonica.info^$all
||kmspicoofficial.com^$all
||kmspi.co^$all
||kms-pc.com^$all
||thewindowsactivator.com^$all
||rnofor4ht.top^$all
||get-kmspico.com^$all
||getkmspico.com^$all
||heukmsactivator.com^$all
||furykms.com^$all
||kmsofficial.org^$all
||kmspico-official.org^$all
||yasir252.com^$all
||yasir-252.net^$all
||karanpc.com^$all
||getintopc.today^$all

! https://www.esentire.com/blog/adsexhaust-a-newly-discovered-adware-masquerading-oculus-installer
! https://github.com/esThreatIntelligence/iocs/blob/main/AdsExhaust/AdsExhaust_IOCs-6-16-2024.txt
||oculus-app.com^$all
||us5.co^$document
||us11.org^$document
||life2vec.io^$document

! https://github.com/RPiList/specials/issues/1654
||dhl-market-service.com^$document

! https://github.com/hagezi/dns-blocklists/issues/2985
||get-express-vpn.online^$all
||ezadblocker.com^$document
||mfcewkrob.com^$document
||myfood.ltd^$document
||newtab.page^$document
||ourhotposts.com^$all
||popblockplus.com^$all
! https://tria.ge/240625-zxkrzatajh/behavioral1 (behind CloudFlare)
! https://forums.malwarebytes.com/topic/271891-removal-instructions-for-simple-malware-protector/
||simplestar.com^$document
||www.simplestar.com^$document
! https://www.malwarebytes.com/blog/detections/agabreloomr-com
||agabreloomr.com^$all

! https://sansec.io/research/polyfill-supply-chain-attack
||polyfill.io^$all
||cdn.polyfill.io^$all,important
||googie-anaiytics.com^$all
||www.googie-anaiytics.com^$all
||kuurza.com^$all
! https://github.com/iam-py-test/my_filters_001/commit/8589c181964a28b11a9c735fb25e8469381aa8d7#commitcomment-143600813
! https://www.bleepingcomputer.com/news/security/polyfill-claims-it-has-been-defamed-returns-after-domain-shut-down/ (behind CloudFlare)
||polyfill.com^$all
||cdn.polyfill.com^$all
! https://www.bleepingcomputer.com/news/security/polyfillio-bootcdn-bootcss-staticfile-attack-traced-to-1-operator/ (behind CloudFlare)
||polyfill.cloud^$all
||bootcdn.net^$all
||bootcss.com^$all
||staticfile.net^$all
||staticfile.org^$all
||unionadjs.com^$all
||xhsbpza.com^$all
||union.macoms.la^$all
||newcrbpc.com^$all
! https://github.com/uBlockOrigin/uAssets/pull/24255#issuecomment-2198571468
! https://x.com/Polyfill_Global/status/1807333297326113015
||polyfill.site^$all
! owned by polyfillio
||polyfillcache.com^$all
! https://x.com/Polyfill_Global/status/1809122842145141114
! https://infosec.exchange/@iampytest1/112758047955404895
! https://github.com/uBlockOrigin/uAssets/pull/24434
||polyfill.top^$all

! https://github.com/hagezi/dns-blocklists/issues/2987
||apsehick.date^$document
||beacon.apsehick.date^$document

! https://tria.ge/240625-nsm6ra1ajj/behavioral1 (behind CloudFlare)
||composepayyersellew.shop^$all
||publicitycharetew.shop^$all
||computerexcudesp.shop^$all
||leafcalfconflcitw.shop^$all
||injurypiggyoewirog.shop^$all
||bargainnygroandjwk.shop^$all
||disappointcredisotw.shop^$all
||doughtdrillyksow.shop^$all
||facilitycoursedw.shop^$all

! https://www.bleepingcomputer.com/news/security/plugins-on-wordpressorg-backdoored-in-supply-chain-attack/ (behind CloudFlare)
||94.156.79.8^$all

! https://www.malwarebytes.com/blog/news/2024/06/poseidon-mac-stealer-distributed-via-google-ads
||arcthost.org^$all
||arc-download.com^$all
||zestyahhdog.com^$all
||79.137.192.4^$all

! https://github.com/mitchellkrogza/phishing/pull/432
! TODO: Recheck soon
||abcmueblesbogota.com^$all
! my analysis (behind CloudFlare): https://tria.ge/240627-z9agrstgmp/behavioral1
||click2kikc.xyz^$document
||adxproofcheck.com^$document

! https://github.com/uBlockOrigin/uAssets/issues/24284
||earth-ling.org^$all
! TODO: investigate further
||pambi.tech^$document

! https://github.com/hagezi/dns-blocklists/issues/3019
||hsuitehub.com^$document
||teslafond.io^$document
||pump.fun^$document
||ousd-vault.com^$document
||dash.pocketuniverse.app^$document
||avarik.web.app^$document
||ddzk513bd.com^$document
||uprising.kip.pro^$document
||app.jameswoof.com^$document
||miles.plumenetwork.xyz^$document

! https://github.com/hagezi/dns-blocklists/issues/3027
||pl-2906.com^$document
||sntander.pl-2906.com^$document

! https://github.com/hagezi/dns-blocklists/issues/3018
||premium-x-notes.com^$document
||help.premium-x-notes.com^$document

! https://github.com/mitchellkrogza/phishing/pull/433
||dofuspourlesnoobs.com^$document

! https://github.com/hagezi/dns-blocklists/issues/3028
||padsims.com^$document
||pacmoonn.icu^$document

! scam SMS: Since the package does not have a house number, the package transportation is interrupted, please update https://utpwk[.]com/i
||utpwk.com^$all

! https://www.bleepingcomputer.com/news/security/fake-it-support-sites-push-malicious-powershell-scripts-as-windows-fixes/ (behind CloudFlare)
||pchelprwizzards.com^$document
||pchelprwizardsguide.com^$document
||pchelprwizardpro.com^$document
||pchelperwizard.com^$document
||fixedguides.com^$document

! https://gist.github.com/iam-py-test/888d7170f9a7be6f2449d11962914fca
||window-updates-service.com^$all
||www.google.com.859046247270372.window-updates-service.com^$all
||62.138.18.13^$all

! https://github.com/mitchellkrogza/phishing/pull/435
||reluzformaturas.com.br^$all

! https://bazaar.abuse.ch/sample/dd9ec1c6a4be9bd962e1b1bd843d5750ef399c7c7cce60b368f627f5384e7a7c/
! https://www.joesandbox.com/analysis/1466504/0/html#domains
||doddyfire.linkpc.net^$all

! https://github.com/mitchellkrogza/phishing/pull/436
! my analysis (behind CloudFlare): https://tria.ge/240702-3e72bsvglc/behavioral1
||43.156.237.181^$all

! YouTube video titled "ROBLOX EXPLOIT - FREE DOWNLOAD | KRNL SCRIPT EXECUTOR | KEYLESS EXECUTOR [PC 2024]" -> https://tria.ge/240702-3bv8csvepf/behavioral1 (behind CloudFlare) & https://tria.ge/240702-3g8qmszcnp/behavioral1 (behind CloudFlare)
||mediafire.com/folder/ygvzvvks1va0b/F0LDER^$all
||whitegames.pro^$all
||citizencenturygoodwk.shop^$all
||bouncedgowp.shop^$all
||bannngwko.shop^$all
||bargainnykwo.shop^$all
||affecthorsedpo.shop^$all
||radiationnopp.shop^$all
||answerrsdo.shop^$all
||publicitttyps.shop^$all
||benchillppwo.shop^$all
||reinforcedirectorywd.shop^$all
||steamcommunity.com/profiles/76561199724331900^$all

! https://github.com/mitchellkrogza/phishing/pull/438
||ucnlkw.cyou^$all
||usxd.ucnlkw.cyou^$all

! https://github.com/mitchellkrogza/phishing/pull/437
||detiktotocakep.com^$all

! https://github.com/mitchellkrogza/phishing/pull/440
||flyairprestige.com^$all

! https://github.com/hagezi/dns-blocklists/issues/3054
||inpostcloud.buzz^$all

! https://www.virustotal.com/gui/url/b9cb91ff67e9b16ab73b9b1801f046e3554605311d31ae052cc9f38758cc87e6/community
! my analysis (behind CloudFlare): https://tria.ge/240703-sdzy8avfml/behavioral1
||midnightblue-lapwing-207108.hostingersite.com^$all

! https://infosec.exchange/@deepthoughts10/112724980955663171
||qrco.de^$document

! https://github.com/mitchellkrogza/phishing/pull/444
! my analysis (behind CloudFlare): https://tria.ge/240707-tstlesxelh/behavioral1
! my analysis (behind CloudFlare): https://tria.ge/240707-twydsavfmk/behavioral1
||45.207.168.120^$all

! https://github.com/mitchellkrogza/phishing/pull/445
! my analysis (behind CloudFlare): https://tria.ge/240707-3l4bqa1hrn/behavioral1
/lander/6cw/PACKAGE_DEMO.exe^$document
||185.81.115.28^$document
||79.137.197.154^$document
||crypto-wave.net^$document
||crypto-wave.store^$document
||crypto-wave.top^$document
||cutepoochstore.com^$document
||www.cutepoochstore.com^$document
||dubai-never-sleep.agency^$document
||fsqaj.com^$document
||5a94eca1-13d6-4443-924a-ad8ecc9eee15.random.fsqaj.com^$document
||sitemaps.fsqaj.com^$document
||www.fsqaj.com^$document
||michaelconstantinebhanos.com^$document
||www.michaelconstantinebhanos.com^$document
||simplylovingproducts.com^$document
||www.simplylovingproducts.com^$document

! https://github.com/mitchellkrogza/phishing/pull/446
||91.215.85.223^$document
||www.bratiop.ru^$document
||mail.check-time.ru^$document
||www.check-time.ru^$document
||www.dgkhj.ru^$document
||nicoslag.ru^$document
||ftp.nicoslag.ru^$document
||www.nicoslag.ru^$document
||paipaisdvzxc.ru^$document
||www.partaususd.ru^$document
||mail.partaususd.ru^$document
||www.qd34gf23ewrfsd1233.ru^$document
||www.qwertasd.ru^$document
||ns2.qwerty12346.ru^$document
||www.qwerty12346.ru^$document
||hubvera.ac.ug^$document
||mail.pastratas.ac.ug^$document
||ns2.badhabits.ug^$document
||karimgouss.ug^$document
||www.karimgouss.ug^$document
||mail.lastimaners.ug^$document
||www.malayska.ug^$document
||www.marksidfgs.ug^$document
||ns1.mistitis.ug^$document
||www.mistitis.ug^$document
||www.opesjk.ug^$document
||www.opsdjs.ug^$document
||mail.playwell.ug^$document
||www.playwell.ug^$document
||mail.timebound.ug^$document
||ns1.timecheck.ug^$document
||ns2.timecheck.ug^$document
||www.timecheck.ug^$document
||ns1.timekeeper.ug^$document
||triathlethe.ug^$document
||mail.tuskslacx.ug^$document
||www.tuskslacx.ug^$document
||wellplayed.ug^$document
||zxvbcrt.ug^$document
||mail.zxvbcrt.ug^$document

! https://github.com/hagezi/dns-blocklists/issues/3142
||https.com^$all

! https://github.com/uBlockOrigin/uAssets/issues/24486
||chromewebstore.google.com/detail/ublock-pro/fmaicbnbcbjgbpecclcnaehmbpjpdane^$all

! https://github.com/hagezi/dns-blocklists/issues/3278
||upsbezorging.com^$all

! https://github.com/DandelionSprout/adfilt/discussions/779#discussioncomment-10170724
||ww1.aniapi.com^$document

! https://github.com/mitchellkrogza/phishing/pull/466
||45.9.74.36^$document
||cloudslimit.com^$document
||dailywebstats.com^$document
||hertrud.shop^$document
||hexcrippler.shop^$document
||hiltrunde.shop^$document
||iankian.shop^$document
||ironturner.shop^$document
||kloisa.shop^$document
||leopolfa.shop^$document
||liferacer.shop^$document
||commodityprocess.top^$document
||insights.today-time.sitefind.top^$document

! https://github.com/hagezi/dns-blocklists/issues/3325
! https://github.com/uBlockOrigin/uAssets/issues/24719
! https://github.com/RPiList/specials/issues/1707
||m-isist-emai-nmu-ne-yx8nu6hs7k.vercel.app^$all
||m-isist-emai-nmu-ne-6zft4bsbqh.vercel.app^$all
||m-isist-emai-nmu-ne-qefa68dvbd.vercel.app^$all
||thepatrones.blob.core.windows.net^$all
||xyzxyz55.xyz^$all
||m-isist-emai-nmu-ne-*.vercel.app^$document
! https://github.com/hagezi/dns-blocklists/issues/3331
! https://github.com/uBlockOrigin/uAssets/issues/24726
||vah-cont-in-uou-slyle-com-ay7t6dbmag9vhg8srhj4.vercel.app^$document
! https://github.com/hagezi/dns-blocklists/issues/3354
||pr-ue-ba-de-lsa-bermu-ne-xre4pgczsk.vercel.app^$document
! https://github.com/hagezi/dns-blocklists/issues/3354#issuecomment-2271411954
||pr-ue-ba-de-lsa-bermu-ne-cp5iah7zlw.vercel.app^$document
! https://github.com/hagezi/dns-blocklists/issues/3383
||facebook-google-ygggvmvciad74v9lhi.vercel.app^$document
||facebook-google-vptyyny63pwfipshmm.vercel.app^$document
||facebook-google-15oqyxwtkremqyujsm.vercel.app^$document
! https://github.com/hagezi/dns-blocklists/issues/3429
||w0-eg-d12-de-yd-nka-ne-rklkyazwo0.vercel.app^$document

! https://github.com/mitchellkrogza/phishing/pull/471
||avast-antivirus.com^$all

! https://github.com/hagezi/dns-blocklists/issues/3338
||nudepopsy71c.com^$document
||mamielournes.buzz^$document
||miahershberger.buzz^$document
||sanjuanitaliscano.click^$document
||viktoriadelenick.za.com^$document
! https://github.com/uBlockOrigin/uAssets/issues/24734
||btc24.info^$all

! https://tria.ge/240802-p6fjha1gjd/behavioral1
||allmostgone.life^$all

! https://github.com/hagezi/dns-blocklists/issues/3352
! https://www.youtube.com/watch?v=_rCXxa5MDrE&t=599
||hkdk.events/8cjknac3yxdqk4^$all

! https://github.com/hagezi/dns-blocklists/issues/3374
||softzspot.com^$document
||afiletoget.click^$document
||redis08.sbs^$document
||filexstorage.site^$document
||jourl.live^$document
||sleetposition.website^$document
||funfilenow.com^$document

! https://github.com/hagezi/dns-blocklists/issues/3381
||transiouratwat.com^$all
||undenentionin.com^$all

! https://github.com/mitchellkrogza/phishing/pull/475
||wvvw-dofus.com^$all
||wvvw-ankama.com^$all

! https://www.virustotal.com/gui/url/d119ddc8db04fd33468ad2cad7a8ae526c9c22e670b1c30912d1d12025c58bb9/community
! my analysis: https://tria.ge/240813-nak9favdmr/behavioral1
||private-secureonline.ru^$all

! https://github.com/hagezi/dns-blocklists/issues/3417
! my analysis: https://tria.ge/240815-nm473szcjh/behavioral1
||record-x-center.com^$document
||help.record-x-center.com^$all

! https://github.com/DandelionSprout/adfilt/discussions/932#discussioncomment-10360231
! https://sol.no/nyheter/fatt-denne-meldingen-ikke-klikk/81812194
||sikkerbekreftelse.com^$document
||minsikreboks.com^$document

! https://infosec.exchange/@iampytest1/112973673830959815
! https://tria.ge/240816-zqnv2swgma/behavioral1
||pcidpz.top^$all
||usvu.pcidpz.top^$all

! ---- Scams ----

! fails to disclose it's lack of connection to uBlock *Origin*
! https://infosec.exchange/@iampytest1/111306748409652707
||ublock.org^$document

! https://virustotal.com/gui/url/723d30dcc93ee90f8f04b5cc3c5d07492338c41f7aa62fb2723c7d8b91537338/community
! https://github.com/uBlockOrigin/uAssets/issues/5854
||ublockerext.com^$all

! This domain has been used for typosquatting, malware, phishing, and scams (redirects to other scam/malware sites as of 17/9/2021)
! curl on 9/5/2021 shows it is still online
! https://www.siteadvisor.com/sitereport.html?url=quatrefeuillepolonaise.xyz
! https://virustotal.com/gui/url/7319b37aff351dc0f0e71dba194b5f21972be9ad072b955a35d27d5af359d5fa/community
! https://virustotal.com/gui/domain/quatrefeuillepolonaise.xyz/detection
! https://safeweb.norton.com/report/show?url=quatrefeuillepolonaise.xyz
! https://www.fortiguard.com/webfilter?q=quatrefeuillepolonaise.xyz
! https://quttera.com/detailed_report/quatrefeuillepolonaise.xyz
! https://www.urlvoid.com/scan/quatrefeuillepolonaise.xyz/
! https://www.mywot.com/en/scorecard/quatrefeuillepolonaise.xyz
! https://github.com/DandelionSprout/adfilt/issues/188
||quatrefeuillepolonaise.xyz^$all
! Related to above
! https://github.com/DandelionSprout/adfilt/issues/188
! https://github.com/DandelionSprout/adfilt/commit/0af1431c8f4cf45e9c27e359edf777b0c9bfa153
||extragifis.site^$all
||captcharesolving-universe.com^$all
! https://virustotal.com/gui/ip-address/5.8.34.26/relations
! https://github.com/DandelionSprout/adfilt/issues/188
||captcharesolver.com^$all
! https://virustotal.com/gui/url/136909c39798eacfc82e58459684619a4b89de8d3dedbe5a3010c5152b670328/detection
! https://github.com/iam-py-test/Assets-001/blob/main/goglenet%20malware
||cpmstatsart.com^$all
! https://github.com/DandelionSprout/adfilt/issues/188#issuecomment-848834204
||instantfwding.com^$all
||103.224.182.251^$all
||catnip.de^$all
||trafcenter.us^$all
||fwdservice.com^$all
! https://securitytrails.com/list/ip/5.8.47.3
! https://safeweb.norton.com/report/show?url=gamesex.fun
! https://www.siteadvisor.com/sitereport.html?url=gamesex.fun
! https://virustotal.com/gui/url/7bedfdd70bd23869a3598186270bcca9e64870842fb95df46da9ed5519e0b41c/detection
||gamesex.fun^$all
! just redirects to another blocked domain
! https://github.com/DandelionSprout/adfilt/issues/188
||kmip.net^$all
||iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com^$all
||204.11.56.48^$document
||goldprize.xyz^$all
! More scam stuff on 27/9/2021
||smartcaptchasolve.top^$all
||cloud-repos.store^$document
||retailproductsusa.com^$all
||www.retailproductsusa.com^$all
! Even more scams - https://github.com/DandelionSprout/adfilt/issues/188#issuecomment-931700117
||findanswersnow.net^$document
||two.findanswersnow.net^$document
||diabasewoodhouse.xyz^$document
||signupandturnyourscreenoffsafepowernow.date^$document
||www.signupandturnyourscreenoffsafepowernow.date^$all
||best-prizes.life^$document
||jsontdsexit.com^$document
||therewardboost.com^$all
||t.therewardboost.com^$all
||natnlconsmrctr.com^$document
||lore.deduce.com^$document
||jpgtrk.com^$document
||pnghst.com^$document
! domains which gogle[.]net redirects to on 17/10/2021
||positivestar.org^$all
||securysearchapp.com^$document
||www1.securysearchapp.com^$document
||mydealprotection.com^$document
||www.mydealprotection.com^$document
! on the same IP & just by looking at them, I can tell they are not legit
||intunes.com^$document
||pple.com^$document
||gimal.com^$document
! 19/11/2022: https://sitecheck.sucuri.net/results/get-the-prize-ht3.live
||get-the-prize-ht3.live^$document

! https://github.com/uBlockOrigin/uAssets/issues/9344
! https://github.com/iam-py-test/Assets-001/tree/main/uiz.io_scam
||uiz.io^$document
! More scam domains found via redirects when clicking on the fake recaptcha
! https://virustotal.com/gui/url/73dae7d74bcdc9099a54b75b904cc45995d85534a313ad65fcc4d9e401b34607/detection
||rewardsavenue.net^$all
! https://virustotal.com/gui/url/d6745ce01da185054bd2125858e75445783976de0e5fa4a445284243830070e7/detection
||rewardsgiantusa.com^$all
! https://virustotal.com/gui/url/9edd33c7a370ba96bf3a7682193e67538984eab9d1b719c2f3042599a4d3d1d5/detection
||rewardgiantztesters.com^$document

! https://github.com/blocklistproject/Lists/issues/513
||gooooooooogle.com^$all

! https://github.com/iam-py-test/investigations/blob/main/2021/10/26/1.md#domains
||p185689.mybetterdl.com^$all
||r-tb.com^$document
||feed.r-tb.com^$all
||t.r-tb.com^$all
||cdn.hoood.info^$document
||barah-flo.com^$document
||beta-one.net^$all
||ny-t.r-tb.com^$all
||pisism.com^$document
||security-scanner.xyz^$all
! https://github.com/iam-py-test/investigations/blob/main/2021/10/26/1.md#html-captures
||news-back.org^$document
||www1.news-back.org^$all
||www2.news-back.org^$all
||www3.news-back.org^$all
||www4.news-back.org^$all
||www5.news-back.org^$all
||www6.news-back.org^$all
||www7.news-back.org^$all
||www8.news-back.org^$all
||www9.news-back.org^$all
||www10.news-back.org^$all

! https://github.com/DandelionSprout/adfilt/pull/289
||gogles.com^$all
||flexroll.online^$document
||army-glo.scrollingsystem.com^$document
! ||www.kqzyfj.com^$all
! ||kqzyfj.com^$all
! ||cj.dotomi.com^$all
||mcafee12.tt.omtrdc.net^$document
! https://virustotal.com/gui/ip-address/70.32.1.32/relations
||clk.rtpdn14.com^$document
||cd.org^$document

! https://github.com/uBlockOrigin/uAssets/issues/9848#issuecomment-907855092
! https://virustotal.com/gui/url/1671d2b14f2baed1438176929ba9908270f26e41f7b17c0ce0a85bd5e9c20f35/detection
! https://virustotal.com/gui/url/0eca172b2f35f81e0f222dbdf261a100c7897f734c7ba43920b67c4cddd6f8c9/detection
||get-cracked.com^$all
! More related domains/urls
||tinyurl.com/gp84uz2^$document
||mediafiire.com^$document
||www.mediafiire.com^$all
||www.onlinepromotionsusa.com^$all
||onlinepromotionsusa.com^$all
||w.promotionsonlineusa.com^$all

! https://github.com/uBlockOrigin/uBlock-issues/issues/1774
! https://github.com/iam-py-test/investigations/blob/main/2021/10/28/1.md
||slobodapatient.me^$all
||www.slobodapatient.me^$all
||ppcnzi.xyz^$document
||www.ppcnzi.xyz^$document
||eritokyo.jp^$document
||cpanlyzr.co^$document
||www.cpanlyzr.co^$all
||rewardzoneusa.com^$all
||contact.rewardzoneusa.com^$all
||reward3spot.com^$all
||www.reward3spot.com^$all
||order-safely.com^$document
||www.order-safely.com^$document
||followlink.click^$document
||systemupdatecontrol.com^$all
||us.systemupdatecontrol.com^$all
||ryderftv.co^$document
||www.ryderftv.co^$all
||publishers.revenueuniverse.com^$document

! https://scammer.info/t/noteit-scam/82283
||pautils.online^$document

! https://scammer.info/t/usps-spam/83368
||www.wutaideng.wang^$document

! https://github.com/DandelionSprout/adfilt/issues/63#issuecomment-974886953
||datingmap.top^$all
||e.datingmap.top^$all
||tonightshookup.com^$document
||members.tonightshookup.com^$all
||t.tonightshookup.com^$all
||yourladiefun.life^$all

! Scam and fake Roblox hacks
||gghacks.com^$all
! Scam websites opened - put in redirect order
||armanfiles.com/show.php?cl=true&l=971524&u=228373&id=23694$all
||www.rewardsgiantusa.com^$all
! Asks for personal data (name,address,birthdate,gender,email), claims you will get a "reward", never provides hack
||promotionsonlineusa.com^$all
||r.promotionsonlineusa.com^$all
! More scams
||displayoptoffers.com^$all
||www.displayoptoffers.com^$all
||www.yrxtrk.com^$document
||sweepstakesalerts.com^$document
||play.sweepstakesalerts.com^$document
||www.stash.com^$document
||www.qualityhealth.com^$document
||qualityhealth.com^$document
||consumerproductsusa.com^$document
||www.consumerproductsusa.com^$document

! https://github.com/iam-py-test/investigations/blob/main/2021/11/21/1.md
! https://github.com/hagezi/dns-blocklists/issues/241
! ||yasir252.com^$all
! ||www.yasir252.com^$all
||safelink.kadal.club^$document
! https://forums.malwarebytes.com/topic/285824-malicious-disk-image-file-iso/ --> https://virustotal.com/gui/url/20ef8f13f6ed4f2ad0f25c4d98c5ba213223dd95d18ae31494b5df4305fc7a6c
||iclickcdn.com^$all
||bedrapiona.com^$all
||dozubatan.com^$all
||onmarshtompor.com^$all
||chultoux.com^$document
||yonhelioliskor.com^$document
||ptauxofi.net^$document
||betshucklean.com^$document
||buncoswosh.com^$document
||b58ncoa1c07f.com^$document
||t.avroute01.com^$document
||gammamkt.com^$document
||leadgentrk.com^$document
||chirkacylal.com^$document
! https://github.com/AdguardTeam/AdguardFilters/issues/122055
||shoksips.com^$all
! https://tria.ge/230714-tf54paga3y/behavioral1
||adblock-zen-download.com^$all
||adblock-zen.com^$all
||adblockertool.com^$all
||supremeadblocker.info^$all

! https://scammer.info/t/faremart/82671
||faremart.com^$document
||www.faremart.com^$document,image

! https://github.com/DandelionSprout/adfilt/issues/63#issuecomment-977912975
! https://www.tv2.no/nyheter/14368524/
||alexstewartinternationalltd.rw^$all
||vps.re^$all

! https://www.youtube.com/watch?v=iQiVH533ncM
||avengeradblocker.com^$document
||poweradblocker.com^$document

! https://github.com/iam-py-test/investigations/blob/main/2021/11/25/1.md
||steamkeygiveaway.net^$all
||fasterfiles.net^$all
||inteledirect.com^$all
||turapport-strience.icu^$document
||americanwinnerscircle.com^$all
! https://github.com/uBlockOrigin/uAssets/pull/10599#issuecomment-979356358
||yunosurveys.com^$all

! https://github.com/iam-py-test/investigations/blob/main/2021/11/28/1.md
||reykijnoac.com^$document
||totalnicefeed.com^$all
||omnatuor.com^$all
! https://scammer.info/t/youtube-bot-roblox-scam-39/84530
||freeco.xyz^$all

! https://scammer.info/t/microsoft-phishing-1/84589
||aceelectricalny.com^$all

! https://scammer.info/t/discord-nitro-generator-7/84570
||appninjas.xyz^$all
||www.appninjas.xyz^$all

! https://github.com/DandelionSprout/adfilt/issues/63#issuecomment-986306768
||chess-progress.ru^$document
||ouhastay.net^$all

! https://forums.malwarebytes.com/topic/281514-scam-websites/
||812138.com^$document
||dk-video.xyz^$document
||dj-video.xyz^$document
||gi-video.xyz^$document
||hj-video.xyz^$document
||havmoney.xyz^$document

! https://github.com/uBlockOrigin/uAssets/pull/10804
! https://bbs.kafan.cn/thread-2221500-1-1.html
||88btbtt.com^$all
||musmentportal.com^$all

! https://github.com/DandelionSprout/adfilt/issues/63#issuecomment-988127908
! https://www.tek.no/i/lVeQAe/
! https://www.nkom.no/aktuelt/ikke-trykk-pa-lenker-i-sms--for-du-er-helt-sikker/
||eccolabgroup.com^$all
||galerijajava.ba^$all
||p-stn.net^$all

! scam dating sites
||casualdating.com^$document
||iflirts.com^$document
||www.iflirts.com^$document

! fake notification scams
||ourcoolstories.com^$all
||javsidblog.com^$document
||link-split.com/view/tnAhAq30D4^$document
||cagothie.net^$document

! https://github.com/iam-py-test/investigations/blob/main/2021/12/9/1.md
||0s.click^$document
||0ffer.icu^$document
||0pen.online^$document

! https://github.com/iam-py-test/investigations/blob/main/2021/12/12/1.md
||onlineenglishteacher.co^$document

||www.fling.com^$document

! either redirects to random websites or scams
||lekms.com^$document
||yourcoolfeed.com^$all

! fake MediaFire websites
||songlos.com^$document
||royaltees.co^$all
||findes.co^$document
||vitafox.findes.co^$document
||supersong.nl/upload/6277.rar^$all
||monkeyselite.tonick.co^$document
||kitago.info^$all
||herezfile400.weebly.com^$all
||hereeup447.weebly.com^$all
||yaihxj.knewdayfull.top^$all
||knewdayfull.top^$document
||4lgx4.bemobtrcks.com^$document
||hugewifesilver.top^$document
||ge6s.com^$all
||sitexchange.causeart.co^$all
||yellowmother374.weebly.com^$all
||myhayward.us^$all
||tiborola.info^$all
||artbistro.us^$all
||myhypeposts.com^$all
||onlynewstoday.com^$all
||payments4u.org^$all
||freeiphone.info^$all
||static.cdnativepush.com/contents/s/7f/95/8c/2488823c2d95d7162ff723c840/01192333514141.png^$all
||static.cdnativepush.com/contents/s/04/d8/68/c0dd305c8a79b01ae4f24672ac/01477976446043.png^$all
||flummer.geppe.us^$all
||tuckets.moanas.us^$all
||static.cdnativepush.com/contents/s/b8/4e/1d/153294973f0fff7258e8f43d7c/0647024544646.jpeg^$all
||static.cdnativepush.com/contents/s/d2/3f/93/7fe562c37a9a7a6af5df460ee7/0490618650236.png^$all
||ssp-creatives.askprivate.com/prod/images/33242825/en/69dcb41b14c0449dbc67b998ca5b0c94.jpeg^$all
||ssp-creatives.askprivate.com/prod/icons/33242825/en/8bb2cd79c7dd45eb8075d0127f8d8331.jpeg^$all
||zxzfic.weebly.com^$all
||iminna.info^$all
||bloghunter.aaguatemala.org^$all
||abated-hamate.xyz^$all
||api.pushnami.com/scripts/v2/pushnami-sw/5e4bf7d0e7585f1f723a7243^$all
||cleveradult148.weebly.com^$all
||forexever451.weebly.com^$all
||ourcoolposts.com^$all
||bitnew695.weebly.com^$all

||www.iztzo.com^$all
||iztzo.com^$all
||gomusic.info^$document
||myprotectionsurveys.com^$document
||www.myprotectionsurveys.com^$document
||ouphouch.com^$all

! https://github.com/iam-py-test/investigations/blob/main/2021/12/14/1.md
||onemacusa.net^$all
! random .xyz domains which just don't look legit
||cp2s.xyz^$all

! https://scammer.info/t/snapchat-spam-click-link-don-t-link-investigate-please/85620
||hotglrls.net^$document
||nvoddn.hotglrls.net^$all
||hushlove.com^$all
||jucydate.com^$document
||w17veh63m7o8s4ncihd1jq8i.people-wet.com^$document

! https://scammer.info/t/stupid-ass-scammers-lol/85601 (support[@]clickgadgets[.]club)
||bit.ly/3DWxMNv^$all
||clickgadgets.club^$all

! scam website with only fake links
||crackthisgame.com^$document
||pseepsie.com^$document

! pretty sure this is a porn scam
||carnalcams.com^$document
||www.carnalcams.com^$document
! the register form doesn't do anything after entering data, just redirect back to the start
||fbookhookups.com^$document
||fuckpal.com^$document
! seen in scam ads
||fuck-me.io^$document

! https://scammer.info/t/youtube-comment-spam/85737
||acceptww.com^$all
||0.acceptww.com^$all
||8.acceptww.com^$all

! https://github.com/DandelionSprout/adfilt/issues/288
||discordap.com^$all
||forwrdnow.com^$document
||7lyonline.com^$document
||safelyonline.net^$document
||get.safelyonline.net^$all
||browse-safe.net^$document
||get.browse-safe.net^$all
||btpnative.com^$document
||besty-deals.com^$all
||data-px.services^$document
||live.newsvot.com^$document
||adalgard-wol.com^$all
||secure-access-981cd52a6hqpm8e2.gate23.xyz^$document
||ny-feed.r-tb.com^$document
||clk.hosting-redirect.com^$document

! https://scammer.info/t/cyberpunk-2077-fake-generator/85772
||groups.google.com/g/cyberpunk-steam-key-generator-working-check-now-2022?$document
||groups.google.com/g/cyberpunk-steam-key-generator-working-check-now-2022/$document
||ragamer.com^$document

! https://scammer.info/t/nitro-is-handed-there-for-free-scam-7-927-324-30-54/85763
||gift-discords.com^$all

! possible Tech Support Scam
||installmysecurity.com^$document

! "press allow to continue"
||shortnewsinfo.com^$document

! https://github.com/uBlockOrigin/uBlock-issues/issues/1774#issuecomment-1000722777
||viewty.xyz^$all
||landing.marketstm.com^$document

! https://scammer.info/t/1-month-nitro-for-free-take-it-scam/86166
||discrode-gifte.club^$all

! https://forums.malwarebytes.com/topic/282206-scam-websites/
||hu-video.xyz^$all
||bs-video.xyz^$all
||xa-video.xyz^$all
||video-cd.xyz^$all
||gm-video.xyz^$all
||iamoney.xyz^$all
||vbmoney.xyz^$all
||obmoney.xyz^$all
||kcmoney.xyz^$all
||dcmoney.xyz^$all
||lstmoney.xyz^$all
||uamoney.xyz^$all
||tbmoney.xyz^$all
||ecmoney.xyz^$all
||gcmoney.xyz^$all
||xosi.ru/shop-wallets/$document
! https://forums.malwarebytes.com/topic/282206-scam-websites/?do=findComment&comment=1494794
||iglookup.com^$document
||www.iglookup.com^$document

! 'click allow to continue' scam which redirects to random subdomains when the premission is blocked. Also redirects to TotalAV at the end
||8db3p.leadoesnotknowaboutkukuriko.xyz^$all
||leadoesnotknowaboutkukuriko.xyz^$all
! fake antivirus message
||mcafee5.www-safety.com^$all
||weledying-jessed.com^$all

! https://forums.malwarebytes.com/topic/282376-website-giving-spammy-popups/
||tepspr.com^$all
||rplnd10.com^$all

! https://scammer.info/t/youtube-bot/86668
||kingapp.store^$all
||downloadlocked.com^$document
||advantagecircles.com^$document
||iwin.rewardsadvisor.com^$all
||rewardsadvisor.com^$document

! found this while looking for Memz samples - https://user-images.githubusercontent.com/84232764/149638659-8e0e9e91-8d02-4fff-bd0f-af8423550777.png (hxxps://verify-me.club/2004cbf?s1=down1)
||tinyurl.com/45tkeyep^$all
||verify-me.club^$all
! still alive as of 11/11/2022 - https://app.any.run/tasks/f0474f51-6b14-432b-b1f0-98a1137e359c
||verifyme.za.com^$all
||letmik.com^$all
||c.atandmouse.com^$all
||g.atandmouse.com^$all
||atandmouse.com^$document

! "press allow to continue" popup ad
||masstech.info^$all
||windows-secureit.com^$all

! fake game cheat download buttons redirecting to "press allow to continue" and Norton
! also https://forums.malwarebytes.com/topic/287349-my-google-browser-could-be-infected-need-help-removing-it/
||anonmods.com^$all

! fake discord Nitro generator
||us.doctorpost.net^$document

! another fake Nitro generator
||pastebin.com/qwUbwYbq^$all
||richinfo.co^$all
||contact.uplevelrewards.com^$document

! fake download website
||tonxis19.amebaownd.com^$all
||hzaowj3.berilata.ru^$document

! https://github.com/DandelionSprout/adfilt/issues/63#issuecomment-1025251202
! https://github.com/uBlockOrigin/uAssets/issues/11518
||libertatea.net^$document

! fake human verification scam
! start form - reported for abuse
||q.promotionsonlineusa.com^$all
||reward4spot.com^$all
||www.reward4spot.com^$all

! fake download buttons with popups
||cracked-games.org^$all
||prksism.com^$all
! https://virustotal.com/gui/ip-address/18.210.201.44/relations
||antirobotsystem.com^$document

! fake 'no human verification' discord nitro generator
||huffduffer.com^$all
||issuu.com/free-discord-nitro-codes^$document
! still alive as of 11/11/2022 - https://app.any.run/tasks/c4a6e7d3-21da-4274-b262-e08dee1bb3cd
||meine.belohnung24.com^$document
||ideen.belohnung24.com^$document
||iphone.belohnung24.com^$document

! another discord Nitro scam
||linktr.ee/FreeDiscordNitroGift^$all

! "press allow to continue"
||www.kuyhaa-mee.com^$all
||kuyhaa-mee.com^$all
||waystriling.com^$all
||nze0xw.waystriling.com^$all
||581358.waystriling.com^$all
||qyt8pi.waystriling.com^$all
||xiiowt.waystriling.com^$all
||www.upload-4ever.com^$document
||upload-4ever.com^$document
||worldcoolfeed.com^$all

! Fake discord nitro (still alive as of 11/11/2022)
||myget.org/feed/discord-nitro-hack/package/nuget/Free-discord-nitro-codes-2021^$document
||lucymods.com^$all
||gluegames.xyz^$all

! another fake site
||www.aldvingomes.com^$document
||aldvingomes.com^$document
||codegen.fun^$all

! fake discord nitro
||getmecodes.xyz^$all
||filevortex.com/1029130^$all
! https://app.any.run/tasks/73236419-3190-47fa-81f0-8a31bcf48a5b
||minutewinner.com^$document

! Yet another fake discord generator
||jellycheat.com^$all

! https://scammer.info/t/paste-your-discord-nitro-scams-here/89880/2
||discord.birth/kjqsSQDF4qs9f4sK456ds7^$document

! https://www.reddit.com/r/computerviruses/comments/swrrx8/used_a_youtube_to_mp3_downloader_today_and_these/
||unrelered.xyz^$all

! https://web.archive.org/web/20230604183723/https://twitter.com/iam_py_test/status/1496259425493225472
||sites.google.com/view/groundworkssolutions/contact-us^$all
||sites.google.com/view/groundworkssolutions/^$all
||sites.google.com/mytv/maintenance^$all

! all the RARs just contained one zero-byte file, so just blocking the confirmed scam part of it (start URL hxxpx[://]bayanhuu[.]com/microsoft-office-2016-full-download[/]
||habitum.xyz^$all
||news-easy.org^$all

! https://github.com/uBlockOrigin/uAssets/issues/11157#issuecomment-1049093327
||sideload.cc^$all

! survey scams
||credly.com/users/free-discord-nitro-codes/badges^$document
||psp-haxors.com^$all
||gripclicks.com^$all
! https://app.any.run/tasks/a3abdf35-fa15-4115-91fb-cfc5c1e45ff4
||omnioffers.com^$document

! https://virustotal.com/gui/url/98f0186f4d20f3138a4e05f58369019cee8e88153578e3d729b716d8b57c0857/community
||k6pay.top^$document
||h6pay.top^$all
||g6pay.top^$all
||n6pay.top^$document
||c6pay.top^$all

! hxxpx[://]consortiumrecords[.]co/free-tools/download-microsoft-office-365-product-key-crack-updated/
||foradream.top^$all
||h.therewardboost.com^$all
||b.therewardboost.com^$all
||i.therewardboost.com^$all
||s.therewardboost.com^$all
||c.therewardboost.com^$all
||w.therewardboost.com^$all
||z.therewardboost.com^$all
||g.therewardboost.com^$all
||o.therewardboost.com^$all
||u.therewardboost.com^$all
||v.therewardboost.com^$all
||y.therewardboost.com^$all
||m.therewardboost.com^$all
||x.therewardboost.com^$all
||d.therewardboost.com^$all
||j.therewardboost.com^$all
||p.therewardboost.com^$all
||f.therewardboost.com^$all
||a.therewardboost.com^$all
||e.therewardboost.com^$all
||r.therewardboost.com^$all
||k.therewardboost.com^$all
||n.therewardboost.com^$all
||l.therewardboost.com^$all
||q.therewardboost.com^$all
||www.therewardboost.com^$all

! porn scam? asks for personal info and gets stuck in a loop
||dream-singles.com^$document

! even more fake "human verification"
||speedboostpc.com^$document
||unlimitedtools.website^$all

! redirects to already blocked sites
||coub.com/stories/946163-free-discord-nitro-codes-list-all-valid-with-no-human-verification^$document

! scam browser theme
||chrome.google.com/webstore/detail/discord-free-nitro-free-d/ihdnmkbgjnpbkdcammpfokdmncnicfki^$all
||unlock3r.net^$all
||appbase.best/dboost^$all

! looks very shady
||www.taixiu.bet^$document
||taixiu.bet^$document

! https://github.com/AdguardTeam/AdguardFilters/issues/111843
||cybop.net^$document

! https://forums.malwarebytes.com/topic/284608-crypto-giveaway-scams/
||x2-shiba.org/shiba/giveway.php^$document
||ark-today.com/ethgiveaway.html^$document
||ark-today.com/btcgiveaway.html^$document

! https://github.com/DandelionSprout/adfilt/issues/63#issuecomment-1060031240
||webcams-chat.com^$all
||mydirtytinders.com^$all

! yet another fake Discord Nitro Generator
||www.everydaywinner.com^$document
||everydaywinner.com^$document
||generatekey.xyz^$all
||e.9nl.it^$document
||www.monumented.com^$document
! looks like Fox News, to promote something which is probably a scam
||www.livingyourbestlife.co^$document
||livingyourbestlife.co^$document
||foxnewsweatherdaily.com^$document

! https://virustotal.com/graph/gae4b79eddfec44439142fec34bf90890609e118340984dbd855b515b1be9cfc9
||holgerstrehlow.de/discord-nitro-code-generator-no-human-verification.html^$document

! auto-redirect from hxxpx://createwithkrista[.]co/windows/winrar-for-windows-10-64-bit-free-download-with-crack/
||outto.us^$document
! hxxpx://thecornermarket[.]co/free-crack/winrar-64-bit-download-crack/?utm_referrer=https%3A%2F%2Fwww.bing.com%2F
||merchd.rip^$all

! the rest is blocked
||buymeacoffee.com/getcode/discord-free-nitro-generator-no-human-verification-survey^$all

! YAFNG (Yet another fake Nitro generator)
||nitromexyz.xyz^$all
||grptrac.com^$all

! https://app.any.run/tasks/b43b04b3-b8c1-4384-b455-961f427f5379
||h.shyflirttalks.com^$document

! Yet Another fake discord generator
||pota.site-ym.com/global_engine/download_custom.aspx?fileid=c0f7d962-63d2-4ab2-82dd-7582a79c5ba0.pdf&filename=discord2021_gu-36.pdf&blnIsPublic=2&code=blog&sub=add^$document
||gamex.codes^$all
||consumerdigitalsurvey.com^$document

! Reddit spam --> already blocked
||reddit.com/r/Viral_Nova/comments/r1nwxg/free_discord_nitro_generator_hack_no_human/^$document
! Already blocked
||myget.org/feed/hermesses/package/nuget/Free-Discord-Nitro-Hack-No-Human-Verification^$document
||d.promotionsonlineusa.com^$all
! Also blocked
||replit.com/@discordnitross^$document

! https://forums.malwarebytes.com/topic/285189-scam-warnings-of-trojansviruses-via-web-browser-service-workers/
||yourwebshield.com^$all

! https://app.any.run/tasks/a8a589e0-2aee-43f5-9fbe-92dc9e4bfec4
||action.miliated.xyz^$document
||undrininvereb.info^$all

! https://github.com/DandelionSprout/adfilt/issues/63#issuecomment-1094359634
||disq.us/p/2o9pztr^$document
||disq.us/p/2o9qqsl^$document
||disq.us/p/2o9pmyi^$document
||2horney-girls.life^$document
||localdates16s.com^$document
||popupchat-live.com^$document
||bhgfsfh.com^$document

! a "press allow to continue" + fake McAfee
||ultrafastultra.blogspot.com^$all
||tei.ai^$document
||forfrogadiertor.com^$all
||ourdailystories.com^$all

! Fake Discord nitro generator
||acreauburn.com/profile/kyrrwgutzctpad/profile^$document
||www.uplevelreward.com^$document
||uplevelreward.com^$all

! https://github.com/uBlockOrigin/uAssets/pull/12699
||ziltzwebsol.online^$all

! even more fake Discord Nitro generators
||coub.com/stories/946163-free-discord-nitro-codes-list-all^$document
||t.co/5N0H4rfCgL?DiscordNitro^$all
||t.co/5N0H4rfCgL^$document

! Google Group --> Discord Nitro generator
||groups.google.com/g/discord-nitro-generator-free-2021-without-human-verification/c/1MKZDSll9uA?msclkid=7bce476ac87a11eca172b94bbb5a5692^$document
||groups.google.com/g/discord-nitro-generator-free-2021-without-human-verification/c/1MKZDSll9uA^$document
||groups.google.com/g/discord-nitro-hack-generator-no-survey-or-verification^$document
||groups.google.com/g/discord-nitro-hack-generator-no-survey-or-verification?msclkid=316e2fa7c87e11ec972f52d4d5e431fd^$document

! https://github.com/AdguardTeam/AdguardFilters/issues/115955
||family24rx.com^$all
||37.187.88.137^$document
! https://github.com/AdguardTeam/AdguardFilters/issues/115960
||onpharmvermen.com^$all
! https://github.com/AdguardTeam/AdguardFilters/issues/115959
||classpharmenado.com^$document
! https://github.com/AdguardTeam/AdguardFilters/issues/115958
||sale24-pills.com^$document
! https://github.com/AdguardTeam/AdguardFilters/issues/115957
||helppharmlead.com^$document
! https://github.com/AdguardTeam/AdguardFilters/issues/115954
||everypdnsharmacy.com^$document
! https://github.com/AdguardTeam/AdguardFilters/issues/115953
||happypharmproduct.com^$document

! Fake Norton screen
||static.cdnativepush.com/contents/s/69/55/b8/8c4f4e3359518f986fc7970194/0201779526711.png^$all
||static.cdnativepush.com/contents/s/6e/aa/67/726cd9cf6ea6a525bbb628cab3/0303553451413.png^$all
||littlecdn.com/apps/contents/s/e1/43/b6/8d4db17f1838a03992a72e9dbf/01412844174435.png^$all
||gapscult.com^$all

! a fake MediaFire domain
||walkeryellow141.weebly.com^$all
||www.rewards-cards.org^$document
||www.dealskeeper.com^$document
||h.promotionsonlineusa.com^$document

! ads on hxxp://gestyy[.]com/es8jOv
||m.eegeeglou.com^$all

! Discord Nitro generator (fake)
||montaluce.com/profile/dybiivskjcrpe/profile^$all
||filevortex.com/show.php?cl=*&l=*&u=*&id=*^$all
||y.promotionsonlineusa.com^$document

! ads on a site --> https://virustotal.com/gui/url/0871f217f945c993d8624aadd5e718e9bb740096d13fad74d58b3fc3a4fdfda0
||ebaaa.xyz^$all
||uprimp.com^$document
||odaba.live^$all


! a random popup
||lifeimpressions.net^$popup
||d0063d.lifeimpressions.net^$document
||100800.lifeimpressions.net^$document
||fdb51a.lifeimpressions.net^$document
||3ceeb9.lifeimpressions.net^$document

! https://github.com/AdguardTeam/AdguardFilters/issues/121544
||trafredirtds.com^$document

! https://web.archive.org/web/20230604184126/https://twitter.com/iam_py_test/status/1538267982551347200
||may8forstudents.org/free-discord-nitro-codes-list-no-human-verification/^$all
||www.easyrobuxtoday.org^$document
||appinstallcheck.com^$all
||api.pushnami.com/api/push/image/id/61f58059b94aff0015c3e03c^$all

! weird website with some Push Allow To Continue alerts - hxxpx[://]www[.]filefixation[.]com/malwarebytes-pro-crack-serial-keygen-download.html
||filefixation.com^$document
||www.filefixation.com^$document
||deal-warriors.com^$document

! ads
||ffe405491d.28b67b8230.com^$popup
||german0.xyz^$all
||wnprt.club^$all
||kerbians.click^$all

! redirects to scams
||sharefast572.tumblr.com^$all
||tumblr.gotohouse.top^$document
||gotohouse.top^$all

! redirected to scams automatically
||loadingdead.netlify.app^$document
||down.myboxloadneed.top^$all
||myboxloadneed.top^$document

! fake download to scams
||alexisfernandez.doodlekit.com^$document
||doodlekit.gotorange.top^$document

! tech support scam - https://forums.malwarebytes.com/topic/287438-excel-macro-40-abuse-protection-prevents-opening-password-protected-files/?do=findComment&comment=1519928
||ewebprotection.info^$document

! hxxps://iyoutubetomp4[.]com/en/
||img.pushflow.net/creatives/11/6706/1654098151508-push-preview-img.png^$all
||img.pushflow.net/creatives/11/6706/1654098151508-push-body-img.png^$all
||img.pushflow.net/creatives/11/5543/1646745691054-push-preview-img.png^$all
||justtrck.net/run.php^$document

! https://app.any.run/tasks/8125703c-6fdb-49bc-a18c-918e64e83f4d
||nedaugha.buzz^$all
||jarine.co^$all
||nedukeratio.lol^$all
||lsmnz.perfordpetre.xyz^$all
||perfordpetre.xyz^$document

! Discord scam
||challonge.com/discordnitrogenerator/^$all

! Push-Allow-To-Continue
||ptaimpeerte.com^$all
! possible tech support scam, might be dead
||vyredis.bio^$document

! https://github.com/DandelionSprout/adfilt/issues/63#issuecomment-1195654525
! https://github.com/DandelionSprout/adfilt/commit/5ca8e833c7817f2d5929a4adf4792fdcbb822fc0
||k-yw.com^$all

! McAfee-themed scam
||d3f068fvt45f1f.cloudfront.net^$all
||eastrk-dn.com^$all

! Fake giveaway
||teenmas46.tistory.com^$all
||teenymi.tistory.com^$all
||myapplesite.us^$all

! https://github.com/DandelionSprout/adfilt/issues/63#issuecomment-1209782781
! https://app.any.run/tasks/a7cc86ee-a604-4a65-968c-26c237620b2b (nsfw)
||girlluscious.com^$document
||fuckbook.tv^$document

! https://www.youtube.com/watch?v=6e7MsoThffo
||loadnova898.netlify.app^$document
||tonrino.info^$all
||new.bestageoffers2022.com^$document
||d0zi.com^$all
||rewards-cards.org^$document
||x-delivery.icu^$document
||nextsoft.icu^$all

! https://github.com/DandelionSprout/adfilt/issues/63#issuecomment-1218058597
||a2ics.eu^$all

! https://github.com/DandelionSprout/adfilt/issues/63#issuecomment-1230875702
||youtube.com/channel/UCxpXAcML6p3Ns5T9GwEK5hQ^$document
||stils-top.space^$all

! https://github.com/DandelionSprout/adfilt/issues/63#issuecomment-1230939213
||classicsgirl.com^$document

! https://app.any.run/tasks/a24d7146-479f-4b90-b4d6-c9d6e73257a8
||pogothere.xyz^$document
||sihighlyrecom.xyz^$all
||czxcm.sihighlyrecom.xyz^$all
||rwanf.sihighlyrecom.xyz^$all
||zosuc.sihighlyrecom.xyz^$all

! https://forums.malwarebytes.com/topic/290022-malware-from-acaptchalesstop/ <-- No proof, but the domain name looks sus
||captchaless.top^$document
||a.captchaless.top^$all
||pshmetrk.com^$document

! https://virustotal.com/gui/url/d86dda38f96243311df2857966c047be0b4097ed4541ebe28cdc0dfc9e4ff4d2/community
! https://app.any.run/tasks/3c8b1d38-de18-488a-9e3f-62b3354c17e8
||talkweb.org.uk/cl/36889_md/4/5055/3668/710/150935^$document
||haltertrailer.info^$all
||safesecureprotect.com^$all
||trk-magnam.com^$all
||event.trk-magnam.com^$all
||push.trk-deserunt.com^$all
||subscription.trk-deserunt.com^$all
||event.trk-deserunt.com^$all
||trk-deserunt.com^$all
||core.alertsx.com^$all
||alertsx.com^$all
! https://twitter.com/iam_py_test/status/1571997052900413440 (image is age restricted for some reason, thus can't archive)
||medialysticos.live^$all

! Porn scam
||her-cupid.com^$all
||hottieswantu.com^$document
||offers.usabangpalace.com^$document
||w86a5jeili53sd6j26lv71h0.find-singles-online.com^$all
||find-singles-online.com^$document

! https://forums.malwarebytes.com/topic/290348-fake-mcafee-site/
! credit to https://forums.malwarebytes.com/profile/62534-chas4/
||install-network.com^$document
! https://app.any.run/tasks/541d38e7-67d1-46a7-85c8-dfcba7e40761
||fatededers.com^$all

! https://github.com/DandelionSprout/adfilt/issues/63#issuecomment-1257870944
||netbuilding.com.ar^$document

! Push scam shared by https://github.com/Yuki2718
||nextpsh.top^$all

! Scam shared by https://github.com/piquark6046 (https://app.any.run/tasks/c30445b3-cc48-4039-9b02-26289f798b2f)
||54.37.5.34^$document

! redirects from a hacked website
||rx-qualityshop.com^$all
||canadatrustmed.com^$all

! domains used by adfly for notification spam
! https://github.com/DandelionSprout/adfilt/commit/f60df9e069b404ce56727cc1b734b89ba7241849
! https://github.com/AdguardTeam/AdguardFilters/issues/132079
||davisonbarker.pro^$document
||www64.davisonbarker.pro^$document
||www31.davisonbarker.pro^$document
||www10.davisonbarker.pro^$document
||www24.davisonbarker.pro^$document
||www62.davisonbarker.pro^$document
||www87.davisonbarker.pro^$document
||www16.davisonbarker.pro^$document
||www61.davisonbarker.pro^$document
||www50.davisonbarker.pro^$document
||www77.davisonbarker.pro^$document
||www100.davisonbarker.pro^$document
||www85.davisonbarker.pro^$document
||www76.davisonbarker.pro^$document
||www39.davisonbarker.pro^$document
||www28.davisonbarker.pro^$document
||www3.davisonbarker.pro^$document
||www75.davisonbarker.pro^$document
||www78.davisonbarker.pro^$document
||www15.davisonbarker.pro^$document
||www29.davisonbarker.pro^$document
||www70.davisonbarker.pro^$document
||www21.davisonbarker.pro^$document
||www59.davisonbarker.pro^$document
||www25.davisonbarker.pro^$document
||www17.davisonbarker.pro^$document
||www74.davisonbarker.pro^$document
||www99.davisonbarker.pro^$document
||www79.davisonbarker.pro^$document
||www22.davisonbarker.pro^$document
||www94.davisonbarker.pro^$document
||www45.davisonbarker.pro^$document
||www51.davisonbarker.pro^$document
||www98.davisonbarker.pro^$document
||www35.davisonbarker.pro^$document
||www92.davisonbarker.pro^$document
||www12.davisonbarker.pro^$document
||www37.davisonbarker.pro^$document
||www33.davisonbarker.pro^$document
||www68.davisonbarker.pro^$document
||www34.davisonbarker.pro^$document
||davisonbarker.pro/am-push-cps.js$script
||lowrihouston.pro^$document
||www53.lowrihouston.pro^$document
||www44.lowrihouston.pro^$document
||www48.lowrihouston.pro^$document
||www91.lowrihouston.pro^$document
||www57.lowrihouston.pro^$document
||www1.lowrihouston.pro^$document
||www42.lowrihouston.pro^$document
||nathanaeldan.pro^$document
||www97.nathanaeldan.pro^$document
||www61.nathanaeldan.pro^$document
||www48.nathanaeldan.pro^$document
||www4.nathanaeldan.pro^$document
||www86.nathanaeldan.pro^$document
||www84.nathanaeldan.pro^$document
||www50.nathanaeldan.pro^$document
||www39.nathanaeldan.pro^$document
||www16.nathanaeldan.pro^$document
||www44.nathanaeldan.pro^$document
||freddyoctavio.pro^$document
||www63.freddyoctavio.pro^$document
||www70.freddyoctavio.pro^$document
||www16.freddyoctavio.pro^$document
||www36.freddyoctavio.pro^$document
||www21.freddyoctavio.pro^$document
||www68.freddyoctavio.pro^$document
||www72.freddyoctavio.pro^$document
||www86.freddyoctavio.pro^$document
! various domains farmed from adfly
! https://app.any.run/tasks/e18002cc-5207-4834-9e67-08364efb5036
||toido.arrowtoldilim.com^$all

! https://forums.malwarebytes.com/topic/291290-infected-with-chilichicytriecom/
||chilichicytrie.com^$all

! https://app.any.run/tasks/07bb037e-3180-40cd-8f59-b7854cabd601/
||linkedin.com/pulse/free-discord-nitro-generator-verification-maxpro-game-gadget-2022^$all
||cutt.ly/YV9jKsf^$all
||gamegadget2022.blogspot.com^$document
||gifttopsurvey.top^$all
! https://app.any.run/tasks/da8a44c3-965f-4fd6-816d-b5ae16235f62
||winnenmetje.info^$document
||iphone14.winnenmetje.info^$all

! https://virustotal.com/gui/url/7b40e1b7ffc3b710640ae41c529aff18e4c8cded55391d55c34b601912c5a2a2/community
! https://app.any.run/tasks/f0a198be-f4a4-4414-94c5-21ed61ae0264
! https://app.any.run/tasks/6600c704-20f5-4643-a9b7-322673aa7eb4
||www.vbucks-goo.com^$all
||vbucks-goo.com^$all
||take.yunosurveys.com^$all
||www.jpnbgn.com^$document
||789offers.net^$document
||1263dcb80ec5.789offers.net^$all

! https://forums.malwarebytes.com/topic/291952-mb-keeps-finding-same-4-pups/#comment-1541507
||wilycaptcha.live^$document
||a.wilycaptcha.live^$all
||captchasee.live^$document
||captchatotal.live^$document

! https://app.any.run/tasks/c87a34ca-0d2f-43cb-be6d-8f48506bd723
||elooksjustli.one^$all
||ftuyn.ewoverth.buzz^$all

! https://app.any.run/tasks/6bd12a68-ef8e-4e44-9c66-9c8e82cb784c
||2.napublic.com^$all
||napublic.com^$document
||haxbyq.com^$all
||authookroop.com^$document
||dlinkrdr.com^$document
||s.viichxt.com^$document
||getsecures.com^$all
||s.viiqvmfb.com^$document

! porn-related scams
||flirtclub.life^$all
||bumble-me.com^$document
||localhookup5.com^$all
||i.placefordating.live^$all
||placefordating.live^$all
||eroticmadness.com^$document
||jtdn2.datingtopgirls.com^$all
||datingtopgirls.com^$all
||join-the-dating.com^$document
||18hot.pw^$document

! https://app.any.run/tasks/87b656b2-3fd6-4bae-9267-f918ea4189ac
||dating-hotcontacts.com^$all

! https://scammer.info/t/discord-nitro-scam/113648
||132.226.203.60^$all
||iphonediscord.info^$all
||www.iphonediscord.info^$all

! popups from shady URL shorteners
||mediasama.com^$document
||nadjustifygas.com^$document
||ufacw.com^$document
||lyconery-readset.com^$document
||fralstamp-genglyric.icu^$all
||m1dnightclubx.com^$document

! https://app.any.run/tasks/a15bbdd6-64d6-4a49-8457-6fbef1d00872
||form.run/@fortnite-v-bucks-codes-hack-generator-no-human-verification^$all
||belohnung24.com^$all
||techplanet1.com^$all

! https://app.any.run/tasks/5a76864c-7436-4411-afc8-5937e8d1d147#
||form.run/@free-tiktok-followers-fans-likes-generator^$all
! https://app.any.run/tasks/f7cdecba-0b76-4a5f-9d19-c36a453130dc
! https://tria.ge/240411-xhwjtahh93/behavioral1
||nationalconsumerscenter.co.uk^$document
||contact.nationalconsumerscenter.co.uk^$document

! https://forums.malwarebytes.com/topic/292511-phishing-site-for-fake-usps-shipping-validation-information/ (account required)
! https://virustotal.com/gui/url/fdefaa6e73e722536cd080b4e820f8b69b6678d5f0c74268de126d2435369386
||uspftiltedt.info^$all

! https://www.bleepingcomputer.com/forums/t/779953/urambledcom-just-a-nuisance-or-what/
||urambled.com^$all

! https://tria.ge/221208-2zaqwsbg78/behavioral1
! I got some kind of miner/adware and an adware extension! All in one run!
||manualmaestro.com^$all
||holavpninstaller.com^$document
||cdn4.holavpninstaller.com^$all
||perr.holavpninstaller.com^$document
||client.holavpninstaller.com^$document

! https://forums.malwarebytes.com/topic/292800-posiberchoncom-%C2%A0malwarebytes-please-research-and-update-your-virus-db/
||posiberchon.com^$all

! https://app.any.run/tasks/68b82f9e-16f5-4514-8140-ac3df58a3114
||pastebin.com/K5YfahnC^$all
||fastspeed121.xyz^$all
||track.buzz-track.com^$document
||main.smile-keeper.com^$document

! https://app.any.run/tasks/41c5f7b2-250a-4781-86be-e03e56d1a8ed
||telegra.ph/Free-Minecraft-Hacks-No-Virus-Free-Download-08-03^$all
||tlgrph.gotorange.top^$all
||gotorange.top^$all
||puredating.top^$all

! (NSFW) https://app.any.run/tasks/e5a682c3-c4a3-4bb9-abd7-4f6c1cbd22f3
||telegra.ph/Free-Minecraft-Hacks-No-Virus-Free-Download-07-30^$all
||dating-schedule.com^$document
||onlyfucks1s.com^$all
||d.wonderfuldating.top^$all
||wonderfuldating.top^$all
||milf-book.com^$document
||www.casualdates4you.com^$document
||casualdates4you.com^$document

! an infected VM
||dreamyproducts4u.net^$document
||xorror.shop^$document
||getarrectlive.com^$all
||identitysecurecenter.online^$all
||get.securedbrowser.net^$document
||securedbrowser.net^$document
||settings.securedbrowser.net^$document
||www.securedbrowser.net^$document
||search.securedbrowser.net^$document
||microsoftedge.microsoft.com/addons/detail/gfbbhkcipmfiidllnalpchabihdgklnl^$document
||microsoftedge.microsoft.com/addons/detail/secured-browse/gfbbhkcipmfiidllnalpchabihdgklnl^$document
||kms-auto.site^$document
||phenotypeguide.com^$all
||onesocialimpactnow.com^$all
||globaledyta.com^$all
||topcontactinc.com^$all
||adsforcomputertech.com^$all
||pushuworld.com^$all
||jytibarose.xyz^$all
! https://app.any.run/tasks/67907c11-6877-4c38-932f-2cf09ee4e434
||adblock-chrome.net^$all

! https://github.com/uBlockOrigin/uAssets/issues/16000
! https://app.any.run/tasks/195b871c-b9cd-48f8-a7c1-6a53ea943a4b
||z83z9.com^$document
||toftheca.buzz^$all
||zcelv.toftheca.buzz^$all
||fvsuo.toftheca.buzz^$all
||videofon.space^$all
||videofen.space^$all
||video7top.com^$all
||click-videov.com^$all
||click-videot.com^$all
||click-videom.com^$all
||click-videok.com^$all
||click-videoc.com^$all
||video7top.site^$all
||videobtc.space^$all
||videoeth.space^$all
||videofun.space^$all
||videofan.space^$all
||videoton.space^$all
||videosol.space^$all
||ythjhk.com^$all

! https://app.any.run/tasks/e0266815-2e00-42cb-b646-fa7dffb4a5e5
||myget.org/feed/roblox-generator-no-verification/package/nuget/free-robux-generator-no-verification-or-survey-2022-v5153^$all
||deine.belohnung24.com^$all
||spr.belohnung24.com^$all
||expensivesurvey.click^$all
||af.247games.mobi^$document

! a "meet local girls" scam
||easy-sexxx.com^$document

! various scams from one site
||recodetime.com^$all
||updateinfoacademy.com^$all
||updaterglobal.com^$all
||phooking-nearected.com^$all
||deten.live^$all

! https://forums.malwarebytes.com/topic/293205-alexa-support-scam/
||twitter.com/smartdotsupport^$all
||smartdotsupport.com^$document
||privacysearching.com^$document

! probably a Tech Support scam
||bigoven.com/recipe/alexa-helpline-1-855-666-7789-alexa-customer-service-number/2897947^$all

! discord nicro scam
||discordnitrocodegeneratorfree2022nohumanverification.weebly.com^$all
||gainforfree.com^$all

! https://virustotal.com/gui/url/65e7a48f0f2efb758087a0d99e8482a4b3245468e959633493655754fec08f48/community
! https://app.any.run/tasks/58b76078-e35e-46c8-b15e-e187ed375be6
||bubuxflow.com^$all

! https://virustotal.com/gui/url/9c7b98445c0fd303be8604f383b3c940309068ea88b37d3945f4d34bb42d6c57/community
! (nsfw) https://app.any.run/tasks/a8a191ea-0e54-439f-96fd-c04a04150b06
||expresscommusa.com^$document
||flirtingworld.com^$document
||date.sofortdates69.com^$document
||sofortdates69.com^$document

! https://forums.malwarebytes.com/topic/293293-i-clicked-on-something-and-i-got-redirected-to-malicious-website-help/
! https://forums.malwarebytes.com/topic/293294-fake-onlyfans-website/ (account required)
! https://app.any.run/tasks/cb1a672e-c3ed-455a-bc84-4b8bc060ee68
! https://www.hybrid-analysis.com/sample/c3190b42a350a79f2b97af529a8bb57f39b62c9b12367419e71a2d053fb4a5fe
||sexfriendfdr.freeflirtz.com^$document
||freeflirtz.com^$document

! https://app.any.run/tasks/6c4f152f-c5b2-43ab-9b9e-06ae1480c74d
||mnla.biz/resource/dynamic/blogs/20220207_071000_31161.pdf^$all
||cdn.ymaws.com/www.mnla.biz/resource/dynamic/blogs/20220207_071000_31161.pdf^$all
||cldoffers.net^$all

! https://virustotal.com/gui/url/5808655d76b6ad31b7cc15fc266be2acb904ff8512fc1424103a6c54443bd272/community
! https://app.any.run/tasks/f619367b-ba77-4dbb-9046-211758a7f31a (my "analysis")
||viptips4youtoday.world^$document

! typical fake "discord nitro generator"
||an1.fun^$all
||b7ax3cyzhq.com^$all
||thunderfiles.co^$document
||g.luckycashzone.com^$document

! https://forums.malwarebytes.com/topic/293412-possible-fake-malwarebytes-number/
||isixsigma.com/members/malwarebytesmailcxsupport$document

! https://dnstwist.it/
! https://app.any.run/tasks/015824a4-f267-48df-8dde-a7ddd78f167e
||discordt.com^$all
||wildberriessgift.pw^$all

! https://scammer.info/t/viruses-need-to-be-removed-immediately-take-emergency-measures-trojan/117241/3
||install.sunlifestores.com^$document

! https://virustotal.com/gui/url/2dabab937f09b2892f26c995365f64402574c8aa3e2f9750047131ca7a8d73d6
! https://tria.ge/230109-14rdrsbd6t/behavioral1
||lootprime.com^$all
||rdr.mobiletime.net^$all

! https://github.com/AdguardTeam/AdguardFilters/issues/139667 (credit to DandelionSprout for some of these entries)
||500654179.kilpa2017.fi^$all
||yepsimmen.live^$all
||kilpa2017.fi^$all
||51.68.87.229^$all
! resolve to 51.68.87.229
||hillendan.live^$document
||intoobut.live^$document
||logomuado.live^$document
||laxthatpie.live^$document
||nebdanext.live^$document
||drewcorsit.live^$document
||weyeplost.live^$document
||loaditjew.live^$document
||rawsalwet.live^$document
||rugpinchi.live^$document
||tillwoonote.live^$document
||becashcode.live^$document
||absbeatsic.live^$document
||tooldidhurt.live^$document
||crypostmark.live^$document
||varyhurtback.live^$document
||toeastdue.live^$document
! https://github.com/AdguardTeam/AdguardFilters/issues/139667#issuecomment-1383935774
||tapwhomjay.live^$all
! https://github.com/AdguardTeam/AdguardFilters/issues/139667#issuecomment-1387103725
! https://virustotal.com/gui/url/5c74d63d19b8ec82321d352749977e29795a9d074fcdacce3f1c822da28a3bba/detection
||mindkneenay.live^$document
! https://github.com/AdguardTeam/AdguardFilters/issues/139667#issuecomment-1398421015
! https://github.com/AdguardTeam/AdguardFilters/issues/139667#issuecomment-1399002017
! https://tria.ge/230120-1tlersbg8x/behavioral1
||totalrecaptcha.top^$all

! https://github.com/DandelionSprout/adfilt/issues/747
! https://github.com/DandelionSprout/adfilt/commit/f055f89a51e7f9b1bcc58a0013b6207f89594ebe (all credit to DandlionSprout)
||2022crucialcatch.store^$all
||adidascostarica.com^$all
||adidasencostarica.com^$all
||adidasfactoryoutlet-uk.com^$all
||adidasfactoryoutletonline.com^$all
||adsoutletusa.com^$all
||adulttoysale.top^$all
||airjordanshoes.store^$all
||airjordansneakers.store^$all
||alabamacollege.store^$all
||alabamacrimsontide.store^$all
||aldo-sale.com^$all
||aldofactoryoutletcanada.com^$all
||aldoukshoes.com^$all
||allinclearance.com^$all
||aloyogaaustria.com^$all
||aloyogacz.com^$all
||altrafactoryoutletonline.com^$all
||approachmall.com^$all
||arastockistsuk.com^$all
||arizonacollege.store^$all
||arkansascollege.store^$all
||arkansasrazorbacks.store^$all
||asiacenter.sk^$all
||asicousutlet.com^$all
||asicrunningus.com^$all
||asics-outlet-greece.com^$all
||asicscolombiaoutlet.com^$all
||asicsfalabella.com^$all
||asicsoutletnl.com^$all
||asicsoutletsireland.com^$all
||asicssgonline.com^$all
||asicsskosneakers.com^$all
||astroshat.store^$all
||astrosjersey.store^$all
||astrosworldseries.store^$all
||astroswschampions.store^$all
||atl-braves.shop^$all
||atlantabraves.store^$all
||auburncollege.store^$all
||aukarenmillenbest.net^$all
||balansukcheap.com^$all
||baseballhat.store^$all
||baseballjerseys.store^$all
||basketballshoe.store^$all
||bayaayakkabi.com^$all
||baylorbears.shop^$all
||baylorbearsncaa.store^$all
||baylorcollege.store^$all
||begaborschoenensale.com^$all
||bestsclothingsale.com^$all
||billabong-turkiye.com^$all
||billabong-us.com^$all
||billabongoutletstore.com^$all
||billabongoutletuk.com^$all
||billabongromania.com^$all
||billabonguruguay.com^$all
||blundstonefactoryoutletus.com^$all
||bogsoutletie.com^$all
||bossoutletsau.com^$all
||bosssalescheap.com^$all
||bossukcheaps.com^$all
||bossusaclearan.com^$all
||bossusaoutlet.com^$all
||bossusbest.com^$all
||bossusclearan.com^$all
||bostoncollegecollege.store^$all
||bostoncollegeeagles.store^$all
||bostonjersey.store^$all
||bravesjersey.store^$all
||bravesworldseries.shop^$all
||broncosnfl.store^$all
||buccaneersjersey.store^$all
||bucsjersey.com^$all
||bucsjersey.sale^$all
||buffalopolska.net^$all
||bugattishoessaleuk.com^$all
||butypumaoutlet.com^$all
||californiasports.shop^$all
||camperportugal.com^$all
||camperskonorge.com^$all
||camperzapatochile.com^$all
||camperzapatoschile.com^$all
||canadagoosebrasil.com^$all
||cancercatch.store^$all
||carharttfactory-store.com^$all
||cariuma-australia.com^$all
||cariumafactoryoutlet.com^$all
||celticsfan.store^$all
||celticsjersey.shop^$all
||celticsjersey.store^$all
||chacofootwearusa.com^$all
||chaconewzealand.com^$all
||chacooutletswebsite.com^$all
||chacosandalsaustralia.com^$all
||chacoshoesuk.com^$all
||cheapdiesesale.com^$all
||cheappumuk.com^$all
||cheapsclothingus.com^$all
||chgaborschuhe.com^$all
||cincinnatibearcats.shop^$all
||cincinnaticollege.store^$all
||cipomagyarorszag.com^$all
||cipooutlethungary.com^$all
||cityconnect.pro^$all
||cityconnect.shop^$all
||cityconnect.store^$all
||cityconnecthat.shop^$all
||cityconnecthat.store^$all
||cityconnectjersey.store^$all
||cityconnectmlb.store^$all
||clarkcheapuk.com^$all
||clarkclearanus.com^$all
||clarkdiscountus.com^$all
||clarks-ar.com^$all
||clarks-dk.com^$all
||clarks-pe.com^$all
||clarksirelandshop.com^$all
||clarksoutlet-philippines.com^$all
||clarksoutletecuador.com^$all
||clarkssaleturkiye.com^$all
||clarksskonorge.com^$all
||clarksuy.com^$all
||clarkusoutlets.com^$all
||clarusaoutet.com^$all
||clearanclarkusa.com^$all
||clearanlacostus.com^$all
||clearanlacostusa.com^$all
||clearanskecheusa.com^$all
||clearantumius.com^$all
||clearantumus.com^$all
||clemsoncollege.store^$all
||clemsontigers.online^$all
||clemsontigers.store^$all
||clipperton.sk^$all
||coacbestusa.com^$all
||coacoutletsusa.com^$all
||coacoutletusa.com^$all
||coausaclearan.com^$all
||collegeauburntigers.store^$all
||collegebuckeyes.shop^$all
||collegefootballshop.top^$all
||collegegameshop.com^$all
||collegejayhawks.store^$all
||collegejersey.store^$all
||collegencaa.store^$all
||collegepro.store^$all
||collegespartans.com^$all
||collegewolverines.store^$all
||coloradobuffaloes.store^$all
||coloradocollege.store^$all
||columbiafactorysusa.com^$all
||columbiaoutletco.com^$all
||columbiaoutletonlines.com^$all
||columbiasalemalaysia.com^$all
||columbisportsale.com^$all
||columoutletusa.com^$all
||columsportsale.net^$all
||columsportsusa.com^$all
||converse-finland.com^$all
||converse-malaysia.com^$all
||converseirelandshop.com^$all
||converseschweizshop.com^$all
||crucialcatch.online^$all
||crucialcatch.pro^$all
||crucialcatchhoodie.store^$all
||crucialcatchpro.store^$all
||crucialcatchshop.pro^$all
||crucialcatchstore.com^$all
||dallascowboys.sale^$all
||demonia--suomi.com^$all
||demonia-boots-australia.com^$all
||demonia-boots-uk.com^$all
||diadora-schoenen.com^$all
||dieseclothingus.com^$all
||dieselsalebests.com^$all
||dieselsalesfr.net^$all
||diesusoutlet.com^$all
||discountskecheus.com^$all
||discounttumusa.com^$all
||discountumius.com^$all
||dkgaborsneakers.com^$all
||dodgershat.shop^$all
||dodgershat.store^$all
||dodgersjersey.shop^$all
||dodgersjersey.store^$all
||drcanadaoutletstore.com^$all
||dukebluedevils.store^$all
||dukecollege.store^$all
||ecco-canadasale.com^$all
||ecco-turkiye.com^$all
||eccodanmarkwebbutik.com^$all
||eccofactoryoutlets.com^$all
||eccofactoryoutletus.com^$all
||eccofactoryoutletusa.com^$all
||eccooutletukfactory.com^$all
||eccoshoesnz.com^$all
||eccoskonorge.com^$all
||eccsaleusonline.com^$all
||ellumalls.com^$all
||elluthings.com^$all
||encompassmalls.com^$all
||enucuzuggbot.com^$all
||evolutionmalls.com^$all
||exynet.sk^$all
||fanaticsretailer.store^$all
||fanaticsshop.net^$all
||fashioninmall.com^$all
||fightingirish.shop^$all
||fightingirish.store^$all
||firstcoastthings.com^$all
||fitflop-irelandstockists.com^$all
||fitflop-philippines.com^$all
||fitflop-ukoutlet.com^$all
||fitflopfactoryoutlet.com^$all
||fjallravengreece.com^$all
||fjallravenitalia.com^$all
||fjallravenoutletpolska.com^$all
||fjallravenschweiz.com^$all
||fjallraventilbud.com^$all
||floridagators.sale^$all
||floridagators.store^$all
||floridagators.xyz^$all
||floridastatecollege.store^$all
||floridastateseminoles.store^$all
||flylondonportugal.com^$all
||footballstaple.store^$all
||fredperrylojas.com^$all
||fredperrymelbourne.com^$all
||fryefactoryoutlet.com^$all
||fryeshoescanada.com^$all
||gabor-chweiz.com^$all
||gaborbelgique.com^$all
||gaborcanadasale.com^$all
||gaborfactoryoutlets.com^$all
||gaborfactorysoutlets.com^$all
||gaborireland.com^$all
||gaborirelandsale.com^$all
||gaboroutlet-online.com^$all
||gaborpolska.com^$all
||gaborsaleireland.com^$all
||gaborschuheshop.com^$all
||gaborshoeespana.com^$all
||gaborshoesespana.com^$all
||gaborshoesireland.com^$all
||gaborshoesnz.com^$all
||gaborshoesuk.com^$all
||gaborskodanmark.com^$all
||gaborskonorge.com^$all
||gaborsneakers.com^$all
||gaborsuomi.com^$all
||gaborsverige.com^$all
||gaboruksale.com^$all
||gatorscollege.store^$all
||geacahellyhansenoutlet.com^$all
||georgiabulldogs.pro^$all
||georgiabulldogs.shop^$all
||georgiabulldogs.store^$all
||georgiacollege.store^$all
||geoxaustralia.com^$all
||geoxmalaysia.com^$all
||gheteclarksromania.com^$all
||gonzagabulldogs.store^$all
||goodr-australia.com^$all
||goodr-indonesia.com^$all
||goodrphilippines.com^$all
||goodrsingapore.com^$all
||goodrsunglassesmalaysia.com^$all
||goodrsunglassessaleus.com^$all
||goodrsunglassesuk.com^$all
||groundiesshoesuk.com^$all
||gym-shark-usa.com^$all
||gymshark-canada.com^$all
||gymshark-greece.com^$all
||gymshark-ireland.com^$all
||gymshark-southafrica.com^$all
||gymsharkaustria.com^$all
||gymsharkgreeceshop.com^$all
||gymsharksaleus.com^$all
||gymsharkunitedkingdom.com^$all
||gymsharkunitedstates.com^$all
||haglofsrea.com^$all
||haglofstilbud.com^$all
||haglofsturkiye.com^$all
||haglofsusastore.com^$all
||havenshungary.com^$all
||hellyhansencanadasale.com^$all
||hhjacketsfactoryoutlet.com^$all
||hitecayakkabi.com^$all
||hitecchaussure.com^$all
||hitecscarpe.com^$all
||hitecschoenen.com^$all
||hitecskonorge.com^$all
||hitecsouthafrica.com^$all
||hockeyfightscancer.store^$all
||hokairelandsales.com^$all
||hokashoesaustralia.com^$all
||hotsaleclearance.com^$all
||houstonastros.store^$all
||houstonastrosfan.store^$all
||hoyoufat.store^$all
||hoyoufatjersey.store^$all
||hugobossclearanuk.net^$all
||hushpuppies-uk.com^$all
||hushpuppiesshoesoutlet.com^$all
||illinoiscollege.store^$all
||illinoisfightingillini.shop^$all
||illinoisfightingillini.store^$all
||iowacollege.store^$all
||iowahawkeyes.pro^$all
||iowahawkeyes.shop^$all
||iowahawkeyes.store^$all
||iowastatecollege.store^$all
||iowastatecyclones.store^$all
||jackwolfskindubai.com^$all
||japanzarclothes.com^$all
||jayhawkscollege.store^$all
||jeweloutletshopline.com^$all
||jeweloutletshoplus.com^$all
||jewelrylimitedsr.com^$all
||jordanshoe.store^$all
||jordanshoes.store^$all
||josefseibelshoesuk.com^$all
||kamikbootsukstore.com^$all
||kankenportugal.com^$all
||kansasjayhawks.shop^$all
||kansasstatecollege.store^$all
||kansasstatewildcats.store^$all
||karenmillebestus.com^$all
||karenmillensusoutlet.com^$all
||karenmillenusbest.com^$all
||karenmilleusaclearan.com^$all
||karenmilleusasale.com^$all
||karenmilleusastore.com^$all
||katespusoutlet.com^$all
||keds-schuhe.com^$all
||kedsonlineshopnl.com^$all
||keen1uae.com^$all
||keenshoesfactoryoutletsuk.com^$all
||keenuae.com^$all
||kenscottshop.com^$all
||kenscottshopify.com^$all
||kentuckywildcats.shop^$all
||kentuckywildcats.store^$all
||ksgiftshopline.com^$all
||kubasketball.shop^$all
||kurtka-hhsklep.com^$all
||lachargers.store^$all
||lacostcheapuk.com^$all
||lacostclearances.net^$all
||lacostdiscountus.com^$all
||lacosteclearanusa.com^$all
||lacosteuaeonline.com^$all
||lacostsaleusa.com^$all
||lacostusabest.com^$all
||ladodgershat.shop^$all
||ladodgersjersey.store^$all
||lasport.shop^$all
||legginsmexico.com^$all
||lojashushpuppies.com^$all
||longchamp-luxembourg.com^$all
||longchamp-southafrica.com^$all
||longchampbagsonsalecanada.com^$all
||longchampfactoryoutletuk.com^$all
||longchampoutletenligne.com^$all
||longchampoutletsydney.com^$all
||longchampparissoldes.net^$all
||longchampuaedubai.com^$all
||losangelesdodgers.store^$all
||louisvillecardinals.store^$all
||louisvillecollege.store^$all
||lowa-boots-uk.com^$all
||lowakangor.com^$all
||lowaoutlet-usa.com^$all
||lowaslovensko.com^$all
||lsucollege.store^$all
||lsutigers.store^$all
||mango-pakistan.com^$all
||marmot-australia.com^$all
||marmot-schweiz.com^$all
||marylandcollege.store^$all
||marylandterrapins.store^$all
||merrell-outletfactory.com^$all
||merrell-sg.com^$all
||merrell-shoesphilippines.com^$all
||miamicollege.store^$all
||michigancollege.store^$all
||michiganstatecollege.store^$all
||michiganstatespartans.store^$all
||minnesotacollege.store^$all
||minnesotagoldengophers.store^$all
||mississippistatebulldogs.store^$all
||mississippistatecollege.store^$all
||mixedmalls.com^$all
||mizunooutletuk.com^$all
||mlballstar.net^$all
||mlballstarshop.com^$all
||mlbastros.store^$all
||mlbastrosjersey.store^$all
||mlbbaseballhat.store^$all
||mlbbraves.pro^$all
||mlbcap.net^$all
||mlbcapshop.com^$all
||mlbcityconnect.sale^$all
||mlbcityconnect.store^$all
||mlbfansjersey.store^$all
||mlbfanstore.com^$all
||mlbhat.sale^$all
||mlbhat.store^$all
||mlbhat.top^$all
||mlbhats.sale^$all
||mlbjersey.store^$all
||mlbjerseys.online^$all
||mlbjerseysale.shop^$all
||mlbjerseyshop.net^$all
||mlbprobraves.store^$all
||mlbprojersey.com^$all
||mlbraves.store^$all
||monitormalls.com^$all
||nba75.store^$all
||nba75jerseys.store^$all
||nbaallstarfan.store^$all
||nbafanjerseys.com^$all
||nbafansjersey.com^$all
||nbajerseycheap.com^$all
||nbajerseys.top^$all
||nboutletphilippines.com^$all
||ncaaalabama.store^$all
||ncaaarizona.store^$all
||ncaaauburntigers.store^$all
||ncaabasketball.store^$all
||ncaabaylor.store^$all
||ncaabaylorbears.store^$all
||ncaabears.store^$all
||ncaabluedevils.store^$all
||ncaabruins.store^$all
||ncaabuckeyes.store^$all
||ncaaclemsontigers.store^$all
||ncaacollege.store^$all
||ncaacollegejersey.store^$all
||ncaacougars.store^$all
||ncaacrimsontide.store^$all
||ncaadiablesbleus.store^$all
||ncaaducks.store^$all
||ncaaduke.store^$all
||ncaadukebluedevils.store^$all
||ncaafanshop.com^$all
||ncaafightingirish.store^$all
||ncaafightingtigers.store^$all
||ncaafootballjersey.store^$all
||ncaageorgia.store^$all
||ncaageorgiabulldogs.store^$all
||ncaahoustoncougars.store^$all
||ncaahurricanes.store^$all
||ncaaillinois.store^$all
||ncaaiowa.store^$all
||ncaajayhawks.store^$all
||ncaajersey.com^$all
||ncaajersey.pro^$all
||ncaajersey.sale^$all
||ncaajerseycollege.store^$all
||ncaajerseyfan.store^$all
||ncaajerseypro.store^$all
||ncaajerseys.store^$all
||ncaajerseysstore.com^$all
||ncaakentuckywildcats.store^$all
||ncaalonghorns.store^$all
||ncaalsu.store^$all
||ncaamiami.store^$all
||ncaamiamihurricanes.store^$all
||ncaamichigan.store^$all
||ncaamichiganwolverines.store^$all
||ncaanorthcarolina.store^$all
||ncaanotredame.store^$all
||ncaaoklahoma.store^$all
||ncaaolemiss.store^$all
||ncaaoregon.store^$all
||ncaaoregonducks.store^$all
||ncaarazorbacks.store^$all
||ncaashopjerseys.com^$all
||ncaasooners.store^$all
||ncaatarheels.store^$all
||ncaatennessee.store^$all
||ncaauclabruins.store^$all
||ncaauk.store^$all
||ncaavols.store^$all
||ncaawildcats.store^$all
||ncaawolverines.store^$all
||ncaaworldseries.store^$all
||ncaazags.store^$all
||nebraskacollege.store^$all
||nebraskacornhuskers.store^$all
||newyorksport.store^$all
||nfl49ers.store^$all
||nflbengals.store^$all
||nflbroncos.store^$all
||nflcancercatch.store^$all
||nflcardinals.store^$all
||nflchargers.store^$all
||nflchiefs.store^$all
||nflcrucialcatch.sale^$all
||nflcrucialcatch.store^$all
||nflcrucialcatch.top^$all
||nflcrucialcatchshop.com^$all
||nfldraft.shop^$all
||nfldrafthat.store^$all
||nfldraftshop.com^$all
||nfleagles.store^$all
||nflgamejersey.store^$all
||nflgamelimited.store^$all
||nflhelmet.store^$all
||nfljersey.fans^$all
||nfljersey.pro^$all
||nfljerseysale.shop^$all
||nflnikeshoes.com^$all
||nflnikeshoes.store^$all
||nflpackers.store^$all
||nflsaleshop.com^$all
||nflsalutetoservice.com^$all
||nflsalutetoservice.store^$all
||nflservice.store^$all
||nflshoe.store^$all
||nflshoes.pro^$all
||nflshoes.shop^$all
||nflshoes.store^$all
||nflshoesale.store^$all
||nflshopfan.com^$all
||nflsocks.com^$all
||nflstaple.store^$all
||nflstapleshop.top^$all
||nflstorefan.com^$all
||nflsts.com^$all
||nflstsjersey.com^$all
||nflstsjersey.store^$all
||nfltitans.store^$all
||nflzoompegasus.store^$all
||nhlallstar.pro^$all
||nhlauthenticpro.store^$all
||nhlfan.store^$all
||nhlfanjersey.store^$all
||nhlfansjersey.store^$all
||nhlfansjerseys.store^$all
||nhlfightscancer.store^$all
||nhlhockey.store^$all
||nhlhockeyjersey.store^$all
||nhljersey.sale^$all
||nhljersey.site^$all
||nhljersey.store^$all
||nhljersey.top^$all
||nhljerseyfan.store^$all
||nhljerseypro.store^$all
||nhljerseys.sale^$all
||nhljerseysale.shop^$all
||nhljerseysfan.store^$all
||nhljerseyshop.store^$all
||nhljerseyssale.store^$all
||nhlprojerseys.store^$all
||nhlsalejersey.store^$all
||nhlshopfan.com^$all
||nhlshopjersey.com^$all
||nhlstadiumseries.store^$all
||nhlwinterclassicjersey.store^$all
||nike--usa.com^$all
||nike-clearancestore.com^$all
||nikeairjordan.store^$all
||nikeairshoes.store^$all
||nikeshoesale.store^$all
||nikesneaker.store^$all
||ninewestpolska.com^$all
||ninewestusasale.com^$all
||nobull-brasil.com^$all
||northcarolinacollege.store^$all
||northcarolinashop.net^$all
||northcarolinatarheels.shop^$all
||northcarolinatarheels.store^$all
||northfaceoutletstoreus.com^$all
||notredamecollege.store^$all
||notredamefightingirish.store^$all
||off-whitecanada.com^$all
||off-whitecolombia.com^$all
||off-whitedanmark.com^$all
||off-whitedeutschland.com^$all
||off-whitegreece.com^$all
||off-whitehungary.com^$all
||off-whiteindonesia.com^$all
||off-whitemalaysia.com^$all
||off-whitemexico.com^$all
||off-whitenetherlands.com^$all
||off-whiteromania.com^$all
||off-whiteschweiz.com^$all
||off-whitesuomi.com^$all
||off-whitesverige.com^$all
||off-whiteturkey.com^$all
||ohiostatebuckeyes.online^$all
||ohiostatebuckeyes.store^$all
||ohiostatecollege.store^$all
||oklahomacollege.store^$all
||oklahomasooners.store^$all
||olemisscollege.store^$all
||olemissrebels.shop^$all
||olemissrebels.store^$all
||onlinejewelshopline.com^$all
||onlinejewelshoplus.com^$all
||onlinestoresshops.com^$all
||onlinevipshplus.com^$all
||oofos-ireland.com^$all
||oofosnorgeoutlet.com^$all
||oofosoutletcanada.com^$all
||oofosoutletmalaysia.com^$all
||oofosoutletonline.com^$all
||oofosshoeaustralia.com^$all
||oofosskorsveriges.com^$all
||operationmalls.com^$all
||oregoncollege.store^$all
||oregonducks.shop^$all
||oregonducks.store^$all
||osucowboys.shop^$all
||outletargentinacolumbia.com^$all
||outletchilecolumbia.com^$all
||outletgoodshopline.com^$all
||outletjewelshoplzza.com^$all
||outletjewelsvip.com^$all
||outletmerrellargentina.com^$all
||outletuksorel.com^$all
||outletvipshoplus.com^$all
||outletvipshopy.com^$all
||panelmalls.com^$all
||partnershipmalls.com^$all
||paulsmitfactoryus.net^$all
||pennstatecollege.store^$all
||pennstatenittanylions.store^$all
||philadelphiaeagles.store^$all
||piercemalls.com^$all
||pittpanthers.shop^$all
||pittsburghsteelersshop.com^$all
||planmalls.com^$all
||proficientmalls.com^$all
||psychobunnycolombia.com^$all
||puma-greece.com^$all
||puma-norge.co.no^$all
||puma-uy.com^$all
||pumachileoutlet.com^$all
||pumacostarica.net^$all
||pumaecuador.net^$all
||pumairelandsale.com^$all
||pumaoutletonlineportugal.com^$all
||pumaturkish.com^$all
||pumauruguay.com^$all
||pumoutletusa.com^$all
||pumsaleusa.com^$all
||pumusoutlet.com^$all
||purdueboilermakers.store^$all
||purduecollege.store^$all
||quicksilveruae.com^$all
||quiksilver-australia.com^$all
||quiksilver-canada.com^$all
||quiksilver-malaysia.com^$all
||quiksilver-philippines.com^$all
||quiksilver-southafrica.com^$all
||quiksilverfactoryoutlet.com^$all
||quiksilverindonesia.com^$all
||quiksilveroutletusa.com^$all
||quiksilveruksale.com^$all
||rebecamalls.com^$all
||reclassicsg.org^$all
||redwingbootsoutlets.com^$all
||reebok-chile.com^$all
||reebok-romania.com^$all
||reebokblackfridayoffers.com^$all
||reebokfactoryoutlet.com^$all
||riekeroutletca.com^$all
||riekershoessaleuk.com^$all
||rolltide.shop^$all
||romaniakanken.com^$all
||rothyusonline.shop^$all
||roxclothingusa.com^$all
||rritemalls.com^$all
||sacfjallravensoldes.com^$all
||saleushoka.com^$all
||salewaoutletschile.com^$all
||salomon--portugal.com^$all
||salomon-nederland.com^$all
||salomon-nederlands.com^$all
||salomon-norge.co.no^$all
||salomon-outletsturkiye.com^$all
||salomon-portugal.com^$all
||salomonaphilippines.com^$all
||salomonashoesnz.com^$all
||salomonbootsbrisbane.com^$all
||salomonbootsoutletusa.com^$all
||salomonespanas.com^$all
||salomonfactoryoutletmadrid.com^$all
||salomonmalaysiawebsite.com^$all
||salomonoutletgreece.com^$all
||salomonoutletnl.com^$all
||salomonoutletsfactory.com^$all
||salomonoutletstoresusa.com^$all
||salomonshoesoutletusa.com^$all
||salomonxapro3d.com^$all
||samsonclearanus.com^$all
||samsondiscountus.com^$all
||sandalitevaofferta.com^$all
||sanfrancisco49ers.store^$all
||sanuksingapore.com^$all
||sapatilhasallstarbaratas.com^$all
||sapatosclarkportugal.com^$all
||saucony-australia.com^$all
||sauconyfactoryoutletsuk.com^$all
||sauconyfactoryoutletuk.com^$all
||sauconyjazzturkey.com^$all
||sauconyoutletaustralia.com^$all
||sauconyoutletuk.com^$all
||seattlekraken.sale^$all
||sebagoshoesdubai.com^$all
||shoesnike.store^$all
||shopmksus.com^$all
||shopsmithsus.com^$all
||silentmalls.com^$all
||skecheausale.com^$all
||skecheclearanceus.com^$all
||skechers-israel.com^$all
||skechers-tenisice.com^$all
||skechersarchfitromania.com^$all
||skechersfactorysoutlet.com^$all
||skechersoutletpraha.cz^$all
||skecherstrainers-uk.com^$all
||skecherusaclearan.com^$all
||skecheukclearan.com^$all
||skecheusoutlet.com^$all
||slovenskokanken.com^$all
||sneakersnike.store^$all
||sorelfactoryoutlet.com^$all
||southcarolinacollege.store^$all
||southcarolinagamecocks.store^$all
||spartanscollege.shop^$all
||sperroutletusa.com^$all
||sperryfactoryoutlet.com^$all
||sperryonlinesatis.com^$all
||spinmalls.com^$all
||sportgear.store^$all
||spraygoutletus.com^$all
||spraygroclearanusa.com^$all
||spraygrousoutlet.com^$all
||stanfordcardinal.store^$all
||stanfordcollege.store^$all
||storeskechesale.com^$all
||suicokeshoessale.com^$all
||suicokeuk.com^$all
||superbowllvi.shop^$all
||superbowllvi.store^$all
||superbowlstore.com^$all
||swarovskichile.com^$all
||swarovskidubai.com^$all
||swarovskifactoryoutlet.com^$all
||swarovskioutletuk.com^$all
||swarovskiphilippines.com^$all
||swarovskisaleoutlet.com^$all
||tamarisfactoryoutlet.com^$all
||tamarisgreece.com^$all
||tamarisgreecer.com^$all
||tarheelscollege.store^$all
||tbeautybeauty.com^$all
||tcucollege.store^$all
||tcuhornedfrogs.store^$all
||tenisveja-portugal.com^$all
||tennesseecollege.store^$all
||tennesseevolunteers.store^$all
||teva-nederlands.com^$all
||tevacolombia.com^$all
||tevafactoryoutletuk.com^$all
||tevagreece.com^$all
||tevaromaniasandale.com^$all
||tevaturkey.com^$all
||texasamaggies.store^$all
||texasamcollege.store^$all
||texascollege.store^$all
||texaslonghorns.online^$all
||texaslonghorns.store^$all
||texastechcollege.store^$all
||texastechredraiders.store^$all
||thegirlfriendcollectiveaustralia.com^$all
||thegirlfriendcollectivenederland.com^$all
||thegirlfriendcollectiveuk.com^$all
||thorogoodfactoryoutlets.com^$all
||tiendacolumbiachile.com^$all
||tiendaunderarmourmexico.com^$all
||tocontrolbeauty.com^$all
||tombrady.store^$all
||tombradyshop.pro^$all
||tombradystore.com^$all
||tommyhilfigerperth.com^$all
||tomssingaporesale.com^$all
||tumibeststores.com^$all
||tumicheapuk.com^$all
||tumioutletclearan.com^$all
||tumusaoutlet.com^$all
||ua-australia.com^$all
||ua-canada.com^$all
||ua-chile.com^$all
||ua-greece.com^$all
||ukclarkcheap.com^$all
||ukclarkoutlets.com^$all
||ukcollege.store^$all
||ukkarenmillencheap.com^$all
||uklacostsale.com^$all
||ukskechecheap.com^$all
||uncbasketball.store^$all
||uncjersey.shop^$all
||uncjersey.store^$all
||unctarheels.shop^$all
||unctarheels.store^$all
||underarmour-costerica.com^$all
||underarmour-israel.com^$all
||underarmour-italia.com^$all
||underarmour-nl.com^$all
||underarmour-nz.com^$all
||underarmour-saudiarabia.com^$all
||underarmourhungary.com^$all
||underarmourosterreich.com^$all
||underarmouroutlet-usa.com^$all
||underarmouroutletromania.com^$all
||underarmourromania-ro.com^$all
||underarmourshortsuk.com^$all
||undergroundmalls.com^$all
||underrmourireland.com^$all
||usccollege.store^$all
||uscolumbsportswear.com^$all
||usctrojans.online^$all
||uspumsale.com^$all
||utahcollege.store^$all
||utahutes.shop^$all
||utahutes.store^$all
||veja-froutlet.com^$all
||vejafactoryoutletusa.com^$all
||vejajapanstore.com^$all
||vejaoslo.com^$all
||vejaosterreich.com^$all
||vejaromaniaoutlet.com^$all
||vejasale-ireland.com^$all
||vejasneakers-schweiz.com^$all
||vejatenisice-hr.com^$all
||vibramfive-fingers.cz^$all
||vibramsk.com^$all
||vionicshoes-southafrica.com^$all
||vionicshoessingapore.com^$all
||vionicshoesuksale.com^$all
||vipgiftshopline.com^$all
||vipgiftshoppy.com^$all
||vipgoodshoppy.com^$all
||vippgiftsonline.com^$all
||virginiatechcollege.store^$all
||virginiatechhokies.store^$all
||vlone-uk.com^$all
||wakeforestcollege.store^$all
||wakeforestdemondeacons.store^$all
||warriorsjersey.store^$all
||washingtoncollege.store^$all
||washingtonhuskies.store^$all
||wellness-gym.sk^$all
||westvirginiacollege.store^$all
||westvirginiamountaineers.store^$all
||wolverineaustralias.com^$all
||xn--conversemaazalar-shc44a.com^$all
||xn--hotiayakkab-p9a38g.com^$all
||xn--vansayakkab-9zb.com^$all
||zainofjallravenkanken.com^$all
||zalesglobaljewelry.com^$all
||zamberlanireland.com^$all
||zapatillasvejacl.com^$all
||zapatosaldochile.org^$all

! https://forums.malwarebytes.com/topic/293979-recent-scamware-not-recognized-by-malwarebytes/
||allreqdusa.com^$all

! NSFW: https://app.any.run/tasks/dff4525c-555a-479e-83ba-c5b2f2d11ab6
||baconaces.pro^$all
||eredhadbeen.xyz^$all
||twgfw.eredhadbeen.xyz^$all
||nugans.live^$all
||chrome.google.com/webstore/detail/cats-fanpage/nkhleengjihjncmbkldpfmoankdkhahg^$document

! NSFW: https://app.any.run/tasks/10647999-b75b-42bd-ae49-c7d596f3c797
||kdakm.eredhadbeen.xyz^$all
||qualitydating.top^$all
||a.curedating.top^$all
||curedating.top^$all
! https://virustotal.com/gui/ip-address/5.181.203.4/relations
||finestdating.top^$document
||goodating.top^$document
||datingpoint.top^$document
||cutiesdating.top^$document
||vipdatingtime.top^$document
! https://virustotal.com/gui/ip-address/195.201.253.131/relations
||sensualflirts.life^$document
||yourbestpartner.life^$document
||thebestdate.life^$document
||besttightflirts.life^$document
||timetopdatings.life^$document
||realhotmeets.life^$document
||dateflirt.life^$document
||originalspartner.life^$document
||loveclick.life^$document
||goyummdating.life^$document
||bestdatingsforyou.life^$document
||findsoulmate.life^$document
||instinctdating.life^$document
||charmingdating.life^$document
||datingarea.life^$document
||delightdatings.life^$document
||delightflirt.life^$document
||delightdating.life^$document
||bestflirtzone.life^$document
||getsexy.life^$document
||lover-finder.life^$document
||findsexy.life^$document

! (copied from DandelionSprout's list): https://github.com/DandelionSprout/adfilt/issues/748
||adidas-budapest.com^$all
||adidas-deutschland.de^$all
||adidas-egypt.com^$all
||adidas-france.fr^$all
||adidas-philippines.com^$all
||adidas-sk.sk^$all
||adidasenpanama.com^$all
||adidasfactoryshop.co.za^$all
||adidasguatemala.com^$all
||adidashonduras.com^$all
||adidasksa.com^$all
||adidasmaroc.com^$all
||adidasnicaragua.com^$all
||adidasonlineoutlet.es^$all
||adidasonlineuksale.com^$all
||adidaspakistan.com^$all
||adidasshoesgreece.com^$all
||adidasslovensko.sk^$all
||adidasuaesale.com^$all
||aerosolesportugal.com^$all
||aerosolesuk.com^$all
||alexiawrites.com^$all
||allbirditalia.it^$all
||americantouristerfactoryoutlet.com^$all
||aplshoeuk.com^$all
||aplsneakerssale.com^$all
||argentina-adidas.com^$all
||asicsayakkabitr.com^$all
||asicscipohungary.com^$all
||asicsnederland.com^$all
||asicswinkelnederland.com^$all
||billabongfactoryoutlet.ca^$all
||billabongfrance.com^$all
||billabongitalia.com^$all
||billabongpolska.com^$all
||billabongportugal.com^$all
||billabonguk.com^$all
||bogsbootsireland.com^$all
||bogschile.com^$all
||botaswolverine.com.mx^$all
||brooksshoesstore.us^$all
||bundyslovakia.com^$all
||butywolverlne.com^$all
||canada-nike.com^$all
||cariuma-france.fr^$all
||cariuma-philippines.com^$all
||cariumashoesportugal.com^$all
||cariumashoessingapore.com^$all
||chaussurenobull.com^$all
||chaussuresnobull.com^$all
||conversesingaporeoutlets.com^$all
||danskonederland.com^$all
||danskosaldi.it^$all
||demoniachaussuresparis.fr^$all
||demoniacipő.com^$all
||demoniashopberlin.de^$all
||demoniastopankysk.sk^$all
||demoniatürkiye.com^$all
||diesel-helsinki.com^$all
||docmartens-canada.com^$all
||docsmartensslovensko.sk^$all
||docsmartensthailand.com^$all
||doctormartensmadrid.com^$all
||doctormartensnederland.com^$all
||doctormartensromanla.com^$all
||drmartensosterreich.com^$all
||drmdanmark.com^$all
||ecuador-adidas.com^$all
||fitflop-australiasale.com^$all
||footjoy-portugal.com^$all
||footjoybelgie.com^$all
||footjoyfinland.com^$all
||footjoyindonesia.com^$all
||footjoypakistan.com^$all
||footjoyuae.com^$all
||gym-sharkitalia.com^$all
||gym-sharkportugal.com^$all
||gymshark-hrvatska.com^$all
||gymsharkjp.com^$all
||gymsharks-hrvatska.com^$all
||heydudeshoessaleuk.com^$all
||hhworkwearcanada.com^$all
||hoka-canada.ca^$all
||hoka-slovensko.sk^$all
||hokacaonsale.ca^$all
||hokahungarywebshop.com^$all
||hokaschuhekaufen.de^$all
||hokashoescanadasale.com^$all
||hokaskoshop.com^$all
||hrvatska-adidas.com^$all
||indonesia-adidas.com^$all
||jakkeshopdanmark.com^$all
||jakkeshopnorge.com^$all
||lojasasicslisboa.com^$all
||lojashellyhansenportugal.com^$all
||ludan102.com^$all
||lululemonbarcelona.es^$all
||martenslovensko.com^$all
||martensslovensko.sk^$all
||martensxhrvatska.com^$all
||martensywarszawa.com^$all
||martenywarszawa.com^$all
||merrell-canada-clearance.com^$all
||merrellbutysklepy.pl^$all
||merrellportugalshop.com^$all
||mizuno-italia.com^$all
||mizuno-mexico.com.mx^$all
||mizuno-peru.com^$all
||mizuno-shoesaustralia.com^$all
||mizuno-thailand.com^$all
||mizunoblackfridaysale.com^$all
||mizunodeutschland.de^$all
||mizunofootballbootsuk.com^$all
||mizunoshoescanada.ca^$all
||mizunosshoesindia.com^$all
||nb-uae.com^$all
||nbalancechile.com^$all
||nike-factoryoutletstore.com^$all
||nikefactorystoreuk.com^$all
||nobullcrossfitscarpe.com^$all
||nobullproiectcanada.com^$all
||nobullswitzeriand.com^$all
||nobulltrainerphilippines.com^$all
||nobulltrainersslngapore.com^$all
||nobullxespana.com^$all
||nobvllshoesuk.com^$all
||norge-adidas.com^$all
||northfaceindiastore.com^$all
||northfaceoutletargentina.com^$all
||northfacexhungary.com^$all
||northfacezurich.com^$all
||northfacezurlch.com^$all
||northxfaceindiastore.com^$all
||osterreich-adidas.com^$all
||peru-adidas.com^$all
||portugal-adidas.com^$all
||psychobunnypolo.com^$all
||psychobunnytshirt.com^$all
||puma-turkey.com.tr^$all
||romaniagymshark.com^$all
||salomon-retailers.com^$all
||salomonchileoutlet.com^$all
||salomondeutschlandsale.de^$all
||salomonfactoryoutletza.com^$all
||salomonshoesonline.us^$all
||salomonshop.ca^$all
||salomonskioutletshop.com^$all
||salomonspeedcrossusa.com^$all
||salomonspikecrosscanada.com^$all
||salomonxt6outletusa.com^$all
||salomonxt6sale.com^$all
||sanuk-canada.com^$all
||saucony-clearancecanada.com^$all
||saucony-portugal.org^$all
||sauconycanadaonsale.com^$all
||sauconyclearance.us^$all
||sauconyfactoryoutlet.us^$all
||sauconyirelandoutlet.com^$all
||sauconyløbesko.com^$all
||sauconymalaysiaonline.com^$all
||sauconyrunningshoes.us^$all
||sauconyshoesfactorynz.com^$all
||sauconysingaporeonline.com^$all
||sauconysneakers.us^$all
||scarpekeenitalia.com^$all
||scarpewolverine.it^$all
||shopsalomonsouthafrica.com^$all
||skechers-south-africa.co.za^$all
||skecherscanadaonline.ca^$all
||skechersoutletnz.com^$all
||sorelbootsoutlet.com^$all
||sperryonsale.com^$all
||sperryoutletfactory.com^$all
||suomi-adidas.com^$all
||tevadanmarkshop.com^$all
||tevamalaysias.com^$all
||tevamalaysiashop.com^$all
||tevanorgeshop.com^$all
||thenorthfacenzsale.com^$all
||thenorthfacexromania.com^$all
||thursdayboothungary.com^$all
||thursdayboots-ro.com^$all
||thursdaybootschweiz.com^$all
||thursdaybootsdenmark.com^$all
||thursdaybootsdeutschiand.com^$all
||thursdaybootsdeutschland.de^$all
||thursdaybootsgreek.com^$all
||thursdaybootsmalaysla.com^$all
||thursdaybootsnorway.com^$all
||thursdaybootsportugals.com^$all
||thursdaybootsrea.com^$all
||thursdaybootsturkey.com^$all
||thursdayshoesnz.com^$all
||tiendaasicsmexico.com^$all
||tiendasadidaschile.com^$all
||tiendaskecherchile.com^$all
||tiendasnorthfacemexico.com^$all
||tnfsoldes.com^$all
||uptsejacketsale.com^$all
||wolverineayakkabi.com^$all
||wolverineboty.cz^$all
||wolverinechaussure.fr^$all
||wolverinejapan.com^$all
||wolverinelaarzen.com^$all
||wolverineportugal.com^$all
||wolverineschuhe.at^$all
||wolverineschuhes.de^$all
||wolverineskonorge.com^$all
||wolverinestovler.com^$all
||wolverlnejapan.com^$all
||zapatillassalomoncolombia.com^$all
||zapatosgolffootjoy.com^$all
||zapatoswolverine.com^$all
||thenorthfacenorge.co.no^$all
||tnooutlet.com^$all
||vansnorge.co.no^$all
||hunternorge.co^$all
||hunternorge.co.no^$all
||hunternorgeno.com^$all
||hokaslippers.com^$all
||hokaskooutlet.co.no^$all
||martenssalg.com^$all
||martensnorge.co.no^$all
||hoka-sko.com^$all
||norgeskotilbud.com^$all
||hokasnorgeno.com^$all
||adidasbratislava.sk^$all
||airsuomi.com^$all
||asicswebshopshu.com^$all
||brooksrunnersireland.com^$all
||brooksrunningindia.co.in^$all
||chaussurestoms.fr^$all
||clarks-romania.com^$all
||clarksshop-hu.com^$all
||clarkswyprzedaz.com^$all
||columbiaindiasale.com^$all
||columbianzoutlet.com^$all
||crocsacheter.fr^$all
||deeruptrunner.me^$all
||desertbootshop.com^$all
||docmartensnewzealand.com^$all
||eobuvecco.sk^$all
||falconportugalshop.me^$all
||fitflopsalenederland.com^$all
||footwearnl.com^$all
||footwearsalesg.com^$all
||hunter-danmark.com^$all
||hunter-espana.com^$all
||hurricane-outlet.co^$all
||keenscarpeitalia.it^$all
||keentürkiye.com^$all
||mammutsverige.com.se^$all
||mammutuksale.com^$all
||newvanshoes.co.in^$all
||nikehrvatska-hr.com^$all
||nikeportugal.pt^$all
||north-face-indirim.com^$all
||pumarea.com.se^$all
||pumatennaritale.com^$all
||rb-greece.com^$all
||rbingreece.com^$all
||rbshopgreece.com^$all
||ropapuma.com^$all
||runninginshop.com^$all
||salomonbutikdanmark.com^$all
||salomonslovensko.sk^$all
||schweizch.com^$all
||shoesstoregreece.com^$all
||sportsonlineuk.com^$all
||sportwebaruhaz.com^$all
||tiendadiadoramexico.com^$all
||tomosterreich.com^$all
||toms-budapest.com^$all
||toms-schweiz.com^$all
||tomscipo.com^$all
||tomsdeutschland.de^$all
||tomsitalia.it^$all
||tomsosterreich.at^$all
||ukhikingshop.com^$all
||vanscipok.com^$all
||vanssnorge.com^$all
||alo-yoga-turkey.com^$all
||aloyoga-chile.com^$all
||aloyogaespana.es^$all
||aloyogairelandstore.com^$all
||aloyogaturkey.com.tr^$all
||asicsisverige.com^$all
||asolobootsireland.com^$all
||asolocolombia.com^$all
||asolodeutschland.com^$all
||asolofrance.com^$all
||asoloitaliaoutlet.com^$all
||asolonederland.com^$all
||asoloportugal.com^$all
||asoloskonorge.com^$all
||asoloskor.com^$all
||betseyjohnsonitalia.com^$all
||bootspalladiumitalia.com^$all
||botasasolomexico.com^$all
||botasasolooutlet.com^$all
||boutiquehunterfrance.com^$all
||calvinkleinchileoutlet.com^$all
||calvinkleinportugalpt.com^$all
||conversecostaricaonline.com^$all
||converseuaeonlinestore.com^$all
||gantchile.com^$all
||gantcolombia.com^$all
||gantdenmark.com^$all
||gantdeutschland.com^$all
||ganthrvatska.com^$all
||gantisrael.com^$all
||gantitalia.com^$all
||gantromania.com^$all
||gantromanias.com^$all
||gantschweiz.com^$all
||gantsrbija.com^$all
||gantturkey.com^$all
||guesskobenhavn.com^$all
||guessoutletslovensko.com^$all
||guessoutletsuomi.com^$all
||guesssuomi.net^$all
||gymsharkoutlet.com.au^$all
||hoka-malaysia.com^$all
||hoka-polska.pl^$all
||hoka-spain.es^$all
||hokabaratas.com^$all
||hokaencolombia.com^$all
||hokagermany.de^$all
||hokaitaliaoutlet.it^$all
||hokaonenorge.com^$all
||hokaonlineturkiye.com^$all
||hokaportugallojas.com^$all
||hokaromania.ro^$all
||hokashopindia.net.in^$all
||hokasingapore.com^$all
||hokasklep.com^$all
||hokastoregr.com^$all
||hunter-boots-ireland.com^$all
||hunter-canada.ca^$all
||hunter-colombia.com.co^$all
||hunter-costarica.com^$all
||hunter-cz.com^$all
||hunter-greece.gr^$all
||hunter-jp.com^$all
||hunter-osterreich.at^$all
||hunter-osterreich.com^$all
||hunter-portugal.pt^$all
||hunter-romania.ro^$all
||hunter-sk.sk^$all
||hunter-slovenija.com^$all
||hunter-southafrica.com^$all
||hunter-srbija.com^$all
||hunter.com.se^$all
||hunterargentinabotas.com^$all
||hunteraustraliaau.com^$all
||hunterbelgium.com^$all
||hunterbelgiumsale.com^$all
||hunterbootchile.com^$all
||hunterboots-israel.com^$all
||hunterboots-newzealand.com^$all
||hunterbootsaus.com^$all
||hunterbootsdubai.com^$all
||hunterbootsnewzealand.co.nz^$all
||hunterbootsslovenija.com^$all
||hunterbootssouthafrica.co.za^$all
||huntercr.com^$all
||hunterfrankfurt.com^$all
||hunterhelsinki.com^$all
||hunterhrhrvatska.com^$all
||hunterhrvatskahr.com^$all
||hunteritaliaoutlet.com^$all
||hunterjapanjp.com^$all
||hunterkalosze-pl.com^$all
||hunterlaarzennederland.com^$all
||hunterluxembourg.com^$all
||huntermalaysiamy.com^$all
||huntermexicomx.com^$all
||hunterobchod.com^$all
||hunteronlineshop.de^$all
||hunteroutlet-canada.com^$all
||hunterphilippinesstore.com^$all
||hunterpolska-pl.com^$all
||hunterportugalpt.com^$all
||hunterrainbootsaustralia.com^$all
||hunterrainbootsie.com^$all
||hunterromania.net^$all
||huntershopromania.com^$all
||huntershopschweiz.com^$all
||huntersingaporesg.com^$all
||hunterskornjislovenija.com^$all
||hunterslovenija.com^$all
||huntersoldes.com^$all
||huntersrbija.org^$all
||huntersuomifi.com^$all
||hunterturkiyesatis.com^$all
||hunteruruguay.com^$all
||hunterwellies-australia.com^$all
||hunterwellies-nz.com^$all
||hunterwelliesdublin.com^$all
||hunterwellingtonsaustralia.com^$all
||hunterwinkelnederland.com^$all
||jordan-hrvatska.com^$all
||jordan-nederland.com^$all
||jordanakcio.com^$all
||jordanalesuomi.com^$all
||jordanargentinaonline.com^$all
||jordanbelgiesale.com^$all
||jordanbelgium.com^$all
||jordanberlin.de^$all
||jordanbogota.com^$all
||jordanbutysklep.pl^$all
||jordancapetown.com^$all
||jordancena.com^$all
||jordanchileoferta.com^$all
||jordaneshop.cz^$all
||jordanfiyat.com^$all
||jordanieftini.ro^$all
||jordanindirim.com^$all
||jordanjapansale.com^$all
||jordanlisboa.com^$all
||jordanljubljana.com^$all
||jordanmalaysias.com^$all
||jordanmexicomx.com^$all
||jordanoferta.ro^$all
||jordanonlinecanada.com^$all
||jordanonlinegreece.com^$all
||jordanottawa.com^$all
||jordanoutletgreece.com^$all
||jordanoutletnz.com^$all
||jordanpatike.com^$all
||jordanph.com^$all
||jordanphilippine.com^$all
||jordanportugalpt.com^$all
||jordanpromocje.pl^$all
||jordanretroschweiz.com^$all
||jordansaldi.com^$all
||jordansaleau.com^$all
||jordansaleie.com^$all
||jordansaleireland.com^$all
||jordanschuhesale.at^$all
||jordanserbia.com^$all
||jordanshopmalaysia.com^$all
||jordanskooslo.com^$all
||jordanslovenija.co^$all
||jordansneakersau.com^$all
||jordansovensko.sk^$all
||jordansuomiale.com^$all
||jordantilbud.com^$all
||jordantilbuddanmark.com^$all
||jordanuaesale.com^$all
||jordanwinkel.com^$all
||keengermany.de^$all
||keensandalertilbud.com^$all
||keenspain.es^$all
||lojasskechersportugal.com^$all
||mizuno-germany.de^$all
||mizunoencolombia.com^$all
||mizunoteniskysk.sk^$all
||moncler-israel.com^$all
||moncler-mexico.com^$all
||monclercanada.ca^$all
||monclerchile.com^$all
||monclercolombia.com^$all
||monclergreece-outlet.com^$all
||monclermalaysia.com^$all
||moncleromania.com^$all
||moncleroutletschweizs.com^$all
||monclerphilippines.com^$all
||monclersingapore.com^$all
||monclersouthafrica.co.za^$all
||monclersouthafrica.com^$all
||nikefactoryoutletau.com^$all
||nikemaroc.com^$all
||niketurkiyeshop.com^$all
||nobull-colombia.com.co^$all
||nobull-mexico.com.mx^$all
||nobullenargentina.com^$all
||nobullespanaoutlet.com^$all
||nobullro.ro^$all
||nobullsuomiale.com^$all
||palladium-chile.com^$all
||palladium-finland.com^$all
||palladium-philippines.com^$all
||palladiumaustraliaoutlet.com^$all
||palladiumbootscolombia.com^$all
||palladiumbootsnzoutlet.com^$all
||palladiumbootsromania.com^$all
||palladiumindonesia.com^$all
||palladiumnederland.com^$all
||palladiumoutletportugal.com^$all
||palladiumschuheaustria.com^$all
||palladiumschuheoutlet.de^$all
||palladiumshoesuae.com^$all
||palladiumsingaporestore.com^$all
||palladiumskobutikk.com^$all
||palladiumskodk.com^$all
||palladiumskorsverige.com^$all
||palladiumsouthafrica.co.za^$all
||quiksilver-france.fr^$all
||quiksilver-mexico.com.mx^$all
||quiksilverale.com^$all
||quiksilverangebot.com^$all
||quiksilveraustralia.com^$all
||quiksilveraustraliasale.com^$all
||quiksilverbrasillojas.com^$all
||quiksilvercanadasale.com^$all
||quiksilverchile.com^$all
||quiksilvercolombia.com^$all
||quiksilverdanmark.com^$all
||quiksilverenargentina.com^$all
||quiksilverenchile.com^$all
||quiksilverespana.com^$all
||quiksilvergreece.com^$all
||quiksilverindia.co.in^$all
||quiksilverindirim.com^$all
||quiksilverinofferta.com^$all
||quiksilveritalia.com^$all
||quiksilverlojas.com^$all
||quiksilvermalaysia.com^$all
||quiksilvermalaysiasale.com^$all
||quiksilvernederland.com^$all
||quiksilvernewzealand.com^$all
||quiksilvernorge.com^$all
||quiksilveroutletgreece.com^$all
||quiksilveroutletphilippines.com^$all
||quiksilveroutletpolska.com^$all
||quiksilveroutletsingapore.com^$all
||quiksilverphilippines.com^$all
||quiksilverportugal.com^$all
||quiksilverpraha.cz^$all
||quiksilverromania.com^$all
||quiksilverromania.ro^$all
||quiksilversaleindia.com^$all
||quiksilversalesouthafrica.co.za^$all
||quiksilversingapore.com^$all
||quiksilversklep.com^$all
||quiksilversouthafrica.com^$all
||quiksilversuomi.com^$all
||quiksilversverige.com^$all
||quiksilvertilbud.com^$all
||quiksilvervyprodej.com^$all
||quiksilverwinkel.com^$all
||salomocolombia.com^$all
||salomon-danmark.net^$all
||salomon-pt.com^$all
||salomon-spain.es^$all
||salomonencolombia.com^$all
||salomonfrancesoldes.fr^$all
||salomonhungary.net^$all
||salomonidanmark.com^$all
||salomoportugalonline.com^$all
||salomoslovenija.com^$all
||salomoslovensko.sk^$all
||saucony-dk.com^$all
||sauconygermany.de^$all
||sauconylaufschuhe.at^$all
||sauconyspain.es^$all
||sendrabootsdeutschland.com^$all
||sendrabootsireland.com^$all
||sendrabootsitalia.com^$all
||sendrafrance.com^$all
||skecherchile.com^$all
||skechers-colombia.com.co^$all
||skechers-spain.es^$all
||skechersfactoryoutletau.com^$all
||skechersmexicotienda.com^$all
||skechersshoesnzoutlet.com^$all
||teniskyvejaobuv.sk^$all
||tiendahunterchile.com^$all
||tiendahuntermadrid.com^$all
||tiendajordanargentina.com^$all
||tiendaquiksilvercolombia.com^$all
||tiendaquiksilvermexico.com^$all
||underarmourenecuador.com^$all
||vejagermany.de^$all
||vejasneakers.se^$all
||vejasneakersmexico.com.mx^$all
||moncleritalia.com^$all
||alexandermcqueenboty.cz^$all
||alexandermcqueenskor.com.se^$all
||alexandermcqueentenisce.com^$all
||alexandermcqueentenisky.sk^$all
||alexandermcqueentenls.com^$all
||axelarigato.com.se^$all
||axelarigatoboty.cz^$all
||axelarigatokobenhavn.com^$all
||axelarigatos.com.se^$all
||axelarigatosapatilhas.com^$all
||axelarigatoshoesnz.com^$all
||axelarigatoslovakia.com^$all
||axelarigatosneakersnl.com^$all
||axelarigatozagreb.com^$all
||bootsonlineindia.com^$all
||botteshunterfrance.fr^$all
||cizmeshopromania.com^$all
||demoniasjapan.com^$all
||dieseljeancolombia.com^$all
||dieseljeanscolombia.com^$all
||drmarswebshop.com^$all
||enucuzsuperdry.com^$all
||gummistiefelhunter.de^$all
||gummistøvlerhunter.com^$all
||hokalopesko.com^$all
||hokanorgeno.com^$all
||hokaonelopesko.com^$all
||huntegummistiefeloutlet.com^$all
||huntegummistiefelsale.com^$all
||hunteranbootsindia.com^$all
||hunterbootcanada.com^$all
||hunterholinky.com^$all
||hunterirelandonline.com^$all
||hunterlaarzenbelgle.com^$all
||hunterlaarzendames.com^$all
||hunteronlinesverige.com^$all
||hunteroutletireland.com^$all
||hunterstovlersalg.com^$all
||hunterwelliesirelandsale.com^$all
||lacostemagyarorszag.com^$all
||marbotysleva.cz^$all
||martenbratislava.sk^$all
||martengreece.com^$all
||martenportugal.com^$all
||martensbotysleva.cz^$all
||martenshelsinki.net^$all
||martenshrvatska.co^$all
||mcqueen-philippines.com^$all
||mcqueenauckland.com^$all
||mcqueencolombia.com^$all
||mcqueenitalian.com^$all
||mcqueenmalaysiamy.com^$all
||mcqueensouthafrica.com^$all
||mcqueensouthafrlca.com^$all
||merrellespanatiendas.com^$all
||merrellshoeaustralia.com^$all
||merrellshoesoutletus.com^$all
||merrellwanderschuhe.de^$all
||merrelshoesnzsale.com^$all
||merrelshoesuksale.com^$all
||merrelturkiyetr.com^$all
||mizunonewzealandnz.com^$all
||mizunoshoesforsale.com^$all
||mizunoshoesingapore.com^$all
||nana-vypredaj.sk^$all
||nanasuomi.com^$all
||nanavypredaj.sk^$all
||nbpolskaonline.com^$all
||neweraindlacap.com^$all
||niketrindirim.com^$all
||salomomnorgeoutlet.com^$all
||salonomaustria.com^$all
||salonomireland.com^$all
||salonomitalia.com^$all
||salonomportugal.com^$all
||salonomslovensko.com^$all
||salononfranceonline.com^$all
||salononsverige.com^$all
||stivalihuntersaldi.com^$all
||superdryfactorysg.com^$all
||tenishokaoneone.com^$all
||tevasandalehrvatska.com^$all
||vans-finland.com^$all
||martensbratislava.sk^$all
||zapatillasmcqueen.com^$all

! https://app.any.run/tasks/8ced67f6-f4e6-4fed-b634-86fd93ac4074/
||darkinfotale.xyz^$all
||f.estivaltodayz.com^$document
||hollandcash.nl^$all
||exit.hollandcash.nl^$all
||clean-blocker.com^$all

! https://github.com/DandelionSprout/adfilt/issues/752
||omclyzyapf.com^$all
||godpvqnszo.com^$popup
||news-mapara.com^$all
||vipdatingtoday.top^$all
||mo4ckid.click^$all
||xxxnewvideos.com^$all
||iseult-aplite.xyz^$all
||img.pushflow.net/creatives/11/5645/1649754393755-push-preview-img.png^$all
||theantivirusprotection.xyz^$all
||1.news-mapara.com^$all
||battik-bowwow.xyz^$all
||2.news-mapara.com^$all
||pshsbscapr.xyz^$all
||cdn.pncloudfl.com/pn/f83/d57/83b/f83d5783b20e21e0de65e6f7f632cde8a29b9ef6.jpg^$all
||click01.pshtrkg.com^$document
||4bd71.trknovi.com^$document
||jergocast.com^$document
||news-pelivo.com^$all
||img.pushflow.net/creatives/11/5645/1649755151938-push-preview-img.png^$all

! https://app.any.run/tasks/cc3be172-9813-4637-914b-533ac2b72299
||getfreegem.com^$all
||gamingtoolz.club^$all

! from notification scams
||nahist.live^$all
||redins.live^$all
||carltus.click^$all
||www.carltus.click^$all
||renhadmasandbab.info^$document
||bestadultdatinglist-com.ru^$document
||findflirtpartner6.euroshoptrendingclub.ru^$document
||h.curedating.top^$all
||martoysure.live^$all
||goodgollygold.com^$document

! https://virustotal.com/gui/domain/beastws.com
! (my analysis) https://app.any.run/tasks/dc144216-7c8d-4a2b-963e-24b507124e81
||beastws.com^$all

! https://github.com/no-cmyk/Search-Engine-Spam-Blocklist/issues/8
! TODO: verify these entries, hopefully there aren't any more https://github.com/hagezi/dns-blocklists/issues/987
!#if false
||adajobs.de^$document
||appart-vermietung.de^$document
||baderus.de^$document
||bermudez-portfolio.de^$document
||carpenteriekluc.it^$document
||charlotte-wilking.de^$document
||conradlentz.de^$document
||corexonline.de^$document
||dierhagen-ostsee.de^$document
||digitalplm.de^$document
||e-dos.pl^$document
||eltruciolo.it^$document
||essen-inline-skating.de^$document
||forstbetrieb-reichel.de^$document
||fotogruppe-iserlohn.de^$document
||fw-muensing.de^$document
||honighelmut.de^$document
||hostingnetwork24.de^$document
||hunsruecker-damwild.de^$document
||hypnose-kunz.de^$document
||ilcolibri.it^$document
||lhm-as.de^$document
||lotuslebanon.com^$document
||mainradweg-service.de^$document
||massaggisensitive.it^$document
||misericordiapompei.it^$document
||molinariprotection.it^$document
||new-work-in-mv.de^$document
||nick-duschek.de^$document
||officinavettoriale.it^$document
||schnelltests-ludwigsburg.de^$document
||snehpandya.me^$document
||spiritoemateria.it^$document
||stahl-rohr-moebel.de^$document
||tipps-staedtereisen.de^$document
!#endif
! https://app.any.run/tasks/e90c2a06-036f-4fff-a36f-dffd0d4048ab
||doxspb.adajobs.de^$all
||giftaward.life^$all

! https://github.com/badmojr/1Hosts/issues/1098
||elon23.page.link^$all

! https://github.com/AdguardTeam/AdguardFilters/issues/142492 --> https://github.com/uBlockOrigin/uAssets/commit/fca5436e3e823d73541721867f42dd0712da54a0
||apkmirror.co^$all
||webogram.org^$all
||webogram.ru^$all
||xn--80affa3aj0al.xn--80asehdb^$all
||telegr.am/user_mgt/login$all
||tgram.ru^$all
||telegramm.site^$all
||web-telegram.net^$all
! other domains not in the uBo commit
||atm-receipts.neocities.org^$document
||apkmirror.net^$document
||github.me^$document
||yandec.ru^$document
||yandex.co^$document

! a test system
||paleks.live^$all
||kempus.click^$all
||www.kempus.click^$all
||webpick-cdn.s3.amazonaws.com/2%20-%20pending%20massage.jpeg$all

! https://app.any.run/tasks/3f79c271-f68d-48a8-af16-efd001ce7be3
||mwgtf.hintonjour.com^$all
||oqnvm.top^$all
||edkiu.top^$all
||mvv5i.top^$all
||e8tov.top^$all
||rvueo.top^$all
||up9rt.top^$all
||rx93u.top^$all
||usfo6.top^$all
||bdlj8.top^$all
||bqcqw.top^$all

! https://github.com/AdguardTeam/AdguardFilters/issues/143281
||understatedworking.com^$all
||jatostepa.com^$all

! https://forums.malwarebytes.com/topic/295377-false-mcaffee-warning/ (account required)
||powerpcsupport.com^$document

! https://github.com/hagezi/dns-blocklists/issues/598
||t-post.com^$all

! https://github.com/hagezi/dns-blocklists/issues/597
||stallioncredit.com^$all

! https://github.com/hagezi/dns-blocklists/issues/596
||www.68437w.top^$all

! https://github.com/hagezi/dns-blocklists/issues/595
||goldtimeinvest.com^$all

! https://github.com/hagezi/dns-blocklists/issues/594
||nirvezal.com^$all

! https://virustotal.com/gui/url/413da77a326371e24a4c334e749a54928b43ee6bcd27165167940456b9c14f52/community
||eg-ame.com^$all

! https://github.com/AdguardTeam/AdguardFilters/issues/144514
||attractbonus.life^$all
||best-prize.life^$all
||bestbigbonus.life^$all
||bonusgift.life^$all
||bonusreward.life^$all
||bonusscore.life^$all
||gainquick.life^$all
||giftjackpot.life^$all
||greatbonushere.life^$all
||greatprizes.life^$all
||jackpotscore.life^$all
||jackpotwinning.life^$all
||keep-rewards.life^$all
||keepbonus.life^$all
||keepreward.life^$all
||mygreatprize.life^$all
||prizeaward.life^$all
||prizefast.life^$all
||prizegain.life^$all
||prizehere.life^$all
||prizerush.life^$all
||prizesenses.life^$all
||prizesure.life^$all
||realgift.life^$all
||rewardgains.life^$all
||scorereward.life^$all
||simpleprize.life^$all
||simplewin.life^$all
||taketheprizes.life^$all
||topbonusgain.life^$all
||win-bonus.life^$all
||win-prize-now.life^$all
||win-prize.life^$all
||win-touch.life^$all
||winbigdrip.life^$all
||wincorporate.life^$all
||winearth.life^$all
||winexpert.life^$all
||wingiftnow.life^$all
||winmore.life^$all
||winprizehere.life^$all
||winpulse.life^$all
||winregistry.life^$all
||winsimply.life^$all
||wintarget.life^$all
||185.155.184.98^$document

! https://github.com/uBlockOrigin/uAssets/issues/17075
! my analysis: https://app.any.run/tasks/ed301c03-1105-47e5-88d1-66fded6a0a9b
||myspecialdates.com^$document

! https://www.reddit.com/r/uBlockOrigin/comments/11s92xa/badware_risks_page_request_malware/
||s3.amazonaws.com/extpro/speed4.html$all
||chrome.google.com/webstore/detail/speed-dial/pbclkopbecbmkiijepgjoodiidfkbchn/$document
||www.addonsearch.net^$document

! https://app.any.run/tasks/794fc4f3-e0da-49b0-b29b-304514a8bd2d
||70k-free-robux-generator-no-human-verification.statuspage.io^$all
||bettertool.xyz^$all

! elon musk crypto scam on hacked YouTube channels
! https://app.any.run/tasks/2963db56-bd87-4b82-8b24-97e6e68aef66/
||x2-promo.net^$all
! https://tria.ge/230318-twrw1ach63/behavioral1
||teslasend.io^$all

! https://forums.malwarebytes.com/topic/296022-comment-spam-from-my-site/ (account required)
! (my analysis) NSFW https://app.any.run/tasks/cd2d1278-ad10-4c38-8f49-fa34fa675820
||f.vipcooldating.top^$all
||vipcooldating.top^$all
||i.vipcooldating.top^$all

! https://github.com/durablenapkin/scamblocklist/issues/10
||adzfree-watch.net^$document

! https://github.com/AdguardTeam/AdguardFilters/commit/57f39538070d7d5e6379da4e58bd02defffa7481
||ikouthaupi.com^$all
||instreamersdian.com^$all

! https://app.any.run/tasks/31119ba0-9bf8-42e2-8e77-eec9045be865
||applover.net^$all

! https://app.any.run/tasks/89a5c643-ba0f-4bb6-b953-ef08ee0213ef
||youtubgenerator.w3spaces.com^$all

! https://app.any.run/tasks/482b8fa1-0f24-461a-a4f5-a6996c46ccdc/
||rewards24.onlinewebshop.net^$all
||locked3.com^$document
||cdn.locked3.com^$document

! https://github.com/durablenapkin/scamblocklist/issues/15
||thuthuatxiaomi.com^$document
||petsimulator.live^$document
||rewardsgiantca.com^$document
||earnpets.com^$document

! https://0xacab.org/my-privacy-dns/matrix/-/issues/90853
! (my analysis) https://app.any.run/tasks/029760ea-9972-4c3a-8a7e-cca3d7777c0f
||emeraldtrking.com^$all

! https://0xacab.org/my-privacy-dns/matrix/-/issues/90813
! (my analysis) https://app.any.run/tasks/0992866b-9af2-41ba-9b91-8fe5a2917908
||bbxxvwb.tk^$all

! https://github.com/StevenBlack/hosts/issues/2271
||transive.top^$document
||warehousesale.shop^$document

! https://app.any.run/tasks/3137c861-185d-4037-84e9-65cc0adeba15
||econsultingcoem.com^$all
||bgqcb.econsultingcoem.com^$all
! https://app.any.run/tasks/7626fdcc-20f1-4471-a011-23108f113eca
! https://app.any.run/tasks/4bc28a83-6a39-430a-a74b-246b30ab4ae4
.xyz/1Sm/9.html?*&campaign_id=$document
! https://virustotal.com/gui/ip-address/157.230.4.182/relations
||157.230.4.182^$document

! https://github.com/durablenapkin/scamblocklist/issues/18
||q3i5q2r6.stackpathcdn.com^$all

! https://github.com/uBlockOrigin/uAssets/pull/17530
||rblx.land^$all

! https://forums.malwarebytes.com/topic/296891-malwarebytes-fake-website-scam-website/#comment-1563262 (account required)
||webstore.getsecuredsetup.com^$document
||www.webstore.getsecuredsetup.com^$document

! https://github.com/uBlockOrigin/uAssets/issues/17602
||allprizesforme.com^$all

! https://www.reddit.com/r/uBlockOrigin/comments/12r255v/gamingnewsanalystcom_badware/
! https://github.com/uBlockOrigin/uAssets/pull/17655
||gamingnewsanalyst.com^$all
||gamingdebates.com^$all

! https://www.reddit.com/r/uBlockOrigin/comments/12q5o60/repost_fake_dating_site_badware/
||flirt4free.com^$document
||entrance.flirt4free.com^$popup

! https://www.reddit.com/r/uBlockOrigin/comments/12pues7/fake_123movies_site_leading_to_redirect/
||123moviesgo.ga^$all

! https://0xacab.org/my-privacy-dns/matrix/-/issues/121793
||cjtrade4.xyz^$all
.xyz/gift_iphone_X/?$document

! https://0xacab.org/my-privacy-dns/matrix/-/issues/121792
||rplnd60.com^$all
||news-pewuce.com^$all
||djpjwf.com^$all
! from notifications
||totalprotection-2023.store^$all
||closingday2.xyz^$all
||s.viifogyp.com^$all
||viifogyp.com^$document

! https://0xacab.org/my-privacy-dns/matrix/-/issues/121816
||tradersuper4.xyz^$all

! nitro scam 
||tronite.xyz^$all
||locked4.com^$document
||www.locked4.com^$document

! https://www.reddit.com/r/uBlockOrigin/comments/12wqrv5/steamunlockednet_badware/ <-- have not verified sites to be malware! These are just domains ads in my analysis
! https://app.any.run/tasks/9ed7df61-f0a9-49cc-91bc-a3fcc2c59ae1/
||antivirusgaming.com^$all
||aluationiamcur.com^$all
||xrlbq.aluationiamcur.com^$all
||awesome-blocker.com^$document

! https://app.any.run/tasks/c9657f58-f49e-4e9e-80bf-9704f0eaa32a (NSFW)
||gbcok.aluationiamcur.com^$all
||www6.renhadmasandbab.info^$popup
||mobilesecuremail.com^$document

! https://github.com/durablenapkin/scamblocklist/issues/38
||miningpror.top^$all
||paypartc.top^$all
||bitcllpay.top^$all
||tdsintegrations11.online^$all
||crypto030.online^$all

! NSFW: https://app.any.run/tasks/a1a425ca-7b5d-4774-95bf-c11f8f25685a
||webpick-cdn.s3.us-west-2.amazonaws.com/getlaid.jpeg^$all
||uuksehinkitwkuo.com^$all
||wzzzs.uuksehinkitwkuo.com^$all

! https://app.any.run/tasks/d576fecb-3250-4a18-82de-eba82ac7ba6d
||click2code.xyz^$all

! https://github.com/durablenapkin/scamblocklist/issues/40
||dischargebackhanded.com^$document
||zech-company.com^$document
||govmedcareers.com^$document
||talentmaster.bio^$document
||radiatorcrate.com^$document
||theniemannbest.com^$document
||jellyfishstat.live^$document

! https://github.com/durablenapkin/scamblocklist/issues/42
||intgblockchain.online^$document

! https://github.com/uBlockOrigin/uAssets/issues/17947
||pccdirect.site^$all

! youtube typosquatt I found
||you8tube.com^$all
||getluckyprize2023.com^$all
/17138/iphone14.html?$document
! https://app.any.run/tasks/494077d1-478b-47e0-871c-b22788a455b6
||pingleflavor.xyz^$all
||funprizeali.site^$all

! other notification spam
||losbestbsdating2023.com^$document
||datenow.losbestbsdating2023.com^$all

! discord nitro scam 
||techsoftglobals.com^$all

! https://github.com/durablenapkin/scamblocklist/issues/43
||555sq.com.cn^$document
||prorify.de^$document
||milgenial.uy^$document
||swuso.com^$document
||cebubestbuy.com^$document
||buyyeezy2023.com^$document
||casavec.com^$document
||kingcampoutdoors.co.jp^$document
||imlb2c.com^$document
||wareeb.pk^$document
||loepwatch.com^$document
||fiewatch.com^$document
||felara.com.do^$document
||posehee.com^$document
||beautyt.shop^$document
||lomoor.com^$document
||morlyes.com^$document
||ajcenteruss.com^$document
||bitiiy.com^$document
||storagestory.com^$document
||ihuers.com^$document
||bloomessentialsbrand.com^$document
||quitasueno.com^$document
||lifestyletrading.co.za^$document
||yyderfreap.shop^$document
||audiosg.com.sg^$document
||fujibikes.com^$document
||walmartchina.top^$document
||geldencosmeticos.com^$document
||sellfox.com^$document
||parklaneupholstemk.com^$document
||iteeus.com^$document
||monark-store.com^$document
||shapeden.com^$document
||andamente.pt^$document
||staging.zendrop.com^$document
||courier-tracking.com^$document
||yofi-yofi.com^$document
||stellara.de^$document
||innomediacreate.com^$document
||sehaleservices.com^$document
||magnite.shop^$document
||decompraschile.com^$document
||salimusic.com^$document
||open-cbd.de^$document
||onrunningshop.com^$document
||bygigi.mx^$document
||vkeys.online^$document
||teevpower.com^$document
||caraci.it^$document
||easyshopper.org^$document
||oncloudrun.shop^$document
||shopperexpress.shop^$document
||aoocib.com^$document
||7s4c.top^$document
||chandeco.com^$document
||networksfishing.com^$document
||millabay.com^$document
||mila-vica.de^$document
||ballsbags.com^$document
||vinisay.com^$document
||tinkleo.com^$document
||draxu.com^$document
||headsets4business.co.uk^$document
||kielorelief.io^$document
||olaoffer.shop^$document
||nosdaarte.com^$document
||pairmate.se^$document
||babybeddingdesign.com^$document
||coco-vip-shop.com^$document
||xunlei.it^$document
||botsuanah.com^$document
||lojaacasa.com.br^$document
||dashracegear.net^$document
||youthfy.shop^$document
||smartokids.com^$document
||pipopi.com^$document
||k-tozluxury.shop^$document
||zuozuoshoe.shop^$document
||vip-yuki-shop.com^$document
||c-tozluxury.shop^$document
||lasercutjewelry.net^$document
||sleepyfull.com^$document
||expofstore.com^$document
||watchmark.shop^$document
||carsaratek.com^$document
||xajzfwgs.com^$document
||uange.shop^$document
||imagemotorcycles.co.nz^$document
||twinsbio.com^$document
||snapchaty.com^$document
||tomfordgo.com^$document
||worthas.shop^$document
||microgull.com^$document

! https://github.com/hagezi/dns-blocklists/issues/1025
||msmcompare.com^$all

! https://github.com/durablenapkin/scamblocklist/issues/45
||teslatucker.com^$all

! https://www.reddit.com/r/uBlockOrigin/comments/13e53jy/badware_movie_sites/
! https://github.com/uBlockOrigin/uAssets/issues/18333
||filmshngjbzix.blogspot.com^$all
||mopiez.com^$all
! NSFW: https://tria.ge/230511-1g9xlada3x/behavioral1
||lynku.mingotime.com^$document
||secret-list.yasdoodl.com^$all
||smcdsecure.com^$all

! https://github.com/durablenapkin/scamblocklist/issues/46
||muskbtc.io^$all

! https://github.com/hagezi/dns-blocklists/issues/1053
||i-grade.online^$all

! https://github.com/durablenapkin/scamblocklist/issues/49
||successglossary.com^$all
||mybestautologin567.com^$all
||microngroup.pro^$all

! https://github.com/durablenapkin/scamblocklist/issues/50
||abncbp.com^$all

! spam
||hotgirlsj8k8.com^$document
||locasualx.com^$document
||web.locasualx.com^$document
||datingcentral.top^$all
||i.datingcentral.top^$all

! https://0xacab.org/my-privacy-dns/matrix/-/issues/418503
||0a317d9d6b.79c4215c89.com^$document

! https://tria.ge/230520-nthbwseg41/behavioral1
||ugpe.krokwbok.pl^$all
||37.1.213.100^$document
||tabloidquantitycosts.com^$all
||newsfrcity.azurewebsites.net^$all

! account required: https://forums.malwarebytes.com/topic/298281-genshin-impact-scam-websites-to-avoid/
! my analysis: https://tria.ge/230524-wfaznadg93/behavioral1
||hoylab.firebaseapp.com^$all
||cloudfront.net/public/dynamo/lockerClick.php?offer=*offer_position$document
||visitor-country.info^$document
||weletmim.com/click?pid=*&offer_id=*&$document
||go.letmimy.com^$all

! https://github.com/hagezi/dns-blocklists/issues/1075
||factorysale2023.com^$document
||onlinestores.factorysale2023.com^$all
||si.factorysale2023.com^$all
||augusthenri.be^$document

! https://github.com/durablenapkin/scamblocklist/issues/54
||haceroberomaste.com^$all
||nze0xw.haceroberomaste.com^$all

! https://github.com/hagezi/dns-blocklists/issues/1079
! my analysis: https://app.any.run/tasks/4d88f2f5-5446-4980-8bc9-15e520e96651
! my analysis: https://app.any.run/tasks/060171c5-6a0f-41db-ba01-27bd8c61e326
||onlyfanstake.pro^$all
||filedenzu.com^$all

! https://tria.ge/230524-m6b5zacg3y/behavioral2
||85.192.63.194^$all

! https://github.com/hagezi/dns-blocklists/issues/1089
||elonmix.org^$all
||musklink.org^$all
||muskbot.io^$all

! https://github.com/badmojr/1Hosts/issues/1429
||thelabourforce.com^$document
||v5o.disktopic.com^$document

! https://www.reddit.com/r/uBlockOrigin/comments/13ub824/trojan_scam_ads_to_block/
! my analysis: https://app.any.run/tasks/e3720726-f650-434c-b34c-68ce718977ff
||goo.googoodee.com^$all
||vipsupport.festivalmarqueecompany.cyou^$all
||festivalmarqueecompany.cyou^$document

! https://app.any.run/tasks/ed28f343-c1f8-48c2-acea-3088eae6fc0b
||gz1nzy3x-d147-v9.saithinaya.best^$all

! https://app.any.run/tasks/c66b7f3b-9400-4cdf-8a94-0c834c13cb3c
||a6j355tu-d148-v9.wrathgrove.best^$all

! nsfw: https://app.any.run/tasks/4fd09c13-0e01-4f6a-9d0b-627e24d86293
||yaglkpxae-d148-api-v1.silverscar.shop^$all

! https://app.any.run/tasks/f1c3cc87-16d7-4c79-9b10-7163b398c2f9/
||fbhack.blaow.pro^$all

! https://app.any.run/tasks/484b97da-3dff-466a-99c7-c1a7fe4ac385
||fbshredder.com^$document
||softwaredlfast.top^$all
||softwarebaze.top^$document
||rapidfilesbase.top^$document
! https://tria.ge/230530-3b6zvscd5x/behavioral1
||fastfilesdls.top^$document

! https://app.any.run/tasks/e9aa7e83-283f-4ef3-bb6f-cd98d7df2e1e
||hypercracker.com^$all

! https://github.com/hagezi/dns-blocklists/issues/1098
||jakedstake.com^$all
||improtants.space^$all

! https://0xacab.org/my-privacy-dns/matrix/-/issues/551938
! my analysis: https://tria.ge/230531-2tegwsbh3v/behavioral1
||azmovies.io^$all
||pdtrax.g2afse.com^$document
||tr.trackingit.site^$all
||trackingit.site^$document

! https://github.com/uBlockOrigin/uAssets/issues/18366
! my analysis: https://app.any.run/tasks/cf36d3ac-bedd-4cb9-bc9f-ac389b769d20
||globaladblocker.info^$all
! my analysis: https://app.any.run/tasks/7696196c-7c36-4dcc-aace-cb09f14b6685
||ourcommonwords.com^$all
||supapush.net^$document

! https://github.com/uBlockOrigin/uAssets/issues/18375
! nsfw: https://app.any.run/tasks/e3da5e5e-8b6d-4a7f-8165-6439ff68d940
||www.fulltimesecurityguard.com^$all
||fulltimesecurityguard.com^$document
||tepirg.xyz^$all

! https://github.com/uBlockOrigin/uAssets/issues/18380
||lgpc.bestextensionegde.com^$all
||bestextensionegde.com^
! nsfw: https://app.any.run/tasks/49927d07-3f8e-4115-a6e3-476e6aec62c0
||onevenadvnow.com^$all
||nodritsissub.com^$all

! https://github.com/uBlockOrigin/uAssets/pull/18388
||roundyearfun.org^$document
||anyplacehere.me^$document
||funaroundy.click^$document

! https://0xacab.org/my-privacy-dns/matrix/-/issues/594269
! my analysis: https://tria.ge/230604-x8gtcadd85/behavioral1
||darkskin.world^$all

! https://tria.ge/230605-nfg4zagb63/behavioral2
||errors.pro^$document
||donwloadkeepet.buzz^$all
||stucktimeoutvexed.com^$document
||sembilme.com^$all

! https://forums.malwarebytes.com/topic/298628-specific-adwarephishing-attack-whats-the-source/
||axufcs.space^$document

! https://github.com/hagezi/dns-blocklists/issues/718
||leverage-btc.com^$all

! https://www.malwarebytes.com/blog/threat-intelligence/2023/06/thousands-of-malicious-google-cloud-run-instances-deployed-to-scam-facebook-users
||trendingentertainers.com^$all
||trendingfilmreviews.com^$all
||trendingshowbiz.com^$all
||trendingtvshows.com^$all
||usunveiled.net^$all
||viralcelebrityzone.com^$all
||viralfamezone.com^$all
||virallaughtrack.com^$all
||viralstargossip.com^$all
||viralfunnylaugh.com^$all

! https://www.youtube.com/watch?v=3Vy2l1kv7Cc
||sirisangabofoundation.org^$document

! https://github.com/DandelionSprout/adfilt/discussions/779#discussioncomment-6141190
||SEXUS.ML^$all
||c.dateperfectly.top^$all
||dateperfectly.top^$all

! https://github.com/uBlockOrigin/uAssets/issues/18452
||geminifond.com^$all

! https://virustotal.com/gui/url/7df0f1873fb746b2eb98a9fc8245000222a31db82506d9988adc83f145c80b3a
! my analysis: https://app.any.run/tasks/eb63e697-9df1-425a-814d-5e23858c146f
||gvcyk.mobiledir.us^$all
||umbrellacorporation.id^$all
||push-gabjbib-9138.boustahe.com^$all
||memesfunny.org^$document
||dudialgator.com^$all
||coustaushaw.com^$all

! https://dnstwist.it/ for slack.com
! https://app.any.run/tasks/14cafa37-652e-47dc-b08f-39843f7ef022
||slackk.com^$all
||galotop1.com^$document

! https://github.com/uBlockOrigin/uAssets/issues/18527
||together.com^$document
||maturedating.com^$document

! https://github.com/uBlockOrigin/uAssets/issues/18537
! https://tria.ge/230617-ar39pahb3w/behavioral2
||whaujimisurvey.top^$all
||eehuzaih.com^$document
! https://tria.ge/230617-ar39pahb3w/behavioral3
||toodownload.com^$document
||subscribe-notifications.com^$document
||user0.subscribe-notifications.com^$document
||user1.subscribe-notifications.com^$document

! clicked on an ad: https://tria.ge/230617-m6144abb3z/behavioral2
||yourstented.azurewebsites.net^$all

! https://github.com/hagezi/dns-blocklists/issues/1193
||coinaps.com^$all

! https://www.bleepingcomputer.com/forums/t/786537/mcafee-popup/
||www.mistiotia.com^$document

! https://virustotal.com/gui/url/73d9ff9f34da3e716e5b549746d789655bb42bfaadbdeaf13d70cae63768f8cb/community
! my analysis: https://app.any.run/tasks/f5abc08a-802f-4560-9ae2-ee107fee1a2b
||winkcap.net^$all

! https://tria.ge/230624-phdd8scc7t/behavioral1
||discordnitro.live^$all
||www.discordnitro.live^$all
||rapidownload.online^$all
||qoaaa.com^$document
||d.rapidownload.online^$all

! https://tria.ge/230624-pw6ypsbc94/behavioral1
||freevbucks2022.online^$all
||letmimy.com^$document

! https://tria.ge/230624-p3xcvabd24/behavioral2
! https://www.hybrid-analysis.com/sample/9cdcea08ed2d28f0618a032fdcac2a0f070020035d54d0e63ae3b90ba9a8cfa3
||ufile.io/p4nduixt^$all
! unrelated malware ads on the download link
! https://app.any.run/tasks/426cbd81-f441-436c-b227-15224316ce4b
||ereallywasnoth.com^$all
||czpcc.nereherewetem.info^$all
! https://tria.ge/230624-pzryysbc98/behavioral1
||free.premiumworldapp.com^$document
||chromnius.com^$document
||www.chromnius.com^$document

! https://github.com/DandelionSprout/adfilt/discussions/779#discussioncomment-6298369
||anglebank.space^$all
! https://tria.ge/230701-q2qdksgh48/behavioral1
||crummygoddess.com^$all

! https://github.com/uBlockOrigin/uAssets/pull/18736
||funtwitter.games^$all
||twitter-circle.com^$all

! https://github.com/uBlockOrigin/uAssets/issues/18664
||family-simulators.io^$all
||familyfornicate.com^$all

! https://github.com/blocklistproject/Lists/issues/1015
||bigosext9s.com^$document

! musk-themed crypto scam
||muskday.org^$all

! popups
||xmegaxvideox.com^$all
||neeglashsurvey.top^$all

! https://github.com/MetaMask/eth-phishing-detect/pull/12959
||l0ktf.com^$document
||babydegods.com^$document

! https://github.com/hagezi/dns-blocklists/issues/1244
||soaplooparrowstereo.click^$document

! https://github.com/MetaMask/eth-phishing-detect/pull/12960
||apecoin.group^$document
||app.uniswap.cam^$document
||bbhjb.com^$document
||blur-nft.xyz^$document
||bridge-claim.xyz^$document
||claim-booster.xyz^$document
||claim-pepe-airdrop.xyz^$document
||claimairdrop.online^$document
||crypto-claims.io^$document
||dev851.d3710yoqrad6y3.amplifyapp.com^$document
||email-metamask.com^$document
||enter-uniswap.net^$document
||get-uniswap.org^$document
||join-whatisthissorcery.com^$document
||lensprotocols-claim.com^$document
||live-update-security.com^$document
||loyaldrops.life^$document
||metamaskdrop.fun^$document
||metamasks.best^$document
||newsletter-metamask.com^$document
||nft-free.store^$document
||notify-metamask.com^$document
||psydex.gl^$document
||register-ether.com^$document
||whitelist-ether.site^$document

! https://github.com/MetaMask/eth-phishing-detect/pull/12983
||rabbit.claims^$document

! https://github.com/hagezi/dns-blocklists/issues/1255
||beze.co^$document
||laro.co^$document
||haso.co^$document
||fessy.co^$document
||zatte.co^$document
||lanno.co^$document
||detty.co^$document
||durro.co^$document

! https://tria.ge/230708-zw13kaab69/behavioral2
||rightsapphiresand.info^$all
||aonforhaving.info^$all
||download7locked.com^$all
||install-check.com^$all
||zz6av.top^$all
||ptrmx.top^$all
||p5s12.top^$all
||pnw9r.top^$all
! stuff from a VM
||kn3vp.top^$all
||eyq2w.top^$all
||edsn6.top^$all
||c8pjg.top^$all
||kwptr.top^$all
||ese04.top^$all
||uldmakefeagre.com^$all
||ourmarketingefi.info^$all
||goph.club^$all
||ebutiseemedlikea.com.ua^$all
||alargeredrubygsw.info^$all
! https://app.any.run/tasks/561c592f-07c8-4954-95c7-1201da83e2f5
||dacins.xyz^$all

! https://github.com/hagezi/dns-blocklists/issues/1266
||zat.io^$all

! https://github.com/durablenapkin/scamblocklist/issues/57
||navi0.com^$document
||navi1.com^$document
||navi2.com^$document
||navi3.com^$document
||navi4.com^$document
||navi5.com^$document
||navi6.com^$document
||navi7.com^$document
||navi8.com^$document
||navi9.com^$document
||navi10.com^$document
||navi11.com^$document
||navi12.com^$document
||navi13.com^$document
||navi14.com^$document
||navi15.com^$document
||navi16.com^$document
||navi17.com^$document
||navi18.com^$document
||navi19.com^$document
||navi20.com^$document
||navi21.com^$document
||navi22.com^$document
||navi23.com^$document
||navi24.com^$document
||navi25.com^$document
||navi26.com^$document
||navi27.com^$document
||navi28.com^$document
||navi29.com^$document
||navi30.com^$document
||navi31.com^$document
||navi32.com^$document
||navi33.com^$document
||navi34.com^$document
||navi35.com^$document
||navi36.com^$document
||navi37.com^$document
||navi38.com^$document
||navi39.com^$document
||navi40.com^$document
||navi41.com^$document
||navi42.com^$document
||navi43.com^$document
||navi44.com^$document
||navi45.com^$document
||navi46.com^$document
||navi47.com^$document
||navi48.com^$document
||navi49.com^$document
||navi50.com^$document
||navi51.com^$document
||navi52.com^$document
||navi53.com^$document
||navi54.com^$document
||navi55.com^$document
||navi56.com^$document
||navi57.com^$document
||navi58.com^$document
||navi59.com^$document
||navi60.com^$document
||navi61.com^$document
||navi62.com^$document
||navi63.com^$document
||navi64.com^$document
||navi65.com^$document
||navi66.com^$document
||navi67.com^$document
||navi68.com^$document
||navi69.com^$document
||navi70.com^$document
||navi71.com^$document
||navi72.com^$document
||navi73.com^$document
||navi74.com^$document
||navi75.com^$document
||navi76.com^$document
||navi77.com^$document
||navi78.com^$document
||navi79.com^$document
||navi80.com^$document
||navi81.com^$document
||navi82.com^$document
||navi83.com^$document
||navi84.com^$document
||navi85.com^$document
||navi86.com^$document
||navi87.com^$document
||navi88.com^$document
||navi89.com^$document
||navi90.com^$document
||navi91.com^$document
||navi92.com^$document
||navi93.com^$document
||navi94.com^$document
||navi95.com^$document
||navi96.com^$document
||navi97.com^$document
||navi98.com^$document
||navi99.com^$document
||navi100.com^$document
||faze0.com^$document
||faze1.com^$document
||faze2.com^$document
||faze3.com^$document
||faze4.com^$document
||faze5.com^$document
||faze6.com^$document
||faze7.com^$document
||faze8.com^$document
||faze9.com^$document
||faze10.com^$document
||faze11.com^$document
||faze12.com^$document
||faze13.com^$document
||faze14.com^$document
||faze15.com^$document
||faze16.com^$document
||faze17.com^$document
||faze18.com^$document
||faze19.com^$document
||faze20.com^$document
||faze21.com^$document
||faze22.com^$document
||faze23.com^$document
||faze24.com^$document
||faze25.com^$document
||faze26.com^$document
||faze27.com^$document
||faze28.com^$document
||faze29.com^$document
||faze30.com^$document
||faze31.com^$document
||faze32.com^$document
||faze33.com^$document
||faze34.com^$document
||faze35.com^$document
||faze36.com^$document
||faze37.com^$document
||faze38.com^$document
||faze39.com^$document
||faze40.com^$document
||faze41.com^$document
||faze42.com^$document
||faze43.com^$document
||faze44.com^$document
||faze45.com^$document
||faze46.com^$document
||faze47.com^$document
||faze48.com^$document
||faze49.com^$document
||faze50.com^$document
||faze51.com^$document
||faze52.com^$document
||faze53.com^$document
||faze54.com^$document
||faze55.com^$document
||faze56.com^$document
||faze57.com^$document
||faze58.com^$document
||faze59.com^$document
||faze60.com^$document
||faze61.com^$document
||faze62.com^$document
||faze63.com^$document
||faze64.com^$document
||faze65.com^$document
||faze66.com^$document
||faze67.com^$document
||faze68.com^$document
||faze69.com^$document
||faze70.com^$document
||faze71.com^$document
||faze72.com^$document
||faze73.com^$document
||faze74.com^$document
||faze75.com^$document
||faze76.com^$document
||faze77.com^$document
||faze78.com^$document
||faze79.com^$document
||faze80.com^$document
||faze81.com^$document
||faze82.com^$document
||faze83.com^$document
||faze84.com^$document
||faze85.com^$document
||faze86.com^$document
||faze87.com^$document
||faze88.com^$document
||faze89.com^$document
||faze90.com^$document
||faze91.com^$document
||faze92.com^$document
||faze93.com^$document
||faze94.com^$document
||faze95.com^$document
||faze96.com^$document
||faze97.com^$document
||faze98.com^$document
||faze99.com^$document
||faze100.com^$document
||navi0.ru^$document
||navi1.ru^$document
||navi2.ru^$document
||navi3.ru^$document
||navi4.ru^$document
||navi5.ru^$document
||navi6.ru^$document
||navi7.ru^$document
||navi8.ru^$document
||navi9.ru^$document
||navi10.ru^$document
||navi11.ru^$document
||navi12.ru^$document
||navi13.ru^$document
||navi14.ru^$document
||navi15.ru^$document
||navi16.ru^$document
||navi17.ru^$document
||navi18.ru^$document
||navi19.ru^$document
||navi20.ru^$document
||navi21.ru^$document
||navi22.ru^$document
||navi23.ru^$document
||navi24.ru^$document
||navi25.ru^$document
||navi26.ru^$document
||navi27.ru^$document
||navi28.ru^$document
||navi29.ru^$document
||navi30.ru^$document
||navi31.ru^$document
||navi32.ru^$document
||navi33.ru^$document
||navi34.ru^$document
||navi35.ru^$document
||navi36.ru^$document
||navi37.ru^$document
||navi38.ru^$document
||navi39.ru^$document
||navi40.ru^$document
||navi41.ru^$document
||navi42.ru^$document
||navi43.ru^$document
||navi44.ru^$document
||navi45.ru^$document
||navi46.ru^$document
||navi47.ru^$document
||navi48.ru^$document
||navi49.ru^$document
||navi50.ru^$document
||navi51.ru^$document
||navi52.ru^$document
||navi53.ru^$document
||navi54.ru^$document
||navi55.ru^$document
||navi56.ru^$document
||navi57.ru^$document
||navi58.ru^$document
||navi59.ru^$document
||navi60.ru^$document
||navi61.ru^$document
||navi62.ru^$document
||navi63.ru^$document
||navi64.ru^$document
||navi65.ru^$document
||navi66.ru^$document
||navi67.ru^$document
||navi68.ru^$document
||navi69.ru^$document
||navi70.ru^$document
||navi71.ru^$document
||navi72.ru^$document
||navi73.ru^$document
||navi74.ru^$document
||navi75.ru^$document
||navi76.ru^$document
||navi77.ru^$document
||navi78.ru^$document
||navi79.ru^$document
||navi80.ru^$document
||navi81.ru^$document
||navi82.ru^$document
||navi83.ru^$document
||navi84.ru^$document
||navi85.ru^$document
||navi86.ru^$document
||navi87.ru^$document
||navi88.ru^$document
||navi89.ru^$document
||navi90.ru^$document
||navi91.ru^$document
||navi92.ru^$document
||navi93.ru^$document
||navi94.ru^$document
||navi95.ru^$document
||navi96.ru^$document
||navi97.ru^$document
||navi98.ru^$document
||navi99.ru^$document
||navi100.ru^$document
||nip0.com^$document
||nip1.com^$document
||nip2.com^$document
||nip3.com^$document
||nip4.com^$document
||nip5.com^$document
||nip6.com^$document
||nip7.com^$document
||nip8.com^$document
||nip9.com^$document
||nip10.com^$document
||nip11.com^$document
||nip12.com^$document
||nip13.com^$document
||nip14.com^$document
||nip15.com^$document
||nip16.com^$document
||nip17.com^$document
||nip18.com^$document
||nip19.com^$document
||nip20.com^$document
||nip21.com^$document
||nip22.com^$document
||nip23.com^$document
||nip24.com^$document
||nip25.com^$document
||nip26.com^$document
||nip27.com^$document
||nip28.com^$document
||nip29.com^$document
||nip30.com^$document
||nip31.com^$document
||nip32.com^$document
||nip33.com^$document
||nip34.com^$document
||nip35.com^$document
||nip36.com^$document
||nip37.com^$document
||nip38.com^$document
||nip39.com^$document
||nip40.com^$document
||nip41.com^$document
||nip42.com^$document
||nip43.com^$document
||nip44.com^$document
||nip45.com^$document
||nip46.com^$document
||nip47.com^$document
||nip48.com^$document
||nip49.com^$document
||nip50.com^$document
||nip51.com^$document
||nip52.com^$document
||nip53.com^$document
||nip54.com^$document
||nip55.com^$document
||nip56.com^$document
||nip57.com^$document
||nip58.com^$document
||nip59.com^$document
||nip60.com^$document
||nip61.com^$document
||nip62.com^$document
||nip63.com^$document
||nip64.com^$document
||nip65.com^$document
||nip66.com^$document
||nip67.com^$document
||nip68.com^$document
||nip69.com^$document
||nip70.com^$document
||nip71.com^$document
||nip72.com^$document
||nip73.com^$document
||nip74.com^$document
||nip75.com^$document
||nip76.com^$document
||nip77.com^$document
||nip78.com^$document
||nip79.com^$document
||nip80.com^$document
||nip81.com^$document
||nip82.com^$document
||nip83.com^$document
||nip84.com^$document
||nip85.com^$document
||nip86.com^$document
||nip87.com^$document
||nip88.com^$document
||nip89.com^$document
||nip90.com^$document
||nip91.com^$document
||nip92.com^$document
||nip93.com^$document
||nip94.com^$document
||nip95.com^$document
||nip96.com^$document
||nip97.com^$document
||nip98.com^$document
||nip99.com^$document
||nip100.com^$document

! https://github.com/hagezi/dns-blocklists/issues/1310
||bcb.game^$all

! scam? notification spam & weird pharmaceutical ads
||us-trendingtoday.com^$document,popup

! https://tria.ge/230718-vydmtscf83/behavioral1
||truebuyerreview.com^$all
||areyourealhuman.com^$all
||cdn.areyourealhuman.com^$all

! not my analysis: https://app.any.run/tasks/5bc3d455-486d-4d74-9cae-557eeaf69f27/
! my analysis: https://app.any.run/tasks/fc24d271-a114-4c43-b99b-8bf8e9f6c704
||eu.gtrxlnd7.com^$all
||gtrxlnd7.com^$document

! https://github.com/durablenapkin/scamblocklist/issues/58
! https://github.com/hagezi/dns-blocklists/issues/1330
||hotdebrid.com^$document
||debridlink.com^$document
||maxdebrid.com^$document
! https://github.com/hagezi/dns-blocklists/issues/409
||anydebrid.com^$document

! https://tria.ge/230720-3qya9sbh2t/behavioral2
||performintenselydevelopedinfo-product.info^$all

! https://tria.ge/230721-yjxzpsgg84/behavioral1
||qk0im.top^$all

! https://github.com/durablenapkin/scamblocklist/issues/59
! https://github.com/hagezi/dns-blocklists/issues/1335
||primeleech.com^$all
||www.primeleech.com^$all

! https://app.any.run/tasks/cc0dd977-97e3-4b4a-833b-dfc4d5f0be55/
||ak.deephicy.net^$popup
||qr-captcha.com^$document
||haffnetworkmm.com^$document
||cdn4.haffnetworkmm.com^$document
||im2easy.site^$document
||downlon.com^$document

! https://tria.ge/230724-z8hfzsha64/behavioral1
||zubajuroo.com^$all
||singlewomenmeet.com^$document
||only2date.online^$document
||amnotification.com^$all

! https://0xacab.org/my-privacy-dns/matrix/-/issues/646177
||desbiens123.net^$all
||sex-dating.qbig.site^$all
! https://0xacab.org/my-privacy-dns/matrix/-/issues/646175
||anesthesia2000.com^$all

! https://0xacab.org/my-privacy-dns/matrix/-/issues/646174
||balladoron.life^$all
||avprotect.store^$all
||www.pioxe.live^$all
||pioxe.live^$all

! https://0xacab.org/my-privacy-dns/matrix/-/issues/646168
||86ff56b6d5.com^$all
||030e9b0efb.47aead8f05.com^$all
||47aead8f05.com^$3p
||systemoon.co.in^$all
||moontrck.xyz^$all

! https://0xacab.org/my-privacy-dns/matrix/-/issues/644873
||donemileliondol.info^$all

! https://0xacab.org/my-privacy-dns/matrix/-/issues/644871
||inarilyhukel.info^$all

! https://forums.malwarebytes.com/topic/300664-malwarebytes-premium-subscription-fails-to-detect-infection/
||prizehub.top^$all

! https://0xacab.org/my-privacy-dns/matrix/-/issues/646602
||antiques-spb.ru^$all

! https://tria.ge/230729-a8fjysba31/behavioral1
||vcyx4.top^$all
||hfe0t.top^$all
||ambrs.online^$document
||www.ambrs.online^$document

! infected system
||dojtxl6jydd7s.cloudfront.net/*/*/indexp.html$document
||jokekroako.com^$all
||gokend.xyz^$all
||push-ebfhafd-7996.boustahe.com^$document

! https://0xacab.org/my-privacy-dns/matrix/-/issues/646845
||pacosystem.es^$all

! https://0xacab.org/my-privacy-dns/matrix/-/issues/646600
||74les.ru^$all

! https://0xacab.org/my-privacy-dns/matrix/-/issues/646179
||zaffirosas.it^$all

! https://0xacab.org/my-privacy-dns/matrix/-/issues/646173
||alimentasegovia.es^$all

! https://github.com/durablenapkin/scamblocklist/issues/60
||upstrick.com^$all

! fake robux generator
||waratlas.org^$all
||cpabuild.com^$all
! https://tria.ge/230731-x1nlxsae69/behavioral2
||94.142.138.131^$all

! https://0xacab.org/my-privacy-dns/matrix/-/issues/647492
||krasnaya-talka-sanatoriy-gelendzhik.ru^$all
||p9a3g5g2.stackpathcdn.com^$all

! https://tria.ge/230731-w9769aad25/behavioral2
||fixextremelyoriginalinfo-product.info^$all
||dfxtg.top^$all
||d7s62.top^$all
||dlvur.top^$all
||dcnhx.top^$all
||ops7s.top^$all
! https://tria.ge/230731-w9769aad25/behavioral1
||downloadelz.website^$all
||downloadelz.buzz^$all
! https://tria.ge/230731-3n8n8abh28/behavioral2
||downloadfilekee.lol^$all

! anonfiles ads
||browser-app.co^$popup
||golend.xyz^$all

! https://0xacab.org/my-privacy-dns/matrix/-/issues/647478
||seduction-simple.fr^$all

! https://0xacab.org/my-privacy-dns/matrix/-/issues/649522
! https://tria.ge/230802-vtcjzaga38/behavioral1
||farmrrlendsee.ru^$all
||mokha.top^$all
||voecf.top^$all
||a7afn.top^$all
||zn4hk.top^$all
||t0hgf.top^$all
||kuq2s.top^$all
||o8he3.top^$all

! https://0xacab.org/my-privacy-dns/matrix/-/issues/649521
! https://tria.ge/230802-v5brtahd4w/behavioral1
||expressionsvegetales.fr^$all
||kfl86.top^$all
||aroyf.top^$all
||aord3.top^$all

! https://www.bleepingcomputer.com/news/security/fake-flipperzero-sites-promise-free-devices-after-completing-offer/
||flipperzero.at^$all
||trkrspace.com^$all

! anonfiles ads
||kncecafvdeuk.info^$all
||karbe.live^$all
||downloadpeso.space^$all
||rewovucikaf.shop^$document
||outhjkm.ezasutuduwife.online^$document
||wtfgep.xyz^$document

! https://forums.malwarebytes.com/topic/300873-i-keep-getting-pop-ups-from-eudmailcom/
||eudmail.com^$all

! crypto scams
||musk-x.org^$all
||give2x.net^$all
! https://tria.ge/230804-15hs1sfh6t/behavioral1
||2xtesla.net^$all

! https://0xacab.org/my-privacy-dns/matrix/-/issues/649649
! https://tria.ge/230805-rb1bjaee3x/behavioral1
||master2gppp-assas.fr^$all
||12f01e3591.com^$all
||1472f9a583.12f01e3591.com^$all
||thewinjackpot.life^$all
||us.secureonlineinternet.com^$all
||secureonlineinternet.com^$all

! https://0xacab.org/my-privacy-dns/matrix/-/issues/649556
! https://tria.ge/230805-rk4qbadb96/behavioral1
||gavihuginn.best^$all
||dtc5a.top^$all
||8a4uj.top^$all
||lytf0.top^$all
||w2kp0.top^$all
||7xxqg.top^$all
||e7vld.top^$all
||82vor.top^$all
||j42za.top^$all
||w3cxi.top^$all
||imgot.info^$all

! https://0xacab.org/my-privacy-dns/matrix/-/issues/649306
! https://tria.ge/230805-s3g5psdd99/behavioral1
||eternitonline.it^$all

! https://github.com/uBlockOrigin/uAssets/issues/19271
! https://tria.ge/230805-1pnz4agc7w/behavioral1
||wbilvnmool.com^$popup
||metriumoldeb.com^$all
||www.metriumoldeb.com^$all
||hyjecr.metriumoldeb.com^$all
||fjvv2i.metriumoldeb.com^$all
||581358.metriumoldeb.com^$all
||theod-omq.com^$document
||goatmod.xyz^$all
||mkhvuv.metriumoldeb.com^$all
! https://tria.ge/231022-p48ghaab87/behavioral1
||qyt8pi.metriumoldeb.com^$all
||vjr2ws.metriumoldeb.com^$all
||propolixte.com^$all
||quinc-rdk.com^$document
||burbolore.xyz^$all
/nlp/index.php?clickid=*&t1=*&t2=*&t3=*&t4=*&t5=propolixte,propolixte.com,propolis&url_bnm_redirect=$all
/click.php?lp=data_upd&site_id=1293|$document
$all,domain=goatmod.xyz|metriumoldeb.com
||12ezo5v60.com^$document
||2ntrfi.metriumoldeb.com^$all

! https://0xacab.org/my-privacy-dns/matrix/-/issues/649771
! https://tria.ge/230806-v2fatsbc57/behavioral1
||sex-girls.khayyamfestival.com^$document

! https://github.com/easylist/easylist/pull/16955
! https://tria.ge/230806-xd58fsdc4t/behavioral1
||lands.ninja^$document,popup
||6.lands.ninja^$all
||19.lands.ninja^$all

! https://web.archive.org/web/20230806191228/https://spamlogger.com/t/congrats-claim-your-500-walmart-gift-card/295
! https://tria.ge/230806-xteenscb23/behavioral1
||usadailysweepswinners.com^$all

! https://github.com/durablenapkin/scamblocklist/issues/61
! https://github.com/hagezi/dns-blocklists/issues/1390
||okdebrid.com^$document
||youdebrid.com^$document

! https://github.com/uBlockOrigin/uAssets/issues/19316
! https://tria.ge/230810-zq62maag9y/behavioral1
||graduatedgroan.com^$document,popup
||oudguide.com^$all
||uidhealth.com^$all
||repairmostspeedyinfo-product.info^$all

! https://tria.ge/230810-zzlr2sah5y/behavioral1
||popgoldblocker.info^$document
||adblockology.net^$all
||download-adblock-zen.com^$document
||blockadsology.net^$document

! https://github.com/hagezi/dns-blocklists/issues/1411
||lido-pass.org^$all

! https://web.archive.org/web/20230813181452/https://www.bleepingcomputer.com/news/security/uk-gov-keeps-repeating-its-voter-registration-website-is-not-a-scam/
||householdresponses.com^$document

! https://infosec.exchange/@briankrebs/110889813735728083
||equity-invest.ch^$document
||diligere.co.uk^$document

! https://github.com/MetaMask/eth-phishing-detect/pull/13289
||optimismtokens-drop.com^$document
||optimisim.io^$document
! https://tria.ge/230815-nlmlmsad73/behavioral1
||arkhaminteiligence.com^$document

! https://github.com/MetaMask/eth-phishing-detect/pull/13300
! https://github.com/MetaMask/eth-phishing-detect/issues/13297
! https://tria.ge/230815-2pl16sdg78/behavioral1
||ceramic.gift^$all

! https://github.com/hagezi/dns-blocklists/issues/1440
! https://tria.ge/230817-nq2alaha63/behavioral1
||seasonsofficial.com^$document

! https://tria.ge/230817-127yqsdh56/behavioral1
||investmusk.org^$all

! https://github.com/uBlockOrigin/uAssets/issues/19400
! https://tria.ge/230819-nzqkfshe69/behavioral1
||adblocko-supremo.info^$document
||video-adblocker.pro^$document

! https://github.com/hagezi/dns-blocklists/issues/1452
||huuskmesser.de^$all
||huusk-original.com^$all

! https://www.malwarebytes.com/blog/threat-intelligence/2023/08/wooflocker2
||api.cloudcachestels.com^$all
||api.cloudseedzedo.com^$all
||api.imagecloudsedo.com^$all
||appcloudzedo.com^$all
||cdn.contentob.com^$all
||cdncontentstorage.com^$all
||cdnpictureasset.com^$all
||cloudcusersyn.com^$all
||cloudgertopage.com^$all
||cloudlogobox.com^$all
||csscloudstorage.com^$all
||datacloudasset.com^$all
||logosvault.com^$all
||miniassetcloud.com^$all
||furakelw.com^$all
||gopilofan.com^$all
||zemolist.com^$all
||besoliza.com^$all
||vedopixt.com^$all
||defolis.com^$all
||somawan.com^$all
||vulidoc.com^$all
||barustan.com^$all
||semilupa.com^$all
||bopiland.com^$all
||somalics.com^$all
||sebasong.com^$all
||molesanu.com^$all
||xepilondi.com^$all
||malubana.com^$all
||beeronas.com^$all
||lobosixt.com^$all
||gomoyad.com^$all

! https://github.com/hagezi/dns-blocklists/issues/1457
||cutty.app^$document

! https://github.com/hagezi/dns-blocklists/issues/1455
||wintexfashions.com^$all

! https://github.com/AdguardTeam/AdguardFilters/issues/159825
||i7kctkutdv2c.top^$all
||confirm.i7kctkutdv2c.top^$all
! https://github.com/AdguardTeam/AdguardFilters/issues/159825#issuecomment-1688865198 (credit to dandelionsprout)
://confirm.*.top^$document,popup
||topmoneysurvey.com^$all
||better-than-tinder.com^$all
||auvx0i9jzsmi.top^$all
||awarded-best-vpn.com^$all
||b4o464st12fk.top^$all
||b53guzrig84y.top^$all
||b5vrahtel7sz.top^$all
||b6xw28ref78r.top^$all
||best-finance-now.com^$all
||best-global-apps.com^$all
||best-hornygirls.com^$all
||best-official-app.com^$all
||best-smart-utility.com^$all
||big-players-club.com^$all
||big-prizes-site.com^$all
||big-winnings-spot.com^$all
||bj99j2au62mm.top^$all
||btz6uvyfth1d.top^$all
||bustygirls-online.com^$all
||by3rw1xh7j6c.top^$all
||c1r084b6amzz.top^$all
||c4avwh304gt4.top^$all
||c6q95rn6j9un.top^$all
||c8edreiad0nz.top^$all
||c9nd4gwexaqc.top^$all
||campwredir.com^$all
||cehv8gvifhdr.com^$all
||check-you-device.com^$all
||chikasinapp.com^$all
||chualtc2ooie.top^$all
||cleanpwredir.com^$all
||cq33llquanhe.top^$all
||cqm8eg25pw9a.top^$all
||crazy-win-casino.com^$all
||cute-wet-babes.com^$all
||protect-your-phone.com^$all
||cz66d6c46u7r.top^$all
||d18u76n9gm98.top^$all
||d3qav78466c8.top^$all
||d635s2tbrx2h.top^$all
||datingpwredir.com^$all
||dfalfqeqgg22.top^$all
||dfva60q60acj.top^$all
||djav8bsp6w6t.top^$all
||dojyosxipcl9.top^$all
||dqtt6bkligui.top^$all
||dreamy-flirt.com^$all
||ds7w28f1zprz.top^$all
||dseqcfjne407.top^$all
||dulxwhqlq2de.top^$all
||e0pxjz8hh09v.top^$all
||e3ddj615svxo.top^$all
||e998mnvdywj6.top^$all
||e9dzfcnhd11g.top^$all
||easy-sex-dates.com^$all
||elq4xg6r2l3w.top^$all
||erxhbjelx5wv.top^$all
||eyd4fuc314z7.top^$all
||f0h509sczmhx.top^$all
||f1y4q5hm61tv.top^$all
||f3jxoio03eoe.top^$all
||f3tc0tyv7ci6.top^$all
||f90ggj5hvn2r.top^$all
||fa82zddqmzm2.top^$all
||fast-growing-app.com^$all
||fdlqehgguzrd.top^$all
||fi1qdfk30jwj.top^$all
||findyourlovesurvey.com^$all
||fjszwbb85d5o.top^$all
||fjvlj6v0au7i.top^$all
||fn0l242jyxkc.top^$all
||fnhkkel7y3og.top^$all
||fpz5zj8fn7zv.top^$all
||free-gifts-onweb.com^$all
||freebies-take.com^$all
||fs47vp8old0i.top^$all
||your-lucky-day.com^$all
||fuynmttcsohb.top^$all
||fxu8v4c6mq80.top^$all
||g2orkb3o40am.top^$all
||g3k7k37yxjn9.top^$all
||g534zx7dcasn.top^$all
||g61daidk439w.top^$all
||g6xj5yz5wmqv.top^$all
||g88nlluqxm2m.top^$all
||g8ik1wf8hi07.top^$all
||gambpwredir.com^$all
||gbfnq4g9fhu2.top^$all
||ggs24fwvaukc.top^$all
||girls-wants-you.com^$all
||giveaway-site.com^$all
||global-app-center.com^$all
||global-casino-gaming.com^$all
||gn72tksywb76.top^$all
||grab-your-money.com^$all
||gvsi0omsal46.top^$all
||h1almpsi2013.top^$all
||h5fxr7ftv7pf.top^$all
||hadglb7m3jcd.top^$all
||hd-video-app.com^$all
||hgbus5retewp.top^$all
||high-safety-vpn.com^$all
||hnlw731jqnxp.top^$all
||horny-neighbour.com^$all
||hornygirls-onsite.com^$all
||hornygirlsinapp.com^$all
||jump-path1.com^$all
||jump-path2.com^$all
||redirect-path1.com^$all
||redirect-path2.com^$all
||your-online-casino.com^$all
||hot-girls-around.com^$all
||hot-pretty-chiks.com^$all
||hotgirls-around.com^$all
||how2-become-rich.com^$all
||hrb30t7c8e0a.top^$all
||i1q5vfi8w133.top^$all
||ia2vhygm6fhd.top^$all
||ifnerenuy32r.top^$all
||ihvnba9vmh8o.top^$all
||ii11bbtdf6x0.top^$all
||ijvicnl9bpru.top^$all
||indiastream-online.com^$all
||io49xk3p5p03.top^$all
||ioxpykszrnda.top^$all
||irke75qsfkkz.top^$all
||izk4e35wv8dk.top^$all
||j1i9weeo2iuo.top^$all
||j5kokm8bugi1.top^$all
||javo66gjugr3.top^$all
||jjsv5goj592a.top^$all
||jkphv2jsv3ae.top^$all
||jktcxsfocwm3.top^$all
||jqyaoe9exubp.top^$all
||jrl1mj4ab9fm.top^$all
||js75z0ed6w9t.top^$all
||juicy-girls-online.com^$all
||k16af481n0r5.top^$all
||k3q8yr6p2dvw.top^$all
||k3r2gowkwuec.top^$all
||k50pc890tcit.top^$all
||k7urx21wxrmc.top^$all
||k8osvhfhm1i7.top^$all
||kjkiw78ywhvd.top^$all
||kp75aqithfwt.top^$all
||kpsvaqnplbq6.top^$all
||ksr85kcp76k7.top^$all
||kv5w1ykfk7pm.top^$all
||kzo6gw8lrw5h.top^$all
||l0wtzhzx78mw.top^$all
||l3u51wrm0wkp.top^$all
||l531z4rzynwq.top^$all
||l5972t2ufg6l.top^$all
||l5ibnmd3hris.top^$all
||l6gh6kg5ykj6.top^$all
||lch05jsym6a3.top^$all
||ler2czkh3sv6.top^$all
||loadingscripts.com^$all
||love-connectors.com^$all
||love-territory.com^$all
||m5zv7tqw0zc7.top^$all
||maa4ypb079ac.top^$all
||wheel-of-luck.com^$all
||mfy486imctot.top^$all
||mighuuh535pb.top^$all
||millionaires-secret-site.com^$all
||mobile-safe-app.com^$all
||moi1qwhcp7ns.top^$all
||most-advanced-vpn.com^$all
||mt2dpmyjzblr.top^$all
||mu7cmiqx2j20.top^$all
||my-casino-now.com^$all
||myma26oprpyz.top^$all
||mzgc65xkzojz.top^$all
||na7gykiq187e.top^$all
||ndj2qgw4afca.top^$all
||nfwak0enmo0z.top^$all
||nice-babes-nearby.com^$all
||nif9frxst27s.top^$all
||nkfglk0y6r97.top^$all
||nktlucgpgr7k.top^$all
||nmfc4k7q4xd2.top^$all
||nor-pw1.com^$all
||nor-pw10.com^$all
||nor-pw11main.com^$all
||nor-pw12.com^$all
||nor-pw13.com^$all
||nor-pw14.com^$all
||nor-pw15.com^$all
||nor-pw2.com^$all
||nor-pw3main.com^$all
||nor-pw4ad.com^$all
||nor-pw5.com^$all
||nor-pw6.com^$all
||nor-pw7.com^$all
||nor-pw8.com^$all
||nor-pw9.com^$all
||nqezbpv8tzda.top^$all
||techbytemedia.com^$all
||ntkb6sddoue1.top^$all
||nul0szte3l2n.top^$all
||nvl9nerngpj1.top^$all
||nz7mhg8micbu.top^$all
||nz7tn4n5e5vi.top^$all
||o0m4rp8sjb0g.top^$all
||o0nerfcw0vsd.top^$all
||o3kjm9z8g11w.top^$all
||o3oy5wfla2ez.top^$all
||o863tmto6ocp.com^$all
||oc4sjn8ziyt3.top^$all
||official-video-app.com^$all
||oj0in172pri5.com^$all
||online-survey-service.com^$all
||only-sexy-girls.com^$all
||oob31oj5tzxz.top^$all
||oq1lbcapx74f.top^$all
||oq3vmyauvr0s.top^$all
||ovajdavqp5px.top^$all
||ozz7d9lh1n0s.top^$all
||p2p9zptnpwsq.top^$all
||p2r2usll1jrq.top^$all
||p7cd8i0oi8yw.top^$all
||pd96ptzsjeiv.top^$all
||perfectbabe4you.com^$all
||phyn4fpu3sy2.com^$all
||piit9web0uza.top^$all
||pjtilt02qs44.top^$all
||pkm3d2b07do0.top^$all
||pp0f5ahdp0ao.top^$all
||pretty-girls-nearby.com^$all
||privacy-focused-vpn.com^$all
||prize-collecting-site.com^$all
||pw-content.com^$all
||pw-download.com^$all
||pw-red-ad.com^$all
||pw-red-main.com^$all
||pw-red-test.com^$all
||pw-show-ad.com^$all
||pw-show-main.com^$all
||pw-show-test.com^$all
||pw1waj4wyf35.top^$all
||pwredir-1.com^$all
||pwredir-2.com^$all
||pwredir-3.com^$all
||pwredir-4.com^$all
||pwredir-5.com^$all
||q1icwkripe66.top^$all
||q3qez4o6axco.top^$all
||q4rz1bidmknx.top^$all
||q77r1hu4ybbm.top^$all
||qmwzaj6opdwn.top^$all
||qql0iokfr3ha.top^$all
||qr68f2t20df4.top^$all
||qvu377cbhhgu.top^$all
||qxaq9fds4onc.top^$all
||qxmlg5slb5kl.top^$all
||qxw6m8aewx0t.top^$all
||qztkmf1wdo9o.top^$all
||r3i0a261odm9.top^$all
||r7ofjdfw6jlk.top^$all
||ra35m91dc5t6.top^$all
||rbq9xbepwikk.top^$all
||rduo2c5e0wbk.top^$all
||real-hot-profiles.com^$all
||real-hotbabes.com^$all
||redir-pw1.com^$all
||redir-pw10.com^$all
||redir-pw11.com^$all
||redir-pw12.com^$all
||redir-pw13.com^$all
||redir-pw14.com^$all
||redir-pw15.com^$all
||redir-pw2.com^$all
||redir-pw3main.com^$all
||redir-pw4ad.com^$all
||redir-pw5.com^$all
||redir-pw6.com^$all
||redir-pw7.com^$all
||redir-pw8.com^$all
||redir-pw9.com^$all
||rich-people-club.com^$all
||rjlzoo56cbe3.top^$all
||rl4unur8zam4.top^$all
||rl8m72ekh2gw.top^$all
||rpl4c8gqjjvo.top^$all
||rqe3sng1a868.top^$all
||rrusb9gs6glf.top^$all
||rtf3tgamk80d.top^$all
||ruvwsy8huein.top^$all
||s2lxwwc6of80.top^$all
||s45g8tyen11f.top^$all
||s6kdj237hbeq.top^$all
||s6n946mpdglq.top^$all
||sc9fa36nemke.top^$all
||scf2wlakwrx4.top^$all
||search-top-videos.com^$all
||secret-casino-site.com^$all
||secured-browsing-app.com^$all
||secured-connect-app.com^$all
||shoppwredir.com^$all
||sid53j82a1az.top^$all
||sivt0uo3es6m.top^$all
||siwuowtsokbp.top^$all
||sk2wb60ksmby.top^$all
||smso3ojywl3d.top^$all
||som9lrmw0unu.top^$all
||stay-secured-online.com^$all
||stay-virus-free.com^$all
||strip-hotbabes.com^$all
||super-protection-app.com^$all
||sv3kausmasgz.top^$all
||sweet-alone-girls.com^$all
||t0anbvx61s12.top^$all
||t2eke74qawse.top^$all
||t35d60ot6oi7.top^$all
||tdtcrzpnp309.top^$all
||testpwredir.com^$all
||thdg8po3j9gu.top^$all
||three-hundred-bucks.com^$all
||tjpihtcs4oo4.top^$all
||tm44074rzbu9.top^$all
||tn1kzdbvbqxq.top^$all
||top-awarded-app.com^$all
||top-betting-now.com^$all
||top-cleaner-app.com^$all
||top-gambling-spot.com^$all
||top-mobile-scanner.com^$all
||top-safest-vpn.com^$all
||top-secure-app.com^$all
||top-store-app.com^$all
||top-trend-app.com^$all
||top-video-content.com^$all
||top-wealth-secrets.com^$all
||top-web-secure.com^$all
||topwebportals.com^$all
||tsl8sy9ptu2i.top^$all
||tuyzyhchca01.top^$all
||tvbj45bi37ef.top^$all
||tvcrqp3zqfkn.top^$all
||u01s8m85xab9.top^$all
||u284afs2eylf.top^$all
||u2s71o09ajg2.top^$all
||u59dbzvklesf.top^$all
||u9cd76h74g34.top^$all
||uiffp09naazq.top^$all
||um0qh3tdiosr.top^$all
||updar0twsq6q.top^$all
||ur9vc9turqw8.top^$all
||urzv6ih2xswt.top^$all
||users-choice-app.com^$all
||utipwredir.com^$all
||uvvpn5h92x2t.top^$all
||uz8avf38y2zw.top^$all
||v22nxrdx9ocd.top^$all
||v3ubcy23nuym.top^$all
||v5herke93uu7.top^$all
||v5wvs843f2pt.top^$all
||ves0kz2gk9b8.top^$all
||video-streaming-app.com^$all
||vlw86oaf5962.top^$all
||vpbxq51rppi1.top^$all
||vpeybsuirx7z.top^$all
||vpn-risk-free.com^$all
||vppwredir.com^$all
||vwpfcn5yhlsb.top^$all
||vz6miiowvo2t.top^$all
||w01cpyjvdzmt.top^$all
||w0y16anfv1jz.top^$all
||w1e39n8e20dw.top^$all
||w1r493omajx4.top^$all
||w2bij7b58m50.top^$all
||w2emkqnl3ss9.top^$all
||w6rpcnmyqcti.top^$all
||w78uqmbdgdkt.top^$all
||wbbc2emhybvk.top^$all
||web-protected-app.com^$all
||weizu3h4dvb9.top^$all
||wfkcsq63ivcm.top^$all
||win-big-here.com^$all
||winwin-raffle.com^$all
||your-finance-now.com^$all
||your-survey-services.com^$all
||185.246.188.124^$document
||185.246.188.125^$document
||194.63.140.103^$document
||194.63.143.61^$document
||194.63.143.96^$document

! https://github.com/durablenapkin/scamblocklist/issues/63
||summersale.online^$all

! https://github.com/hagezi/dns-blocklists/issues/1469
||crackedkey.org^$all

! https://github.com/hagezi/dns-blocklists/issues/1470
||mixcrack.net^$all

! https://github.com/hagezi/dns-blocklists/issues/1471
||kingsoftz.com^$all

! https://github.com/hagezi/dns-blocklists/issues/1476
||msm-coop.co.uk^$all

! https://forums.malwarebytes.com/topic/301587-adware-not-recognized-or-deleted/
||presonsinatize.com^$all

! https://tria.ge/230828-zyzbraga22/behavioral1
||push-ebfhafd-6311.boustahe.com^$all
||push-*.boustahe.com^$document
||nomadsfit.com^$all
||mackledcity.com^$all
||onebiensillc.com^$all
||wejds.co.in^$document
||1c6d7sl37a5xsd90.wejds.co.in^$all
||1c358sl37a69r073.wejds.co.in^$all
||apedodo8.fun^$document
||derytc.click^$all
/light/av/nrtn03/index.php?lpkey=$document
! https://tria.ge/230913-mb6fbsdh42/behavioral1
||65432qn1mftejdb6.wejds.co.in^$all
||0f4a1qn1m3znt18d.wejds.co.in^$all
! subdomains: https://virustotal.com/gui/domain/wejds.co.in/relations
||cc7ccqn52c82t729.wejds.co.in^$document
||0478dqncifndu16f.wejds.co.in^$document
||d1140e8j6g6e8491.wejds.co.in^$document
||ca767e8159zho44f.wejds.co.in^$document
||ba209g6a8sysc965.wejds.co.in^$document
||b5761e8ho9zuq301.wejds.co.in^$document
||dcc42duzwg617bc1.wejds.co.in^$document
||62ca0e8xsgxfy621.wejds.co.in^$document
||9c65ee8q5u3tl707.wejds.co.in^$document
||03546g63vib7s1f8.wejds.co.in^$document
||eb3fdg6qe1zx9e5d.wejds.co.in^$document
||85799g65mm7qe22f.wejds.co.in^$document
||becdbdup2a44k5b8.wejds.co.in^$document
||09e7bdud5hqj24d8.wejds.co.in^$document
||433badu9rb415cfc.wejds.co.in^$document
||9b853dugmfy6j373.wejds.co.in^$document
||517dcx91nrnbzcbc.wejds.co.in^$document
||689basl7swffye9d.wejds.co.in^$document
||663169zdum7wf642.wejds.co.in^$document
||9977b9zsc8ra63d2.wejds.co.in^$document
||33ead9zu3gx8r71f.wejds.co.in^$document
||a1d189zqdtla3965.wejds.co.in^$document
||4066f15e87vpm4d2.wejds.co.in^$document
||a7fd8j2ikhooc399.wejds.co.in^$document
||53a45j21zgxbge68.wejds.co.in^$document
||eaaf2j2fnp2ira2b.wejds.co.in^$document
||0af0cj217a9fnb0b.wejds.co.in^$document
||daa5doctlcint073.wejds.co.in^$document
||3fb3coc4kci3zf4e.wejds.co.in^$document
||d5a1foca4qn8p231.wejds.co.in^$document
||6ae094pc8pmho817.wejds.co.in^$document
||fce824pydg5e8ae5.wejds.co.in^$document
||03b5f4pnt2tdua14.wejds.co.in^$document
||f72a04pu3a3us28d.wejds.co.in^$document
||3e20f4p2tftfy00a.wejds.co.in^$document
||9eb7cwhg69rsy719.wejds.co.in^$document
||f9a9cwh374k525bf.wejds.co.in^$document
||b5eaewhuotwqn39b.wejds.co.in^$document
||5e309whbz3vvc67c.wejds.co.in^$document
||babetluo4p8w7e5.wejds.co.in^$document
||30babktqdghj2cb3.wejds.co.in^$document
||06709ktcihe1n8da.wejds.co.in^$document
||c017ekt16g6x9c93.wejds.co.in^$document
||3b2a3ktgxtla029d.wejds.co.in^$document
||0f5e3kta6a03744c.wejds.co.in^$document
||e999bfya5ft7ve4e.wejds.co.in^$document
||74b7fxrhopmb4852.wejds.co.in^$document
||45da6ibib4me2698.wejds.co.in^$document
||5956dm7uquovc6ee.wejds.co.in^$document
||772c2ibc8a1ghf87.wejds.co.in^$document
||6753fiboja8uo167.wejds.co.in^$document
||0b31f3vft15us8a7.wejds.co.in^$document
||816fe3vy9sy4k2d6.wejds.co.in^$document
||64511uooca2tlb01.wejds.co.in^$document
||fda36uoqq9la4935.wejds.co.in^$document
||63df6uoe8g5b4f8e.wejds.co.in^$document
||e995fuo8pqebzcaf.wejds.co.in^$document
||d3708uousscgmb53.wejds.co.in^$document
||c67a6fv7sqn1n05f.wejds.co.in^$document
||1ce9dfvbgfnm734d.wejds.co.in^$document
||40974fv9ra0m7caa.wejds.co.in^$document
||518b5fva1m7sl3cc.wejds.co.in^$document
||fe850fvgxj6uq8cb.wejds.co.in^$document
||71703ik1mdva837c.wejds.co.in^$document
||4583eik1mxo17240.wejds.co.in^$document
||75644ik6jxoq57f3.wejds.co.in^$document
||2b533iklp8ptl1fc.wejds.co.in^$document
||ce518rn3vntg5b06.wejds.co.in^$document
||1d8f7rna3a615187.wejds.co.in^$document
||efe2a37e837kt1cb.wejds.co.in^$document
||0b97f37dve8ike1b.wejds.co.in^$document
||12d7137ira6oc683.wejds.co.in^$document
||5f351372tojus567.wejds.co.in^$document
||f863d46myh9u34a7.wejds.co.in^$document
||66afbx9ocsysy988.wejds.co.in^$document
||e932asy1za5527af.wejds.co.in^$document
||2ad3dx9us16a74ff.wejds.co.in^$document
||ae3baejg6qn46094.wejds.co.in^$document
||8aa48sy7vlp1me37.wejds.co.in^$document
||50ceaeja1a3a394d.wejds.co.in^$document
||ae8d1c8myxrqe931.wejds.co.in^$document
||c7524tla1ghej592.wejds.co.in^$document
||9b089c88rqej619d.wejds.co.in^$document
||4f07ftlqqbzib86f.wejds.co.in^$document
||9a0d1tl4kfvuq471.wejds.co.in^$document
||c3060p2g6a58w074.wejds.co.in^$document
||d2d79p29zk2usc88.wejds.co.in^$document
||c8ddap2b7uq4p35e.wejds.co.in^$document
||2174746467vb7e0a.wejds.co.in^$document
||996bc465m16my3f9.wejds.co.in^$document
||97e2d46a1myuo949.wejds.co.in^$document
||e3cca1m4pb4ft86b.wejds.co.in^$document
||5f3f81mx9pmdva73.wejds.co.in^$document
||da6d21mej46fv638.wejds.co.in^$document
||d9b191mfta5occec.wejds.co.in^$document
||37f031mlp3zik447.wejds.co.in^$document

! https://tria.ge/230830-l7yjxseb6z/behavioral1
||push-ebfhafd-5643.boustahe.com^$all
||succyarthyry.com^$all
||foldedabstinenceconsole.com^$all
||unkinerecle.com^$all
||shwomettleye.com^$all
||unbalterce.com^$document
||gougenoticei.com^$all
||sys.donecperficiam.net^$document
||ww3.keytrack.site^$popup
||nomadsbrand.com^$all

! https://tria.ge/230831-zcwzhaad59/behavioral1
||system-notify.app^$third-party
||aroidssolutions.com^$all
||thearoids.com^$all
||paladiact.com^$all
||onebiensicenter.com^$all
||pupspu.com^
||cramlexad.com^$all
||aug3120.rednewly.com^$document
||browsekeeper.com^$document

! https://github.com/hagezi/dns-blocklists/issues/1512
||daftar-binomo.website^$document
||online-binomo.com^$document
||binomo-id.pro^$document
||binomoindonesia.com^$document
||www.binomoweb.org^$document
||www.binomo.vip^$document
||binomoweblogin.com^$document
||binomo2022.net^$document
||www.binom0-web.com^$document
||binomorupiah-id.com^$document
||binomo.broker^$document
||binomo-brokers.com^$document

! https://github.com/durablenapkin/scamblocklist/issues/64
||coinreq.com^$document

! https://tria.ge/230909-m91mqsaf82/behavioral1
||uplevelrewards.com^$document
||www.uplevelrewards.com^$document
||liveappsearch.com^$document
||www.liveappsearch.com^$document
||oasoomsa.top^$all
||wholedailyjournal.com^$all
||fubsoupt.top^$all
||adblocked-supreme.net^$document

! https://forums.malwarebytes.com/topic/302090-virus-found-malware/
||guartian.co.in^$all

! https://tria.ge/230909-tghd1scd3y/behavioral1
||5hgawd5145.monster^$all
||another-seem.monster^$document
||ptbqre.com^$all
||datinghere-top.life^$document
||h.datingcentral.top^$all
||cuddleyadmire.com^$document
||mcaverify.click^$all
||www.mcaverify.click^$all

! https://github.com/StevenBlack/hosts/issues/2436
||w61.1piecemanga.com^$document
||fbet.com^$all
||onwardrespirationcommandment.com^$all
! my analysis: https://tria.ge/230910-pysh4ahb47/behavioral1
! my analysis: https://tria.ge/230910-py86vahb49/behavioral1
||stemboastfulrattle.com^$all
||odesbest.com^$all
||loadoverlylatestinfo-program.info^$all

! https://github.com/AdguardTeam/AdguardFilters/issues/161349
! https://tria.ge/230913-mb6fbsdh42/behavioral1
/light/QfhuPJ/index.php?lpkey=$document
||rtmladweb.com^$all
||best-pc-protect.xyz^$all

! https://tria.ge/230914-mn75paeb34/behavioral1
||odessystems.com^$all
||saniceproxic.com^$all
||derryneeptedle.com^$all

! https://web.archive.org/web/20230918040019/https://www.bleepingcomputer.com/news/security/tiktok-flooded-by-elon-musk-cryptocurrency-giveaway-scams/
||bitoxies.com^$document
||moonexio.com^$document
||altgetxio.com^$document
||cratopex.com^$document

! https://tria.ge/231002-nhasnsbb63
||allsidesguide.com^$all
||realxavounow.com^$all
||sulkvulnerableexpecting.com^$all
||reenethoname.com^$all
||rhoramegarate.com^$all
||secondquaver.com^$document
||gentlynudegranny.com^$document
||ramlexdigital.com^$all

! https://github.com/hagezi/dns-blocklists/issues/1658
! my analysis: https://tria.ge/231004-p3e4kabg8t/behavioral1
||z-lib.is^$all
! https://www.reddit.com/r/zlibrary/comments/16xtm67/if_you_cannot_download_any_books_then_youre_on/
||zlib.is^$all
||zlib.to^$all
||zlibrary.to^$all
||zlibrary.is^$all
||z-lib.to^$all
||z-lib.io^$all

! https://github.com/hagezi/dns-blocklists/issues/1662
||bridgelinering.com^$document
||show.bridgelinering.com^$all
||go.bridgelinering.com^$document
||daynitroglass.com^$all

! https://tria.ge/231005-2c2abshf76/behavioral1
||2ntrfi.torixibre.com^$all
||invv7n.torixibre.com^$all
/av_sw.js?uid=*-*-*-*-*&sid=*-*-*-*-*&sd=*==$first-party,script,domain=com|top|xyz
/click.php?key=*&zone_id=$document
$popup,third-party,denyallow=trbbt.net|turbodownload.net,domain=turbobit.net
/landers/mcafee_mac_os_scanner_multilang/alert.png|$image,domain=~mcafee.com|~archive.org
||rmut-glo.brandandgift.com/t/clk?id=$popup,third-party

! https://tria.ge/231005-2pvy3sff9v/behavioral1
||keyimaginarycomprise.com^$document
||loadoriginalintenselyinfo-program.info^$all

! https://github.com/hagezi/dns-blocklists/issues/1724
||healy.world^$document
||healyworld.net^$document
||healy.shop^$document

! https://tria.ge/231021-mvvg6sff95/behavioral1
||getforupgradeandstabilizefree.click^$all
||setupnow.getforupgradeandstabilizefree.click^$all
||downloads-101.com^$document
||mafens.xyz^$all
.xyz/74Ko/7.html?cep=$document
.xyz/74Ko/files/images/action_3.gif|$image,first-party

! https://infosec.exchange/@iampytest1/111270258079028453
||metachartview.com^$all
||metatradebox.net^$all

! https://github.com/hagezi/dns-blocklists/issues/1760
||adidassuomi-fi.com^$document
||alohasfinland.com^$document
||alohas-suomi.com^$document
||alohassuomi.com^$document
||altrafi.com^$document
||altrafinland.com^$document
||altrahelsinki.com^$document
||altrasuomi.com^$document
||altrasuomifi.com^$document
||altrasuomioutlet.com^$document
||altrasuomishop.com^$document
||arcteryxfi.com^$document
||arcteryxfinland.com^$document
||arcteryxoutletsuomi.com^$document
||arcteryxsuomiale.com^$document
||asicsale.com^$document
||asicsfi.com^$document
||asics-finland.com^$document
||asicsfinlandoutlets.com^$document
||asicsfi-suomi.com^$document
||asicshelsinki.com^$document
||asicshelsinki.net^$document
||asicsoutlet-suomi.com^$document
||asicsoutletsuomi.com^$document
||asics-suomi.com^$document
||asicssuomi.com^$document
||asicssuomioutlet.com^$document
||balmain-suomi.com^$document
||balmainsuomi.com^$document
||balmainsuomishop.com^$document
||canada-gymshark.com^$document
||carhartt-suomi.com^$document
||carharttsuomi.com^$document
||caterpillarfi.com^$document
||caterpillar-finland.com^$document
||caterpillarinsuomi.com^$document
||caterpillar-suomi.com^$document
||caterpillarsuomi.com^$document
||caterpillarsuomifi.com^$document
||championhelsinki.com^$document
||champion-suomi.com^$document
||championsuomi.com^$document
||columbiakengatsuomi.com^$document
||columbia-suomi.com^$document
||columbiasuomi-fi.com^$document
||columbiasuomifi.com^$document
||columbiasuomioutlet.com^$document
||columbiasuomis.com^$document
||comfitunderwear-suomi.com^$document
||converseale.com^$document
||conversealesuomi.com^$document
||conversefi.com^$document
||conversehelsinki.com^$document
||converseinsuomi.com^$document
||converseoutlethelsinki.com^$document
||converseoutlet-suomi.com^$document
||converseoutletsuomi.com^$document
||converse-suomi.com^$document
||conversesuomi.com^$document
||conversesuomi.net^$document
||conversesuomioutlet.com^$document
||conversexsuomi.com^$document
||crossfitsuomi.co^$document
||crossfitsuomi.com^$document
||demonia-finland.com^$document
||demoniafinland.com^$document
||demoniasuomi.com^$document
||demoniasuomi.net^$document
||demoniasuomioutlet.com^$document
||desigual-suomi.com^$document
||desigualsuomi.com^$document
||desigualsuomi.net^$document
||dopeoutletsuomi.com^$document
||dopesnow-finland.com^$document
||dopesnowfinland.com^$document
||dopesnow-suomi.com^$document
||dopesnowsuomi.com^$document
||dopesnowsuomi-fi.com^$document
||dope-suomi.com^$document
||dopesuomi.com^$document
||dopesuomi-fi.com^$document
||dopetakki.com^$document
||dopetakki-suomi.com^$document
||dopetakkisuomi.com^$document
||dubarrysuomi.com^$document
||eccooutlet-suomi.com^$document
||eccooutletsuomi.com^$document
||eccooutletsuomis.com^$document
||ecco-suomi.com^$document
||eccosuomi.com^$document
||eccosuomi.net^$document
||eccosuomioutlet.com^$document
||fjallravenoutletsuomi.com^$document
||fjallraven-suomi.com^$document
||fjallravensuomi.com^$document
||footjoy-finland.com^$document
||footjoyssuomi.com^$document
||footjoy-suomi.com^$document
||footjoysuomi.com^$document
||freedommoses-suomi.com^$document
||gforefinland.com^$document
||gfore-suomi.com^$document
||gforesuomi.com^$document
||gforesuomi.net^$document
||groundies-finland.com^$document
||groundiesfinland.com^$document
||groundiesinsuomi.com^$document
||groundiesoutletsuomi.com^$document
||groundiessuomioutlet.com^$document
||gym-shark.co.za^$document
||gymshark.com.hr^$document
||gymsharkale.com^$document
||gymsharkalesuomi.com^$document
||gymsharkar.com^$document
||gymsharkauckland.com^$document
||gymsharkaustralia-au.com^$document
||gymsharkaustraliastores.com^$document
||gymsharkbutikkoslo.com^$document
||gym-shark-canada.com^$document
||gymsharkcanadafactoryoutlet.com^$document
||gymsharkcanadastore.com^$document
||gymsharkcolombia-co.com^$document
||gymsharkcz.cz^$document
||gymsharkczsale.com^$document
||gymshark-cz-shop.com^$document
||gymsharkczshop.cz^$document
||gym-shark-danmark.com^$document
||gymsharkdanmark.com^$document
||gymsharkdublin.com^$document
||gym-shark-egypt.com^$document
||gymsharkeufinland.com^$document
||gymshark-fi.com^$document
||gymsharkfi.com^$document
||gymshark-finland.com^$document
||gymsharkfinland.com^$document
||gym-sharkgreece.com^$document
||gym-shark-hungary.com^$document
||gymsharkhungarystore.com^$document
||gymsharkieonline.com^$document
||gym-shark-india.com^$document
||gymsharkindiashops.com^$document
||gymsharkinsingapore.com^$document
||gymsharkinsouthafrica.co.za^$document
||gymsharkinus.com^$document
||gym-shark-italia.com^$document
||gymshark-italia.com^$document
||gym-sharkmexico.com.mx^$document
||gymsharkmexicostore.com^$document
||gymsharkmexicotiendas.com.mx^$document
||gymshark-no.com^$document
||gym-sharknorge.com^$document
||gymsharknzsale.com^$document
||gymsharkostereichs.com^$document
||gymshark-osterreich.at^$document
||gymsharkosterreichshop.com^$document
||gymsharkoutletsuomi.com^$document
||gymsharkoutletwebsite.com^$document
||gymsharkperu.com^$document
||gym-shark-philippines.com^$document
||gymsharkportugalstore.com^$document
||gymsharkpt.com^$document
||gym-shark-romania.com^$document
||gymsharksbelgie.com^$document
||gymsharksbudapest.com^$document
||gym-shark-schweiz.com^$document
||gymsharkshop.cz^$document
||gym-sharksingapore.com^$document
||gymsharksingaporeshop.com^$document
||gymshark-sk.sk^$document
||gymsharkslovenijaeu.com^$document
||gymsharkslovensko.sk^$document
||gymsharksnorge.com^$document
||gymsharksouthafrica.com^$document
||gymsharkspainstore.com^$document
||gymsharkssuomi.com^$document
||gymsharkssverige.com^$document
||gymsharkstore.com.au^$document
||gymsharkstoreindia.com^$document
||gymsharkstorenyc.com^$document
||gym-shark-suomi.com^$document
||gym-sharksuomi.com^$document
||gymshark-suomi.com^$document
||gymsharksuomi.com^$document
||gymshark-suomiale.com^$document
||gymsharksuomiale.com^$document
||gymshark-suomi-fi.com^$document
||gymsharksuomi-fi.com^$document
||gymsharksuomifi.com^$document
||gymsharksuomioutlet.com^$document
||gymsharksuomishop.com^$document
||gymshark-sweden.com.se^$document
||gym-shark-turkiye.com^$document
||gymshark-turkiye-tayt.com^$document
||gym-sharkuaestore.com^$document
||gymshark-uk.com^$document
||gymsharkukoutlet.com^$document
||gymshark-uk-sale.com^$document
||gymsharkwinkel.com^$document
||gymsharkzagreb.com^$document
||gymsharkzurich.com^$document
||haglofsoutlethelsinki.com^$document
||haglofsoutletsuomi.com^$document
||haglofssuomifi.com^$document
||hanwag-suomi.com^$document
||hanwagsuomi.com^$document
||hanwagsuomi.net^$document
||hellyhansen-fi.com^$document
||hellyhansenfinland.com^$document
||hellyhansenoutletsuomi.com^$document
||hellyhansen-suomi.com^$document
||hellyhansensuomi.com^$document
||hellyhansensuomi.net^$document
||hokaale.com^$document
||hoka-finland.com^$document
||hokasuomi.com^$document
||hokasuomifi.com^$document
||icebugfinland.com^$document
||icebugfioutlet.com^$document
||icebugsfioutlet.com^$document
||icebugsuomi.com^$document
||icebugsuomi.net^$document
||ilsejacobsen-suomi.com^$document
||ilsejacobsensuomi.com^$document
||inov-8-suomi.com^$document
||inov-8suomi.com^$document
||jomafinland.com^$document
||joma-suomi.com^$document
||jomasuomi.com^$document
||kamikfinland.com^$document
||kamik-suomi.com^$document
||kamiksuomi.com^$document
||kamiksuomi.net^$document
||kappafi.com^$document
||kappa-suomi.com^$document
||kappasuomi.com^$document
||karhulenkkaritale.com^$document
||karhulenkkarithelsinki.com^$document
||kedsoutletsuomi.com^$document
||keds-suomi.com^$document
||kedssuomi.com^$document
||kedssuomishop.com^$document
||kickersfinland.com^$document
||kickers-suomi.com^$document
||kickerssuomi.com^$document
||legoale.com^$document
||legosuomi.com^$document
||loake-suomi.com^$document
||loakesuomi.com^$document
||loakesuomioutlet.com^$document
||lojagymsharkportugal.com^$document
||lornajane-suomi.com^$document
||lornajanesuomi.com^$document
||lornajanesuomi.net^$document
||louboutin-finland.com^$document
||louboutin-suomi.com^$document
||mizunofi.com^$document
||mizuno-finland.com^$document
||mizunofinland.com^$document
||mizunossuomi.com^$document
||mizuno-suomi.com^$document
||mizuno-suomis.com^$document
||mizunosuomishop.com^$document
||moonbootfi.com^$document
||moonbootfinland.com^$document
||moonboothelsinki.com^$document
||moonbootssuomi.com^$document
||moonboot-suomi.com^$document
||moonbootsuomi.com^$document
||moonbootsuomi.net^$document
||muckbootale.com^$document
||muckbootinsuomi.com^$document
||muckboots-suomi.com^$document
||muckbootssuomi.com^$document
||muckboot-suomi.com^$document
||muckbootsuomi.com^$document
||nautica-suomi.com^$document
||nauticasuomi.com^$document
||nikealesuomi.com^$document
||nikefinland.com^$document
||nikeinsuomi.com^$document
||nikeoutletsuomi.com^$document
||nikesuomi.com^$document
||nikesuomi.net^$document
||nikesuomi-fi.com^$document
||nikesuomioutlet.com^$document
||nikesuomishop.com^$document
||olukaifi.com^$document
||olukai-suomi.com^$document
||olukaisuomi.com^$document
||osirisfi.com^$document
||osirissuomi.com^$document
||ospreyfinland.com^$document
||osprey-suomi.com^$document
||ospreysuomi.com^$document
||ospreysuomi.net^$document
||outletadidas.com^$document
||outletadidasfi.com^$document
||outletarcteryx.com^$document
||outletcarhartt.com^$document
||outletconverse.com^$document
||outletdopesnow.com^$document
||outlethellyhansen.com^$document
||outletjoma.com^$document
||outletlego.com^$document
||outletmizuno.com^$document
||outletmuckboot.com^$document
||outletosprey.com^$document
||outletregatta.com^$document
||outletsalomon.com^$document
||outletveja.com^$document
||outletversace.com^$document
||palladiumfi.com^$document
||palladiumfinland.com^$document
||palladiumhelsinki.com^$document
||palladiumoutletsuomi.com^$document
||palladium-suomi.com^$document
||palladiumsuomi.com^$document
||palladiumsuomishop.com^$document
||persol-suomi.com^$document
||pleaserssuomi.com^$document
||pleasersuomi.com^$document
||puma-fi.com^$document
||pumafi.com^$document
||puma-finland.com^$document
||pumafinland.com^$document
||pumafi-suomi.com^$document
||pumainsuomi.com^$document
||pumaoutlet-suomi.com^$document
||puma-suomi.com^$document
||pumasuomi.com^$document
||pumasuomi.net^$document
||pumasuomiale.com^$document
||pumasuomioutlet.com^$document
||pumasuomis.com^$document
||redwing-suomi.com^$document
||redwingsuomi.com^$document
||regatta-suomi.com^$document
||regattasuomi.com^$document
||restockssuomi.com^$document
||rvca-suomi.com^$document
||rvcasuomi.com^$document
||salmingale.com^$document
||salmingsuomi.com^$document
||salomonalesuomi.com^$document
||salomon-finland.com^$document
||salomonfinland.com^$document
||salomonhelsinki.com^$document
||salomonoutletfi.com^$document
||salomonoutlethelsinki.com^$document
||salomonssuomi.com^$document
||salomon--suomi.com^$document
||salomon-suomi.com^$document
||salomonsuomi.com^$document
||salomon-suomiale.com^$document
||salomonsuomi-fi.com^$document
||salomonsuomihuijaus.com^$document
||salomonsuomioutlet.com^$document
||salomonsuomishop.com^$document
||samsonite-suomi.com^$document
||samsonitesuomi.com^$document
||samsonitesuomi.net^$document
||sanukale.com^$document
||sanukfinland.com^$document
||sanuk-suomi.com^$document
||sanuksuomi.com^$document
||sanuksuomi.net^$document
||sendra-suomi.com^$document
||sendrasuomi.com^$document
||sendrasuomi.net^$document
||sendrasuomioutlet.com^$document
||sendrasuomis.com^$document
||skimsale.com^$document
||skims-suomi.com^$document
||skimssuomi.com^$document
||skimssuomi.net^$document
||skimssuomiale.com^$document
||supergafi.com^$document
||superga-finland.com^$document
||superga-suomi.com^$document
||supergasuomi.com^$document
||tedbakerale.com^$document
||tedbakerfinland.com^$document
||tedbakeroutletsuomi.com^$document
||tedbaker-suomi.com^$document
||tedbakersuomi.net^$document
||tevafi.com^$document
||teva-finland.com^$document
||tevafinland.com^$document
||tevahelsinki.com^$document
||tevaoutletsuomi.com^$document
||tevassuomi.com^$document
||tevasuomi.com^$document
||timberlandfi.com^$document
||timberland-finland.com^$document
||timberlandfi-suomi.com^$document
||timberlandhelsinki.com^$document
||timberlandoutletfi.com^$document
||timberlandoutlethelsinki.com^$document
||timberland--suomi.com^$document
||timberland-suomi.com^$document
||timberlandsuomi.com^$document
||timberlandsuomi.net^$document
||timberlandsuomifi.com^$document
||timberlandxsuomi.com^$document
||uniqloale.com^$document
||uniqlo-finland.com^$document
||uniqlofinland.com^$document
||uniqlohelsinki.com^$document
||uniqlo-suomi.com^$document
||uniqlosuomi.com^$document
||uniqlosuomi.net^$document
||uniqlosuomioutlet.com^$document
||vansale.net^$document
||vansfi.com^$document
||vansfioutlet.com^$document
||vanshelsinki.net^$document
||vansoutlet-suomi.com^$document
||vansssuomi.com^$document
||vanssuomi.net^$document
||vanssuomioutlet.com^$document
||veja-fi.com^$document
||veja-finland.com^$document
||vejafioutlet.com^$document
||vejahelsinki.com^$document
||vejassuomi.com^$document
||vejasuomi.net^$document
||veja-suomiale.com^$document
||vejasuomioutlet.com^$document
||versaceinsuomi.com^$document
||versacesuomi.net^$document
||vessiale.com^$document
||vessi-suomi.com^$document
||vessisuomi.com^$document
||vitaelight-suomi.com^$document
||vivobarefootale.com^$document
||vivobarefootalesuomi.com^$document
||vivobarefoot-fi.com^$document
||vivobarefootfi.com^$document
||vivobarefoot-finland.com^$document
||vivobarefoot-suomi.com^$document
||vivobarefootsuomi.com^$document
||vivobarefootsuomiale.com^$document
||xn--gymshark-espaa-2nb.com.es^$document
||xn--gymsharkespaaoutlet-63b.com^$document
||xn--gymsharkespaa-tkb.com^$document
||xn--gymsharksterreich-6zb.com^$document
||youngla-suomi.com^$document
||younglasuomi.com^$document
||younglasuomi.net^$document
! https://lumendatabase.org/notices/34749939
||gymsharkuswebsite.com^$document
||www.gymsharkuswebsite.com^$document
||gymsharkindiashop.com^$document
||www.gymsharkindiashop.com^$document
||gymsharkleggings-philippines.com^$document
||www.gymsharkleggings-philippines.com^$document
||gymsharkvenezuela.com^$document
||www.gymsharkvenezuela.com^$document

! https://github.com/hagezi/dns-blocklists/issues/1803
||atsholz.com^$document

! https://www.bleepingcomputer.com/news/security/fraudsters-make-50-000-a-day-by-spoofing-crypto-researchers/
||revoketokens.io^$all
||revokea.sh^$all

! https://www.bleepingcomputer.com/news/security/bloomberg-crypto-x-account-snafu-leads-to-discord-phishing-attack/
||altdentifiers.com^$all

! https://web.archive.org/web/20231120125914/https://www.bleepingcomputer.com/news/security/russian-hackers-use-ngrok-feature-and-winrar-exploit-to-attack-embassies/
! https://tria.ge/231120-qafp3aga52/behavioral1
! https://infosec.exchange/@iampytest1/111443079100649886
||cyber-wizard.com^$all
||iboltcyberhacker.wixsite.com^$all

! https://github.com/durablenapkin/scamblocklist/issues/70
||equiwarmpro.co^$document
||try.equiwarmpro.co^$document
||ekommmedia.com^$document
||try.ekommmedia.com^$document

! https://github.com/hagezi/dns-blocklists/issues/1866
||travix-works.com^$document
||www.travix-works.com^$document

! https://infosec.exchange/@iampytest1/111490361011885326
||xairdrop.biz^$all

! porn scam
||directchats.site^$document
||rose.directchats.site^$document
||ariana.directchats.site^$document
||liliana.directchats.site^$document
||sienna.directchats.site^$document
||margaret.directchats.site^$document
||adalynn.directchats.site^$document
||elliana.directchats.site^$document
||eliza.directchats.site^$document
||alina.directchats.site^$document
||raelynn.directchats.site^$document
||brielle.directchats.site^$document
||hadley.directchats.site^$document
||maria.directchats.site^$document
||madeline.directchats.site^$document
||lyla.directchats.site^$document
||everleigh.directchats.site^$document
||eden.directchats.site^$document
||mackenzie.directchats.site^$document
||sage.directchats.site^$document
||ximena.directchats.site^$document
||lydia.directchats.site^$document
||mlie.directchats.site^$document
||daisy.directchats.site^$document
||piper.directchats.site^$document
||sarah.directchats.site^$document
||gabriella.directchats.site^$document
||serenity.directchats.site^$document
||charlie.directchats.site^$document
||vivian.directchats.site^$document

! https://github.com/RPiList/specials/issues/1369
||qdyqdym.shop^$all
||buy.qdyqdym.shop^$all

! https://github.com/RPiList/specials/issues/1399
||schnellmpu.com^$all

! https://github.com/RPiList/specials/issues/1400
||america4internationalstudents.com^$document

! https://github.com/RPiList/specials/issues/1404
||bonprix-sale.shop^$all
||bonprix-sale.$document

! https://github.com/durablenapkin/scamblocklist/issues/73
||bite-life.com^$all

! scam
||medium.com/@liamm7203/hire-a-hacker-to-change-university-grades-transcripts-lee-ultimate-hac-0ea869b69aca^$all

! https://forums.malwarebytes.com/topic/306200-fake-fakebook-t-shirt-scam/ (account required)
||newdesing.guru^$all

! possible scam (fake age verification)
||pregnantsimulator.com^$document
||adultonlineplay.com^$document

! https://github.com/Dogino/Discord-Phishing-URLs/issues/24
||cryptoslugs-hubs.com^$document
||verify.cryptoslugs-hubs.com^$document

! https://virustotal.com/gui/url/dc11c48005d4e6e10f3cee13a731a131887b99ced613abd81900a2530689b94d/community
! my analysis: https://tria.ge/240106-xd1yqsdfdq/behavioral1
||fazeskins.ru^$all

! https://github.com/hagezi/dns-blocklists/issues/2019
||realboos.online^$document

! https://github.com/RPiList/specials/issues/1422
||jaynapatel.co.uk^$document
||nelyc5h5x.jaynapatel.co.uk^$all

! https://github.com/gchq/CyberChef/issues/1639#issuecomment-1893099540
||technocraterecovery.site^$all

! https://github.com/hagezi/dns-blocklists/issues/2049
||adidasbrasil.net^$document
||adidascolombia.net^$document
||adidasfotballsko.com^$document
||adidashrvatskas.com^$document
||adidashungaryhu.com^$document
||adidasihungary.com^$document
||adidasjapan.net^$document
||adidasoutletfrance.com^$document
||adidasoutletslovenija.com^$document
||adidasperu.com^$document
||adidasschoenen.com^$document
||adidasslovenijaonline.com^$document
||adidasslovenijaoutlet.com^$document
||adidassrbijaeshop.com^$document
||adidassrbijashop.com^$document
||adidasuae.net^$document
||adidaszagreb.com^$document
||aerosolesshoesoutlets.com^$document
||airjordanbelgique.net^$document
||airjordanberlin.de^$document
||airjordanfemme.fr^$document
||airjordangreece.net^$document
||airjordanmagasinsuisse.com^$document
||airjordanromania.net^$document
||airjordanuruguay.com^$document
||aldobolsasmexico.com^$document
||aldocanada.net^$document
||aldomontreal.com^$document
||aldonetherlands.com^$document
||aldosapatos.com^$document
||aldosouthafrica.com^$document
||aldozapatos.com^$document
||alessandrozavettijas.com^$document
||alessandrozavettiromania.com^$document
||alessandrozavettiuk.com^$document
||alessandrozavettiweste.de^$document
||allbirdsmadrid.com^$document
||allsaintshungary.com^$document
||allsaintsonlineuae.com^$document
||allsaintsportugal.net^$document
||allsaintsslovenija.com^$document
||aloyogaaustralia.net^$document
||aloyogabrasil.com^$document
||aloyogapraha.cz^$document
||aloyogasale.net^$document
||aloyogasuomi.net^$document
||alphalete-suomi.com^$document
||alphaletesuomi.com^$document
||altra.ae^$document
||altrabelgie.com^$document
||altradanmarkshop.com^$document
||altraroadshoesnz.com^$document
||altraruningpolska.com^$document
||altrarunnerjapan.com^$document
||altrashoesdk.com^$document
||altrasverigeshop.com^$document
||americantouristerpolska.pl^$document
||americantouristersuomi.com^$document
||annafieldshop.fr^$document
||arcterryxoutletuk.com^$document
||arcterxysuomi.com^$document
||asicskuwaitsale.com^$document
||asicsoutletwien.at^$document
||asicssuomisneakers.com^$document
||asicswarsaw.pl^$document
||asicswarszawaoutlet.pl^$document
||asolocipele.com^$document
||asolosko.com^$document
||asportuguesaslatvija.com^$document
||autrybelgique.net^$document
||autryboty.cz^$document
||autryjapan.net^$document
||autrymexico.net^$document
||autrynz.com^$document
||autryoutlet.com^$document
||autryshoes.pl^$document
||autryshoesjapan.com^$document
||autrystore.net^$document
||autryuae.net^$document
||autryvienna.at^$document
||axelarigatojapan.net^$document
||axelarigatomilano.it^$document
||axelarigatooslo.com^$document
||axelarigatotenisice.com^$document
||aybl.pl^$document
||ayblsuomi.com^$document
||baffinstiefel.com^$document
||balancecentrum.eu^$document
||balenciagaireland.com^$document
||balenciagasuomi.com^$document
||balmainhrvatskashop.com^$document
||bapebelgium.com^$document
||bapeberlin.de^$document
||bapecanadasale.com^$document
||bapedanmark.net^$document
||bapeeesti.com^$document
||bapeisrael.com^$document
||bapejapanonline.com^$document
||bapelietuva.com^$document
||bapenederland.net^$document
||bapenorgeoutlet.com^$document
||bapeparisshop.fr^$document
||bapeportugal.net^$document
||bapesklepwarszawa.pl^$document
||bapesuisse.com^$document
||bapewien.at^$document
||barbourfinland.com^$document
||barbourkurtka.com^$document
||barbourpolska.com^$document
||barbourpolska.net^$document
||bearpawbrazil.com^$document
||bearpawbuty.com^$document
||belenkafi.com^$document
||billabong-argentina.com^$document
||billabongcanada.net^$document
||billabongportugal.net^$document
||billabongromania.net^$document
||billabongwarszawa.pl^$document
||bocancilowa.com^$document
||botascolumbia.com^$document
||botasdemonia.com^$document
||botashunterargentina.com^$document
||botashuntermexico.com^$document
||botashuntermujer.com^$document
||botaspajar.com^$document
||bothunterturkiye.com^$document
||bottegavenetasuomi.com^$document
||botyadidas.cz^$document
||botybearpaw.com^$document
||botycaterpillar.cz^$document
||brooksfinland.com^$document
||brooksoutletpolska.com^$document
||brooksrunningindonesia.com^$document
||brooksshoesuk.com^$document
||brooksshoeuk.com^$document
||brookssuomi-fi.com^$document
||brookssuomioutlet.com^$document
||brookswyprzedaz.pl^$document
||buenobratislava.sk^$document
||buenoshoesuk.com^$document
||bugattifashionro.com^$document
||butydanner-polska.com^$document
||butykeenoutlet.pl^$document
||butyveja.pl^$document
||buyshoesmalaysiaonline.com^$document
||buyshoesonlinemalaysia.com^$document
||carharttbratislava.sk^$document
||carharttchile.net^$document
||carharttdanmark.com^$document
||carhartthungary.com^$document
||carharttlatvia.com^$document
||carharttparis.fr^$document
||carharttpolska.com^$document
||carharttpraha.cz^$document
||carharttsrbija.com^$document
||carharttsuisse.com^$document
||carharttuae.net^$document
||cartier-malaysia.com^$document
||castanerromania.com^$document
||caterpillarbootscanada.net^$document
||caterpillarchaussure.net^$document
||caterpillarnorge.org^$document
||caterpillarshoesuk.com^$document
||cerabone.cz^$document
||championargentina.net^$document
||championbelgique.com^$document
||championberlin.de^$document
||championbulgaria.com^$document
||championclchile.com^$document
||championcolombia.net^$document
||championdanmark.com^$document
||championeesti.com^$document
||championgreece.net^$document
||championisrael.net^$document
||championjapan.net^$document
||championkuwait.net^$document
||championmexico.net^$document
||championoutletstore.sk^$document
||champion-polska.pl^$document
||championroma.it^$document
||championslovenija.com^$document
||championuae.net^$document
||championuksale.com^$document
||championuruguay.com^$document
||championwarszawa.pl^$document
||chaussuresmusto.com^$document
||cizmesorel.com^$document
||clarksargentina.net^$document
||clarksbuty.pl^$document
||clarksmontreal.net^$document
||clarksportugal.net^$document
||clarksscarpe.it^$document
||clarksshoesaustralia.net^$document
||clarksshoesnz.net^$document
||coccinellepolska.com^$document
||colehaanbrasilsale.com^$document
||colehaangreece.com^$document
||columbiacolombiatiendas.com^$document
||columbiafootweargreece.com^$document
||columbiagreeceonline.com^$document
||columbianetherlands.com^$document
||columbiapolskaoutlet.com^$document
||columbiashoesmalaysia.com^$document
||columbiashoesph.com^$document
||columbiashopnederland.com^$document
||columbiasnetherlands.com^$document
||columbiaspolskasklep.com^$document
||columbiassuomioutlet.com^$document
||converseallstarisrael.com^$document
||converseberlin.de^$document
||conversebrasil.com^$document
||converse-chile.cl^$document
||conversechile.net^$document
||converseinespana.com^$document
||converseisrael.com^$document
||conversekuwait.com^$document
||converselietuva.com^$document
||converse-luxembourg.com^$document
||conversephilippines.com^$document
||conversepromocja.com^$document
||converseromestore.it^$document
||converseshoesmalaysia.com^$document
||conversesklep.com^$document
||conversesrbija.com^$document
||conversestoreperu.com^$document
||converseuk.com^$document
||conversezurich.net^$document
||convresefi.com^$document
||convresesuomi.com^$document
||cosabellanederland.com^$document
||crocskaufenwien.at^$document
||crocslietuva.com^$document
||crocsuruguay.net^$document
||crocswarszawa.pl^$document
||cycasturkey.com^$document
||dannerbootsaustralia.net^$document
||dannerbootsfrance.net^$document
||dannerbootsromania.com^$document
||dannersko.net^$document
||dannerwandelschoen.com^$document
||dc-shoesperu.com^$document
||demoniaboots.it^$document
||demoniabootscanada.com^$document
||demoniabootsireland.com^$document
||demoniabudapest.com^$document
||demoniajapan.com^$document
||demoniapolska.com^$document
||demoniaportugal.com^$document
||demoniaromania.com^$document
||demoniashoesnorge.com^$document
||demoniastiefel.de^$document
||demoniegreeceoutlet.com^$document
||demoniepolska.com^$document
||docsmartensfactoryoutlet.com^$document
||docsmartenspoland.pl^$document
||dopeargentina.net^$document
||dopebelgie.com^$document
||dopechile.com^$document
||dopedanmark.com^$document
||dopeeesti.com^$document
||dopejackeschweiz.com^$document
||dopelaskettelutakki.com^$document
||dopenorge.com^$document
||dopeportugal.net^$document
||doperomania.com^$document
||dopeskikleding.com^$document
||dopesnowboard.fr^$document
||dopesnownederland.com^$document
||dopesnowromania.com^$document
||dopesnowtakki.com^$document
||dopetakit.com^$document
||drmartensbatai.com^$document
||drmartensbot.com^$document
||drmartensbotas.com^$document
||drmartensbotasmexico.com^$document
||drmartensboty.cz^$document
||drmartensdamen.de^$document
||drmartensdonna.com^$document
||drmartensdublin.com^$document
||drmartenshomme.fr^$document
||drmartensjapan.net^$document
||drmartenssalg.com^$document
||drmartensshoesuk.com^$document
||drmartensskroutz.com^$document
||eastpaklietuva.com^$document
||eccohrvatskaoutlet.com^$document
||eccomontreal.com^$document
||eccooutletsklep.pl^$document
||eccooutletssuomi.com^$document
||eccorusland.com^$document
||eccoshoessaleaustralia.com^$document
||emuaustraliaromania.com^$document
||etniesshoesireland.com^$document
||extreehome.com^$document
||femistoriessuomi.com^$document
||fila-finland.com^$document
||fitflopparis.net^$document
||fitflopromania.com^$document
||footjoyapparelnz.com^$document
||footjoycanada.net^$document
||footjoygolfshoe-india.com^$document
||footjoygolfshoes-india.com^$document
||footjoygolfshoesuk.com^$document
||footjoyjapan.net^$document
||footjoyoutletmexico.com^$document
||footjoyshoesaustralia.com^$document
||footjoyshoessouthafrica.com^$document
||footjoysko.com^$document
||fossilirelandsale.com^$document
||fotbalovyfestival.cz^$document
||gapsuomi.com^$document
||geoxargentina.net^$document
||geoxbelgique.com^$document
||geoxczpraha.cz^$document
||geoxgreece.net^$document
||geox-ireland.com^$document
||geoxisrael.com^$document
||geoxkuwait.com^$document
||geoxlatvija.com^$document
||geoxmexico.com^$document
||geoxnederland.net^$document
||geoxnorge.net^$document
||geoxportugaloutlet.com^$document
||geoxschweiz.com^$document
||geox-shoes-india.com^$document
||geoxsouthafrica.com^$document
||geoxsrbija.com^$document
||geoxsuomi.com^$document
||geoxuk.com^$document
||geoxuruguay.com^$document
||ghdhaircanada.ca^$document
||gola-portugal.com^$document
||goldengoose-italia.com^$document
||groundiescanada.net^$document
||groundiesgreeceoutlet.com^$document
||groundiesgreeces.com^$document
||groundiesitalia.top^$document
||groundiesoutletchile.com^$document
||groundiesoutletportugal.com^$document
||groundiesportugal.top^$document
||groundiesscarpeitalia.it^$document
||groundiesschoenennederland.com^$document
||groundiestroutlet.com^$document
||groundieswyprzedaz.pl^$document
||guessfinland.com^$document
||gymshark-polska.pl^$document
||gymsharkrea.com^$document
||gymsharksaledk.com^$document
||gymsharksklep.pl^$document
||gymsharksoldes.net^$document
||gymsharkstorejapan.net^$document
||gymsharksverigesale.com^$document
||gymsharksweden.com^$document
||hackettsrbija.com^$document
||haflingerslipperswebsite.com^$document
||hanwagoutletstore.com^$document
||hanwagshoesoutlet.com^$document
||hellyhansenargentina.net^$document
||hellyhansenaustralia.net^$document
||hellyhansenbratislava.sk^$document
||hellyhansencanada.com^$document
||hellyhansenchile.com^$document
||hellyhansencolombia.com^$document
||hellyhanseneesti.com^$document
||hellyhansengreece.com^$document
||hellyhansenhrvatska.net^$document
||hellyhansenhungary.com^$document
||hellyhansenireland.com^$document
||hellyhansenjapan.com^$document
||hellyhansenkuwait.com^$document
||hellyhansenlatvija.com^$document
||hellyhansenmexico.com^$document
||hellyhansennederland.com^$document
||hellyhansennorge.net^$document
||hellyhansenoutletgreece.com^$document
||hellyhansenparis.net^$document
||hellyhansenpraha.cz^$document
||hellyhansenromania.net^$document
||hellyhansenschweiz.com^$document
||hellyhansensrbija.com^$document
||hellyhansenuk.com^$document
||hellyhansenuruguay.com^$document
||hellyhansenwarszawa.pl^$document
||herschelireland.com^$document
||heydudeforsale.com^$document
||hm-portugal.com^$document
||hoka-denmark.com^$document
||hoka-magyarorszag.com^$document
||hokanorgebutikk.com^$document
||hokaoneonehrvatska.com^$document
||hokaonept.com^$document
||hokaoutletparis.com^$document
||hokarunnershungary.com^$document
||hokascarpe-italia.com^$document
||hoka-schweiz.com^$document
||hoka-soldes.fr^$document
||hokastoreportugal.com^$document
||hummelchile.com^$document
||hunterbootscanada.com^$document
||hunterbootsdublin.com^$document
||hunterbootsjapan.com^$document
||hunterbootsnz.com^$document
||hunterbootsschweiz.net^$document
||hunterfinland.com^$document
||huntergumbootsaustralia.com^$document
||huntergummistiefeldamen.de^$document
||hunterkaloszeoutlets.pl^$document
||hunteroutletsuomi.com^$document
||hunterregenlaarzen.com^$document
||hushpuppiesfinland.com^$document
||inov8boty.cz^$document
||ipanemauae.com^$document
||johannisstein.eu^$document
||johnstonmurphyaustraliau.com^$document
||jomacdmx.com^$document
||jomajp.com^$document
||jomasportcostarica.com^$document
||jomavenezuela.com^$document
||jordansboty.cz^$document
||josefseibelsuomi.com^$document
||joyaperuventa.com^$document
||joyaromania.com^$document
||joyaschoenen.com^$document
||joyaschuhedeutschland.com^$document
||joyashoeskuwait.com^$document
||joyaskonorge.com^$document
||joyaskorstockholm.com^$document
||jsbackpackcanada.com^$document
||kaloszehunter.com^$document
||kappazurich.com^$document
||karenmillenslovensko.sk^$document
||karhuskor.com^$document
||karhusneakersnorge.net^$document
||karrimormexico.com^$document
||kedsberlin.de^$document
||kedscanada.net^$document
||kedsoutletpolska.com^$document
||kedspt.com^$document
||kedssklep.pl^$document
||kenzoindonesia.com^$document
||kickers-hungary.com^$document
||kiplingfrance.com^$document
||kipling-polska.com^$document
||kiplingspain.com^$document
||kiplingsuomi.com^$document
||kurtkadope.com^$document
||lasportivabootsnz.com^$document
||lasportivaclimbingshoescanada.com^$document
||lasportivaklatresko.com^$document
||lasportivamontreal.com^$document
||lasportivanederland.com^$document
||lasportivaportugal.com^$document
||lasportivaschuheschweiz.com^$document
||lasportivatenisice.com^$document
||lasportivawanderschuhe.de^$document
||lecoqsportifparis.fr^$document
||leggingsnvgtnitaly.com^$document
||legginsygymsharkpolska.com^$document
||lems-greece.com^$document
||liujoukshop.com^$document
||loakedanmarkshop.com^$document
||lojacolumbiaportugal.com^$document
||longchampbucharest.com^$document
||lornajaneaustralia.com^$document
||lottoargentina.net^$document
||lottoaustralia.org^$document
||lottobelgium.net^$document
||lottoboty.cz^$document
||lottobulgaria.org^$document
||lottocolombia.net^$document
||lottodanmark.net^$document
||lottoeesti.org^$document
||lottofrankfurt.de^$document
||lottogreece.org^$document
||lottohrvatska.org^$document
||lottohungary.org^$document
||lottoireland.net^$document
||lottokuwait.org^$document
||lottolithuania.org^$document
||lottomexico.org^$document
||lottonorway.net^$document
||lottoparis.net^$document
||lottoportugal.net^$document
||lottoschweiz.com^$document
||lottoserbia.org^$document
||lottoslovakia.sk^$document
||lottosouthafrica.net^$document
||lottosuomi.net^$document
||lottotokyo.org^$document
||lottoturkey.org^$document
||lottouruguay.net^$document
||lottowarszawa.pl^$document
||louboutin-polska.com^$document
||lowaapavi.com^$document
||lowabakancs.net^$document
||lowabatai.com^$document
||lowabootsaustralia.net^$document
||lowabootsmexico.com^$document
||lowabotas.com^$document
||lowaisrael.net^$document
||lowamilitarybootsuk.com^$document
||lowa-philippines.com^$document
||lowaschoenen-nl.com^$document
||lowasuomi.com^$document
||lowausastore.com^$document
||lowawandelschoenen.com^$document
||lowawinterstiefel.de^$document
||lululemonamsterdam.net^$document
||lululemoneu.cz^$document
||lululemonjapan.ru^$document
||lululemonmontreal.com^$document
||lululemonoutletcolombia.net^$document
||lululemonportugal.net^$document
||lululemonsale.de^$document
||mackagebelgique.net^$document
||mackagedenmark.com^$document
||mackagefemmeparis.com^$document
||mackageireland.com^$document
||mackagejacketcanada.com^$document
||mackageschweiz.com^$document
||magasinhokabelgique.com^$document
||marcjacobs-france.fr^$document
||marc-jacobssuomi.com^$document
||meindlschuhedeutschland.com^$document
||mephistoonsale.com^$document
||merrellbarbati.com^$document
||merrellbutysklep.com^$document
||merrelloutletfactoryuk.com^$document
||merrellsandaalit.com^$document
||merrellsklepy.pl^$document
||michaelkorsargentina.net^$document
||michaelkorsberlin.de^$document
||michaelkorsgreece.net^$document
||michaelkorslatvia.com^$document
||michaelkorssrbija.net^$document
||michaelkorssuisse.net^$document
||michaelkorsuruguay.net^$document
||michaelkorsvienna.at^$document
||michaelkorswarszawa.pl^$document
||mizuno-hungary.com^$document
||mizunonorway.com^$document
||mizunoonsaleuk.com^$document
||mizunosaleportugal.com^$document
||mizunosnorge.com^$document
||mizuno-sweden.com^$document
||mlbhungary.com^$document
||mlbshopschweiz.com^$document
||mollybootmexico.com^$document
||moonbootargentina.com^$document
||moonbootaustralia.net^$document
||moonbootbelgique.com^$document
||moonbootbratislava.sk^$document
||moonbootbulgaria.com^$document
||moonbootireland.net^$document
||moonbootisrael.net^$document
||moonbootjapan.net^$document
||moonbootlatvia.com^$document
||moonbootlietuva.com^$document
||moonbootnorge.net^$document
||moonboot-polska.com^$document
||moonbootportugal.net^$document
||moonbootroma.it^$document
||moonbootsgreece.net^$document
||moonbootslovenija.net^$document
||moonbootsouthafrica.net^$document
||moonbootsperu.com^$document
||moonbootuae.net^$document
||moonbootukstore.com^$document
||muckbootdanmark.com^$document
||muckboots-cz.com^$document
||muckbootscz.com^$document
||muckbootsgreece.com^$document
||muckbootsmagyarorszagon.com^$document
||muckbootsnl.com^$document
||muckbootsnorge.com^$document
||muckbootsosterreich.at^$document
||muckbootsoutletstore.de^$document
||muckbootspolska.com^$document
||muckbootsportugal.com^$document
||muckbootsromania.com^$document
||muckbootsschweiz.com^$document
||muckbootssouthafrica.com^$document
||muckbootssverige.com^$document
||nadejbaletu.sk^$document
||nativeshoesfrance.com^$document
||nauticanederland.com^$document
||nauticapolska.com^$document
||nauticaromania.com^$document
||nauticaukwebsite.com^$document
||newbalanceonline.pl^$document
||new-lookireland.com^$document
||newlooksuomi.com^$document
||nfiserova.cz^$document
||nikeaustralia.net^$document
||nikeayakkabiindirim.com^$document
||nikegreece.net^$document
||nikenorgesalg.com^$document
||nikeoutletspain.com^$document
||nike-philippines.com^$document
||nike-polska.pl^$document
||nike-portugal.com^$document
||nikeshoeoutlets.gr^$document
||nikeslovenija.net^$document
||nikesouthafricasale.co.za^$document
||niketrturkiye.com^$document
||nine-west.pl^$document
||nobullbelgie.net^$document
||nobullcanadasale.com^$document
||nobullcrossfitoutlet.net^$document
||nobulldeutschland.de^$document
||nobullgreece.net^$document
||nobullprojectireland.net^$document
||nobullprojectmexico.com^$document
||nobullshoponline.sk^$document
||nobullskonorge.com^$document
||nobullsrbija.com^$document
||no-bulluk.com^$document
||norronabunda.sk^$document
||obuvlasportiva.sk^$document
||ohpollyportugal.com^$document
||oliverpeoplesschweiz.com^$document
||olukaibe.com^$document
||olukaidk.com^$document
||olukai-france.fr^$document
||olukai-greece.com^$document
||olukainorway.com^$document
||olukaisaleclearance.com^$document
||onitsukatiger-ireland.com^$document
||oofossingaporestore.com^$document
||osirisfootwearmexico.com^$document
||osirisuk.com^$document
||palladiumargentina.com^$document
||palladiumbootsargentina.com^$document
||palladiumbootspolska.pl^$document
||palladium-denmark.com^$document
||palladiumfi.me^$document
||palladium-hrvatska.com^$document
||palladiumpolskaoutlet.com^$document
||panamajack-france.fr^$document
||panamajackonline.sk^$document
||panamajackoutlet.pl^$document
||panamajackparis.com^$document
||panamajackschweiz.ch^$document
||panamajackschweiz.net^$document
||panamajackslovenija.com^$document
||pandorajapan.net^$document
||pandorakorut.com^$document
||pandoraoslo.com^$document
||pandoraportugal.com^$document
||pandoraringsuk.com^$document
||parajumpersjackede.de^$document
||parfois-chile.com^$document
||parfoiscz.cz^$document
||parfoisdublin.com^$document
||parfoisosterreich.at^$document
||parfois-sverige.com^$document
||patagoniapolskasklep.pl^$document
||perfectmomentromania.com^$document
||pitviperbril.com^$document
||pitviperbriller.com^$document
||pitviperfrance.net^$document
||pitvipergafas.com^$document
||pitviperjapan.com^$document
||pitviperlunette.fr^$document
||pitviperocchiali.it^$document
||pitviperoculos.com^$document
||pitvipersunglassesnz.com^$document
||pleaserchaussure.com^$document
||pleaserchaussures.com^$document
||pleaserheelscanada.com^$document
||pleaserschweiz.com^$document
||portugalgroundies.com^$document
||procuradoresnavas.com^$document
||pumaoutletpolska.com^$document
||puma-polska.com^$document
||quaygreece.net^$document
||quayocchiali.it^$document
||quayonline.net^$document
||quayoutlet.com^$document
||quayparis.com^$document
||quayphilippines.com^$document
||quaysouthafrica.net^$document
||quaysstore.com^$document
||quaysuomeksi.com^$document
||rabclothingsouthafrica.net^$document
||rabdanmark.net^$document
||rabhungary.com^$document
||rabonline.net^$document
||rabparis.fr^$document
||rabromania.net^$document
||rabsrbija.net^$document
||raybanmalaysiastore.com^$document
||raybanslovensko.sk^$document
||redwingoslo.com^$document
||reebokaustralia.com^$document
||reebokuswebsite.com^$document
||reef-danmark.com^$document
||reef-polska.com^$document
||reef-portugal.com^$document
||regattafrance.com^$document
||regattapolska.com^$document
||rockportbootsireland.com^$document
||rockportjapan.com^$document
||rockportmontreal.com^$document
||rockportnz.com^$document
||rockportontario.com^$document
||rockportoutletortugal.com^$document
||rockportsaleuk.com^$document
||rockportschoenen.com^$document
||rockportshoesmexico.com^$document
||rockporttr.com^$document
||rockportzapatos.com^$document
||rothys-suomi.com^$document
||roxy-japan.com^$document
||russellandbromleynorge.net^$document
||russellandbromleyromania.net^$document
||russellandbromleywien.at^$document
||russellbromleyoutlet.net^$document
||russellnbromleycanada.com^$document
||rvcajapan.net^$document
||ryderwear-finland.com^$document
||ryderwearjapan.com^$document
||ryderwearjapann.com^$document
||ryderwear-polska.com^$document
||ryderwear-suomi.com^$document
||safenordicsolutions.com^$document
||saintjamesireland.com^$document
||salmingchile.com^$document
||salmingcolombia.com^$document
||salmingportugalpt.com^$document
||salmingslovenija.com^$document
||salomomsuomioutlet.com^$document
||salomonbuty.com^$document
||salomonenucuz.com^$document
||salomonfinlandoutlet.com^$document
||salomongermany.de^$document
||salomonmalaysiaonlineshop.com^$document
||salomonoutlet.it^$document
||salomonportugal.com^$document
||salomonpraha.com^$document
||salomonshoes.co.za^$document
||salomonshoesbulgaria.com^$document
||salomonshopgreece.com^$document
||salomonslovensko.me^$document
||salomonstoreuae.com^$document
||salomonvandreskotilbud.com^$document
||sanitamalaysia.com^$document
||sanitasverige.com^$document
||sanukchiletiendas.com^$document
||sanukdublin.com^$document
||sanukflipflops.de^$document
||sanuknederlandnl.com^$document
||sanuknz.com^$document
||sanuk-philippines.com^$document
||sanukromaniaro.com^$document
||sanuksalecanada.com^$document
||sanuksandalssingapore.com^$document
||sanukschoenen.com^$document
||sanukshoesschweiz.com^$document
||sanukzapatoscolombia.com^$document
||scarpejoya.com^$document
||scarpelowa.it^$document
||scarpesanuk.it^$document
||scotchandsodaromania.com^$document
||scotch-sodaromania.com^$document
||sebagoantwerpen.com^$document
||sebagobruxelles.com^$document
||sebagodeckshoesireland.com^$document
||sebagodockside.fr^$document
||sebagojapan.net^$document
||sebagosaat.com^$document
||sebagoschoenen.com^$document
||sebagoshoesgreece.com^$document
||sebagozapatos.com^$document
||shoesmalaysiastores.com^$document
||shoessalesmalaysia.com^$document
||skechersfactory.com^$document
||skechersinphilippines.com^$document
||skechersmilano.com^$document
||skechersoutletsverige.com^$document
||skechersparissale.com^$document
||skechersschuhe.com^$document
||skechersturkiyeoutlet.com.tr^$document
||skechersuruguayoutlet.com^$document
||skijakke.com^$document
||skijasbelgie.com^$document
||skimscz.cz^$document
||skimsgreece.com^$document
||skims-polska.pl^$document
||skimspolska.pl^$document
||skimsromania.com^$document
||skimsshoponline.com^$document
||sklepconversepolska.com^$document
||sklepyadidaspolska.com^$document
||sloggipolska.pl^$document
||snowromania.com^$document
||solovairargentina.com^$document
||solovairbelgique.com^$document
||solovairbelgium.net^$document
||solovairbrasil.com^$document
||solovaircanada.net^$document
||solovairchile.net^$document
||solovairgreece.net^$document
||solovairhrvatska.net^$document
||solovairpraha.cz^$document
||solovairschweiz.net^$document
||solovairshop.com^$document
||solovairslovenija.net^$document
||solovairsuomi.net^$document
||sorelaustraliashops.com^$document
||sorelbootsuk.com^$document
||sorelchaussures.com^$document
||sorel-dk.com^$document
||sorelportugal.com^$document
||sorelschoenen.com^$document
||sorelschweiz.com^$document
||sperryfactoryoutlets.com^$document
||sperryshoesaustralia.com^$document
||stevamaddenpl.com^$document
||stevamaddenpolska.com^$document
||stockxbelgique.com^$document
||stockxbelgium.com^$document
||stockxlatvia.com^$document
||stockxsouthafrica.com^$document
||stockxsuisse.com^$document
||stoneislandeesti.ru^$document
||stoneislandjapan.com^$document
||stoneislandlietuva.com^$document
||stoneislandparis.ru^$document
||stoneislandsouthafrica.ru^$document
||stoneislandsuisse.com^$document
||stoneislandsuomi.org^$document
||stussygreece.com^$document
||stussy-italia.com^$document
||suprainsuomi.com^$document
||suprashoescanada.com^$document
||tamarisdanmark.com^$document
||tamarissdanmark.com^$document
||tedbakereesti.com^$document
||tedbakerireland.net^$document
||tenisiconverseromania.com^$document
||tenisiconverseromania.ro^$document
||teniskyunderarmour.sk^$document
||teva-ar.com^$document
||teva-be.com^$document
||teva-colombia.com^$document
||teva-cz.com^$document
||tevaforhandler.com^$document
||tevahr.com^$document
||tevaoutletchile.com^$document
||teva-polska.com^$document
||tevasandalesrbija.com^$document
||tevaskor.com^$document
||tevaszandalbudapest.com^$document
||teva-turkey.com^$document
||thursdaycanada.com^$document
||thursdaynorge.com^$document
||thursdayuk.com^$document
||tiendahokaonemexico.com^$document
||tiendasairjordanmexico.com^$document
||tiffanysuomi.com^$document
||tiffanyturkiye.com.tr^$document
||timberlandmontreal.net^$document
||timberlandpolska.pl^$document
||timberlandtopanky.sk^$document
||tomfordsuomi.com^$document
||tommyhilfigerbunda.sk^$document
||tommyhilfigerdeutschland.de^$document
||tommyhilfigerdublin.com^$document
||tommyhilfigerjakke.com^$document
||tommyhilfigerjakne.com^$document
||tommyhilfigeronlinecanada.com^$document
||tommyhilfigeroutletargentina.com^$document
||tommyhilfigeroutletnz.com^$document
||tommyhilfigeroutletportugal.com^$document
||tommyhilfigerpatike.com^$document
||tommyhilfigerquebec.net^$document
||tommyhilfigersko.com^$document
||tomsjapan.net^$document
||tomsjapanoutlet.com^$document
||tomsschuhedamen.de^$document
||tomsshoesdubai.com^$document
||tomsskotilbud.com^$document
||tonybianconz.com^$document
||toryburchoutletespana.com^$document
||uggssklep.pl^$document
||umbropolska.pl^$document
||underarmouradidasi.com^$document
||underarmourchaussures.net^$document
||underarmourjas.com^$document
||underarmouroslo.com^$document
||underarmourschuhe.at^$document
||underarmourskor.se^$document
||underarmourskroutz.com^$document
||underarmourtrainersuk.com^$document
||undervon.com^$document
||uniqlopolska.pl^$document
||valentinocanada.com^$document
||vansalte.it^$document
||vanscolombia.net^$document
||vansdames.com^$document
||vansforsaleuk.net^$document
||vansindonesiastore.com^$document
||vansschoenenbelgie.com^$document
||vansshoesksa.com^$document
||vanssko.com^$document
||vansskoletaske.com^$document
||vanstenisice.com^$document
||veja.com.gr^$document
||vejaadidasi.com^$document
||vejaathensgreece.net^$document
||vejabelgium.com^$document
||vejabrasil.net^$document
||vejanorge.com^$document
||vejanz.com^$document
||vejaoutlet.net^$document
||vejapraha.cz^$document
||vejasfranceoutlet.com^$document
||vejashoes.cz^$document
||vejashoesuk.com^$document
||vejasko.org^$document
||vejaslovenia.com^$document
||vejatenis.com^$document
||vejazapatoscolombia.net^$document
||verabradleypolska.com^$document
||vessibelgium.com^$document
||vessibelglum.com^$document
||vessiitalia.com^$document
||vessijapan.net^$document
||vessischoenen.com^$document
||vessishoes.fr^$document
||vibram-es.com^$document
||vibrammagyarorszag.com^$document
||vibramnederland.me^$document
||vibramparis.com^$document
||vibramsalenz.com^$document
||vibramukstore.com^$document
||vibramvypredaj.sk^$document
||viking-cnc.com^$document
||viking-solutions.com^$document
||vineyardvines.pl^$document
||vineyardvinessuomi.com^$document
||vionicmexico.com^$document
||vionicshoesportugal.com^$document
||vioniczapatos.com^$document
||vivaiabuty.pl^$document
||vivobarefootbrasil.net^$document
||vivobarefootbrussel.com^$document
||vivobarefootchileoutlet.net^$document
||vivobarefooteesti.com^$document
||vivobarefoothrvatska.net^$document
||vivobarefoot-hu.com^$document
||vivobarefootjapan.net^$document
||vivobarefootkengat.com^$document
||vivobarefootkokotaulukko.com^$document
||vivobarefootkuwait.com^$document
||vivobarefoot-romania.ro^$document
||vivobarefootslovenia.com^$document
||vivobarefoot-slovenija.com^$document
||vivobarefootsrbija.net^$document
||vivobarefootsuisse.com^$document
||vivobarefootusretailers.com^$document
||vivobarefoot-za.com^$document
||vivoshoessouthafrica.com^$document
||wolverinefactoryoutlet.com^$document
||wolverinefactoryoutlets.com^$document
||xerobarefoot.sk^$document
||xerofootwearuk.com^$document
||xerojapan.net^$document
||xeroshoesaustralia.com^$document
||xeroshoesnz.com^$document
||xeroskor.com^$document
||xn--adidasayakkab-gbc.net^$document
||xn--aloyogamnchen-3ob.de^$document
||xn--asolokengt-y5a.com^$document
||xn--axelarigatokbenhavn-67b.com^$document
||xn--bapeespaa-s6a.com^$document
||xn--billabongtrkiye-8vb.com^$document
||xn--carharttespaa-tkb.com^$document
||xn--castaerespaa-ehbg.com^$document
||xn--clarksespaa-beb.com^$document
||xn--clarkszrich-zhb.com^$document
||xn--conversebelgi-gib.com^$document
||xn--dannerespaa-beb.com^$document
||xn--dannerstvler-2jb.com^$document
||xn--dopeespaa-s6a.com^$document
||xn--dopetrkiye-eeb.com^$document
||xn--drmartensstvler-gub.com^$document
||xn--footjoygolfkengt-9nb.com^$document
||xn--gillmarinetrkiye-tzb.com^$document
||xn--hellyhansenbelgi-prb.com^$document
||xn--hellyhansenespaa-lub.com^$document
||xn--hellyhansenper-yrb.com^$document
||xn--hellyhansentrkiye-e3b.com^$document
||xn--huntergummistvler-d1b.com^$document
||xn--hunterstvler-2jb.com^$document
||xn--joyaespaa-s6a.com^$document
||xn--neweraapka-j9b.com^$document
||xn--norronatrkiye-3ob.com^$document
||xn--skimstrkiye-yhb.com^$document
||xn--solovairmxico-jhb.com^$document
||xn--sorelcip-8sb.com^$document
||xn--tomscip-8mb.com^$document
||xn--underarmourayakkab-v0c.com^$document
||xn--vejazrich-u9a.com^$document
||xn--vessiespaa-19a.com^$document
||yeezybelgique.com^$document
||yeezyberlin.de^$document
||yeezyireland.com^$document
||yeezyisrael.com^$document
||yeezyuksale.com^$document
||yeti-southafrica.co.za^$document
||youngla-danmark.com^$document
||youngla-polska.pl^$document
||yslpolska.pl^$document
||zapatillasunderarmourchile.com^$document
||zapatossanuk.com^$document
||zavettiireland.com^$document

! https://github.com/durablenapkin/scamblocklist/issues/74
||link-etsy.com^$all
||etsy-verifed-shop.com^$all

! https://github.com/hagezi/dns-blocklists/issues/2081
||do0cd.com^$all
||doosd.pro^$all
||d0ood.com^$all
||doode.pro^$all

! SMS phishing message
! cloudflared: https://tria.ge/240127-rgd1gsdgb8/behavioral1
||bbbvnvn.com^$all
||usps.bbbvnvn.com^$all
||kai12102.top^$all
! https://www.virustotal.com/gui/ip-address/47.251.77.252/relations
||47.251.77.252^$document
||bbbnvnv.com^$document
||usps.bbbnvnv.com^$document
||bbblmlm.com^$document
||usps.bbblmlm.com^$document
||bbbkdt.com^$document
||usps.bbbkdt.com^$document
||bbbhaod.com^$document
||usps.bbbhaod.com^$document
||bbbnbnb.com^$document
||usps.hkjtion.com^$document
||usps.hjktion.com^$document
||bbbiiuu.com^$document
||usps.bbbiiuu.com^$document
||bbbvbvb.com^$document
||usps.bbbvbvb.com^$document
||usps.bbbnbnb.com^$document
||usps.bbbuuui.com^$document
||bbbuuui.com^$document
||bbbdjsgd.com^$document
||usps.bbbdjsgd.com^$document
||bbbdjdhes.com^$document
||usps.bbbdjdhes.com^$document
||bbbiuiu.com^$document
||usps.bbbiuiu.com^$document
||usps.zzzopjl.com^$document
||bbbouou.com^$document
||usps.bbbouou.com^$document
||zzzopjl.com^$document
||bbbiudhs.com^$document
||usps.bbbiudhs.com^$document

! https://github.com/hagezi/dns-blocklists/issues/2178
||guidesite.info^$all
||ustrack.online^$all

! https://github.com/hagezi/dns-blocklists/pull/2182
||cashjuice.com^$document
||esigningapp.com^$document
||fastloanassist.com^$document
||myrequestresults.com^$document
||myresources-join.resourcesify.com^$document
||taxreturnoptions.com^$document
||247lendinggroup.com^$document
||theconsumerhq.com^$document
||banktoday.de^$document
||secureexpressrequest.com^$document
||cashusa.com^$document
||choicecreditrepair.life^$document
||swagbucks.com^$document
||americanunsecured.com^$document
||grantsreach.com^$document

! https://github.com/hagezi/dns-blocklists/issues/2228
||z-lib.id^$document

! https://github.com/RPiList/specials/issues/1492
||okun.shop^$document
||meiguo66.okun.shop^$document
||de.okun.shop^$document

! https://www.reddit.com/r/Scams/comments/1bfbq5e/emf_neutralizer_is_this_actually_a_thing/
! https://yewtu.be/watch?v=EgvdvfOvdJs
! https://yewtu.be/watch?v=VmFzPALkFyo
! https://www.bbc.com/news/technology-55613452
! https://www.usatoday.com/story/news/factcheck/2020/07/12/fact-check-anti-radiation-shields-do-not-protect-against-emf-emission/5349018002/
||energydots.com^$document

! https://github.com/durablenapkin/scamblocklist/issues/80
||produktretter.com^$document
||produktretter.org^$document
||gratis-eltern-produkttests.com^$document
||produkttest-anmeldung.com^$document
||maforia-anmeldung.com^$document
||produkttester-anmeldung.com^$document
||produkttester-werden.org^$document
||ruecksendungen-gratis.com^$document

! https://github.com/RPiList/specials/issues/1515
! https://tria.ge/240320-23k12aef2v/behavioral1
||iioddoy.shop^$all
||shop.iioddoy.shop^$all
||baodan.xyz^$document
||img.baodan.xyz^$image
! https://tria.ge/240320-3qqanaec82/behavioral1
||ixlcrg.shop^$all
||shop.ixlcrg.shop^$all
||gagabao216.com^$document
||img.gagabao216.com^$image
! https://tria.ge/240321-aqql7sfb49/behavioral1
||ffuoouw.shop^$all
||shop.ffuoouw.shop^$all
! https://tria.ge/240321-a55dxagg71/behavioral1
||nnsnnqn.shop^$all
||shop.nnsnnqn.shop^$all
! https://tria.ge/240321-babc1sgh7v/behavioral1
||rrmuumm.shop^$all
||shop.rrmuumm.shop^$all

! https://github.com/jarelllama/Scam-Blocklist/issues/265
||luizeva.com^$document
||earnglobal.co^$document
||prostargift.com^$document
||quirkleaf.com^$document

! https://github.com/jarelllama/Scam-Blocklist/issues/264
||hft-fyfc.com^$document
||askotrade.net^$document
||binozy.com^$document
||monarchlibertygroup.cc^$document
||polybox.finance^$document
||sanexer.com^$document

! https://infosec.exchange/@iampytest1/112203822803380750
||toughknifes.com^$all
||darntoughfactory.shop^$all
||darnroughonline.top^$all
||darntoughonline.shop^$all
||darntoughonline-us.top^$all
||darntoughsales.shop^$all
||us-darntoughonline.top^$all
||vipbargainhub.com^$all
||vpdamai.com^$all

! https://github.com/jarelllama/Scam-Blocklist/issues/277
! https://dfpi.ca.gov/2024/03/25/fraudulent-bank-website-scam/
||beachcitiescommercialbank.com^$all
! my analysis: https://tria.ge/240404-xlg6laga74/behavioral1
! https://infosec.exchange/@iampytest1/112214528899229692
||americasfirstnationalbank.com^$all
||beachcitiescommercialbank.com.americasfirstnationalbank.com^$all
||www.beachcitiescommercialbank.com.americasfirstnationalbank.com^$all

! https://tria.ge/240408-bf8kpscb83/behavioral1
||spacex-invest.org^$all

! https://github.com/jarelllama/Scam-Blocklist/issues/289
||xcorepips.com^$document

! https://tria.ge/240410-31s5ashh6w/behavioral1
||x2-invest.com^$all

! https://github.com/RPiList/specials/issues/1532
! https://tria.ge/240411-nps8laaf48/behavioral1
||websharetday.online^$document

! https://tria.ge/240411-xhwjtahh93/behavioral1
||gettechreward.com^$all

! https://tria.ge/240411-1dm9esde97/behavioral1
||leanbiome-discount.store^$all

! https://tria.ge/240411-1jkqgsdh25/behavioral1
||gamersahead.com^$all

! https://tria.ge/240412-3g67tagc44/behavioral1
||daniellacribbs.lol^$all
||c.datingcompass.fun^$all

! https://tria.ge/240412-3jmwysgc75/behavioral1
||fatimaforaker.skin^$all
||i.datingcompass.fun^$all

! https://tria.ge/240412-3nkbmagd63/behavioral1
||oletaburford.buzz^$all
||hngfck.com^$document
||g.datingcompass.fun^$all

! https://tria.ge/240413-apvvjagg78/behavioral1
||mailtknnews.com^$document
||t.mailtknnews.com^$document
||russiagirlsonline.com^$document
||www.russiagirlsonline.com^$document
||charmdate.com^$all
||www.charmdate.com^$all

! https://github.com/hagezi/dns-blocklists/issues/2512
||slowmitter.top^$document
||d.slowmitter.top^$document
||singingfiles.com^$document

! https://github.com/jarelllama/Scam-Blocklist/issues/334
! https://github.com/hagezi/dns-blocklists/issues/2946
||gym-sharkfinland.com^$all
||www.gym-sharkfinland.com^$all

! https://github.com/hagezi/dns-blocklists/issues/2607
||93mobiles.com^$all

! spam email
||185.106.94.223^$document
! https://tria.ge/240511-qjc1jacc79/behavioral1
||serenespring.info^$all
||mta1.serenespring.info^$all
||naughtymatchvo1.com^$all
||onlyfwb.com^$document
||email.mg.onlyfwb.com^$document

! https://www.bleepingcomputer.com/news/security/microsoft-indias-x-account-hijacked-in-roaring-kitty-crypto-scam-to-push-wallet-drainers/
||presaIe-roaringkitty.com^$all

! https://github.com/hagezi/dns-blocklists/issues/2889
||sweet-bonanza-demo.gr^$document
||hfr67jhqrw8.com^$document
||tbao684tryo.com^$document
||5wzgtq8dpk.com^$document
||65spy7rgcu.com^$document

! https://github.com/yokoffing/filterlists/issues/147
||service-rundfunkbeitrag.de^$document

! spam email -> https://tria.ge/240621-y6rffa1cqe/behavioral1
||wowgirl69.site^$all
||dateflng.com^$all
||bgigdga.dateflng.com^$all
! https://infosec.exchange/@iampytest1/112973906679266779
||shag2night.com^$document

! spam email -> https://tria.ge/240621-1m4yjawemm/behavioral1
||findrussiabrides.com^$document

! spam email -> https://tria.ge/240622-stxtssserh/behavioral1
||emb-race.info^$all
||passionatechick2.com^$document
||clublov.com^$document

! https://tria.ge/240622-wypwjaybpc/behavioral1
||universal-romance.live^$all
||datingdealshub.com^$document
||www.datingdealshub.com^$document
||mydirtyneighbour.com^$document
||www.mydirtyneighbour.com^$document

! scam email
||bestflirt.fun^$all

! https://github.com/hagezi/dns-blocklists/issues/2982
||midnightsociety-x.com^$all

! https://github.com/hagezi/dns-blocklists/issues/2983
||veilcurtin.world^$document
||yikesgroto.com^$document

! https://github.com/hagezi/dns-blocklists/issues/2999
||elonweb.org^$all

! https://github.com/hagezi/dns-blocklists/issues/3005
||dInp2rm.suitablepartner.life^$document
||p𝓸𝘳𝘯𝚔𝘢f.net^$document
||netfucks1.com^$document
||c.dreamdating1.fun^$document
||yoursecrethookup.com^$document
||brttre.com^$document
||ohmysweetromancespot.life^$document
||𝚋yest𝚊r.com^$document
||yourdatefind.com^$document
||olosex.pics^$document

! https://tria.ge/240702-1356jascqh/behavioral1
||adult-gfriend.click^$all
||yourlocaldate.com^$document

! https://github.com/hagezi/dns-blocklists/issues/3068
||getwavemax.com^$document

! https://github.com/hagezi/dns-blocklists/pull/3083
||usonkd.com^$document

! https://github.com/hagezi/dns-blocklists/issues/3174
||sakuradate.com^$document
||amorpulse.com^$document
||datempire.com^$document

! https://tria.ge/240729-3cx4cazgpf/behavioral1
||breasts-rule.info^$all
||hotmatchlyi.com^$document
||yourexclusiveoffers.com^$document
||clubforsingles.com^$document
/ow_static/themes/flirt_clubforsingles/images$third-party
||sttc.cupidaffairs.com^$image

! https://github.com/hagezi/dns-blocklists/issues/3312
! not my analysis: https://any.run/report/c89740ba0467ed00c1ce3346f1455ed28c02b3b9cd11f7b338822b9f7e0e2a53/ad056e7a-e353-464f-a1ad-1fb2ca7d2ffb
! my analysis: https://tria.ge/240731-137pcs1bqf/behavioral1
||bonuspulsefortune.life^$all
||boxwhatfur.live^$all
||d0dptv2.boxwhatfur.live^$all
||threejplating.com^$document
||www.threejplating.com^$document

! https://tria.ge/240807-1z6mwsycpc/behavioral1
||alfagear.info^$all
||nightfordates.com^$all
||luckyfling.com^$all
||flirtingplaza.com^$all
! handles payments
||knupx.com^$all
||echty.com^$all
! https://tria.ge/240811-xsj9jatbrm
||jungefrau.eu^$all
! https://tria.ge/240811-x13qvatepm/behavioral1
||mynemesis.live^$all

! https://mastodon.world/@GregArcus/112923555449275504
||illinoistollwayinvoice.com^$document

! https://tria.ge/240816-z7rm9s1flm/behavioral1
! https://infosec.exchange/@iampytest1/112973719034472123
||noartplace.info^$all

! ---- PUPs ----

! https://virustotal.com/gui/url/c7e3137c4baaad64dcbbafd1938f581f264944fa1e2c1aa1ebcff77ed2959082/links
! https://safeweb.norton.com/report/show?url=https://www.totalav.com/ultra-deal?exit
! https://virustotal.com/gui/url/a15311f27a16908dfa87b8ce6cf0302d8c8260f32ce7171845fc73bd4d9769d2/detection
! https://virustotal.com/gui/url/dbc664226fd57c865f66bbaeae0d7270904c4ad735d0eb0ead4511e817392943/detection
! https://virustotal.com/gui/domain/www.totalav.com/detection
! https://quttera.com/detailed_report/totalav.com
! https://virustotal.com/gui/domain/totalav.com/community
! https://github.com/VernonStow/Filterlist/issues/3
! https://discussions.apple.com/thread/8226797
! https://malwaretips.com/threads/total-av-is-it-a-scam.80362/
! https://github.com/uBlockOrigin/uAssets/issues/9355
! https://github.com/notracking/hosts-blocklists/issues/756#issuecomment-1172973042
! https://tria.ge/230720-3qya9sbh2t/behavioral2
! https://app.any.run/tasks/cc0dd977-97e3-4b4a-833b-dfc4d5f0be55/
! https://tria.ge/230724-z8hfzsha64/behavioral1
! https://www.youtube.com/watch?v=PcS3EozgyhI
! *many* deceptive ads
||totalav.com^$all
||www.totalav.com^$all
! https://virustotal.com/gui/file/7a75c2c9695157772541cd426d057ff382d011a2791bcc3e511d94592ab0dbb7/relations
||api.totalav.com^$all
! Subdomains
||secure.totalav.com^$all
||url.totalav.com^$all
||support.totalav.com^$all
||blog.totalav.com^$all
||track.totalav.com^$all
||ajax.totalav.com^$all
||affiliate.totalav.com^$all
||livechat.totalav.com^$all
||advertisers.totalav.com^$all
||affiliates.totalav.com^$all
||my.totalav.com^$all
||assets.totalav.com^$all
||identity.totalav.com^$all
||login.totalav.com^$all
||download.totalav.com^$all
||static.totalav.com^$all
||adblock.totalav.com^$all
||sso.totalav.com^$all
||webshield.totalav.com^$all
||resources.totalav.com^$all
||signup.totalav.com^$all
||link.totalav.com^$all
||chat.totalav.com^$all
||click.totalav.com^$all
||stats.totalav.com^$all
||search.totalav.com^$all
||aff.totalav.com^$all
||news.totalav.com^$all
||blockpage.totalav.com^$all
||ext.totalav.com^$all
||smtpmail.totalav.com^$all
||articles.totalav.com^$all
||data.totalav.com^$all
||pda.totalav.com^$all
||firmy.totalav.com^$all
||portal.totalav.com^$all
||educa.totalav.com^$all
||cp.totalav.com^$all
||images.totalav.com^$all
||p.totalav.com^$all
||gallery.totalav.com^$all
||webshop.totalav.com^$all
||new.totalav.com^$all
||sklep.totalav.com^$all
||manitoba.totalav.com^$all
||wiki.totalav.com^$all
||pei.totalav.com^$all
||dl.totalav.com^$all
||bbs.totalav.com^$all
||schools.totalav.com^$all
||ts.totalav.com^$all
||hosting.totalav.com^$all
||test.totalav.com^$all
||live.totalav.com^$all
||eng.totalav.com^$all
||forums.totalav.com^$all
||lnx.totalav.com^$all
||lib.totalav.com^$all
||galeria.totalav.com^$all
||cloud.totalav.com^$all
||appauth.totalav.com^$all
||ww.totalav.com^$all
||email.totalav.com^$all
||u002fwww.totalav.com^$all
||shield.totalav.com^$all
||comassets.totalav.com^$all
||ru.totalav.com^$all
||l.totalav.com^$all
||lyncext.totalav.com^$all
||liaoning.totalav.com^$all
||www2.totalav.com^$all
||www1.totalav.com^$all
||imap2.totalav.com^$all
||internet.totalav.com^$all
||smtps.totalav.com^$all
||a.totalav.com^$all
||gin.totalav.com^$all
||supprt.totalav.com^$all
||mailout.totalav.com^$all
||imap1.totalav.com^$all
||mta1.totalav.com^$all
||eml.totalav.com^$all
||help.totalav.com^$all
||phishtest.totalav.com^$all
||math.totalav.com^$all
! other related
||totalwebshield.com^$all
||download.totalwebshield.com^$all
! This is owned by Protected[.]net, who also is responsible for the TotalAV scam. Can not get an exe as it requires me to pay first...
||scanguard.com^$all
||www.scanguard.com^$all
||my.scanguard.com^$all
||secure.scanguard.com^$all
||download.scanguard.com^$all
! An alias for TotalAV
! https://safeweb.norton.com/report/show?url=pcprotect.com
! https://virustotal.com/gui/url/523e692076d4eff5dba80a52bca9c01aa77b4e1dac6598aa78574cab1297497a/community
! https://www.mywot.com/scorecard/pcprotect.com
||pcprotect.com^$all
||www.pcprotect.com^$all
||secure.pcprotect.com^$all
! The company behind the TotalAV scam & pcprotect[.]com
! https://www.facebook.com/protectednet - they basically admitted to it. See https://www.facebook.com/protectednet/photos/a.685704165203904/1199676053806710/?type=3&theater
! Lesson to scammers: Don't post golf balls with the name of the scam product to facebook...
||protected.net^$document
||definition.protected.net^$all
||install.protected.net^$all
||ssprotectltd.com^$all
||www.ssprotectltd.com^$all
! scammers - now hiring
||protected-net.breezy.hr^$document
! A scam adblocker (use uBlock Origin, AdGuard, or even AdBlock Plus. They are all better then TotalAdBlock)
! VirusTotal scan of Android version: https://virustotal.com/gui/file/24ce64dfa6937c5ede674b2ba33d6818bfa9f8bb4d36ff8da9aff39e05b8e41c/detection
! https://apps.apple.com/app/totaladblock/id1564900435 (only two reviews?)
! https://tria.ge/231024-3lc5jace3w/behavioral1
! https://infosec.exchange/@iampytest1/111292640449421381
! https://tria.ge/231025-nk2zyagh81/behavioral1
! scam ads, as per ryanbr of EasyList 
||totaladblock.com^
||www.totaladblock.com^$all
||download.totaladblock.com^$all
||blockpage.totaladblock.com^$all
||stats.totaladblock.com^$all
||affiliates.totaladblock.com^$all
||affiliate.totaladblock.com^$all
||url.totaladblock.com^$all
||api.totaladblock.com^$all
||signup.totaladblock.com^$all
||track.totaladblock.com^$all
||my.totaladblock.com^$all
||support.totaladblock.com^$all
||login.totaladblock.com^$all
! https://infosec.exchange/@iampytest1/111565168288360998
||totadblock.com^
! https://app.any.run/tasks/eb07059f-c987-4366-9fed-8abfff016173
||totaladblock.protected.net^$all
||extension.protected.net^$all
||totaladblocker.xyz^$all
||www.totaladblocker.xyz^$all
! https://virustotal.com/gui/ip-address/34.117.171.15/relations
||34.117.171.15^$document
||totalwebshield.xyz^$document
||www.totalwebshield.xyz^$document
||secure.totalwebshield.xyz^$document
||login.totalwebshield.xyz^$document
||download.totalwebshield.xyz^$all

! as per https://github.com/iam-py-test/my_filters_001/issues/105, I have unblocked the main website but still block the registry cleaner, driver updater, etc
||winzipregistryoptimizer.com^$document
||download.winzipregistryoptimizer.com^$document
! WinZip ads
! https://virustotal.com/gui/url/cad59b610a95e69019638d171c2df89adb7eac183968e102e37396b806fa57bd/community
||winzipdriverupdater.com^$document
||slowness.winzipdriverupdater.com^$document
! https://virustotal.com/gui/url/e5e8624a07064fc3a296dcab3b0b578ac0ed6d841094489e8bec989653deb93c/detection
! https://virustotal.com/gui/ip-address/3.222.136.53/relations
||winzipultimatepccare.com^$document
||www.winzipultimatepccare.com^$document
||winzipdisktools.com^$document
||winzipsystemtools.com^$document

! It is a very bad sign when Windows Defender blocks a file, and it is not a false positive
! https://virustotal.com/gui/url/b27f7a631ee2bcf759ab82fa976980c2704c787ecd21abc8b591b7fc93d96ee1/detection
! https://github.com/iam-py-test/Assets-001/tree/main/PUPs/SpeedCat
! Installer
! https://virustotal.com/gui/file/3f4c860c2689984f7edab62d5a5459840dc9515ec2c7a94b6fea6878481a3992/detection
! https://www.hybrid-analysis.com/sample/3f4c860c2689984f7edab62d5a5459840dc9515ec2c7a94b6fea6878481a3992
! https://www.hybrid-analysis.com/sample/3f4c860c2689984f7edab62d5a5459840dc9515ec2c7a94b6fea6878481a3992/60f6d24211dc4473a31cd34a
! Other files and the app
! https://virustotal.com/gui/file/792bb2a2bd9f148d0b7dca1a98b4a310a30490c6523fc53a1f1e535e53d62389/detection
! https://virustotal.com/gui/file/57c40a9d2e592d968daa0f092abfa7abe2b41c47eb718adb770bd6930ec0dba4/detection
! https://virustotal.com/gui/file/f395839a00762a5e0428cb2cf596d80c56ba2be78cc3e6a3c89afb5c1f904db9/detection
! https://virustotal.com/gui/file/ff652f10ac6dbf8d4965f6624339c67e02715cf499ad8b26c1a683bd503e4136/detection
! https://quttera.com/detailed_report/pcspeedcat.com
||pcspeedcat.com^$all
! https://virustotal.com/gui/domain/pcspeedcat.com/relations
||cdn.pcspeedcat.com^$all
||vold.pcspeedcat.com^$all
||www.pcspeedcat.com^$all
||dev.pcspeedcat.com^$all
||access.pcspeedcat.com^$all
||vold-cdn.pcspeedcat.com^$all
||envoy.pcspeedcat.com^$all
||www-click-cf.pcspeedcat.com^$all

! Found in the shady Bing ads when searching for ADWCleaner
! Before downloading, ADWCleaner detected no adware. After downloading, ADWCleaner detected adware, which included the program. Program claims that buying the paid version (and entering private data) will fix issues with a clean VM. 
! This also adds unneeded start up tasks (why would it need start up tasks?). In total, Malwarebytes detected 99 threats.
! https://virustotal.com/gui/url/681984dd59e84ade5ad3c7b93842dd3b8b759992e7a5f5a1a2aa8dd04f4c823e/community
||mycleanpc.com^$document
! I saw the www in the results
||www.mycleanpc.com^$document
! Found using VirusTotal
||reviews.mycleanpc.com^$document
||m.mycleanpc.com^$document
||shop.mycleanpc.com^$document
||web.mycleanpc.com^$document
||blog.mycleanpc.com^$document
||app.mycleanpc.com^$document
||get.mycleanpc.com^$document
||dev-www.mycleanpc.com^$document
! related domains owned by the company used for paying - obtained when talking to the scammer
||ustechsupport.com^$document
||www.ustechsupport.com^$popup
||mycleanid.com^$document
||www.mycleanid.com^$popup
||iolostore.com^$document
||www.iolostore.com^$popup
! the main website for the company
||realdefen.se^$document
! other 'products' which all appear to be PUPs
||getmydrivers.com^$document
||www.getmydrivers.com^$document
||app.getmydrivers.com^$document
||dev-www.getmydrivers.com^$document
||qa-www.getmydrivers.com^$document
||stopzilla.com^$document
||cyberdefender.com^$document
||www.cyberdefender.com^$popup
||virusfix.com^$document
||www.virusfix.com^$popup
! Owned by them (they admit it)
! 4/12/2022: https://app.any.run/tasks/82c340da-6ab4-4398-86bd-2bd368c018ce
||iolo.com^$document
||www.iolo.com^$document
||secure1.iolo.com^$document

! https://github.com/DandelionSprout/adfilt/compare/c3d04d61c9...4a2d9d2efa
! link on https://www.windowsdispatch.com/fix-system-restore-0x81000203-error-code/
! https://virustotal.com/gui/url/41ada9c74d64537274173ea01f61fae7c7bdce2d660b64abb11546563fc6bf10/community
! The installer
! https://virustotal.com/gui/file/5d99408fc2f7bc85f2c4bc6dcd762008bfecd5c8dcaaacf9c9bdc2914ddd22b1/detection
! Files related to the PUP program
! https://virustotal.com/gui/file/fcf484d1009b4136c8655d32484babb0a284cbcb112ced7647194aea9e7688df/detection
! https://virustotal.com/gui/file/67252e30a59ddc58c273555bfd306343ec61e3f198a1c2d3eb30d8a93ec4fffa/detection
! https://virustotal.com/gui/file/5ef7eedfa7f283f180c1de80803e8d5c81fee09750ca044f018a098a94ad85c1/detection
! Malwarebytes detection - https://blog.malwarebytes.com/detections/pup-optional-restoro/
! Screenshots from anaysis - https://github.com/iam-py-test/Assets-001/tree/main/PUPs/Restoro (VM Env: Windows 10, Windows Defender on)
||restoro.com^$all
||www.restoro.com^$all
||techloris.com/go/restoro/$document
||techloris.com/lp/error8.php$document
||techloris.com/go/restoro-download/$document
! https://virustotal.com/gui/file/f019dab3172f6ce7808d45a5b5dea92354352e302219c02a84a280978f6eb166/community
||go.windowsreport.com/Restoro$document

! https://www.bleepingcomputer.com/virus-removal/page/2/
! https://virustotal.com/gui/url/1a381bcdd30c4fafbe50baa12a0446c18b875e2221330ffe2adec106f14904f4/community
! https://virustotal.com/gui/file/50abca232390db8eb28a17b9fa5386631857c7c14d1b43d0adcdaf90178a4f7c/community
! https://www.mywot.com/scorecard/iobit.com
! https://forums.malwarebytes.com/topic/29681-iobit-steals-malwarebytes-intellectual-property/page/5/#elControls_152972_menu
! https://virustotal.com/gui/url/1a381bcdd30c4fafbe50baa12a0446c18b875e2221330ffe2adec106f14904f4/community
! https://github.com/hagezi/dns-blocklists/issues/1794
||iobit.com^$document
! Subdomains
||cdn.iobit.com^$document
||stats.iobit.com^$document
||estore.iobit.com^$document
||update.iobit.com^$document
||jp.iobit.com^$document
||store.iobit.com^$document
||download.iobit.com^$document
||www.iobit.com^$document
||clouddownload.iobit.com^$document
||ru.iobit.com^$document
||search.iobit.com^$document
||purchase.iobit.com^$document
||cloud.iobit.com^$document
||interface.iobit.com^$document
||shop.iobit.com^$document
||mobile.iobit.com^$document
||m.iobit.com^$document
||startup.iobit.com^$document
||survey.iobit.com^$document
||checkout.iobit.com^$document
||sdupdate.iobit.com^$document
||giveaway.iobit.com^$document
||uninstall.iobit.com^$document
||de.iobit.com^$document
||codes.iobit.com^$document
||recorder.iobit.com^$document
||ascstats.iobit.com^$document
! download redirects to iobit
||windowserrorfixer.com^$document
||www.windowserrorfixer.com^$document
! itop vpn seems to be made by iobit and comes with bundled installs
||itopvpn.com^$document
||update.itopvpn.com^$document
||api.itopvpn.com^$document
||stats.itopvpn.com^$document
! https://tria.ge/231105-nq2lcsee2v/behavioral1
||itopupdate.com^$document
||update.itopupdate.com^$document
||stats.itopupdate.com^$document
! https://tria.ge/240511-bb4qysca5x/behavioral2
||downloaditop.com^$document
||update.downloaditop.com^$document

! https://virustotal.com/gui/file/4efd1bc1bdc12da1bbdc597cf3f37f0c65e582f42e353cf781ac1fe422dfa68c/detection
! https://virustotal.com/gui/file/69d9d162a040888164707b7e44f4709059ad45296a832c077c0dc91afed89c05/detection
! https://virustotal.com/gui/file/fd9dbb971a9995f6d146237933fbe27f18217d3cacbb6da121de4cc9590030be/relations
! https://github.com/iam-py-test/Assets-001/tree/main/PUPs/Restoro
! https://virustotal.com/gui/url/16766e8681f0bf474ec3238d4b6d7f33047f5f368abef0aac13001d2be0a757d/detection
! https://blog.malwarebytes.com/detections/pup-optional-reimage/
||2-spyware.com/reimage/download$all
||2-spyware.com/download/ReimageRepair$all
! https://virustotal.com/gui/url/16766e8681f0bf474ec3238d4b6d7f33047f5f368abef0aac13001d2be0a757d/detection
||reimageplus.com^$all
||cdnrep.reimageplus.com^$all
! More reimage - new name, new SHA256, new domain?
! https://virustotal.com/gui/url/3493793318d49332b789aba96de7937c468c5f6a20d6fdbf8da87832183c5d07/detection
! https://github.com/iam-py-test/Assets-001/tree/main/PUPs/Restoro_2
! https://virustotal.com/gui/file/fd9dbb971a9995f6d146237933fbe27f18217d3cacbb6da121de4cc9590030be/relations
||reimage.org^$all
||www.reimage.org^$all
! Nobody names their legit domain after malware and then is detected on VirusTotal
! https://virustotal.com/gui/url/deef544081c813ee971cfa78d8145e5a050ea5eccc3d5718b033d00b64c5f9f4/detection
||reimage.com^$all

! https://virustotal.com/gui/file/af7b36c0f9f48f35315877e3cd5efb83c1a122a043ea9228db7da9c1c3c3120b/community
! https://github.com/iam-py-test/Assets-001/blob/main/PUPs/MediaGet/mediaget_detections.jpeg
||mediaget.com^$all
! found by @DandelionSprout in https://github.com/DandelionSprout/adfilt/issues/253
||media-get.com^$all
||media-get.ru^$all
||mediagetplus.com^$all
||mgmgmg.com^$all
||23.111.31.137^$document
||23.111.88.207^$document

! https://virustotal.com/gui/file/05f052c64d192cf69a462a5ec16dda0d43ca5d0245900c9fcb9201685a2e7748/detection
! https://virustotal.com/gui/url/f938821627f117b561598186343cf47ce5f75b89b8d149a3efe885f9eba51942/community
! https://virustotal.com/gui/file/a367e0562e612bc66729f3a4676bad849e5c3c32fad8223b5ea991e11604f5fe/details
! ADWCleaner detects malware after execution. File opens webpage with generic 'your system has issues' message
||driveragent.com^$all
! https://www.joesandbox.com/analysis/237782/0/html#domains
||secure.driveragent.com^$all
||driveragent-web-126513135.us-east-1.elb.amazonaws.com^$third-party

! https://virustotal.com/gui/file/61ddc79c421d13052f0acdb838d1a68d98c5e4eda0058f018f72a65474135d08/detection
! https://github.com/DandelionSprout/adfilt/issues/254
! https://blog.malwarebytes.com/detections/onesafe-software-com/
||onesafesoftware.com^$all
||vpn.onesafesoftware.com^$all
||blog.onesafesoftware.com^$all
||drivers.onesafesoftware.com^$all
||updates.onesafesoftware.com^$all
||support.onesafesoftware.com^$all
||cdn.onesafesoftware.com^$all
||subscriptions.onesafesoftware.com^$all
||notifications.onesafesoftware.com^$all
||stats.onesafesoftware.com^$all
||www.onesafesoftware.com^$all

! https://virustotal.com/gui/file/a6e89d2bb1c2da1d852fb8e248f39cf7b3d4b0ea05a8d8f343d1b8e74d271d43/relations
||driversupport.com^$document
||front.driversupport.com^$document
||secure.driversupport.com^$document
||aloha.driversupport.com^$document
! "SolveIQ"?
||apps.solveiq.com^$document
||preview.solveiq.com^$document
||auth.solveiq.com^$document

! Taken from DandelionSprout's Anti-malware list - which is at https://github.com/DandelionSprout/adfilt/blob/master/Dandelion%20Sprout's%20Anti-Malware%20List.txt and which is maintained by https://github.com/DandelionSprout -  and verified
||driver-soft.com^$all

! https://github.com/blocklistproject/Lists/issues/497
||pcspeedup.en.softonic.com^$document
||tweakbit.com^$all
||static.tweakbit.com^$all
||www.tweakbit.com^$all
||debuglogs.tweakbit.com^$all
||update.tweakbit.com^$all
||dynamicdownloads.tweakbit.com^$all
||downloads.tweakbit.com^$all
||store.tweakbit.com^$all
||cdn.tweakbit.com^$all
||aff.tweakbit.com^$all
||mail.tweakbit.com^$all

! Original inspection
! disable uBlock Origin and go to https://www.google.com/search?q=clean+up+computer+to+run+faster&source=hp&ei=Y4KzYIrUL-rP0PEPqM2liAc&iflsig=AINFCbYAAAAAYLOQcwKl4vglkAEcsALPhO6XEyguHxPP&oq=clean+up+comp&gs_lcp=Cgdnd3Mtd2l6EAEYATICCAAyAggAMgIIADICCAAyBQgAEMkDMgIIADICCAAyAggAMgIIADICCAA6DgguELEDEMcBEKMCEJMCOgsILhCxAxDHARCjAjoFCAAQsQM6CAgAELEDEIMBOggILhDHARCjAjoOCC4QsQMQgwEQxwEQrwE6CAgAEOoCEI8BOggILhCxAxCDAToICC4QxwEQrwE6BQguELEDOggILhCxAxCTAjoICAAQsQMQyQM6BQgAEJIDOgsILhDHARCjAhCTAjoCCC46BQguEJMCUOUoWKCDAWDakwFoAnAAeACAAYoDiAGaFJIBCDAuMTQuMC4xmAEAoAEBqgEHZ3dzLXdperABCg&sclient=gws-wiz
! https://virustotal.com/gui/url/2f44cf878800c082d5fefb8326cf384fe12393ecfcca05e64903c5888f4c762c/detection
! https://virustotal.com/gui/url/c6290089eb08d05375650bfb7778713e1e9443ac1d8d180df44bd8ddd49124f9/detection
! https://virustotal.com/gui/domain/www.pchelpsoft.com/relations
! https://www.mywot.com/scorecard/pchelpsoft.com
! https://safeweb.norton.com/report/show_mobile?name=https://www.pchelpsoft.com/pc-cleaner/lp1-ms-us/?tracking=PH_EN_PP_GO_SE_PCC_US&keyword=speed%20up%20my%20pc&campaignID=ADWORDS&gclid=EAIaIQobChMIsOqVwrTx8AIV9xmtBh17swHGEAAYASAAEgLr1fD_BwE
! https://virustotal.com/gui/url/3cfe4ec34704092b5ad0c03b1f9566b538c11e3e0434a73991cdc2694db26582/detection
! https://www.urlvoid.com/scan/pchelpsoft.com/
! https://sitecheck.sucuri.net/results/pchelpsoft.com
! https://www.fortiguard.com/webfilter?q=pchelpsoft.com
! Inspection on 23/7/2021
! https://virustotal.com/gui/url/3cfe4ec34704092b5ad0c03b1f9566b538c11e3e0434a73991cdc2694db26582/detection
! https://safeweb.norton.com/reviews?url=pchelpsoft.com
! https://www.mywot.com/en/scorecard/pchelpsoft.com
! Setup file (installer) - https://virustotal.com/gui/file/7ab506784dcc49c916cdff2076132dafc881ac268e54aba39d6af2ca6ce0c775/details
! Related files
! https://virustotal.com/gui/file/04ef20ed8a783aaa91082865ed99c079cf2bf9f67908d536fdb9e227b19401f0/detection
! https://virustotal.com/gui/file/192dc080f0c52222e03c074e3a38a8b3cc5b31605457fd6acd447bf7488a89d8/relations
! https://virustotal.com/gui/file/40157e1981b97206658667927fbdc484c7e9615591884cfed2d6cadc9e3f1b4c/detection
! A 'driver updater' it wanted me to install - https://virustotal.com/gui/file/965bf402594ee539ce61d2a593c421b1c7ed6e1969369ae4a7866c17b2281a3c/detection
! https://forums.malwarebytes.com/topic/200216-removal-instructions-for-pccleaner/
! Screenshots - https://github.com/iam-py-test/Assets-001/tree/main/PUPs/PCHelpSoft
! 19/9/2022: https://app.any.run/tasks/3c8b1d38-de18-488a-9e3f-62b3354c17e8
! 6/11/2022: https://app.any.run/tasks/da8a44c3-965f-4fd6-816d-b5ae16235f62 (https://virustotal.com/gui/file/5475c9cff70482b8b5bf2c31395f9463261313991b41743686e4c8c43e53df0b/detection)
||pchelpsoft.com^$document
||www.pchelpsoft.com^$document
||cloud.pchelpsoft.com^$document
||cda.pchelpsoft.com^$document
||cdn.pchelpsoft.com^$document
||webtools.pchelpsoft.com^$document
||pchelpsoft.net^$document
||www.pchelpsoft.net^$document

! https://virustotal.com/gui/url/27307acb5b127114423ed0d7c63aaed0013d1833f56c158a3b049f8d1c98dcbc/detection
! Download button redirects to advancedsystemrepair.com
||pccleaner.com^$document
! The PUP from this website looks like a past one; maybe a variant or another download location
! https://github.com/iam-py-test/Assets-001/tree/main/PUPs/PCCleaner_1
||advancedsystemrepair.com^$all
||support.advancedsystemrepair.com^$all
||secure.advancedsystemrepair.com^$all
||lp.advancedsystemrepair.com^$all
||track.advancedsystemrepair.com^$all
||www.advancedsystemrepair.com^$all
||checkout.advancedsystemrepair.com^$all

! Found this PUP on someone else's computer, so I decided to figure more about it. It does look very old; even the UI sometimes looks like Windows 7 despite the VM running 10
! The (working) installer (from Softonic) - https://virustotal.com/gui/file/863adfe03c1ea35c424817274eabe4eef02fe4a2d6428f8718e61655fb8bc49c/detection
! The program (according to Malwarebytes's IOC report) - https://virustotal.com/gui/file/2aad06624e9b698ec0dc0276b433c606a4858d6585028cd658ae7c697358ffec/detection
! https://blog.malwarebytes.com/detections/pup-optional-slimcleanerplus/
! All the domains seem to be related to this PUP
! https://virustotal.com/gui/url/f7be15d28340acb7db31f63a62a26bad1253824f2424117a816203950e86fd22/community
||slimware.com^$all
! https://virustotal.com/gui/url/440e39a20d7e01064269dadfc38eafd80c8534f7391f2c1ef7ac41c10d9c4e20/detection
||slimcleaner.com^$all
||www.slimcleaner.com^$all
! https://virustotal.com/gui/url/946a5c2295cfef547f162350af93257df55d6b2103a0ce2e84b241cf727a81f6/detection
||slimwareutilities.com^$all
! The executable from the website (https://virustotal.com/gui/file/d9103347f6043f0266a6480b6c794a4ee9f07800db43b6301920fe97587066d2/detection) seemed broken, but this one (maybe an older/newer mirror) works
||slimcleaner-plus.en.softonic.com^$all
! Other TLDs
||slimcleaner-plus.softonic.com.tr^$document
||slimcleaner-plus.softonic.vn^$document

! https://github.com/iam-py-test/investigations/blob/main/2021/11/5/1.md
||windowserrorhelp.com^$document
||certified.windowserrorhelp.com^$document

! Spyhunter is far from legit - and this company sues almost anyone (i.e. Bleeping Computer - https://blog.malwarebytes.com/security-world/2016/02/bleepingcomputer-defends-freedom-of-speech/, Malwarebytes - https://press.malwarebytes.com/2021/09/29/malwarebytes-wins-dismissal-of-enigma-lawsuit-in-final-ruling/) 
! https://www.mywot.com/en/scorecard/enigmasoftware.com
! https://github.com/gorhill/uBlock/wiki/Software-known-to-have-uninstalled-uBlock-Origin
! https://en.wikipedia.org/wiki/SpyHunter_(software)
||enigmasoftware.com^$document
||www.enigmasoftware.com^$document
||installer.enigmasoftware.com^$document
||download.enigmasoftware.com^$document
||dl.enigmasoftware.com^$document
||instcfg.enigmasoftware.com^$document
||tt.web.enigmasoftware.com^$document
||myaccount.enigmasoftware.com^$document
||purchase.enigmasoftware.com^$document
||spyhunter.enigmasoftware.com^$document
||spyhunter-update.enigmasoftware.com^$document
||download2.enigmasoftware.com^$document
||spyhunter.com^$document
||www.spyhunter.com^$document
||spyhunter-download-v2.b-cdn.net^$document
! https://tria.ge/230810-2gkhdahd53/behavioral1
||enigmasoft.net^$document
||rh.downloads.enigmasoft.net^$document

! https://github.com/iam-py-test/my_filters_001/issues/84
||mackeeper.com^$document

! https://virustotal.com/gui/file/088cbcec6b80eba99eb691968e0f972935aae301e9cb6d1c6133699530dd5621/community
||secure-browser.io^$document

! locks your screen and just creates a link to their website on your desktop. Malware?
||zipfileslikeapro.net^$document
||use.zipfileslikeapro.net^$document
||www.zipfileslikeapro.net^$document
||goto.searchproonline.com^$all
||searchproonline.com^$all

! https://github.com/uBlockOrigin/uAssets/issues/11176
||nearbyme.io^$document
||m.nearbyme.io^$document

! https://web.archive.org/web/20230604193437/https://twitter.com/iam_py_test/status/1488163521540075524
||outbyte.com^$document
||testedforyou.net^$document
! from an infected VM
||lp.pcsystemfix.com^$document
||pcsystemfix.com^$document
||download.pcsystemfix.com^$document
! article on perflib errors
||xoomber.com^$document

! https://forums.malwarebytes.com/topic/283588-mb-cant-find-malware/
! https://forums.malwarebytes.com/topic/293374-aasearchtoolshub/
||searchtoolshub.com^$document
||find.searchtoolshub.com^$all

! Some scam redirects brought me here (https://web.archive.org/web/20230604193632/https://twitter.com/iam_py_test/status/1497351777754050562 - https://virustotal.com/gui/file/2e68dbec330d7ebe567dcbb67a1dffe83f6f0c278664b60f3edeee684edfe7ff/relations)
||drivermax.com^$document

! adware downloader - https://app.any.run/tasks/d1918395-7080-4292-9a71-1059bc7a90cf
||sway.office.com/flj90JK1oswcTJEO^$document
||certatd.ru^$all

! Bundled installer & PUP
||sysdriverupdater.com^$document
||www.sysdriverupdater.com^$document

! This is just Advanced System Repair Pro
||regcure.com^$document
||www.regcure.com^$document
||directbrand.com/dl/asr_regcure.php^$document

! https://blog.malwarebytes.com/threat-analysis/2022/06/forced-chrome-extensions-keep-reappearing/
||activesearchbar.me^$all
||customsearchbar.me^$all
||securedatacorner.com^$all
||wincloudservice.com^$all
! https://forums.malwarebytes.com/topic/286395-microsoft-edge-custom-search-bar-extension-redirects-to-rbfastsearchme/
||rb.fastsearch.me^$all
! https://forums.malwarebytes.com/topic/287338-browser-hi-jacker-royb2fastsearchme/
||royb2.fastsearch.me^$all

! adware
||pdfconverterpower.net^$document
||downpdfpwr.com^$document
||searchpoweronline.com^$document
||goto.searchpoweronline.com^$document
||www.searchpoweronline.com^$document
! https://forums.malwarebytes.com/topic/295131-pdfpower-pdfshark-pdfsuperhero-pdftodocpro-pdfmagic/#comment-1556224
||gifsearchutils.com^$document
||start.gifsearchutils.com^$document
||pdfsharkapp.com^$document
||start.pdfsharkapp.com^$document
||searchmagiconline.com^$document
||start.searchmagiconline.com^$document
||pdfsuperhero.com^$all
||stats.pdfsuperhero.com^$all
||bl.searchpoweronline.com^$document

! https://forums.malwarebytes.com/topic/289030-mbam-browser-guard-identifying-malware-but-mbam-not-removing-malware/
||mysearchengine.co^$document

! https://github.com/AdguardTeam/AdguardFilters/issues/128029
||freddostagione.com^$all
||search.freddostagione.com^$all
||147.135.253.55^$document
||search.motherpipe.net^$document
||humanverified.net^$all
||video-ad-skipper.com^$document
||search.becovi.com^$document
||luminosoocchio.com^$document
||quick-speedtest.com^$document
||husmicto.com^$document
||splendidus.net^$document
||optimusquaero.com^$document
||potenzamano.com^$document
||tutatagliente.com^$document
||megliolavoro.com^$document
||osservareimmaginare.com^$document
||desideriosoldi.com^$document
||sottilesezione.com^$document
||alcunirisposta.com^$document
||www.humanverified.net^$document
||search.potestainsula.com^$document
||search.husmicto.com^$document
||search.splendidus.net^$document
||search.optimusquaero.com^$document
||search.potenzamano.com^$document
||search.tutatagliente.com^$document
||search.megliolavoro.com^$document
||search.luminosoocchio.com^$document
||search.osservareimmaginare.com^$document
||search.avantiwendo.com^$document
||search.desideriosoldi.com^$document
||search.sottilesezione.com^$document
||search.alcunirisposta.com^$document
||search.thecanem.net^$document

! https://github.com/AdguardTeam/AdguardFilters/issues/132840
||adblocker-app.info^$all

! https://blog.malwarebytes.com/detections/pup-optional-bytefence/
! https://virustotal.com/gui/file/21dfa4ed47de7007c0fb6eadb3f94d2e847b3f4e301767d2320623f02f0926ba
! https://virustotal.com/gui/file/d41405553da0287be81722125b35405ad90923e7aa0631b5e5c6ab80358355ca
! https://safeweb.norton.com/reviews?url=bytefence.com
! https://www.mywot.com/scorecard/bytefence.com
||download.cnet.com/ByteFence-Anti-Malware/$document
||bytefence.com^$document

! https://www.youtube.com/watch?v=2tW_PDVfT-E
! https://virustotal.com/gui/file/1c45ac42e4486ae5114cf287626ffb02eb03675f667d076d5c8f886ee0016d26/detection
! https://github.com/iam-py-test/Assets-001/tree/main/PUPs/Auslogics_PUP_regclean
! https://virustotal.com/gui/file/a54dffea1703732c3daf043462c289f4c9fc57fb27e1e9cc099b0cc03835940e/detection
! https://forums.malwarebytes.com/topic/199170-false-positive-with-auslogics-boostspeed/#elControls_1116195_menu
||auslogics.com^$all
||www.auslogics.com^$all

! https://virustotal.com/gui/file/1d26c8e2760b9d95e344dc93e4516c88c23bae5af1e888b2769186520f53021d/detection
! https://virustotal.com/gui/url/c9d507f4fe1720bb0b70a799abfd548f315694f59eebea676204da1cbaee4b4f/detection
! https://virustotal.com/gui/file/bba00552bb0a562a00aa70c8425e48bb1b407a72f84df6c8f69f0bf44fabf310/detection
! https://virustotal.com/gui/file/0dcf7e52492de09df39f7b1f7996d61033c6f61b43d38990f43b45dd530dcdb9/relations
! https://www.hybrid-analysis.com/sample/1d26c8e2760b9d95e344dc93e4516c88c23bae5af1e888b2769186520f53021d
! https://www.hybrid-analysis.com/sample/1d26c8e2760b9d95e344dc93e4516c88c23bae5af1e888b2769186520f53021d/60a4789f1522974edf38bd58
! https://www.hybrid-analysis.com/sample/bba00552bb0a562a00aa70c8425e48bb1b407a72f84df6c8f69f0bf44fabf310
! https://github.com/iam-py-test/Assets-001/tree/main/PUPs/ashampoo
||ashampoo.com^$document

! https://virustotal.com/gui/url/9979729afeff4472121a6faa8d4a4b7c885a5f391b082d50585bf16929597d4e/community --> https://virustotal.com/gui/file/c9bb2af73703f81a31ae5a3dedbf6eebf404256b679303111c1dedf0e24879db/community
! https://app.any.run/tasks/d2533d89-8e5e-4fc6-b110-bafc153c3636 (my analysis)
! walliant: https://www.youtube.com/watch?v=91w4rzBTP5o
||riversnails.club^$all
||walliant.com^$document

! clone of another screenlocker adware
||gifsmakerpro.com^$document
||www.gifsmakerpro.com^$document

! https://forums.malwarebytes.com/topic/293346-malwarebytes-not-detecting-virus-highjacking-my-search-engine-in-chrome/
! https://www.bleepingcomputer.com/forums/t/788099/howdy-yall-i-could-use-some-help-antivirus-and-self-hacking/
||mobilisearch.com^$all
||mobility-search.com^$all

! another clone of ziprar thing (Adware.SearchLightPro)
||imagelighteditor.com^$document
||www.imagelighteditor.com^$document
||downloadimglight.com^$document
||searchlightpro.com^$document
||start.searchlightpro.com^$all
||dsc.searchlightpro.com^$all

! https://forums.malwarebytes.com/topic/283015-pupoptionalwinsweeper
! https://forums.malwarebytes.com/topic/300427-unable-to-start-in-a-normal-mod-of-windows/?do=findComment&comment=1579090
||solvusoft.com^$document
||www.solvusoft.com^$document
||exefiles.com/*/recommended/winthruster/$document

! random ad
||totalsystemcare.com^$document
||www.totalsystemcare.com^$document
||safebytes.com^$document
||driverassist.com^$document

! browsing YouTube without an adblocker
||customsearchtool.com^$document
||home.customsearchtool.com^$document
||config.customsearchtool.com^$document
||hp.customsearchtool.com^$document
||imp.customsearchtool.com^$document
||d3pxa1onb1zy4q.cloudfront.net/custom_search_tool-2022.7.15-fx.xpi^$all

! https://forums.malwarebytes.com/topic/293616-google-doc-fake-extension-not-detected/ (account required)
||gosearches.gg^$all

! https://forums.malwarebytes.com/topic/293620-adwcleaner-wont-run/
||search-fine.com^$document

! https://github.com/uBlockOrigin/uAssets/issues/16582 (without an adblocker)
||easyprint.app^$document
||cdn.easyprint-cdn.app^$document
! https://virustotal.com/gui/url/c7cdd1eaf651fbf4446d189d91b52b0c6a5811fb70db18b3eec1fa575057163a/detection
||freshysearch.com^$all
||cdn.freshysearch.com^$all

! doesn't seem to do much, but clearly not legit
||tor-browser.app^$document

! two search engine hijackers
! https://virustotal.com/gui/url/1ca49bde04ac00c79b259a4a02b041d91c512ca55a6d0e839f69010d0bc32061/detection
||pdftab.com^$document
||cdn.pdftab.com^$document
||findmanualsnow.com^$document

! ran across this while looking for DDNS services
||ww1.pwnz.org^$document
||thesafersearch.com^$document
||get.thesafersearch.com^$all

! The makers of such wonderful programs like "Driver Genius 22" and "PC Cleaner"
||avanquest.com^$document
||www.avanquest.com^$document
||webtools.avanquest.com^$document

! 'Wave browser' which is just a scummy version of Chrome
! https://github.com/DandelionSprout/adfilt/issues/63#issuecomment-968062965
||wavebrowser.co^$document
||download.wavebrowser.co^$all
||wavebrowser.com^$document
||dl.gowavebrowser.com^$all
||gowavebrowser.com^$document

! DLL Helper
! https://virustotal.com/gui/file/675a72bb2b3ea39beafc73e8faf31b85b58b0dcc169b10649d5f49341936a379
||dll-helper.en.softonic.com^$document

! search engine hijacker
||manualsdirectory.org^$document
||tab.freshymanuals-site.com^$document
||search.freshy.com^$document

! https://github.com/uBlockOrigin/uAssets/issues/17568
||wigglewurm.com^$document
||n.wigglewurm.com^$all

! an infected VM --> this extension hijacks the search engine
||getsecurify.com^$document
||www8.getsecurify.com^$document
||chrome.google.com/webstore/detail/browsing-overview-by-secu/njfkgeajknkffkngdmjmjninkbgjedlo/$document
||mysecurify.com^$document
||search.mysecurify.com^$document
||ext.mysecurify.com^$all
! https://github.com/hagezi/dns-blocklists/issues/3163
||withsecurify.com^$all
||ext.withsecurify.com^$all
||search5.withsecurify.com^$all
||search.withsecurify.com^$all
||securifyguard.com^$all

! an infected VM --> this extension hijacks the search engine claiming it protects your searchs
||privacykeeperapp.com^$document
||get.privacykeeperapp.com^$document
||chrome.google.com/webstore/detail/privacy-keeper/acdkbikhkmpbfdmfmcogpnjchcniiipa^$document
||privacykeepersearch.com^$document

! https://0xacab.org/my-privacy-dns/matrix/-/issues/121797
||speak-text-tab.com^$document
||search.speak-text-tab.com^$document

! https://github.com/uBlockOrigin/uAssets/issues/17880
||office.org^$document

! https://github.com/uBlockOrigin/uAssets/issues/17960
||templatesearch.org^$all

! https://www.bleepingcomputer.com/forums/t/785431/26-pup-found-today-what-to-do/
||securybrowse.com^$document
||search.securybrowse.com^$document
||ext.securybrowse.com^$all
||chrome.google.com/webstore/detail/my-family-protect-by-secu/ghaojflgonndmkaknkocggkmkbjjbgho^$all

! https://github.com/uBlockOrigin/uAssets/issues/18103
! (my analysis) https://app.any.run/tasks/4a29352e-fc49-4c59-bb96-0acda5544d53
||gamefabrique.com^$all

! https://tria.ge/230518-m51f6sae43/behavioral2
||chrome.google.com/webstore/detail/my-notes-extension/jekjflpbfegfepdioebbpanjkjhcihoi^$document

! https://forums.malwarebytes.com/topic/298186-accidentally-visited-potential-maliciousmalware-website/
! (my analysis) https://tria.ge/230523-zqkhmahd85/behavioral2
||doodrdash.com^$all
||thale-ete.com^$document
||fivetrafficroads.com^$document
||dkjfhuyd.fivetrafficroads.com^$all
||chrome.google.com/webstore/detail/weather-in/jpflgehebdhjjcdojdloemfeflelhmoh^$document
||weather-in.xyz^$document
||trk.weather-in.xyz^$document
||search.weather-in.xyz^$document

! linkverse PUP
||linkvertise.download^$document

! https://github.com/StevenBlack/hosts/issues/2339
||serasearchtop.com^$all

! https://tria.ge/230601-z9q5hsha6v/behavioral1
||safeplexsearch.com^$all
||addons.mozilla.org/*/firefox/addon/safeplex-search/^$document

! internal 
||fontdeterminer.com^$document

! https://tria.ge/230705-n3traaca92/behavioral1
||ofoseveralyea.info^$all
||ratefinaukncei.info^$all

! adware
||pdfsuperhero.azureedge.net^$all
||pdfconverty.com^$all

! chromium based adware
||gettoptemplates.com^$document
||downloadonelaunchnow.com^$document
! https://tria.ge/230805-1lv91agc6x/behavioral1
||getconvertmyfile.com^$document

! https://0xacab.org/my-privacy-dns/matrix/-/issues/649666
! https://tria.ge/230805-rgmydsee8s/behavioral1
||websearchextension.info^$document
||containers.websearchextension.info^$document
||cloudfront.websearchextension.info^$document
||websearchextension-api.info^$document
||api.websearchextension-api.info^$document

! https://github.com/StevenBlack/hosts/issues/2403
||madqudden.com^$document
! https://github.com/StevenBlack/hosts/issues/2408
||santknow.com^$document

! https://forums.malwarebytes.com/topic/301185-i-ran-galacticshooterexe/#comment-1583465
||segoonow.com^$document

! https://forums.malwarebytes.com/topic/301473-pupoptionalcoduit/
||conduit.com^$document
||search.conduit.com^$document

! https://github.com/hagezi/dns-blocklists/discussions/1515
||techadsology.com^$all

! sells driver updater snake oil
||drivereasy.com^$document

! https://forums.malwarebytes.com/topic/303209-need-help-with-removing-trojan-virusvirtool32/?do=findComment&comment=1594712
||trovi.com^$document
||www.trovi.com^$document

! https://github.com/iam-py-test/my_filters_001/issues/119
! https://forums.malwarebytes.com/topic/303863-cryptpkocryptpko1-and-cryptsigcryptsig1-in-registry-and-cant-delete/
||sensorstechforum.com^$document

! https://tria.ge/231028-pvxzeabb9z/behavioral1s
||donwnaloadeluzal.cfd^$all
/11/?*&lpkey=*&filename=Click%20to%20view%20the%20file%20links|$document
||ivedmanyyea.org^$document
||townrusisedprivat.info^$document

! snake oil, bundles software
! https://yewtu.be/watch?v=bIpYJoE7CxA
! https://spyware.neocities.org/articles/ccleaner
||ccleaner.com^$document

! https://nitter.net/gorhill/status/1352651716265713665
! https://palant.info/2020/10/28/what-would-you-risk-for-free-honey/
! https://infosec.exchange/@iampytest1/111069238525172731
||joinhoney.com^$document

! https://tria.ge/230821-2bt5maad51/behavioral1
! https://web.archive.org/web/20231120191617/https://forums.malwarebytes.com/topic/304687-pupoptionalfortect/
! https://infosec.exchange/@iampytest1/110736203666880292
||fortect.com^$document
||cloud.fortect.com^$document

! https://tria.ge/231121-x5hw8sgc87/behavioral1
||quickdriverupdater.com^$document
||www.quickdriverupdater.com^$document
||webcf.quickdriverupdater.com^$document
||cf.quickdriverupdater.com^$document
||qip.quickdriverupdater.com^$document
||qdu.quickdriverupdater.com^$document
||d8kkkzr1spalx.cloudfront.net/win/qdu/setup/*/qdurtsetup.exe$document
||dpsro.com^$document
||www.dpsro.com^$document

! https://github.com/collinbarrett/FilterLists/issues/3794
||rakuten.ca^$document
||ebates.com^$document
||www.ebates.com^$document

! https://github.com/uBlockOrigin/uAssets/pull/17981
||aadvantageeshopping.com^$document

! https://github.com/iam-py-test/my_filters_001/issues/119
! https://tria.ge/230817-a16feaee47/behavioral1
||combocleaner.com^$document
||www.combocleaner.com^$document
||pcrisk.com/files/CCSetup.exe^$document

! tricks users into installing an allowlist - unknown source
||work-ink.github.io^$document

! https://www.reddit.com/r/uBlockOrigin/comments/143k8lm/
! ||topcashback.co.uk^$document
! ||topcashback.com^$document

! "free registry cleaner"
||download.freedownloadmanager.org/Windows-PC/AML-Free-Registry-Cleaner/$document

! https://forums.malwarebytes.com/topic/306163-silentcryptominer-removal-help-needed/
||mysearchdial.com^$document

! origin unknown (forgot to add a comment here)
! TODO: reverify
||driveridentifier.com^$document
! driverpack
||driverpack.io^$document
||driverpack.tilda.ws^$document
||dwrapper-prod.herokuapp.com^$document


! https://virustotal.com/gui/url/48a9e88e0b6cf59fac14588d252d9bb6b936ec2fd847e832d17fdb76322b35d3/detection
! https://virustotal.com/gui/file/e66db6f687eacf9852542ab583f4d77191965f3a8d6c2e726f4e6b8b83b4f390/detection
! https://virustotal.com/gui/file/93f1afd730eb30421d8e7cae9fc79cbee918c4b0a75d68bf64d34d2cc99d29f0/detection
! To remove, run ADWCleaner (https://malwarebytes.com/adwcleaner) and follow instructions.
||speedupmypcfree.com^$all
! https://virustotal.com/gui/domain/speedupmypcfree.com/relations
||www.speedupmypcfree.com^$all

! https://windowsreport.com/extend-windows-laptop-battery-life/
! https://www.hybrid-analysis.com/sample/0dd66edadbe93df04f6759e5549d3e76b5bfcb292ba6f6a6139903dd705ced6a
! Tested on VM: Removed by ADWCleaner
! Switched to document as per https://github.com/uBlockOrigin/uAssets/issues/9974
||driverfix.com^$all
||www.driverfix.com^$all

! https://tria.ge/240427-2e441aac8x/behavioral1
||pdfpilotapp.com^$document
||application.pdfpilotapp.com^$document
||por.pdfpilotapp.com^$document

! https://yewtu.be/watch?v=m9d-fXl3Z8k
! my analysis: https://tria.ge/240505-t81dxafb3s/behavioral1 (cloudflared)
||restorex360.com^$document
||www.restorex360.com^$document

! ---- Spam ----

! https://forums.malwarebytes.com/topic/281397-how-to-update-my-adwcleaner/
||24hourhtmlcafe.com^$document

! https://forums.malwarebytes.com/topic/281787-how-many-types-of-malware-are-there/ (https://web.archive.org/web/20211214132150/https://forums.malwarebytes.com/topic/281787-how-many-types-of-malware-are-there/) -> hxxpx[:]//ilovealgarve[.]net[/]web-football-no-agents[/])
||ilovealgarve.net^$document

! https://web.archive.org/web/20211222121009/https://forums.malwarebytes.com/topic/282084-keeping-laptop-safe/ -> hxxpx[:]//nbgpapartmani[.]com[/]register-web-ball-ufadeal[/]
||nbgpapartmani.com^$document

! https://forums.malwarebytes.com/topic/282082-hi-working-a-spreadsheet-more-than-8-years-history-mb-crashed-it/ (https://web.archive.org/web/20211222121637/https://forums.malwarebytes.com/topic/282082-hi-working-a-spreadsheet-more-than-8-years-history-mb-crashed-it/) -> hxxpx[:]//superagentconcierge[.]com[/]casino-ebet-entrance[/]
||superagentconcierge.com^$document

! https://forums.malwarebytes.com/topic/283348-update-ios-15/ (https://web.archive.org/web/20220202172538/https:/forums.malwarebytes.com/topic/283348-update-ios-15/)
||binaryreviewsrace.com^$document

! https://forums.malwarebytes.com/topic/283347-update-ios-15/ (https://web.archive.org/web/20220202172612/https:/forums.malwarebytes.com/topic/283347-update-ios-15/)
||stormlordpublishing.com^$document

! https://github.com/DandelionSprout/adfilt/issues/63#issuecomment-1029244954
||quickdates1.com^$document

! https://github.com/DandelionSprout/adfilt/issues/63#issuecomment-1120210042
||fuckbookmobile.com^$document
||www.fuckbookmobile.com^$document

! https://github.com/DandelionSprout/adfilt/issues/63#issuecomment-1179770663
||disqus.com/by/disqus_AIqzI15v88/^$document

! https://web.archive.org/web/20221007114132/https://forums.malwarebytes.com/topic/290873-whats-the-hottest-temperature-in-your-city/
||rathbunlakeassoc.com^$document
||ufadeal.info^$document

! https://web.archive.org/web/20221206113456/https://forums.malwarebytes.com/topic/292706-top-cell-phone-apps-and-games-for-your-iphoneo-verjaardagsherinnering-nu/
! https://forums.malwarebytes.com/topic/292707-spam-post-on-this-forum/ (account required)
||mhapks.com^$document

! GH spam, i.e. https://github.com/tesla-android/issue-tracker/discussions/162#discussioncomment-4551799
||4.fo^$document
||mylocaldates1s.com^$all
||in.sv^$document
||static.imghst-de.com/eb01eaf3-369a-423f-a31e-c4221a2ca42d.png^$all
||trk-click.pshtrk.com^$document
! https://github.com/DandelionSprout/adfilt/commit/e83dc45b60a61c6097b8c40605855a80e3282901
||link.sv^$document
! https://virustotal.com/gui/url/6bbc5fc50b84711644db9739cab16fbdd5659b3d6b82dbde0a3a82427e6f03b9/community
||to.sv^$document
||go.sv^$document

! https://virustotal.com/gui/url/1f273d4cd56060082b8a598514f975bf4592a5f6be5f77e05f7c453266edaaad/community
||scuekpza.ws^$document

! https://forums.malwarebytes.com/topic/273013-android-unknown-chrome-hijacker/page/3/#comment-1553668
||thedrivingtutors.com^$document

! tons of sites with keyword spam who link to each other
||sjs.sold.yachts^$document
||i.pauj0foas709824.shop^$document
||er.jrwgjwrgu1243thfd.shop^$document
||kt.rakwbiznesie.pl^$document
||dnar.newsnewsyes.yachts^$document
||rrwaee.dbbdh.top^$document
||gvcnm.newsnewsfor.shop^$document
||ts475173759.mm.bing.net^$document
||qwj.krowkavet.pl^$document
||r.util.yachts^$document
||ispc.chungcumoi.top^$document
||qmzux.usesgasek.top^$document
||yfvqf.changwonanma.top^$document
||le.krowkavet.pl^$document
||vxh.news1.vn.ua^$document
||dhqn.podrozegruzja.pl^$document
||hlcix.uiwangculzang.top^$document
||slxoy.baloon.yachts^$document
||b.gulospspo.top^$document
||uor.kabuyutannusantara.top^$document
||xudkkk.chungcumatphohn.top^$document
||r.greckieskarby.pl^$document
||sbqxqm.quite.yachts^$document
||ewe.kouzinti.shop^$document
||z.paseqx.top^$document
||nue.kevinashen.top^$document
||kbako.slowowarszawy.pl^$document
||ikdfpc.kevinashen.top^$document
||ikde.kabuyutannusantara.top^$document
||mbv.new-host.shop^$document
||vvf.dsgjhdsf98dsfdfs.shop^$document
||afatfg.sukuncl.top^$document
||tcln.util.yachts^$document
||gcz.regeokna.pl^$document
||hiepqu.wulktir.pl^$document
||yub.danielkordos.pl^$document
||wbhji.planetacripto.top^$document
||wq.chungcumatphohn.top^$document
||upuymn.semihangingdumptrucktractoroiltankaoheng.top^$document
||xkltl.jaminjos.shop^$document
||jgo.softwarepublicoregionalbeta.net^$document
||hmc.gulospspo.top^$document
||x.blackoakgallery.pl^$document
||xeezv.xuzhouzhuangxiu.top^$document
! similar
||fwiu.kohaito.shop^$document
||iwmfo.simpletalent.pl^$document
||kxirue.teplotrassa.yachts^$document
||wmwei.kukallooy.yachts^$document
||mv.grizli.yachts^$document
||eybg.bhpprotech.pl^$document
||ktehf.out.yachts^$document
||pkxj.dbbdh.top^$document
||clo.grizli.yachts^$document
||bkxhb.xiaochong2021.top^$document
||jyvg.news1.vinnica.ua^$document
||hb.slowowarszawy.pl^$document
||sao.24hfastplumbingservice.cyou^$document
||vleuet.ptnfd2020.pl^$document
||tbs.s88s.top^$document
||qua.narlofkrc.top^$document
||sqfjpd.colko.skin^$document
||tglt.adamoption.top^$document
||hsecx.branchmodern.news^$document
||wypai.alanwin.top^$document
||v.kabuyutannusantara.top^$document
||bl.jaminjos.shop^$document
||pmwvr.kosinka.yachts^$document
||wuxjqu.nasanet.top^$document
||qyt.dotoplo.pl^$document
||xnex.newsnewsyes.yachts^$document
||hq.nhabatang.top^$document
||eiiiy.fuflo.yachts^$document
||geraldineblog.top^$document
||cpp.babnews.cfd^$document
||hkx.new-host.shop^$document
||r.regeokna.pl^$document
||xogbx.zoxkk.top^$document
||kan.sdgoiyhds87.shop^$document
||xiaochong2021.top^$document
! even more
||planetacripto.top^$document
||yxsax.planetacripto.top^$document
||wrx.rakwbiznesie.pl^$document
||yf.news-ok.shop^$document
||fqzp.carolawolbrom.pl^$document
||qx.gzjxyy.top^$document
||m.dbbdh.top^$document
||vrqhdu.chungcumatphohn.top^$document
! additional ones
||wxere.grupabukko.pl^$document
||appwfr.rauscher-elektro.de^$document
||scxbumk.jj-tauben.de^$document
||jfanubw.david-laeuft.de^$document
||nxhbcfpy.hundebedarf-boettcher.de^$document
||guohnor.gorlice2022.pl^$document
||duxuu.hundebedarf-boettcher.de^$document
||mxzem.david-laeuft.de^$document
||qbfhcwvg.multig.pl^$document
||vcdvxl.multig.pl^$document
||spnb.david-laeuft.de^$document
||zqkgit.hundebedarf-boettcher.de^$document

! https://forums.malwarebytes.com/topic/286891-my-android-phone-was-connected-to-pc-with-charge-only-when-pc-was-hacked/#comment-1555237 (deleted)
||anonigstalk.com^$document
||bingenerator.one^$document

! https://forums.malwarebytes.com/topic/295956-from-another-malwarebytes-forum-spammer/ (account required)
||discord.onl^$document

! https://github.com/hagezi/dns-blocklists/issues/804
||venezuelabaseballjerseys.com^$document
||italyworldbaseballclassic.com^$document
||storeoregononline.com^$document
||tlstoreonline.com^$document
||storecollegeonline.com^$document
||shoptcuhornedonline.com^$document
||shopsyracuseonline.com^$document

! https://github.com/hagezi/dns-blocklists/issues/1169
||boooodas.com^$all
||m-contact.site^$all
||fuckmebaby.click^$all
||vipdeit.com^$all

! comment spam - endless cloudflare redirects
||getcutt.fun^$document

! https://infosec.exchange/@iampytest1/111485217708664748
||free-amore.online^$all
||t.affoth2.com^$document
||newfast.pics^$all

! https://infosec.exchange/@iampytest1/111669699558836859
||newdate32.site^$all

! https://infosec.exchange/@iampytest1/111669799133185795
||gimail.su^$document
||qimail.su^$document

! cryptocurrency recovery scammers
||cybergeniehackpro.xyz^$document
||cyberservices.com^$document

! X/Twitter spammer
||t.me/+8q8i5Dl-lws4NTU6^$document

! https://infosec.exchange/@briankrebs/111947916198756986
||forestver.se^$document
||discord.gg/ctkpaarr^$document

! https://github.com/Mastodon-DE/blocklists/issues/17
||tambayan.us^$document

! https://www.bleepingcomputer.com/news/security/news-farm-impersonates-60-plus-major-outlets-bbc-cnn-cnbc-guardian/
||australiannewstoday.com^$document
||bbcnewstoday.com^$document
||bloombergnewstoday.com^$document
||bostonnewstoday.com^$document
||britishnewstoday.com^$document
||canadiannewstoday.com^$document
||chinaworldnewstoday.com^$document
||chroniclenewstoday.com^$document
||cnbcnewstoday.com^$document
||cnnworldtoday.com^$document
||crunchbasenewstoday.com^$document
||dailyexpressnewstoday.com^$document
||dailyheraldnewstoday.com^$document
||dailymirrornewstoday.com^$document
||dailystarnewstoday.com^$document
||dailytelegraphnewstoday.com^$document
||dutchnewstoday.com^$document
||dwnewstoday.com^$document
||europeannewstoday.com^$document
||forbesnewstoday.com^$document
||frenchnewstoday.com^$document
||germaynewstoday.com^$document
||guardiannewstoday.com^$document
||headlinesworldnews.com^$document
||huffingtonposttoday.com^$document
||irishnewstoday.com^$document
||italiannewstoday.com^$document
||livemintnewstoday.com^$document
||maltanewstime.com^$document
||mirrornewstoday.com^$document
||nationalposttoday.com^$document
||neatherlandnewstoday.com^$document
||neweuropetoday.com^$document
||norwaynewstoday.com^$document
||oxfordnewstoday.com^$document
||portugalnewstoday.com^$document
||postgazettenewstoday.com^$document
||republicofchinatoday.com^$document
||reuterstoday.com^$document
||russiannewstoday.com^$document
||scotlandnewstoday.com^$document
||spanenewstoday.com^$document
||switzerlandnewstoday.com^$document
||thedailymailnewstoday.com^$document
||thedailytelegraphnewstoday.com^$document
||theexpressnewstoday.com^$document
||theheraldnewstoday.com^$document
||theindependentnewstoday.com^$document
||theirishtimesnewstoday.com^$document
||theirishtimestoday.com^$document
||themetronewstoday.com^$document
||themirrornewstoday.com^$document
||thequintnewstoday.com^$document
||thestarnewstoday.com^$document
||thesunnewstoday.com^$document
||thetelegraphnewstoday.com^$document
||timesofnetherland.com^$document
||timesofspanish.com^$document
||topeuropenews.com^$document
||topworldnewstoday.com^$document
||turkeynewstoday.com^$document
||walesnewstoday.com^$document
||washingtonposttoday.com^$document
||washingtontimesnewstoday.com^$document
||www.australiannewstoday.com^$document
||www.bbcnewstoday.com^$document
||www.bloombergnewstoday.com^$document
||www.bostonnewstoday.com^$document
||www.britishnewstoday.com^$document
||www.canadiannewstoday.com^$document
||www.chinaworldnewstoday.com^$document
||www.chroniclenewstoday.com^$document
||www.cnbcnewstoday.com^$document
||www.cnnworldtoday.com^$document
||www.crunchbasenewstoday.com^$document
||www.dailyexpressnewstoday.com^$document
||www.dailyheraldnewstoday.com^$document
||www.dailymirrornewstoday.com^$document
||www.dailystarnewstoday.com^$document
||www.dailytelegraphnewstoday.com^$document
||www.dutchnewstoday.com^$document
||www.dwnewstoday.com^$document
||www.europeannewstoday.com^$document
||www.forbesnewstoday.com^$document
||www.frenchnewstoday.com^$document
||www.germaynewstoday.com^$document
||www.guardiannewstoday.com^$document
||www.headlinesworldnews.com^$document
||www.huffingtonposttoday.com^$document
||www.irishnewstoday.com^$document
||www.italiannewstoday.com^$document
||www.livemintnewstoday.com^$document
||www.maltanewstime.com^$document
||www.mirrornewstoday.com^$document
||www.nationalposttoday.com^$document
||www.neatherlandnewstoday.com^$document
||www.neweuropetoday.com^$document
||www.norwaynewstoday.com^$document
||www.oxfordnewstoday.com^$document
||www.portugalnewstoday.com^$document
||www.postgazettenewstoday.com^$document
||www.republicofchinatoday.com^$document
||www.reuterstoday.com^$document
||www.russiannewstoday.com^$document
||www.scotlandnewstoday.com^$document
||www.spanenewstoday.com^$document
||www.switzerlandnewstoday.com^$document
||www.thedailymailnewstoday.com^$document
||www.thedailytelegraphnewstoday.com^$document
||www.theexpressnewstoday.com^$document
||www.theheraldnewstoday.com^$document
||www.theindependentnewstoday.com^$document
||www.theirishtimesnewstoday.com^$document
||www.theirishtimestoday.com^$document
||www.themetronewstoday.com^$document
||www.themirrornewstoday.com^$document
||www.thequintnewstoday.com^$document
||www.thestarnewstoday.com^$document
||www.thesunnewstoday.com^$document
||www.thetelegraphnewstoday.com^$document
||www.timesofnetherland.com^$document
||www.timesofspanish.com^$document
||www.topeuropenews.com^$document
||www.topworldnewstoday.com^$document
||www.turkeynewstoday.com^$document
||www.walesnewstoday.com^$document
||www.washingtonposttoday.com^$document
||www.washingtontimesnewstoday.com^$document

! https://github.com/hagezi/dns-blocklists/issues/3017
||miahershberger.buzz^$document
||viktoriadelenick.za.com^$document
||h.yqyh571.xyz^$document

! https://github.com/hagezi/dns-blocklists/issues/3122
||likenu.se^$document

! spam wikipedia article (taken down - https://en.wikipedia.org/wiki/Fetish_Cams)
||fetishes.cam^$document

! from https://www.eff.org/deeplinks/2013/01/scanning-documents-patent-trolls-want-you-pay
! redirect from bought up domain: https://hybrid-analysis.com/sample/ee616d42e502581b5c1984b086b97c24114df2dd2fadf4680233a346635e10d0
||stop-project-paperless.com^$document
||transaction-2007.com^$document
||www.transaction-2007.com^$document
||mediaresmi.com^$document
||fijiluxuryvacation.com^$document
||www.cinemasaver.com^$document
||sedationdentistrycenter.com^$document
||verandasoho.com^$document
||stream-dna.com^$document
||www.goldenstatestimulus.com^$document
||www.bluegatemusicals.com^$document
||xolopbr.com^$document
||getannepro.com^$document
||www.theredbeanannapolis.com^$document
||www.lilxlotus.com^$document
||www.plantitmodern.com^$document
||www.illinoisfiberconnect.com^$document

! ---- Resource Abuse ----

! slows browser/device to a crawl, contains no real content, and uses (attempts) to trap the user - https://github.com/uBlockOrigin/uAssets/issues/7449
||csgo.xyz^$all

! https://github.com/hagezi/dns-blocklists/issues/1990
! https://infosec.exchange/@iampytest1/111666367575936830 (thanks to ajayyy)
||brightdata.com^$document
||brightdata.de^$document
||bright-sdk.com^$document
||clientsdk.bright-sdk.com^$document
||perr.bright-sdk.com^$document

! ---- Stalkerware ----

! copied from https://github.com/AssoEchap/stalkerware-indicators/blob/adae94598f8d628a4af90f9bf323553d3ec683a4/ioc.yaml#L1-L273 - https://github.com/AssoEchap/stalkerware-indicators#license (modified to be in uBo format, removed a few domains)
||phonespying.com^$all
||app.phonespying.com^$document
||copy9.com^$document
||fonetracker.com^$document
||thetruthspy.com^$all
||icloudappe.com^$all
||spyzee.com^$all
||media-sync-a.copy9.com^$all
||media-sync-a.fonetracker.com^$all
||media-sync-a.thetruthspy.com^$all
||media-sync-a743.thetruthspy.com^$all
||media-sync-a748.thetruthspy.com^$all
||media-sync-a7xx.thetruthspy.com^$all
||media-sync-a825.thetruthspy.com^$all
||media-sync-a830.thetruthspy.com^$all
||media-sync-a835.thetruthspy.com^$all
||media-sync-a895.thetruthspy.com^$all
||media-sync-a8xx.thetruthspy.com^$all
||media-sync-a910.thetruthspy.com^$all
||media-sync-a915.thetruthspy.com^$all
||media-sync-a920.thetruthspy.com^$all
||media-sync-a925.thetruthspy.com^$all
||media-sync-a930.thetruthspy.com^$all
||media-sync-a935.thetruthspy.com^$all
||media-sync-a940.thetruthspy.com^$all
||media-sync-a941.thetruthspy.com^$all
||media-sync-a942.thetruthspy.com^$all
||media.thetruthspy.com^$all
||my.copy9.com^$all
||my.ispyoo.com^$all
||my.thetruthspy.com^$all
||my.thespyapp.com^$all
||phonetracking.net^$all
||protocol-a.copy9.com^$all
||protocol-a.fonetracker.com^$all
||protocol-a.ispyoo.com^$all
||protocol-a.mxspy.com^$all
||protocol-a.thetruthspy.com^$all
||protocol-a621.copy9.com^$all
||protocol-a696.copy9.com^$all
||protocol-a710.copy9.com^$all
||protocol-a743.thetruthspy.com^$all
||protocol-a745.thetruthspy.com^$all
||protocol-a748.thetruthspy.com^$all
||protocol-a780.copy9.com^$all
||protocol-a780.mxspy.com^$all
||protocol-a785.copy9.com^$all
||protocol-a811.mxspy.com^$all
||protocol-a910.thetruthspy.com^$all
||protocol-a915.thetruthspy.com^$all
||protocol-a920.thetruthspy.com^$all
||protocol-a925.thetruthspy.com^$all
||protocol-a930.thetruthspy.com^$all
||protocol-a935.thetruthspy.com^$all
||protocol-a940.thetruthspy.com^$all
||protocol-a941.thetruthspy.com^$all
||protocol-a942.thetruthspy.com^$all
||protocol-monitor.thetruthspy.com^$all
||protocol-viewer-a.copy9.com^$all
||protocol.copy9.com^$all
||protocol.ispyoo.com^$all
||protocol.thetruthspy.com^$all
||secondclone-2d312.firebaseio.com^$all
||setupmail-a.icloudappe.com^$all
||setupmail-a724.icloudappe.com^$all
||setupmail-a743.icloudappe.com^$all
||setupmail-a745.icloudappe.com^$all
||setupmail-a748.icloudappe.com^$all
||setupmail-a910.icloudappe.com^$all
||setupmail-a915.icloudappe.com^$all
||setupmail-a920.icloudappe.com^$all
||setupmail.icloudappe.com^$all
||sync-a.copy9.com^$all
||sync-a.mxspy.com^$all
||sync-a.thetruthspy.com^$all
||sync-a7xx.thetruthspy.com^$all
||sync-a8xx.thetruthspy.com^$all
||sync-a925.thetruthspy.com^$all
||sync-a930.thetruthspy.com^$all
||sync-a935.thetruthspy.com^$all
||sync-a940.thetruthspy.com^$all
||sync-a941.thetruthspy.com^$all
||sync-a942.thetruthspy.com^$all

! https://github.com/AssoEchap/stalkerware-indicators/blob/9f656217ab46b2043612808940f4387b651000a9/ioc.yaml#L3937 - under https://github.com/AssoEchap/stalkerware-indicators#license
! my analysis: https://app.any.run/tasks/57cdb248-461e-4dc5-b6b2-2235eec1e098/
! my analysis: https://virustotal.com/gui/file/5809066a109718683fa1ffe3abcd0e6c9bd5f613279e081e31bc17e628d9bfba/detection
! my analysis: https://tria.ge/230505-27f8mshd2v/behavioral1
||myspyapps.com^$document
||my-spy-a9c92.firebaseio.com^$document

! Andrews, Jean. CompTIA A+ Guide to Information Technology Technical Support. Available from: Yuzu Reader, (11th Edition). Cengage Learning US, 2022.
! confirmed
||flexispy.com^$document

! https://lgbtqia.space/@alice/112017041119045914
||clevguard.com^$all
||www.clevguard.com^$all
||images.clevguard.com^$all
||panel.clevguard.com^$all
||public.clevguard.com^$all
||account.clevguard.com^$all
! possible fake page, unclear if related
||clevguard.org^$all
||www.clevguard.org^$all
||images.clevguard.org^$all

! "Remotely Monitor Kid's Device and Activity" - textbook stalkerware
||imyfone.com^$document

! https://techcrunch.com/2024/07/11/mspy-spyware-millions-customers-data-breach/
||mspy.com^$all

! ---- Include other lists ----
! include rules for just uBlock Origin and AdGuard, and the VXVault list
!#include special_lists/anti-malware-ubo-extension.txt

! END