Created
December 3, 2020 20:34
-
-
Save malwador/12925c42ace466b2f0098e8348558556 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $001 = /[a-z0-9]{0,5}(.)?saleforyou\.org/ // saleforyou[.]org is reported to be used for a WP Login stealer. | |
| $002 = /[a-z0-9]{0,5}(.)?bingstyle\.com/ // same as above | |
| $003 = "www.24hod.sk" nocase | |
| $004 = /[a-z0-9]{4,64}\.designmysite\.pro/ //Phishing and malware distribution | |
| $005 = "times2day.com" nocase //redirector | |
| $006 = "lundybright.fr" nocase // https://labs.sucuri.net/face-mask-links-injected-into-wordpress-database/ | |
| $007 = "collectfasttracks.com" nocase | |
| $008 = "digestcolect.com" nocase | |
| $009 = "balantfromsun.com" nocase | |
| $010 = "trackstatisticsss.com" nocase | |
| $011 = "justcannabis.online" nocase // based on https://twitter.com/unmaskparasites/status/1267887462166278146 | |
| $012 = /vomndo\.(com|xyz|top)/ // rules covers vomndo.com, .xyz & .top https://kinsta.atlassian.net/browse/KT-221 | |
| $013 = "letsmakeparty3.ga" nocase // https://kinsta.atlassian.net/browse/KT-227 | |
| $014 = "lobbydesires.com" nocase // https://kinsta.atlassian.net/browse/KT-227 | |
| $015 = "cdn-google-analytics.com" nocase // https://kinsta.atlassian.net/browse/KT-228 via https://twitter.com/unmaskparasites/status/1280570200140759040 | |
| $016 = "dontstopthismusics.com" nocase // https://kinsta.atlassian.net/browse/KT-229 | |
| $017 = "wpctrl.ml" nocase // https://kinsta.atlassian.net/browse/KT-235 | |
| $018 = "developerstatss.ga" nocase // based on work for Dennis from Sucuri - https://kinsta.atlassian.net/browse/KT-266 | |
| $019 = "donatelloflowfirstly.ga" nocase // based on work for Dennis from Sucuri - https://kinsta.atlassian.net/browse/KT-276 & internal ticket | |
| $020 = "beforwardplay.com" nocase // https://kinsta.atlassian.net/browse/KT-267 | |
| $021 = "blackentertainments.com" nocase // https://kinsta.atlassian.net/browse/KT-267 | |
| $022 = "developfirstline.com" nocase // https://kinsta.atlassian.net/browse/KT-267 | |
| $023 = "gotosecond2.com" nocase // https://kinsta.atlassian.net/browse/KT-267 | |
| $024 = "greenlabelfrancisco.com" nocase // https://kinsta.atlassian.net/browse/KT-267 | |
| $025 = "bullgoesdown.com" nocase // https://kinsta.atlassian.net/browse/KT-267 | |
| $026 = "resolutiondestin.com" nocase // https://kinsta.atlassian.net/browse/KT-267 | |
| $027 = "admarketlocation.com" nocase // https://kinsta.atlassian.net/browse/KT-267 | |
| $028 = "wiilberedmodels.com" nocase // https://kinsta.atlassian.net/browse/KT-267 | |
| $029 = "cloneclicks.com" nocase // https://kinsta.atlassian.net/browse/KT-278 | |
| $030 = /cdnbootstrap\.(online|store|host)/ // https://kinsta.atlassian.net/browse/KT-284 | |
| $031 = /amastybootstrap\.(online|store|host)/ // https://kinsta.atlassian.net/browse/KT-284 | |
| $032 = /bootstrapcd\.(online|store|host)/ // https://kinsta.atlassian.net/browse/KT-284 | |
| $033 = /bootstrapcss\.(online|store|host)/ // https://kinsta.atlassian.net/browse/KT-284 | |
| $034 = /dbbootstrap\.(online|store|host)/ // https://kinsta.atlassian.net/browse/KT-284 | |
| $035 = "blackwaterforllows.ga" nocase // https://kinsta.atlassian.net/browse/KT-301 | |
| $036 = "comndo.com" nocase // https://kinsta.atlassian.net/browse/KT-305 | |
| $037 = "lowerbeforwarden.ml" nocase // https://kinsta.atlassian.net/browse/KT-310 | |
| $038 = "declarebusinessgroup.ga" nocase // https://kinsta.atlassian.net/browse/KT-356 | |
| $039 = /arilns\.(com|pw|top)/ // https://kinsta.atlassian.net/browse/KT-377 | |
| $040 = /(localhostnametable.com|moc.elbatemantsohlacol)/ // https://kinsta.atlassian.net/browse/KT-317 | |
| $041 = "ischeck.xyz" nocase // https://kinsta.atlassian.net/browse/KT-383 | |
| $042 = "adsformarket.com" nocase // https://kinsta.atlassian.net/browse/KT-384 | |
| $043 = "admarketresearch.xyz" nocase // https://kinsta.atlassian.net/browse/KT-384 | |
| $044 = "googlesapi.com" nocase // https://kinsta.atlassian.net/browse/KT-385 | |
| $045 = "wordprssapi.com" nocase // https://kinsta.atlassian.net/browse/KT-385 | |
| $046 = "zendesk-chart.com" nocase // https://kinsta.atlassian.net/browse/KT-386 | |
| $047 = "jquerycodemagento.com" nocase // https://kinsta.atlassian.net/browse/KT-386 | |
| $048 = "jquery-stats.com" nocase // https://kinsta.atlassian.net/browse/KT-386 | |
| $049 = "jquery-web.com" nocase // https://kinsta.atlassian.net/browse/KT-386 | |
| $050 = "tracker-visitors.com" nocase // https://kinsta.atlassian.net/browse/KT-386 | |
| $051 = "gooqlemgrteg.com" nocase // https://kinsta.atlassian.net/browse/KT-386 | |
| $052 = "gooqleadvstat.com" nocase // https://kinsta.atlassian.net/browse/KT-386 | |
| $053 = "jquerystatic.com" nocase // https://kinsta.atlassian.net/browse/KT-386 | |
| $054 = "4ksudckusdkc.space" nocase // https://kinsta.atlassian.net/browse/KT-388 | |
| $055 = "app.caresearch.com.au" nocase // https://kinsta.atlassian.net/browse/KT-388 | |
| $056 = "mediaoaktree.com" nocase // https://kinsta.atlassian.net/browse/KT-388 | |
| $057 = "mediasprucetree.com" nocase // https://kinsta.atlassian.net/browse/KT-388 | |
| $058 = "mobnootiffy.com" nocase // https://kinsta.atlassian.net/browse/KT-388 | |
| $059 = "shakesmobi.com" nocase // https://kinsta.atlassian.net/browse/KT-388 | |
| $060 = "tut-64.com" nocase // https://kinsta.atlassian.net/browse/KT-388 | |
| $061 = "yourservice.live" nocase // https://kinsta.atlassian.net/browse/KT-388 | |
| $062 = "cdjs.online" nocase // https://kinsta.atlassian.net/browse/KT-389 | |
| $063 = "cdns.ws" nocase // https://kinsta.atlassian.net/browse/KT-389 | |
| $064 = "msdns.online" nocase // https://kinsta.atlassian.net/browse/KT-389 | |
| $065 = "allyouwant.online" nocase // https://kinsta.atlassian.net/browse/KT-390 | |
| $066 = "eeduelements.com" nocase // https://kinsta.atlassian.net/browse/KT-390 | |
| $067 = "gabemastery.ml" nocase // https://kinsta.atlassian.net/browse/KT-390 | |
| $068 = "alsutrans.com" nocase // https://kinsta.atlassian.net/browse/KT-390 | |
| $069 = "pornmam.com" nocase // https://kinsta.atlassian.net/browse/KT-391 | |
| $070 = "somelandingpage.com" nocase // https://kinsta.atlassian.net/browse/KT-392 | |
| $071 = "getmyconfigplease.com" nocase // https://kinsta.atlassian.net/browse/KT-392 | |
| $072 = "getmyfreetraffic.com" nocase // https://kinsta.atlassian.net/browse/KT-392 | |
| $073 = "setforconfigplease.com" nocase // https://kinsta.atlassian.net/browse/KT-392 | |
| $074 = "strangefullthiggngs.com" nocase // https://kinsta.atlassian.net/browse/KT-392 | |
| $075 = "redrentalservice.com" nocase // https://kinsta.atlassian.net/browse/KT-392 | |
| $076 = "lowerthenskyactive.ga" nocase // https://kinsta.atlassian.net/browse/KT-416 | |
| $077 = "minisrclink.cool" nocase // https://kinsta.atlassian.net/browse/KT-425 | |
| $078 = "google-standard.com" nocase // https://kinsta.atlassian.net/browse/KT-424 | |
| $079 = "bing-analytics.com" nocase // https://kinsta.atlassian.net/browse/KT-424 | |
| $080 = "google-money.com" nocase // https://kinsta.atlassian.net/browse/KT-424 | |
| $081 = "google-sale.com" nocase // https://kinsta.atlassian.net/browse/KT-424 | |
| $082 = "paypal-assist.com" nocase // https://kinsta.atlassian.net/browse/KT-424 | |
| $083 = "paypal-debit.com" nocase // https://kinsta.atlassian.net/browse/KT-424 | |
| $084 = "connect-facebook.com" nocase // https://kinsta.atlassian.net/browse/KT-424 | |
| $085 = "cdn-jquery.com" nocase // https://kinsta.atlassian.net/browse/KT-424 | |
| $086 = "google-assistant.com" nocase // https://kinsta.atlassian.net/browse/KT-424 | |
| $087 = "paypalapiobjects.com" nocase // https://kinsta.atlassian.net/browse/KT-424 | |
| $088 = "google-tasks.com" nocase // https://kinsta.atlassian.net/browse/KT-424 | |
| $089 = "jquery-insert.com" nocase // https://kinsta.atlassian.net/browse/KT-424 | |
| $090 = "googleapimanager.com" nocase // https://kinsta.atlassian.net/browse/KT-424 | |
| $091 = "contact-uspaypal.com" nocase // https://kinsta.atlassian.net/browse/KT-439 | |
| $092 = "paypal-intlservice.com" nocase // https://kinsta.atlassian.net/browse/KT-439 | |
| $093 = "renewal-account-paypal.com" nocase // https://kinsta.atlassian.net/browse/KT-439 | |
| $094 = "serviceintl-paypal.com" nocase // https://kinsta.atlassian.net/browse/KT-439 | |
| $095 = "ssl-dropbox.cloud" nocase // https://kinsta.atlassian.net/browse/KT-440 | |
| $096 = "ssl-dropboxes.cloud" nocase // https://kinsta.atlassian.net/browse/KT-440 | |
| $097 = "ssl-dropboxs.cloud" nocase // https://kinsta.atlassian.net/browse/KT-440 | |
| $098 = "ssl-dropbx.cloud" nocase // https://kinsta.atlassian.net/browse/KT-440 | |
| $099 = "ssl-drpbox.cloud" nocase // https://kinsta.atlassian.net/browse/KT-440 | |
| $100 = "101newssubspush.info" nocase // https://kinsta.atlassian.net/browse/KT-441 | |
| $101 = "bestofnewssubspush.info" nocase // https://kinsta.atlassian.net/browse/KT-441 | |
| $102 = "burningpush.info" nocase // https://kinsta.atlassian.net/browse/KT-441 | |
| $103 = "checkadvisefriends.info" nocase // https://kinsta.atlassian.net/browse/KT-441 | |
| $104 = "checksayfriends.info" nocase // https://kinsta.atlassian.net/browse/KT-441 | |
| $105 = "checksuefriends.info" nocase // https://kinsta.atlassian.net/browse/KT-441 | |
| $106 = "conewssubspush.info" nocase // https://kinsta.atlassian.net/browse/KT-441 | |
| $107 = "enewssubspush.info" nocase // https://kinsta.atlassian.net/browse/KT-441 | |
| $108 = "examinenotifyfriends.info" nocase // https://kinsta.atlassian.net/browse/KT-441 | |
| $109 = "gonewssubspush.info" nocase // https://kinsta.atlassian.net/browse/KT-441 | |
| $110 = "hitnewssubspush.info" nocase // https://kinsta.atlassian.net/browse/KT-441 | |
| $111 = "inewssubspush.info" nocase // https://kinsta.atlassian.net/browse/KT-441 | |
| $112 = "inspectnotifyfriends.info" nocase // https://kinsta.atlassian.net/browse/KT-441 | |
| $113 = "justnewssubspush.info" nocase // https://kinsta.atlassian.net/browse/KT-441 | |
| $114 = "livenewssubspush.info" nocase // https://kinsta.atlassian.net/browse/KT-441 | |
| $115 = "metanewssubspush.info" nocase // https://kinsta.atlassian.net/browse/KT-441 | |
| $116 = "newnewssubspush.info" nocase // https://kinsta.atlassian.net/browse/KT-441 | |
| $117 = "notifymepush.info" nocase // https://kinsta.atlassian.net/browse/KT-441 | |
| $118 = "nunewssubspush.info" nocase // https://kinsta.atlassian.net/browse/KT-441 | |
| $119 = "pushmeandtouchme.info" nocase // https://kinsta.atlassian.net/browse/KT-441 | |
| $120 = "scannotifyfriends.info" nocase // https://kinsta.atlassian.net/browse/KT-441 | |
| $121 = "searchnotifyfriends.info" nocase // https://kinsta.atlassian.net/browse/KT-441 | |
| $122 = "testnotifyfriends.info" nocase // https://kinsta.atlassian.net/browse/KT-441 | |
| $123 = "thentouchme.info" nocase // https://kinsta.atlassian.net/browse/KT-441 | |
| $124 = "topnewssubspush.info" nocase // https://kinsta.atlassian.net/browse/KT-441 | |
| $125 = "touchthenpush.info" nocase // https://kinsta.atlassian.net/browse/KT-441 | |
| $126 = "trynewssubspush.info" nocase // https://kinsta.atlassian.net/browse/KT-441 | |
| $127 = "upnewssubspush.info" nocase // https://kinsta.atlassian.net/browse/KT-441 | |
| $128 = "usenotifyfriends.info" nocase // https://kinsta.atlassian.net/browse/KT-441 | |
| $129 = "wenewssubspush.info" nocase // https://kinsta.atlassian.net/browse/KT-441 | |
| $130 = "hostingcloud.racing" nocase // https://kinsta.atlassian.net/browse/KT-457 | |
| $131 = /yomndo\.(com|xyz|top)/ nocase // https://kinsta.atlassian.net/browse/KT-437 | |
| $132 = "newsfeed.support" nocase // https://kinsta.atlassian.net/browse/KT-441 | |
| $133 = "newpush.support" nocase // https://kinsta.atlassian.net/browse/KT-441 | |
| $134 = "hotopponents.site" nocase // https://kinsta.atlassian.net/browse/KT-442 | |
| $135 = "learningtoolkit.club" nocase // https://kinsta.atlassian.net/browse/KT-442 | |
| $136 = "mp3menu.org" nocase // https://kinsta.atlassian.net/browse/KT-442 | |
| $137 = "examhome.net" nocase // https://kinsta.atlassian.net/browse/KT-442 | |
| $138 = "magichottrade.su" nocase // https://kinsta.atlassian.net/browse/KT-461 | |
| $139 = "securefastdeal.com" nocase // https://kinsta.atlassian.net/browse/KT-461 | |
| $140 = "goodherbwebmart.com" nocase // https://kinsta.atlassian.net/browse/KT-461 | |
| $141 = "mobile-global-apps-storage.life" nocase // https://kinsta.atlassian.net/browse/KT-466 | |
| $142 = "shoutmostface7.live" nocase // https://kinsta.atlassian.net/browse/KT-466 | |
| $143 = "crazytds.club" nocase // https://kinsta.atlassian.net/browse/KT-487 | |
| $144 = "strongcapitalads.ga" nocase // https://kinsta.atlassian.net/browse/KT-493 | |
| $145 = "whiteshoplabels.ml" nocase // https://kinsta.atlassian.net/browse/KT-493 | |
| $146 = "lovegreenpencils.ga" nocase // https://kinsta.atlassian.net/browse/KT-508 | |
| $147 = "canadianherbinc.ru" nocase // https://kinsta.atlassian.net/browse/KT-510 | |
| $148 = "yourmedsquality.su" nocase // https://kinsta.atlassian.net/browse/KT-510 | |
| $149 = "myhealthmall.su" nocase // https://kinsta.atlassian.net/browse/KT-510 | |
| $150 = "fastpharmacy.store" nocase // https://kinsta.atlassian.net/browse/KT-511 | |
| $151 = /www\.grilns\.(com|top|pw)/ // https://kinsta.atlassian.net/browse/KT-526 | |
| $152 = "linetoadsactive.com" nocase // https://kinsta.atlassian.net/browse/KT-525 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment