From d4e59bacf4ad20958143d641e0964f893bba51db Mon Sep 17 00:00:00 2001 From: Scott Petty Date: Wed, 3 Jul 2024 17:39:25 -0400 Subject: [PATCH 1/3] begin adding malicious subdomains of r2.dev to domain list --- add-domain | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/add-domain b/add-domain index a5e9c58..d25bc6e 100644 --- a/add-domain +++ b/add-domain @@ -241,7 +241,37 @@ webaqunarmail.pages.dev webmial.pages.dev win-defender-sec-64csvxxvxxvxx0x665.pages.dev woow-seguro-de-viajes.pages.dev +pub-0259917d32254fe8ad9ed6707a70637d.r2.dev +pub-0334284d22f84d10b2472fd742667ba8.r2.dev +pub-0cfe3415fa8c4bf1a3062aea01c52f88.r2.dev +pub-12593f612a3248be91e520847ebf8634.r2.dev +pub-147549d3891840ab821de31d767c6c84.r2.dev +pub-187b2d91c0494f3ba5ec3b326cc8fed8.r2.dev +pub-221ef61f179e48f79f931e1342529256.r2.dev +pub-2af9861a7e9e48a3b45c657d7f829fad.r2.dev +pub-30781165e10b47b6b8f68fdf836b82ba.r2.dev +pub-34529312c5dd453986b0d61ff76b5372.r2.dev +pub-35aaf76b847448e4bac44c015fe1e7df.r2.dev +pub-3cdaaa1882ee49b9b86c737c7a415673.r2.dev +pub-3db84b77bcfa4a4ba70ea134e6534162.r2.dev +pub-40c506cd57fe4835b8cb3b993bbf4db2.r2.dev +pub-4c2a13d01dab4ade9268be6759a387c8.r2.dev +pub-4d97631662434b85845e7be2b52b6e61.r2.dev +pub-4e9d559e11c54314b7639d20c3d13682.r2.dev +pub-52f45a7ed2554e079cb905f0c23e9b8d.r2.dev +pub-6d663fb85dd14d5eb780578314065a6f.r2.dev +pub-8bbbc30421814f1bac74c610fb3d9bf5.r2.dev +pub-928ffaf37dd04d12b4e22eab0dc5391f.r2.dev +pub-96fed86dbb194ac88e9e3c705f9e5649.r2.dev +pub-a7aa109e9db04b97ba2fc89747a05209.r2.dev +pub-aa456431547a4e28948699d7c6a22006.r2.dev +pub-b6b9f0a2f10b4886a26f1094028c95ec.r2.dev +pub-b808d49393464900ab418430c76582aa.r2.dev +pub-d69751ce7c104b1a8abc630d80ac130c.r2.dev +pub-d9d21bff96fe4c7c808353a8e3cd886e.r2.dev +pub-efe8c223714242868bdd2fa750e67f77.r2.dev pub-fa147a3cddd04e9588b0d0a71d6d87fb.r2.dev +pub-f18c3d444059460880d86ed436e28dd3.r2.dev portalpaxum.cokiwe2297.workers.dev fmovies.direct gosuslugi.directory From 032405325d1c2aeb27553188cbb3dff05f5af524 Mon Sep 17 00:00:00 2001 From: Scott Petty Date: Wed, 3 Jul 2024 18:03:36 -0400 Subject: [PATCH 2/3] add additional malicious subdomains of r2.dev to domain list --- add-domain | 36 ++++++++++++++++++++++++++++++++++-- 1 file changed, 34 insertions(+), 2 deletions(-) diff --git a/add-domain b/add-domain index d25bc6e..130191e 100644 --- a/add-domain +++ b/add-domain @@ -241,37 +241,69 @@ webaqunarmail.pages.dev webmial.pages.dev win-defender-sec-64csvxxvxxvxx0x665.pages.dev woow-seguro-de-viajes.pages.dev +pub-023f4dfccb2f41bfa571925f96e1ffaa.r2.dev pub-0259917d32254fe8ad9ed6707a70637d.r2.dev pub-0334284d22f84d10b2472fd742667ba8.r2.dev +pub-09629487ba124d788b241976d2fe86cf.r2.dev pub-0cfe3415fa8c4bf1a3062aea01c52f88.r2.dev +pub-0f4d3c793e8a478ea29a9906fd715070.r2.dev pub-12593f612a3248be91e520847ebf8634.r2.dev pub-147549d3891840ab821de31d767c6c84.r2.dev pub-187b2d91c0494f3ba5ec3b326cc8fed8.r2.dev +pub-1c861328e4394134a30770372c6b7a26.r2.dev +pub-1eaf8d9fdf504256ad21005c83cb81f5.r2.dev +pub-2202f5760eea4f5eba334684a3d617f9.r2.dev pub-221ef61f179e48f79f931e1342529256.r2.dev +pub-2383eec70aab4ed3a49d29e42dc41b72.r2.dev +pub-28dfeb6275f8415ba3e6b97dfff9ccfc.r2.dev pub-2af9861a7e9e48a3b45c657d7f829fad.r2.dev +pub-2edc56a957da4485a7e513f8b429d183.r2.dev +pub-2f99ca1602494489a730146d1445354a.r2.dev pub-30781165e10b47b6b8f68fdf836b82ba.r2.dev +pub-339ed1e572c44e38b332b62b38f3360c.r2.dev pub-34529312c5dd453986b0d61ff76b5372.r2.dev pub-35aaf76b847448e4bac44c015fe1e7df.r2.dev +pub-384819f358494f06b5be0b5af5226eb1.r2.dev +pub-3a226c66bcda41e4bbeec4790c71c89c.r2.dev pub-3cdaaa1882ee49b9b86c737c7a415673.r2.dev pub-3db84b77bcfa4a4ba70ea134e6534162.r2.dev pub-40c506cd57fe4835b8cb3b993bbf4db2.r2.dev pub-4c2a13d01dab4ade9268be6759a387c8.r2.dev +pub-4d7d8582319341bab4de01da24967d41.r2.dev pub-4d97631662434b85845e7be2b52b6e61.r2.dev pub-4e9d559e11c54314b7639d20c3d13682.r2.dev pub-52f45a7ed2554e079cb905f0c23e9b8d.r2.dev +pub-68edf352d5f54adf86c1b1191639904b.r2.dev pub-6d663fb85dd14d5eb780578314065a6f.r2.dev +pub-8119568960374eaf95754898eb47073c.r2.dev +pub-8157f386fb5147f89167cfced15f1d55.r2.dev +pub-8334a0b1a0324fdd9222e4b2545d374b.r2.dev pub-8bbbc30421814f1bac74c610fb3d9bf5.r2.dev pub-928ffaf37dd04d12b4e22eab0dc5391f.r2.dev +pub-950afa4f5cd84f7ca09011c3d6e7f1eb.r2.dev pub-96fed86dbb194ac88e9e3c705f9e5649.r2.dev +pub-976621225a0a41a99730fd00df2f79f7.r2.dev +pub-9d425aa9335c4307a502c0721d499bdd.r2.dev pub-a7aa109e9db04b97ba2fc89747a05209.r2.dev pub-aa456431547a4e28948699d7c6a22006.r2.dev +pub-b3fdefdd677647fe8069fd5c0cf6c412.r2.dev pub-b6b9f0a2f10b4886a26f1094028c95ec.r2.dev pub-b808d49393464900ab418430c76582aa.r2.dev +pub-c89637694ef84619b8853f66dc50ce61.r2.dev +pub-c8ae5924edd84c49b96912a5a66b9423.r2.dev +pub-cdf13789ac034ca29ab43424244b494a.r2.dev +pub-d150cc0edea74105806ff1de75075324.r2.dev pub-d69751ce7c104b1a8abc630d80ac130c.r2.dev -pub-d9d21bff96fe4c7c808353a8e3cd886e.r2.dev +pub-d8e68521c76b4ecd816eb306fc057a59.r2.dev +pub-d9d21bff96fe4c7c808353a8e3cd886e.r2.dev +pub-e01ffa9d1d4841c9b7ed2ba08e2df406.r2.dev +pub-e13c11a0d7e84db8b9c7e7f4b9dc3ad9.r2.dev +pub-e4b13c28b9ef4867a84f0a61d1d81aef.r2.dev pub-efe8c223714242868bdd2fa750e67f77.r2.dev +pub-f18c3d444059460880d86ed436e28dd3.r2.dev +pub-f6db2c0ee1c0404e886e1c7bbc03c06c.r2.dev pub-fa147a3cddd04e9588b0d0a71d6d87fb.r2.dev -pub-f18c3d444059460880d86ed436e28dd3.r2.dev +pub-fc37d2d339714056b7f16368b49ae532.r2.dev portalpaxum.cokiwe2297.workers.dev fmovies.direct gosuslugi.directory From 5737f2766327865f489ca5d1a31dea47269bed50 Mon Sep 17 00:00:00 2001 From: Scott Petty Date: Wed, 3 Jul 2024 18:08:09 -0400 Subject: [PATCH 3/3] sort add-domain --- add-domain | 60 +++++++++++++++++++++++++++++------------------------- 1 file changed, 32 insertions(+), 28 deletions(-) diff --git a/add-domain b/add-domain index 130191e..914a183 100644 --- a/add-domain +++ b/add-domain @@ -241,69 +241,73 @@ webaqunarmail.pages.dev webmial.pages.dev win-defender-sec-64csvxxvxxvxx0x665.pages.dev woow-seguro-de-viajes.pages.dev -pub-023f4dfccb2f41bfa571925f96e1ffaa.r2.dev +pub-023f4dfccb2f41bfa571925f96e1ffaa.r2.dev pub-0259917d32254fe8ad9ed6707a70637d.r2.dev pub-0334284d22f84d10b2472fd742667ba8.r2.dev -pub-09629487ba124d788b241976d2fe86cf.r2.dev +pub-09629487ba124d788b241976d2fe86cf.r2.dev pub-0cfe3415fa8c4bf1a3062aea01c52f88.r2.dev -pub-0f4d3c793e8a478ea29a9906fd715070.r2.dev +pub-0f4d3c793e8a478ea29a9906fd715070.r2.dev pub-12593f612a3248be91e520847ebf8634.r2.dev pub-147549d3891840ab821de31d767c6c84.r2.dev pub-187b2d91c0494f3ba5ec3b326cc8fed8.r2.dev -pub-1c861328e4394134a30770372c6b7a26.r2.dev +pub-1c861328e4394134a30770372c6b7a26.r2.dev +pub-1df06f7132484c6b9502522b54e36ba7.r2.dev pub-1eaf8d9fdf504256ad21005c83cb81f5.r2.dev -pub-2202f5760eea4f5eba334684a3d617f9.r2.dev +pub-2072f07f599f497c92468dc206ee86cf.r2.dev +pub-2202f5760eea4f5eba334684a3d617f9.r2.dev pub-221ef61f179e48f79f931e1342529256.r2.dev -pub-2383eec70aab4ed3a49d29e42dc41b72.r2.dev -pub-28dfeb6275f8415ba3e6b97dfff9ccfc.r2.dev +pub-2383eec70aab4ed3a49d29e42dc41b72.r2.dev +pub-28dfeb6275f8415ba3e6b97dfff9ccfc.r2.dev pub-2af9861a7e9e48a3b45c657d7f829fad.r2.dev pub-2edc56a957da4485a7e513f8b429d183.r2.dev -pub-2f99ca1602494489a730146d1445354a.r2.dev +pub-2f99ca1602494489a730146d1445354a.r2.dev pub-30781165e10b47b6b8f68fdf836b82ba.r2.dev -pub-339ed1e572c44e38b332b62b38f3360c.r2.dev +pub-323694060f084296849c23a93ca80681.r2.dev +pub-339ed1e572c44e38b332b62b38f3360c.r2.dev pub-34529312c5dd453986b0d61ff76b5372.r2.dev pub-35aaf76b847448e4bac44c015fe1e7df.r2.dev -pub-384819f358494f06b5be0b5af5226eb1.r2.dev -pub-3a226c66bcda41e4bbeec4790c71c89c.r2.dev +pub-384819f358494f06b5be0b5af5226eb1.r2.dev +pub-3a226c66bcda41e4bbeec4790c71c89c.r2.dev pub-3cdaaa1882ee49b9b86c737c7a415673.r2.dev pub-3db84b77bcfa4a4ba70ea134e6534162.r2.dev pub-40c506cd57fe4835b8cb3b993bbf4db2.r2.dev pub-4c2a13d01dab4ade9268be6759a387c8.r2.dev -pub-4d7d8582319341bab4de01da24967d41.r2.dev +pub-4d7d8582319341bab4de01da24967d41.r2.dev pub-4d97631662434b85845e7be2b52b6e61.r2.dev pub-4e9d559e11c54314b7639d20c3d13682.r2.dev -pub-52f45a7ed2554e079cb905f0c23e9b8d.r2.dev -pub-68edf352d5f54adf86c1b1191639904b.r2.dev +pub-52f45a7ed2554e079cb905f0c23e9b8d.r2.dev +pub-68edf352d5f54adf86c1b1191639904b.r2.dev pub-6d663fb85dd14d5eb780578314065a6f.r2.dev pub-8119568960374eaf95754898eb47073c.r2.dev -pub-8157f386fb5147f89167cfced15f1d55.r2.dev -pub-8334a0b1a0324fdd9222e4b2545d374b.r2.dev +pub-8157f386fb5147f89167cfced15f1d55.r2.dev +pub-8334a0b1a0324fdd9222e4b2545d374b.r2.dev pub-8bbbc30421814f1bac74c610fb3d9bf5.r2.dev pub-928ffaf37dd04d12b4e22eab0dc5391f.r2.dev -pub-950afa4f5cd84f7ca09011c3d6e7f1eb.r2.dev +pub-950afa4f5cd84f7ca09011c3d6e7f1eb.r2.dev pub-96fed86dbb194ac88e9e3c705f9e5649.r2.dev -pub-976621225a0a41a99730fd00df2f79f7.r2.dev -pub-9d425aa9335c4307a502c0721d499bdd.r2.dev +pub-976621225a0a41a99730fd00df2f79f7.r2.dev +pub-9d425aa9335c4307a502c0721d499bdd.r2.dev pub-a7aa109e9db04b97ba2fc89747a05209.r2.dev pub-aa456431547a4e28948699d7c6a22006.r2.dev pub-b3fdefdd677647fe8069fd5c0cf6c412.r2.dev +pub-b558c1ae85844c4f90468f05ab9dc09a.r2.dev pub-b6b9f0a2f10b4886a26f1094028c95ec.r2.dev pub-b808d49393464900ab418430c76582aa.r2.dev pub-c89637694ef84619b8853f66dc50ce61.r2.dev pub-c8ae5924edd84c49b96912a5a66b9423.r2.dev -pub-cdf13789ac034ca29ab43424244b494a.r2.dev -pub-d150cc0edea74105806ff1de75075324.r2.dev -pub-d69751ce7c104b1a8abc630d80ac130c.r2.dev -pub-d8e68521c76b4ecd816eb306fc057a59.r2.dev +pub-cdf13789ac034ca29ab43424244b494a.r2.dev +pub-d150cc0edea74105806ff1de75075324.r2.dev +pub-d69751ce7c104b1a8abc630d80ac130c.r2.dev +pub-d8e68521c76b4ecd816eb306fc057a59.r2.dev pub-d9d21bff96fe4c7c808353a8e3cd886e.r2.dev -pub-e01ffa9d1d4841c9b7ed2ba08e2df406.r2.dev -pub-e13c11a0d7e84db8b9c7e7f4b9dc3ad9.r2.dev -pub-e4b13c28b9ef4867a84f0a61d1d81aef.r2.dev +pub-e01ffa9d1d4841c9b7ed2ba08e2df406.r2.dev +pub-e13c11a0d7e84db8b9c7e7f4b9dc3ad9.r2.dev +pub-e4b13c28b9ef4867a84f0a61d1d81aef.r2.dev pub-efe8c223714242868bdd2fa750e67f77.r2.dev pub-f18c3d444059460880d86ed436e28dd3.r2.dev -pub-f6db2c0ee1c0404e886e1c7bbc03c06c.r2.dev +pub-f6db2c0ee1c0404e886e1c7bbc03c06c.r2.dev pub-fa147a3cddd04e9588b0d0a71d6d87fb.r2.dev -pub-fc37d2d339714056b7f16368b49ae532.r2.dev +pub-fc37d2d339714056b7f16368b49ae532.r2.dev portalpaxum.cokiwe2297.workers.dev fmovies.direct gosuslugi.directory