# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://x.com/jaimeblascob/status/1872445912175534278
# Reference: https://x.com/jaimeblascob/status/1872460170565161108
# Reference: https://x.com/jaimeblascob/status/1872468826639798574
# Reference: https://x.com/AndreGironda/status/1872463896742871095
# Reference: https://x.com/IceSolst/status/1872701727465411037
# Reference: https://www.cyberhaven.com/engineering-blog/cyberhavens-preliminary-analysis-of-the-recent-malicious-chrome-extension
# Reference: https://secureannex.com/blog/cyberhaven-extension-compromise/
# Reference: https://hunt.io/blog/cyberhaven-extension-compromise-tls-certificate-links-infrastructure
# Reference: https://www.virustotal.com/gui/ip-address/136.244.115.219/relations
# Reference: https://www.virustotal.com/gui/ip-address/149.28.124.84/relations
# Reference: https://www.virustotal.com/gui/ip-address/149.248.2.160/relations
# Reference: https://www.virustotal.com/gui/ip-address/155.138.253.165/relations

adskiper.net
aiforgemini.com
bardaiforchrome.live
blockadsonyt.vip
blockforads.com
bookmarkfc.info
castorus.info
censortracker.pro
chataiassistant.pro
chatgptextension.site
chatgptextent.pro
chatgptforsearch.com
checkpolicy.site
cyberhavenext.pro
dearflip.pro
extensionbuysell.com
extensionpolicy.net
extensionpolicyprivacy.com
forassistant.com
forbarai.com
geminiaigg.pro
geminiforads.com
goodenhancerblocker.site
gpt4summary.ink
gptdetector.live
graphqlnetwork.pro
inspirewellread.com
internetdownloadmanager.pro
internxtvpn.pro
iobit.pro
linewizeconnect.com
locallyext.ink
moonsift.store
parrottalks.info
pieadblock.pro
policyextension.info
primusext.pro
proxyswitchyomega.pro
readermodeext.info
redeem-p2p.org
savechatgpt.site
savegptforchrome.com
savegptforyou.live
savgptforchrome.pro
searchaiassitant.info
searchcopilot.co
searchgptchat.info
tinamind.info
tkpartner.pro
tkv2.pro
ultrablock.pro
uvoice.live
videodownloadhelper.pro
vidnozflex.live
vpncity.live
wakelet.ink
wayinai.live
yescaptcha.pro
youtubeadsblocker.live
ytbadblocker.com
yujaverity.info
admin-main.tkpartner.pro
admin-new.tkv2.pro
admin-set.tkpartner.pro
admin-via.tkpartner.pro
admin.tkv2.pro
api.bardaiforchrome.live
api.blockadsonyt.vip
api.bookmarkfc.info
api.castorus.info
api.censortracker.pro
api.chataiassistant.pro
api.chatgptextension.site
api.chatgptextent.pro
api.cyberhavenext.pro
api.dearflip.pro
api.geminiaigg.pro
api.goodenhancerblocker.site
api.gpt4summary.ink
api.gptdetector.live
api.graphqlnetwork.pro
api.internetdownloadmanager.pro
api.internxtvpn.pro
api.iobit.pro
api.linewizeconnect.com
api.locallyext.ink
api.moonsift.store
api.parrottalks.info
api.pieadblock.pro
api.primusext.pro
api.proxyswitchyomega.pro
api.readermodeext.info
api.savechatgpt.site
api.savegptforyou.live
api.savgptforchrome.pro
api.searchaiassitant.info
api.searchcopilot.co
api.searchgptchat.info
api.tinamind.info
api.tkv2.pro
api.ultrablock.pro
api.uvoice.live
api.videodownloadhelper.pro
api.vidnozflex.live
api.vpncity.live
api.wakelet.ink
api.wayinai.live
api.yescaptcha.pro
api.youtubeadsblocker.live
api.yujaverity.info
app.checkpolicy.site
app.extensionbuysell.com
app.extensionpolicy.net
app.extensionpolicyprivacy.com
app.linewizeconnect.com
app.policyextension.info
chatgpt.forassistant.com
google.forbarai.com
search.forbarai.com
tkadmin10.tkv2.pro
tkadmin11-new.tkv2.pro
tkadmin11.tkv2.pro
tkadmin12-new.tkv2.pro
tkadmin12.tkv2.pro
tkadmin13-new.tkv2.pro
tkadmin13.tkv2.pro
tkadmin14-new.tkv2.pro
tkadmin14.tkv2.pro
tkadmin7-new.tkv2.pro
tkadmin7.tkv2.pro
tkadmin8.tkv2.pro
tkadmin9-new.tkv2.pro
tkadmin9.tkv2.pro
tkapi10.tkv2.pro
tkapi11.tkv2.pro
tkapi12.tkv2.pro
tkapi13.tkv2.pro
tkapi14.tkv2.pro
tkapi8.tkv2.pro
tkapi9.tkv2.pro

# Reference: https://x.com/IceSolst/status/1872872568085950855

qwerty.pro
x1111.pro
api.qwerty.pro
api.x1111.pro

# Reference: https://x.com/tuckner/status/1874141586642391369

forextensions.com
supportchromestore.com

# Reference: https://app.validin.com/detail?find=149.248.56.63&type=ip4&ref_id=5354d66b7c5#tab=resolutions (# 2025-01-04)

businessforai.com
fadblock.pro
gptforads.info
gptforbusiness.site
manageadsdevelop.live
openaigptforgg.site
admin.manageadsdevelop.live
api.fadblock.pro
api.manageadsdevelop.live
api.openaigptforgg.site
ext.businessforai.com

# Reference: https://www.virustotal.com/gui/ip-address/45.32.231.212/relations

upwordwave.com

# Reference: https://www.virustotal.com/gui/domain/chromeforextension.com/community

chromeforextension.com

# Reference: https://blog.sekoia.io/targeted-supply-chain-attack-against-chrome-browser-extensions/
# Reference: https://app.validin.com/detail?find=136.244.113.231&type=ip4&ref_id=be615612e4a#tab=resolutions
# Reference: https://app.validin.com/detail?find=185.92.222.127&type=ip4&ref_id=b1e64c0ba47#tab=resolutions
# Reference: https://app.validin.com/detail?find=216.128.137.127&type=ip4&ref_id=b1e64c0ba47#tab=resolutions
# Reference: https://app.validin.com/detail?find=45.76.74.118&type=ip4&ref_id=ad1d8c18115#tab=resolutions
# Reference: https://app.validin.com/detail?find=45.77.185.211&type=ip4&ref_id=b3229b24202#tab=resolutions

adsblockforyoutube.site
aiassistantforsearch.pro
gpt4chrome.live
promptheusgpt.info
savegpt.pro
admin-new.promptheusgpt.info
admin101.savegpt.pro
admin333.gpt4chrome.live
admin55.promptheusgpt.info
admin999.adsblockforyoutube.site

# Reference: https://x.com/SecuritySnacks/status/1924813635559231607
# Reference: https://x.com/motuariki_/status/1925062074214056335
# Reference: https://dti.domaintools.com/dual-function-malware-chrome-extensions/
# Reference: https://github.com/DomainTools/SecuritySnacks/blob/main/2025/DualFunction-Malware-Chrome-Extensions
# Reference: https://github.com/motuariki/IOCs/blob/main/Malicious%20Browser%20Extensions/21-05-2025-DualFunction-Malware-Chrome-Extensions

ad-eye.help
ad-guardian.world
ad-scope.world
ad-seeker.world
ad-spy.world
ad-vision.click
ad-vision.top
addetective.world
adelephant.world
adlibrary.world
adtwin.world
aml-sector.world
aml-vision.com
amlsector.com
analytics-box.world
blurflewhack.top
calendly-daily.com
calendly-director.com
calendly-docket.com
calendlydaily.world
calendlydocker.com
cookie-whitelist.com
creativehunter.world
creativepeek.world
crypto-whale.info
crypto-whale.top
cryptowhalesvision.world
datavibe.sbs
datazen.sbs
debank-extension.world
debank.click
debank.sbs
deepseek-ai.link
digigtalneo.top
digigtalwow.top
divine-vpn.top
doodlebuggle.top
e-xt.top
earthvpn.top
eventphere.com
exchange-wallet.io
extify.top
fizzlepopcorn.top
flibberwump.top
flight-radar.life
floopdoodle.top
forti-vpn.com
fortivnp.com
glimmerbloop.top
infograph.top
infonet.sbs
infosync.top
ioapp.sbs
iochange.top
iohub.sbs
ioonline.top
iospace.top
iron-tunnel.com
irontunnel.world
jibberjot.top
jumblefizz.top
key-stat.com
lockads.org
madgicx-plus.com
madgicxads.world
manusai.sbs
meta-guests.com
meta-spy.help
meta-spy365.com
noodlequack.top
orange-vpn.world
orchid-vpn.com
page-analysator.world
privacy-shield.world
quirkleblip.top
quizzlepuff.top
raccoon-vpn.world
rugspy.world
safesurf.world
similar-net.com
similarweb.one
siteanalyzer.world
sitestats.world
siteview.world
snickerdoodle.top
snogglewomp.top
social-guests.com
soul-vpn.com
spaceball.top
sprocketwhirl.top
spylens.world
squirrel-wallet.world
trendzen.top
twin-web.world
twizzleflap.top
web-analytics.top
web-metrics.link
web-radar.world
webinsight.world
webwatch.world
whale-alert.life
whale-alerts.org
wibblywob.top
wobblefizz.top
wobbleguff.top
workfront-plus.com
wti-analytics.com
wtigroups.com
x-theme.world
youtube-downloader.click
youtube-grabber.world
youtube-vision.com
youtube-vision.world
zingleflap.top
zorpleflux.top

# Reference: https://blog.virustotal.com/2025/08/code-insight-expands-to-uncover-risks.html
# Reference: https://www.virustotal.com/gui/file/6ca4466baf5ff09bab90a5d06bf113667717400daa59a287393e8f3f10959aba/detection

theununsstats.com

# Reference: https://blog.virustotal.com/2025/08/code-insight-expands-to-uncover-risks.html
# Reference: https://www.virustotal.com/gui/file/34244257f633e104d06b0c4273caca96eb916d26540eeea68495707cbc920bdb/detection

34.9.214.110:8081
