Merge pull request #504 from chartingshow/Grandoreiro-2

Block `Grandoreiro` an Android banking trojan (part 2)
chartingshow · May 19, 2024 · 3da95b9 · 3da95b9
2 parents 6e9f23b + 39445a0
commit 3da95b9
Show file tree

Hide file tree

Showing 13 changed files with 180 additions and 16 deletions.
diff --git a/src/blacklists/custom-ip-block-lists/ip-grandoreiro.txt b/src/blacklists/custom-ip-block-lists/ip-grandoreiro.txt
@@ -0,0 +1,25 @@
+# Crypto Firewall
+# Blocking Web Browser Crypto Malware and Phishing Websites
+#
+# Blocking: Grandoreiro Malware Custom List
+#
+# Homepage: https://github.com/chartingshow/crypto-firewall
+# Contribute: https://github.com/chartingshow/crypto-firewall/issues
+# License: GPL-3.0 license
+#
+# Last modified: 19 May 2024
+#
+
+15.228.233.242
+15.228.245.103
+15.228.57.146
+15.229.211.175
+15.229.47.198
+172.96.137.108
+18.230.74.51
+18.231.154.55
+18.231.158.159
+18.231.181.227
+185.191.228.227
+192.95.6.196
+51.77.193.20
diff --git a/src/blacklists/free-dns-hosting/hosts.txt b/src/blacklists/free-dns-hosting/hosts.txt
@@ -6,7 +6,7 @@
 # Contribute: https://github.com/chartingshow/crypto-firewall/issues
 # License: GPL-3.0 license
 #
-# Last modified: 18 May 2024
+# Last modified: 19 May 2024
 #
 
 # Block Free dns and hosting
@@ -30,6 +30,7 @@
 0.0.0.0 chickenkiller.com
 0.0.0.0 chiguserver.ml
 0.0.0.0 codns.com
+0.0.0.0 collegefan.org
 0.0.0.0 con-ip.com
 0.0.0.0 crabdance.com
 0.0.0.0 ddns.com
@@ -39,6 +40,7 @@
 0.0.0.0 ddnsgeek.com
 0.0.0.0 ddnsguru.com
 0.0.0.0 ddnsking.com
+0.0.0.0 ditchyourip.com
 0.0.0.0 dnsabr.com
 0.0.0.0 dnsalias.com
 0.0.0.0 dnsdojo.com
@@ -70,6 +72,7 @@
 0.0.0.0 gleeze.com
 0.0.0.0 gotdns.ch
 0.0.0.0 hacked.jp
+0.0.0.0 her.name
 0.0.0.0 here-for-more.info
 0.0.0.0 home-webserver.de
 0.0.0.0 homelinux.net
@@ -94,6 +97,7 @@
 0.0.0.0 mybluehost.me
 0.0.0.0 myddns.me
 0.0.0.0 myddns.rocks
+0.0.0.0 myeffect.net
 0.0.0.0 myftp.biz
 0.0.0.0 myftp.org
 0.0.0.0 myiphost.com

diff --git a/src/blacklists/free-dns-hosting/list.txt b/src/blacklists/free-dns-hosting/list.txt
@@ -7,7 +7,7 @@
 # Contribute: https://github.com/chartingshow/crypto-firewall/issues
 # License: GPL-3.0 license
 #
-# Last modified: 18 May 2024
+# Last modified: 19 May 2024
 #
 
 # Domains
@@ -31,6 +31,7 @@ changeip.net
 chickenkiller.com
 chiguserver.ml
 codns.com
+collegefan.org
 con-ip.com
 crabdance.com
 ddns.com
@@ -40,6 +41,7 @@ ddnsfree.com
 ddnsgeek.com
 ddnsguru.com
 ddnsking.com
+ditchyourip.com
 dnsabr.com
 dnsalias.com
 dnsdojo.com
@@ -71,6 +73,7 @@ giize.com
 gleeze.com
 gotdns.ch
 hacked.jp
+her.name
 here-for-more.info
 home-webserver.de
 homelinux.net
@@ -95,6 +98,7 @@ mooo.com
 mybluehost.me
 myddns.me
 myddns.rocks
+myeffect.net
 myftp.biz
 myftp.org
 myiphost.com

diff --git a/src/blacklists/free-dns-hosting/nomalware.txt b/src/blacklists/free-dns-hosting/nomalware.txt
@@ -1,7 +1,7 @@
 [Adblock Plus 2.0]
 ! Title: Crypto Firewall
 ! Expires: 7 days (update frequency)
-! Last modified: 18 May 2024
+! Last modified: 19 May 2024
 ! Homepage: https://github.com/chartingshow/crypto-firewall/
 ! Contribute: https://github.com/chartingshow/crypto-firewall/issues
 ! License: GPL-3.0 license
@@ -29,6 +29,7 @@
 ||chickenkiller.com^$third-party
 ||chiguserver.ml^$third-party
 ||codns.com^$third-party
+||collegefan.org^$third-party
 ||con-ip.com^$third-party
 ||crabdance.com^$third-party
 ||ddns.com^$third-party
@@ -38,6 +39,7 @@
 ||ddnsgeek.com^$third-party
 ||ddnsguru.com^$third-party
 ||ddnsking.com^$third-party
+||ditchyourip.com^$third-party
 ||dnsabr.com^$third-party
 ||dnsalias.com^$third-party
 ||dnsdojo.com^$third-party
@@ -69,6 +71,7 @@
 ||gleeze.com^$third-party
 ||gotdns.ch^$third-party
 ||hacked.jp^$third-party
+||her.name^$third-party
 ||here-for-more.info^$third-party
 ||home-webserver.de^$third-party
 ||homelinux.net^$third-party
@@ -93,6 +96,7 @@
 ||mybluehost.me^$third-party
 ||myddns.me^$third-party
 ||myddns.rocks^$third-party
+||myeffect.net^$third-party
 ||myftp.biz^$third-party
 ||myftp.org^$third-party
 ||myiphost.com^$third-party

diff --git a/src/blacklists/free-dns-hosting/regex.txt b/src/blacklists/free-dns-hosting/regex.txt
@@ -1 +1 @@
-(2waky.com|3utilities.com|access.ly|accesscam.org|airvpn.org|anondns.net|beget.tech|biz.ua|blogsyte.com|bo-ip.biz|bounceme.net|buyshouses.net|cable-modem.org|camdvr.org|casacam.net|cew.hu|changeip.net|chickenkiller.com|chiguserver.ml|codns.com|con-ip.com|crabdance.com|ddns.com|ddns.me|ddns.net|ddnsfree.com|ddnsgeek.com|ddnsguru.com|ddnsking.com|dnsabr.com|dnsalias.com|dnsdojo.com|dnsdyn.net|dnsfor.me|duckdns.org|duia.ro|dvrlists.com|dynamic-dns.net|dyndns-at-home.com|dyndns-remote.com|dyndns-server.com|dyndns-web.com|dyndns-wiki.com|dyndns.biz|dyndns.org|dyndns1.de|dynu.com|dynu.net|dynuddns.net|firewall-gateway.com|freeddns.org|freedynamicdns.org|freemyip.com|from-de.com|from-ms.com|geekgalaxy.com|giize.com|gleeze.com|gotdns.ch|hacked.jp|here-for-more.info|home-webserver.de|homelinux.net|hopto.org|hoptp.org|ignorelist.com|ipq.co|is-a-doctor.com|ix.tc|jetos.com|jumpingcrab.com|keenetic.link|keenetic.pro|kozow.com|kro.kr|linkpc.net|loca.lt|loseyourip.com|mefound.com|misecure.com|mooo.com|mybluehost.me|myddns.me|myddns.rocks|myftp.biz|myftp.org|myiphost.com|mypsx.net|myvnc.com|mywire.org|n-e.kr|neat-url.com|nerdpol.ovh|net-freaks.com|ngrok.io|no-ip.biz|no-ip.ca|no-ip.com|no-ip.info|no-ip.net|no-ip.org|no_ip.biz|noip.com|noip.me|noip.pl|ns01.info|nsupdate.info|onthewifi.com|ooguy.com|p-e.kr|portmap.host|portmap.io|publicvm.com|redirectme.net|rootlayer.net|scienceontheweb.net|selfhost.de|selfhost.tk|servebbs.net|servebbs.org|servebeer.com|servecounterstrike.com|serveftp.com|serveftp.org|servegame.com|servegame.org|servehalflife.com|servehttp.com|serveirc.com|serveminecraft.net|servemp3.com|servep2p.com|servepics.com|servequake.com|sinsincity.com|softcom.net|spdns.eu|strangled.net|swtest.ru|sytes.net|thddns.net|theworkpc.com|thruhere.net|tiscali.it|twilightparadox.com|viewdns.net|web-hosting.com|webhop.info|webhop.me|webhop.org|webredirect.org|x10.bz|ydns.eu|zapto.org|zyns.com|zz.am)
+(2waky.com|3utilities.com|access.ly|accesscam.org|airvpn.org|anondns.net|beget.tech|biz.ua|blogsyte.com|bo-ip.biz|bounceme.net|buyshouses.net|cable-modem.org|camdvr.org|casacam.net|cew.hu|changeip.net|chickenkiller.com|chiguserver.ml|codns.com|collegefan.org|con-ip.com|crabdance.com|ddns.com|ddns.me|ddns.net|ddnsfree.com|ddnsgeek.com|ddnsguru.com|ddnsking.com|ditchyourip.com|dnsabr.com|dnsalias.com|dnsdojo.com|dnsdyn.net|dnsfor.me|duckdns.org|duia.ro|dvrlists.com|dynamic-dns.net|dyndns-at-home.com|dyndns-remote.com|dyndns-server.com|dyndns-web.com|dyndns-wiki.com|dyndns.biz|dyndns.org|dyndns1.de|dynu.com|dynu.net|dynuddns.net|firewall-gateway.com|freeddns.org|freedynamicdns.org|freemyip.com|from-de.com|from-ms.com|geekgalaxy.com|giize.com|gleeze.com|gotdns.ch|hacked.jp|her.name|here-for-more.info|home-webserver.de|homelinux.net|hopto.org|hoptp.org|ignorelist.com|ipq.co|is-a-doctor.com|ix.tc|jetos.com|jumpingcrab.com|keenetic.link|keenetic.pro|kozow.com|kro.kr|linkpc.net|loca.lt|loseyourip.com|mefound.com|misecure.com|mooo.com|mybluehost.me|myddns.me|myddns.rocks|myeffect.net|myftp.biz|myftp.org|myiphost.com|mypsx.net|myvnc.com|mywire.org|n-e.kr|neat-url.com|nerdpol.ovh|net-freaks.com|ngrok.io|no-ip.biz|no-ip.ca|no-ip.com|no-ip.info|no-ip.net|no-ip.org|no_ip.biz|noip.com|noip.me|noip.pl|ns01.info|nsupdate.info|onthewifi.com|ooguy.com|p-e.kr|portmap.host|portmap.io|publicvm.com|redirectme.net|rootlayer.net|scienceontheweb.net|selfhost.de|selfhost.tk|servebbs.net|servebbs.org|servebeer.com|servecounterstrike.com|serveftp.com|serveftp.org|servegame.com|servegame.org|servehalflife.com|servehttp.com|serveirc.com|serveminecraft.net|servemp3.com|servep2p.com|servepics.com|servequake.com|sinsincity.com|softcom.net|spdns.eu|strangled.net|swtest.ru|sytes.net|thddns.net|theworkpc.com|thruhere.net|tiscali.it|twilightparadox.com|viewdns.net|web-hosting.com|webhop.info|webhop.me|webhop.org|webredirect.org|x10.bz|ydns.eu|zapto.org|zyns.com|zz.am)
diff --git a/src/blacklists/hosts.txt b/src/blacklists/hosts.txt
@@ -4,7 +4,7 @@
 # Contribute: https://github.com/chartingshow/crypto-firewall/issues
 # License: GPL-3.0 license
 #
-# Last modified: 18 May 2024
+# Last modified: 19 May 2024
 #
 
 # Extras (comment out if needed)
@@ -1530,6 +1530,7 @@
 0.0.0.0 artsnentertainments.world
 0.0.0.0 artsquarenft.com
 0.0.0.0 artsynames.store
+0.0.0.0 arvanstorage.ir
 0.0.0.0 arvimon.fun
 0.0.0.0 arxeologiya.az
 0.0.0.0 aryansinghdadiala.com
@@ -4169,11 +4170,16 @@
 0.0.0.0 daujimaharajmandir.org
 0.0.0.0 davantaged.com
 0.0.0.0 daverecimal.top
+0.0.0.0 davialmeida.pics
 0.0.0.0 davidashley.cfd
 0.0.0.0 davidkujawa.com
 0.0.0.0 davidwalkerbass.com
 0.0.0.0 davigoldcolors.com
+0.0.0.0 davilucasmoreira.xyz
+0.0.0.0 davilucassilveira.mom
+0.0.0.0 daviluccadapaz.cfd
 0.0.0.0 davinakitchenoutlet.net
+0.0.0.0 davizuccapires.cfd
 0.0.0.0 dawadi.vip
 0.0.0.0 dawaikorner.com
 0.0.0.0 dawarel3mda.com
@@ -4739,6 +4745,7 @@
 0.0.0.0 duytanne.top
 0.0.0.0 duyuru-market-com.tk
 0.0.0.0 dver5otop.ru
+0.0.0.0 dvrdns.org
 0.0.0.0 dvrlists.com
 0.0.0.0 dwarimlari.xyz
 0.0.0.0 dwaynefarmhouse.com
@@ -4752,6 +4759,7 @@
 0.0.0.0 dybsyasfasgsd.shop
 0.0.0.0 dygb.pl
 0.0.0.0 dylarache.site
+0.0.0.0 dynalias.com
 0.0.0.0 dynamic-dns.net
 0.0.0.0 dynamic-linx.com
 0.0.0.0 dynamiclink.lol
@@ -5054,6 +5062,7 @@
 0.0.0.0 elsu-finance.online
 0.0.0.0 emagrecercomsaude.digital
 0.0.0.0 email026.com
+0.0.0.0 emanuellopes.one
 0.0.0.0 emarketk.shop
 0.0.0.0 ematome.com
 0.0.0.0 emdghouseltd3.pro
@@ -5124,6 +5133,7 @@
 0.0.0.0 entreprises-dynamiques.fr
 0.0.0.0 environmentwi.com
 0.0.0.0 environmentwy.net
+0.0.0.0 enzogabrielpereira.xyz
 0.0.0.0 eocexvxc.one
 0.0.0.0 eodqdlj.ua
 0.0.0.0 eofjdo3zwxvbi57.com
@@ -5589,6 +5599,7 @@
 0.0.0.0 feridolin.com
 0.0.0.0 fermangsd.shop
 0.0.0.0 fernandesx.com.br
+0.0.0.0 fernandocosta.pics
 0.0.0.0 feroza.live
 0.0.0.0 ferozo.net
 0.0.0.0 ferver8.com
@@ -6023,6 +6034,7 @@
 0.0.0.0 from-ms.com
 0.0.0.0 from-mt.com
 0.0.0.0 from-oh.com
+0.0.0.0 from-wi.com
 0.0.0.0 from-wy.com
 0.0.0.0 fromsmash.com
 0.0.0.0 frontlineii.net
@@ -6816,6 +6828,7 @@
 0.0.0.0 guessuk.net
 0.0.0.0 guguchrome.com
 0.0.0.0 guide-gemini.com
+0.0.0.0 guilhermeduarte.xyz
 0.0.0.0 gukjr.com
 0.0.0.0 gukloc.xyz
 0.0.0.0 guldglitter.com
@@ -7966,6 +7979,7 @@
 0.0.0.0 jnhwjq.com
 0.0.0.0 jnsfi.in
 0.0.0.0 joadsupremecreations.com
+0.0.0.0 joaomiguelcunha.one
 0.0.0.0 jobscur.com
 0.0.0.0 jobsterkini.online
 0.0.0.0 jobsvac.xyz
@@ -8105,6 +8119,7 @@
 0.0.0.0 kaikaikiki.pw
 0.0.0.0 kailabs.online
 0.0.0.0 kailashwelfarefoundation.com
+0.0.0.0 kaiquenascimento.one
 0.0.0.0 kairaliagencies.com
 0.0.0.0 kakadu.by
 0.0.0.0 kakebui.com
@@ -8940,6 +8955,7 @@
 0.0.0.0 lordglass.com
 0.0.0.0 lordliness.store
 0.0.0.0 lordoutelt.com
+0.0.0.0 lorenzocardoso.cfd
 0.0.0.0 loribarker.ca
 0.0.0.0 lortyl.com
 0.0.0.0 lorwynx-stox.xyz
@@ -9005,6 +9021,7 @@
 0.0.0.0 luhuu.top
 0.0.0.0 luidelyator.xyz
 0.0.0.0 luindica.ga
+0.0.0.0 luizotaviomoraes.mom
 0.0.0.0 lukehadaj.com.au
 0.0.0.0 lukguide.com
 0.0.0.0 lululemonca.store
@@ -10533,6 +10550,7 @@
 0.0.0.0 no-response.website
 0.0.0.0 no9thecafe.com.au
 0.0.0.0 no_ip.biz
+0.0.0.0 noahdaconceicao.mom
 0.0.0.0 noahsecures.xyz
 0.0.0.0 noanvaruncorekumar.cf
 0.0.0.0 noblecapitals.net
@@ -11208,6 +11226,7 @@
 0.0.0.0 paulang.online
 0.0.0.0 pauldouglasbooks.com
 0.0.0.0 paulmulleracademico.com
+0.0.0.0 pauloramos.mom
 0.0.0.0 paupabiraftaar.co.in
 0.0.0.0 paverotable.top
 0.0.0.0 pavilionulartistilor.ro
@@ -12077,6 +12096,7 @@
 0.0.0.0 radiotransvidafm.com.br
 0.0.0.0 radiozocalo.com.mx
 0.0.0.0 radiusrussia.ru
+0.0.0.0 rafaeldarosa.xyz
 0.0.0.0 raghle.com
 0.0.0.0 ragsistemas.net
 0.0.0.0 ragsonline.shop
@@ -12458,6 +12478,7 @@
 0.0.0.0 rodneygarcia.boats
 0.0.0.0 rododondast.xyz
 0.0.0.0 rodoplanvix.info
+0.0.0.0 rodrigomonteiro.one
 0.0.0.0 rojadirectaenvivo.fr
 0.0.0.0 rokllofrold29.com
 0.0.0.0 rokllold279.com
@@ -12589,6 +12610,7 @@
 0.0.0.0 rxcoordinator.com
 0.0.0.0 rxp.com
 0.0.0.0 rxprinters.in
+0.0.0.0 ryandacunha.pics
 0.0.0.0 ryanmiles.boats
 0.0.0.0 rybchenko.dev
 0.0.0.0 ryeria.com
@@ -14472,6 +14494,7 @@
 0.0.0.0 thinkgeniux.live
 0.0.0.0 thits.org
 0.0.0.0 thoitrangtreemmytho.com
+0.0.0.0 thomassilveira.cfd
 0.0.0.0 thomdock.com
 0.0.0.0 thondorbird.com
 0.0.0.0 thookedaurce.com
@@ -15579,6 +15602,7 @@
 0.0.0.0 vitanigoldtravelandtours.com
 0.0.0.0 vitenetteservice.com
 0.0.0.0 vitolresourcesinvestment.org
+0.0.0.0 vitorhugodaluz.pics
 0.0.0.0 vitubtiagobuffetme.mobi
 0.0.0.0 vivalafocaccia.com
 0.0.0.0 viveirobompastor.com.br
@@ -16243,6 +16267,7 @@
 0.0.0.0 xierentdvg.top
 0.0.0.0 xietharria.xyz
 0.0.0.0 xihumiha.com
+0.0.0.0 ximbocadaparafuseta.com
 0.0.0.0 ximeiwk.vip
 0.0.0.0 ximilap.top
 0.0.0.0 xinbiquge.net

diff --git a/src/blacklists/ip.txt b/src/blacklists/ip.txt
@@ -5,7 +5,7 @@
 # Contribute: https://github.com/chartingshow/crypto-firewall/issues
 # License: GPL-3.0 license
 #
-# Last modified: 18 May 2024
+# Last modified: 19 May 2024
 #
 
 1.234.2.232
@@ -309,8 +309,6 @@
 149.56.128.192
 149.56.131.28
 149.56.163.161
-15.228.245.103
-15.229.211.175
 150.136.247.202
 150.37.37.18
 150.95.66.124
@@ -657,8 +655,6 @@
 179.61.237.75
 18.213.250.117
 18.215.128.143
-18.231.158.159
-18.231.181.227
 180.214.236.4
 181.118.183.94
 181.129.167.82