hosts icon indicating copy to clipboard operation
hosts copied to clipboard
verified publisher icon StevenBlack

Add BADBOX botnet domains

Open consu opened this issue 6 months ago • 3 comments

This article https://www.humansecurity.com/learn/blog/satori-threat-intelligence-disruption-badbox-2-0/ names some domains connected to the badbox botnet.

In Adblock Plus (ABP) domain syntax (supported by pi-hole):

||badbox2^
||100ulife.com^
||1ztop.work^
||99soya.shop^
||ad3g.com^
||admoyu.com^
||ads-goal.com^
||ai-goal.com^
||apotube.com^
||app-goal.com^
||appclicking.com^
||astrolink.cn^
||bitemores.com^
||bltproxy.com^
||bluefish.work^
||bullet-proxy.com^
||catmore88.com^
||catmos99.com^
||cbphe.com^
||cbpheback.com^
||clickby.net^
||clocksyn.com^
||coslogdydy.in^
||cxlcyy.com^
||cxzyr.com^
||dazzl.vip^
||dc16888888.com^
||dcylog.com^
||dqmop.com^
||duoduodev.com^
||easyjoy.me^
||echojoy.xyz^
||finemob.com^
||firehub.link^
||firehub.work^
||flyermobi.com^
||fuhidd.com^
||g1ee.com^
||giddy.cc^
||goologer.com^
||heygames.club^
||huulog.com^
||huuww.com^
||ipforyou.top^
||ipmoyu.com^
||jasmine.land^
||jolted.vip^
||joyfulxx.com^
||jutux.work^
||logcer.com^
||long.tv^
||meiboot.com^
||meisvip.com^
||moonhub.work^
||motiyu.net^
||moyi88.xyz^
||moyix.com^
||msohu.online^
||msohu.shop^
||mtcpmpm.com^
||mtcprogram.com^
||mtcpuouo.com^
||mymoyu.shop^
||navnow.xyz^
||net-goal.com^
||pccyy.com^
||pcxrl.com^
||pcxrlback.com^
||petrel-ip.com^
||pixelscast.com^
||pixlo.cc^
||pm2za.cc^
||qazwsxedc.xyz^
||qocoll.com^
||qulogger.com^
||randomhow.com^
||retrofitxer.com^
||rzless.work^
||shanhulan.cn^
||simplekds.me^
||soyatea.online^
||sparkjoy.cc^
||supportdatainput.top^
||sustat.com^
||syloger.com^
||sysbinder.com^
||sysbinder.xyz^
||ttyunos.com^
||tuding.xyz^
||tvsnapp.com^
||veezy.site^
||vividweb.work^
||vmud.net^
||wildpettykiwi.com^
||wildpettykiwi.info^
||wildpettykiwi.xyz^
||wotads.com^
||ycxad.com^
||ycxrl.com^
||ycxrldow.com^
||yeyeyeye.xyz^
||yxcrl.com^
||yydsma.com^
||yydsmb.com^
||yydsmd.com^
||yydsmr.com^
||ziyemy.shop^
||ztword.com^
||zxcvbnmasdfghjkl.xyz^

consu avatar Jun 17 '25 09:06 consu

Hello! Thank you for opening your first issue in this repo. It’s people like you who make these host files better!

welcome[bot] avatar Jun 17 '25 09:06 welcome[bot]

Thank you for this @consu. This is an interesting idea.

Presently we don't have a pipeline to be able to import Adblock Plus domain syntas, but maybe we should.

Adblock plus supports wildcards, whereas hosts files don't support wildcards, and never will. So I wonder if adding root domains will even work for most of these.

StevenBlack avatar Jun 17 '25 19:06 StevenBlack

Importing ABP-style rules into Pi-hole would be a big step forward. My sticking point is that the article lists only the top-level domains, so I can’t see every sub-domain that needs to be black-holed.

In my setup Pi-hole is literally the last line of defence: when the malware is baked into the Android ROM, conventional AV tools never even notice the outbound calls. Sometimes the only red flag is a single blocked DNS request in the Pi-hole log.

consu avatar Jun 17 '25 21:06 consu