From c45145756dbeabcf158d5e3e5de8b9af77142ac7 Mon Sep 17 00:00:00 2001
From: Joseph Goydish II <josephgoyd@proton.me>
Date: Wed, 10 Dec 2025 18:23:29 -0500
Subject: [PATCH] Add files via upload

---
 blocklist.csv | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 blocklist.csv

diff --git a/blocklist.csv b/blocklist.csv
new file mode 100644
index 0000000..0c8c886
--- /dev/null
+++ b/blocklist.csv
@@ -0,0 +1,20 @@
+type,value,first_seen,confidence,action,notes
+domain,github.stormbreaker.pro,2025-12-07,High,monitor_block,Primary suspected C2 (observed repeatedly)
+domain,stormbreaker.pro,2025-12-07,High,monitor_block,C2 variant
+domain,kaylees.site,2025-12-09,High,monitor_block,Secondary C2 / proxy
+domain,pir.kaylees.site,2025-12-09,High,monitor_block,Relay/variant
+domain,spple.cf,2025-12-09,Medium,monitor,Typosquat / possible phishing
+domain,apple.cf,2025-12-09,Medium,monitor,Typosquat / impersonation risk
+domain,pstack.cf,2025-12-09,High,monitor_block,DNS queries observed in telemetry
+domain,e.zip,2025-12-09,High,monitor_block,Download/payload host observed
+domain,com.apple.pro,2025-12-09,Medium,monitor,Impersonation-like domain
+domain,com.apple.online,2025-12-09,Medium,monitor,Impersonation-like domain
+domain,modes.ga,2025-12-09,Medium,monitor,Observed in related telemetry
+domain,quikit.ru,2025-12-09,Medium,monitor,Possible typosquat
+domain,cs.cf,2025-12-09,Medium,monitor,Suspicious free-TLD domain
+domain,authoriz.gq,2025-12-09,Medium,monitor,Suspect domain
+domain,photod.cn,2025-12-09,Medium,monitor,Suspect domain
+domain,nthropic.cn,2025-12-09,Medium,monitor,Suspect domain
+domain,caller-id.ru,2025-12-09,Medium,monitor,Suspect domain
+domain,family.cn,2025-12-09,Medium,monitor,Suspect domain
+domain,ios.ml,2025-12-09,Medium,monitor,Suspect domain
\ No newline at end of file