[Adblock Plus 2.0]
! Title: IDN Homograph & Favicon Security List - AdGuard version (MV2)
! Version: v1.1.4
! Expires: 30 days
! Last updated: 2026-02-03
! Description: Security-focused filter list mitigating IDN/Punycode homograph phishing and favicon-based spoofing vectors
! without breaking site functionality.
! Scope: Security filters only, not general ad/tracker blocking.
! Compatible: AdGuard
! Author: TantalusDrive
! Repository: https://github.com/TantalusDrive/Secfilters
! License: CC BY‑NC‑SA 4.0 (see LICENSE file)
! Notes: Includes verified exceptions for major brands/institutions to minimize false positives.
! Inline .svg favicons and same-origin masked favicons are not blocked, these rare edge cases carry minimal risk and attempting to block them would likely cause breakage or false positives.


! --- IDN / Punycode homograph attacks ---
! Punycode domains (document-level)
/^https?:\/\/([a-z0-9-]{1,63}\.)?xn--[a-z0-9-]+\.[a-z]{2,63}(?:[\/?#]|$)/i$document,subdocument,popup

! Punycode in subdomain chains (phishing kits pattern)
/^https?:\/\/([a-z0-9-]+\.){2,}xn--[a-z0-9-]+\.[a-z]{2,63}(?:[\/?#]|$)/i$document,subdocument

! IDN mixed ASCII + Unicode (true homograph signal)
/^(https?:\/\/)(?=[^\/?#]*[A-Za-z])(?=[^\/?#]*[^\x00-\x7F])[^\/?#]+\.(com|net|org)([\/?#]|$)/i$image,subdocument,popup

! Block favicon image loads on Punycode domains
/^https?:\/\/([a-z0-9-]+\.)?xn--[a-z0-9-]+\.[a-z]{2,63}\/.*\.(?:ico|png|svg|jpg|jpeg)(?:[?#]|$)/i$image

! Exceptions: verified global domains, only delegated ccTLD IDN (IANA, ICANN)
@@||xn--lgbbat1ad8j^
@@||xn--y9a3aq^
@@||xn--mgbcpq6gpa1a^
@@||xn--54b7fta0cc^
@@||xn--90ais^
@@||xn--90ae^
@@||xn--fiqs8s^
@@||xn--fiqz9s^
@@||xn--wgbh1c^
@@||xn--e1a4c^
@@||xn--qxa6a^
@@||xn--node^
@@||xn--qxam^
@@||xn--j6w193g^
@@||xn--h2brj9c^
@@||xn--mgbbh1a71e^
@@||xn--fpcrj9c3d^
@@||xn--gecrj9c^
@@||xn--s9brj9c^
@@||xn--xkc2dl3a5ee0h^
@@||xn--45brj9c^
@@||xn--2scrj9c^
@@||xn--rvc1e0am3e^
@@||xn--45br5cyl^
@@||xn--3hcrj9c^
@@||xn--mgbbh1a^
@@||xn--h2breg3eve^
@@||xn--h2brj9c8c^
@@||xn--mgbgu82a^
@@||xn--mgba3a4f16a^
@@||xn--mgbtx2b^
@@||xn--4dbrk0ce^
@@||xn--mgbayh7gpa^
@@||xn--80ao21a^
@@||xn--q7ce6a^
@@||xn--mix082f^
@@||xn--mix891f^
@@||xn--mgbx4cd0ab^
@@||xn--mgbah1a3hjkrd^
@@||xn--l1acc^
@@||xn--mgbc0a9azcg^
@@||xn--d1alf^
@@||xn--mgb9awbf^
@@||xn--mgbai9azgqp6j^
@@||xn--ygbi2ammx^
@@||xn--wgbl6a^
@@||xn--p1ai^
@@||xn--mgberp4a5d4ar^
@@||xn--90a3ac^
@@||xn--yfro4i67o^
@@||xn--clchc0ea0b2g2a9gcd^
@@||xn--3e0b707e^
@@||xn--fzc2c9e2c^
@@||xn--xkc2al3hye2a^
@@||xn--mgbpl2fh^
@@||xn--ogbpf8fl^
@@||xn--kprw13d^
@@||xn--kpry57d^
@@||xn--o3cw4h^
@@||xn--pgbs0dh^
@@||xn--j1amh^
@@||xn--mgbaam7a8h^
@@||xn--mgb2ddes^
@@||xn--fiqz9s^
@@||xn--fiqs8s^
@@||xn--e1a4c^
@@||xn--qxa6a^

! --- Favicons persistent tracking ---
*/favicon.ico$image,third-party
*/favicon.png$image,third-party
*/apple-touch-icon$image,third-party
*/mask-icon$image,third-party

! Exceptions - critical logins / breakage-prone
@@||a.trellocdn.com^$image,third-party
@@||cdn.jsdelivr.net^$image,third-party
@@||cdnjs.cloudflare.com^$image,third-party
@@||unpkg.com^$image,third-party
@@||cloudfront.net^$image,third-party
@@||s3.amazonaws.com^$image,third-party
@@||storage.googleapis.com^$image,third-party
@@||lh3.googleusercontent.com^$image,third-party
@@||sstatic.net^$image,third-party
@@||github.githubassets.com^$image,third-party
@@||static.figma.com^$image,third-party
@@||cfl.dropboxstatic.com^$image,third-party
@@||static2.sharepointonline.com^$image,third-party
@@||statics.office.com^$image,third-party
@@||gstatic.com^$image,third-party
@@||www.google.com/s2/favicons^$image,third-party
@@||gravatar.com^$image,third-party
@@||avatars.githubusercontent.com^$image,third-party
@@||disqus.com^$image,third-party
@@||c.disquscdn.com^$image,third-party
@@||slack-edge.com^$image,third-party
@@||static.cloudflareinsights.com^$image,third-party
@@||akamaihd.net^$image,third-party
@@||xx.fbcdn.net^$image,third-party
@@||azureedge.net^$image,third-party
@@||visualstudio.com^$image,third-party
@@||boxcdn.net^$image,third-party
@@||twimg.com^$image,third-party
@@||cdninstagram.com^$image,third-party