[request] add these adware domains

[realAzazello]

{I investigated several of the source services to SB/h, couldn't confirm if any had these domains. I did confirm 1Hosts has one of them, but since it isn't curated by SB/h, I thought it would be best to request here.}

{I also searched Issues, and (adware + malware), and did not find the domains in either places.}

Karma Shopping Ltd is not only a previously-exposed adware vendor, they keep using malicious practices through exploits of browser extensions even when publicly exposed.

In 2024 Wladimir Palant investigated them, identifying Karma Shopping as the source vendor, using adware exploits via their purchase of "Hide Youtube Shorts" extension: https://palant.info/2024/10/30/the-karma-connection-in-chrome-web-store/

(The original developer confirmed it was Karma Shopping, admitting that he sold the extension to them: https://gist.github.com/c0m4r/45e15fc1ec13c544393feafca30e74de?permalink_comment_id=5298117#gistcomment-5298117)

(In 2025 it was spotted that Karma Shopping relisted "Hide Youtube Shorts" AGAIN on CWS:
https://gist.github.com/c0m4r/45e15fc1ec13c544393feafca30e74de?permalink_comment_id=5448153#gistcomment-5448153)

In 2026 an article was written - https://www.xda-developers.com/google-featuring-chrome-extension-months-malicious/ - about Karma Shopping having purchased another extension, "Save Image as Type" back in 2024, were exploiting it since that time via 'Cookie stuffing' (which is officially illegal in the US, for what little that is worth) - malicious activity just like in the Honey scandal.

They really are quite brazen-- they continue to use at least the same two domains for all these exploits:
kra18.com, karmanow.com

('www.saveimgastype.com' was recently used; but is seemingly dormant. For now.)

So the request is either to include these domains within the base SB/h (adware + malware) -- as many other hosts files curate from here; or suggest which source service(s) would be better to request inclusion, to ensure SB/h picks them up(down?)stream.

We can at least put a kink in Karma Shopping adware by adding the domains to more-commonly-used blocklists, which can then be used in hosts files and mobile VPNs to prevent/reduce exploiting extensions.

[StevenBlack]

Thank you @realAzazello and thanks too Gerd @hagezi for the assist.

I've elected to list domain kra18.com since it's listed elsewhere, easylist among them. This domain is in commit 3a1eee9 and will reflect in the next release.

I'm reluctant to list domain karmanow.com because this appears to be the home page of an established business. Established businesses almost never dish adware, malware, or worse from root their domain. I'll need some evidence they are using their root domain for that, in whole or in part.

Recall that with hosts files, there are no wildcards, and no globs. Each domain in the list needs to be an explicit domain.

[realAzazello]

Thanks! That'll still be helpful. Yup I'm aware of how hosts work, haha. Here's hoping that with more exposure, people will identify other *.kra18.com domains and report them to various lists.

As for karmanow.com I haven't investigated the site but it surely is a legit one for Karma Shopping, as they are an actual business, which at least one of the investigations did determine. It's just unfortunate that their side (main?) hustle is malware! And that they shamelessly use those domains in their badware campaigns.