`rb[.]gy` malware

[iam-py-test]

Which entry/entries are you submitting?

rb.gy$all

Which things do they block, hide, or unbreak?

Malware. I almost visited this malware domain See https://www.virustotal.com/gui/url/7578d777e3d90395f61d6726736f94008723e4b380a2072c284de4f6cd130252/detection https://www.virustotal.com/gui/url/5183f1e5f46b286a4967708955d1dda769244e3c309a73a96da8c1b0e99a7417/detection https://www.virustotal.com/gui/domain/free-url-shortener.rb.gy/detection https://www.virustotal.com/gui/domain/rb.gy/detection https://transparencyreport.google.com/safe-browsing/search?url=rb.gy https://www.urlvoid.com/scan/rb.gy/ https://www.mywot.com/en/scorecard/rb.gy https://sitecheck.sucuri.net/results/rb.gy https://quttera.com/detailed_report/rb.gy https://github.com/iam-py-test/my_filters_001/commit/657e0d119d3ed858838ecf9f27a9ed3fc5ca787d https://www.phishtank.com/phish_detail.php?phish_id=6920790 https://safeweb.norton.com/report/show?url=rb.gy is reviewing it and may update the rating to phishing Top result on https://duckduckgo.com/?q=url+shortener+free&ia=web

Redirect detective shows some pages redirect to https://free-url-shortener.rb.gy/, which is what I originally scanned

Which of my lists are you submitting it to?

Antimalware

Which adblocker(s) and version did you use when writing and testing the entries?

• [X] uBlock Origin
• [ ] AdGuard (Paid desktop version)
• [ ] AdGuard (for browsers)
• [ ] AdBlock
• [ ] Adblock Plus
• [ ] AdGuard Home
• [ ] Blokada
• [ ] I Don't Care About Cookies (The extension)

Other(s):

Adblocker version(s):uBlock Origin development build v1.35.3b7

Which filterlists did you use? Failing to tell this will temporarily close the report until it has been told.

(Optional) Which browser(s) and version did you use?

Microsoft Edge Version 91.0.864.37 (Official build) (64-bit)

[iam-py-test]

😕

@llacb47 what do you mean?

[liamengland1]

It's a url shortener. URL shorteners should be treated with caution, but again, you provided no actual links with malware or even any suspicious links and just linked a bunch of heuristic malware checkers that should not be relied upon.

IMO this report has no actual value.

[iam-py-test]

It's a url shortener. URL shorteners should be treated with caution, but again, you provided no actual links with malware or even any suspicious links and just linked a bunch of heuristic malware checkers that should not be relied upon.

IMO this report has no actual value.

This domain was flagged by several antivirus providers.

[iam-py-test]

Rescanned just now

[iam-py-test]

Further investigation shows the domain is safe, but provides no way to report abuse.

[iam-py-test]

@llacb47 Sorry for (yet again) wasting your time. Is there a way to delete this issue?

[DandelionSprout]

I'm inclined to believe it's a general shortener-redirection service as well. There are filterlists dedicated to blocking such (although they're not always well maintained), so there's no critical immediate need for me to block them: • https://dsi.ut-capitole.fr/blacklists/download/shortener.tar.gz • https://raw.githubusercontent.com/cbuijs/shallalist/master/urlshortener/domains

Owner repos (In this case me) are able to delete reports, but I'll leave this report non-deleted overnight to ensure that this explanation of the deletion feature is being read.

Also of note, is that even if llacb47 may occasionally seem intimidating to newcomers, I generally look into and research all reports I get from anyone.

[iam-py-test]

@DandelionSprout would you mind not deleting this issue? I have referenced it in my Repo so deleting it would break that

[DandelionSprout]

I will heed that request of not deleting this report.

[iam-py-test]

@DandelionSprout is there a procedure I should follow before posting an issue? (Considering this issue, https://github.com/DandelionSprout/adfilt/issues/190 turned out to not be malware)