FileCR.com being blocked by Hagezi Normal and Pro

XBadFellaX commented 6 months ago

Which AdBlocker/DNS cloud service do you use?

AdGuard, ControlD

Other

No response

ControlD users

[X] IMPORTANT - I assure that I have not set the Block Response in ControlD to Custom or Branded and can confirm that the problem still occurs.

NextDNS users

[ ] IMPORTANT - I can assure that I disabled the block page in NextDNS and can confirm that the problem still occurs.

With which block list(s) does the problem occur?

Multi NORMAL, Multi PRO

Which domain(s) should be unblocked?

filecr.com

Why should the domain(s) be unblocked?

Its a website that provides software and it used to work until yesterday.

github-actions[bot] commented 6 months ago

Thank you for your support. The domain(s) has/have been added to the allowlist and will be removed with the next full release at the latest. A full release is usually performed every 24 hours.

hagezi commented 6 months ago

FYI: @MIOGMIOG

MIOGMIOG commented 6 months ago

I want to note that some uploads on FileCR have ~~(maybe unintentionally?)~~ actual malware files so be careful about that https://rentry.co/filecr_malware https://rentry.co/scurvy_malware https://www.reddit.com/search/?q=filecr

thecatontheceiling commented 6 months ago

definitely not unintentional

XBadFellaX commented 6 months ago

I want to note that some uploads on FileCR have ~(maybe unintentionally?)~ actual malware files so be careful about that https://rentry.co/filecr_malware https://rentry.co/scurvy_malware https://www.reddit.com/search/?q=filecr

Thanks Miogmiog, I agree that some programs can contain malware on the website; but I would assume that the user of the website would be well aware of that fact, with myself being a user as well. I am not sure if it should be blocked by DNS based on some of the programs that the website offers containing malware, as the website does not predominantly spread malware unless they are categorized as the same in the block lists criteria. I just requested it to be allowed as I access it a lot, but the final decision is over to you guys.

thecatontheceiling commented 6 months ago

"the website hosts malware but the website itself isn't malware" if it's distributing malware, the site is unsafe for ALL usecases.

hagezi commented 6 months ago

That's a two-edged sword, anyone who uses such sites must reckon with malware. From my point of view, this should be blocked in the TIF, but the masses see it differently. Malware can also be found in APKs on APK pages, which I would then also have to block, which would lead to an outcry. I've had this topic before. Of course, if the site predominantly ‘spreads’ malware in the downloads, then it should be blocked. The site is on all the top 1M lists, so it is very popular and widely used.

Currently ‘something like that’ is only blocked in the anti-piracy blocklist.

@xRuffKez, what is your opinion on this?

Security report (no flags/not blocked):

Domain:
 - filecr.com      OK

Malware/Phishing/Scam:
 - Threat?
   HaGeZi.TIF      NO
   HaGeZi.TIF.RAW  NO
   ThreatFox       NO
   URLhaus         NO
   ThreatView      NO
   USOM            NO
   CERT.PL         NO

 - Scam/Phishing?
   Phishing.Army   NO
   PT/OP/PH        NO
   Jarelllama SCAM NO

 - NRD?
   NRD 10          NO
   NRD 30          NO

Top 1M:
 - Umbrella:       YES
 - Cloudflare:     YES
 - Tranco:         YES
 - Majestic:       YES
 - BuiltWith:      NO
 - Chrome:         YES

Top 10M:
 - DOMCOP:         YES

Secure DNS:
 - 360Secure       OK
 - AliDNS          OK
 - CFIEC           OK
 - CleanBrowsing   OK
 - Cloudflare      OK
 - ComodoSecure    OK
 - CONTROLD.TIF    OK
 - DNS0.eu         OK
 - DNS0.eu.ZERO    OK
 - DNSWatchGO      OK
 - HaGeZi.TIF      OK
 - Neustar         OK
 - NextDNS.TIF_AI  OK
 - NortonCS        OK
 - NRD.DGA.IDN     OK
 - Quad9           OK
 - SafeDNS         OK
 - UltraDNS        OK
 - Umbrella        OK
 - YandexSafe      OK

Blocklists:
 - 1Hosts.Lite     OK
 - 1Hosts.Mini     OK
 - 1Hosts.Pro      OK
 - AdGuardDNS      OK
 - CONTROLD.AT     OK
 - DevDansHosts    OK
 - EasyList        OK
 - GoodbyeAds      OK
 - HaGeZi.LIGHT    OK
 - HaGeZi.NORMAL   OK
 - HaGeZi.PRO      OK
 - HaGeZi.PRO.PLUS OK
 - HaGeZi.TIF      OK
 - HaGeZi.ULTIMATE OK
 - hBlock          OK
 - NextDNS.AT      OK
 - OISD.Big        OK
 - OISD.Small      OK
 - QuidsUp.NOTRACK OK
 - StevenBlack     OK

Intels:
 - Google          https://transparencyreport.google.com/safe-browsing/search?url=filecr.com
 - VirusTotal      https://www.virustotal.com/en/domain/filecr.com/information/
 - AlienVault      https://otx.alienvault.com/indicator/domain/filecr.com
 - Bitdefender     https://trafficlight.bitdefender.com/info/?url=https%3A%2F%2Ffilecr.com
 - FortiGuard      https://www.fortiguard.com/webfilter?q=filecr.com&type=&engine=1
 - Kaspersky       https://opentip.kaspersky.com/filecr.com?tab=web
 - McAfee          https://siteadvisor.com/sitereport.html?url=filecr.com
 - Norton          https://safeweb.norton.com/report/show?url=filecr.com
 - OpenDNS         https://domain.opendns.com/filecr.com
 - URLVoid         https://www.urlvoid.com/scan/filecr.com/
 - Yandex          https://yandex.com/safety/?l10n=en&url=filecr.com
 - ThreatMiner     https://www.threatminer.org/domain.php?q=filecr.com

hagezi / dns-blocklists