search

hagezi / dns-blocklists

DNS-Blocklists: For a better internet - keep the internet clean!
GNU General Public License v3.0
4.7k stars 150 forks source link

Malware, adware, PUPs & scams #2985

Closed ghost closed 6 days ago

ghost commented 1 week ago

Which domain(s) should be blocked?

acdcdn.com
chromnius.com
retdaz.fun
mfcewkrob.com
myfood.ltd
mendress.icu
2download.online
downloadfilearea.com
mybetterck.com
havanese.top
agabreloomr.com
youradexchange.com
torrent-protection.com
week-tale.xyz
ourhotposts.com
winluckychance.com
fallstring.website
esinenmer.ml
crystal-blocker.com
shield-ads.net
watchadsfree.com
adz-skip.net
download-portal.net
rh3msg.online
adblocker-app.info
filehostpro.xyz
ezadblocker.com
eloypatrick.pro
chinnica.net
simplestar.com
realtime-bid.com
antivirus-update.shop
unik-redirect.com
unik-redirect.site
infopicked.com
get-express-vpn.online
track4ref.com
mybuzz.fun
spazdiet.com
directredirection.com
newtab.page
popblockplus.com

Why should these domain(s) be blocked?

Some of these links redirect to malware and phishing sites, others install potentially malicious PUPs, and others are simply adware. Almost all of these domains have subdomains, so I recommend blocking the entire domains.

hagezi commented 1 week ago

ping @iam-py-test for checking and inclusion.

DEAD:

2download.online
adblocker-app.info
adz-skip.net
antivirus-update.shop
download-portal.net
esinenmer.ml
havanese.top
rh3msg.online
shield-ads.net
spazdiet.com
unik-redirect.com

RESOLVABLE:

acdcdn.com
agabreloomr.com
chinnica.net
chromnius.com
crystal-blocker.com
directredirection.com
downloadfilearea.com
eloypatrick.pro
ezadblocker.com
fallstring.website
filehostpro.xyz
get-express-vpn.online
infopicked.com
mendress.icu
mfcewkrob.com
mybetterck.com
mybuzz.fun
myfood.ltd
newtab.page
ourhotposts.com
popblockplus.com
realtime-bid.com
retdaz.fun
simplestar.com
torrent-protection.com
track4ref.com
unik-redirect.site
watchadsfree.com
week-tale.xyz
winluckychance.com
youradexchange.com
iam-py-test commented 1 week ago

@PhoenixFossGR where/how did you find these domains? chromnius.com, downloadfilearea.com, and torrent-protection.com are all listed in both my filterlist and hagezi's threat intelligence list. youradexchange.com has been around for years, and seems to be just a sketchy advertising service. track4ref.com is owned by AdsBridge and is used for hiding referrers. It has it's fair share of abuse, but I do not intend to block it in my list. acdcdn.com seems to be an ad domain used on a variety of websites. chinnica.net, eloypatrick.pro, filehostpro.xyz, infopicked.com, mendress.icu, mybetterck.com, week-tale.xyz, winluckychance.com, and fallstring.website are parked. realtime-bid.com and unik-redirect.site are dead. crystal-blocker.com and watchadsfree.com are online but their malicious extensions have been taken down. mybuzz.fun times out when accessing the homepage (which doesn't mean it's down), and all the websites on it seem old. For now, I am not going to add it, but I am willing to change my mind if it seems to still be in use. retdaz.fun is an adserver. I am looking into the rest, but it may take a while, as I am busy with other things. Thank you

ghost commented 1 week ago

I am examining databases of malicious domains and software, and I watch malware analysis videos where malicious or suspicious domains are shown.

I then collect all the URLs that are opened or redirected to when the user accesses something malicious.

And then I report these URLs to filter lists to help stop the sources of malware and to protect users who use content blockers like uBO and Secure DNS like NextDNS.

I'm sorry if I'm doing something wrong or if I'm wasting your time, I'm not a professional and I do this as a hobby. @iam-py-test

iam-py-test commented 1 week ago

I'm sorry if I'm doing something wrong or if I'm wasting your time, I'm not a professional and I do this as a hobby.

No, it's fine. You are not wasting my time. I'm not a professional either; I do this in my spare time too.

I am examining databases of malicious domains and software, and I watch malware analysis videos where malicious or suspicious domains are shown.

Ok, makes sense. Some of these domains are quite old (i.e. directredirection.com has been doing malicious stuff since 2021, but the malicious subdomain still exists, so it's hard to know if it still in use), so I was just wondering if you were seeing these domains in active use. Please don't take my rejection of certain domains as meaning your methods are "wrong". Thanks

ghost commented 6 days ago

so I was just wondering if you were seeing these domains in active use.

Yes, sometimes I do, and I report them immediately.

Please don't take my rejection of certain domains as meaning your methods are "wrong".

No, no, don't worry. I said that because another maintainer from a different repository told me that I shouldn't report these on filter lists but on URLHaus (which I do too), so I thought I was wrong.

iam-py-test commented 6 days ago

I have reviewed all the domains in this issue report, and have blocklisted those I believe are alive. Please notify me if I missed any. Thank you @PhoenixFossGR

ghost commented 6 days ago

Thank you too @iam-py-test for all your help