Closed ghost closed 6 days ago
ping @iam-py-test for checking and inclusion.
DEAD:
2download.online
adblocker-app.info
adz-skip.net
antivirus-update.shop
download-portal.net
esinenmer.ml
havanese.top
rh3msg.online
shield-ads.net
spazdiet.com
unik-redirect.com
RESOLVABLE:
acdcdn.com
agabreloomr.com
chinnica.net
chromnius.com
crystal-blocker.com
directredirection.com
downloadfilearea.com
eloypatrick.pro
ezadblocker.com
fallstring.website
filehostpro.xyz
get-express-vpn.online
infopicked.com
mendress.icu
mfcewkrob.com
mybetterck.com
mybuzz.fun
myfood.ltd
newtab.page
ourhotposts.com
popblockplus.com
realtime-bid.com
retdaz.fun
simplestar.com
torrent-protection.com
track4ref.com
unik-redirect.site
watchadsfree.com
week-tale.xyz
winluckychance.com
youradexchange.com
@PhoenixFossGR where/how did you find these domains? chromnius.com, downloadfilearea.com, and torrent-protection.com are all listed in both my filterlist and hagezi's threat intelligence list. youradexchange.com has been around for years, and seems to be just a sketchy advertising service. track4ref.com is owned by AdsBridge and is used for hiding referrers. It has it's fair share of abuse, but I do not intend to block it in my list. acdcdn.com seems to be an ad domain used on a variety of websites. chinnica.net, eloypatrick.pro, filehostpro.xyz, infopicked.com, mendress.icu, mybetterck.com, week-tale.xyz, winluckychance.com, and fallstring.website are parked. realtime-bid.com and unik-redirect.site are dead. crystal-blocker.com and watchadsfree.com are online but their malicious extensions have been taken down. mybuzz.fun times out when accessing the homepage (which doesn't mean it's down), and all the websites on it seem old. For now, I am not going to add it, but I am willing to change my mind if it seems to still be in use. retdaz.fun is an adserver. I am looking into the rest, but it may take a while, as I am busy with other things. Thank you
I am examining databases of malicious domains and software, and I watch malware analysis videos where malicious or suspicious domains are shown.
I then collect all the URLs that are opened or redirected to when the user accesses something malicious.
And then I report these URLs to filter lists to help stop the sources of malware and to protect users who use content blockers like uBO and Secure DNS like NextDNS.
I'm sorry if I'm doing something wrong or if I'm wasting your time, I'm not a professional and I do this as a hobby. @iam-py-test
I'm sorry if I'm doing something wrong or if I'm wasting your time, I'm not a professional and I do this as a hobby.
No, it's fine. You are not wasting my time. I'm not a professional either; I do this in my spare time too.
I am examining databases of malicious domains and software, and I watch malware analysis videos where malicious or suspicious domains are shown.
Ok, makes sense. Some of these domains are quite old (i.e. directredirection.com has been doing malicious stuff since 2021, but the malicious subdomain still exists, so it's hard to know if it still in use), so I was just wondering if you were seeing these domains in active use. Please don't take my rejection of certain domains as meaning your methods are "wrong". Thanks
so I was just wondering if you were seeing these domains in active use.
Yes, sometimes I do, and I report them immediately.
Please don't take my rejection of certain domains as meaning your methods are "wrong".
No, no, don't worry. I said that because another maintainer from a different repository told me that I shouldn't report these on filter lists but on URLHaus (which I do too), so I thought I was wrong.
I have reviewed all the domains in this issue report, and have blocklisted those I believe are alive. Please notify me if I missed any. Thank you @PhoenixFossGR
Thank you too @iam-py-test for all your help
Which domain(s) should be blocked?
Why should these domain(s) be blocked?
Some of these links redirect to malware and phishing sites, others install potentially malicious PUPs, and others are simply adware. Almost all of these domains have subdomains, so I recommend blocking the entire domains.