search

notracking / hosts-blocklists

Automatically updated, moderated and optimized lists for blocking ads, trackers, malware and other garbage
2.31k stars 146 forks source link

More List #242

Closed scafroglia93 closed 4 years ago

scafroglia93 commented 4 years ago

Blog managed by italian infosec researcher https://www.andreadraghetti.it/block-list-e-white-list-per-pi-hole-e-ad-blocker/

Ads https://raw.githubusercontent.com/anudeepND/blacklist/master/adservers.txt (full domain) https://filtri-dns.ga/filtri.txt (full domain)

Malware

notracking commented 4 years ago

https://raw.githubusercontent.com/anudeepND/blacklist/master/adservers.txt - too many false calls https://filtri-dns.ga/filtri.txt - added, though they should not add ips to their hostlist.. https://mirror1.malwaredomains.com/files/justdomains - original is already included https://osint.digitalside.it/Threat-Intel/lists/latestdomains.txt - too many false calls

beerisgood commented 4 years ago

https://raw.githubusercontent.com/anudeepND/blacklist/master/adservers.txt - too many false calls

Any example?

https://mirror1.malwaredomains.com/files/justdomains - original is already included

Which one is the original?

scafroglia93 commented 4 years ago

osint.digitalside.it/Threat-Intel/lists/latestdomains.txt

Sure ? False calls ?

notracking commented 4 years ago

@beerisgood, https://raw.githubusercontent.com/anudeepND/blacklist/master/adservers.txt it did improve though. I do understand that some of these whitelist entries are in the grey area.

0.0.0.0 loggly.com
0.0.0.0 arc.msn.com
0.0.0.0 vidible.tv
0.0.0.0 assets.adobedtm.com
0.0.0.0 c.evidon.com
0.0.0.0 v20.vortex-win.data.microsoft.com
0.0.0.0 v10.vortex-win.data.microsoft.com
0.0.0.0 etl.tindersparks.com
0.0.0.0 hello.myfonts.net
0.0.0.0 s.click.aliexpress.com
0.0.0.0 yui.yahooapis.com
0.0.0.0 msedge.net
0.0.0.0 v10.vortex-win.data.microsoft.com
0.0.0.0 v10.events.data.microsoft.com
0.0.0.0 jwpltx.com
0.0.0.0 bestfwdservice.com
0.0.0.0 s0.2mdn.net
0.0.0.0 graph.instagram.com
0.0.0.0 schibsted.io
0.0.0.0 sentry.io
0.0.0.0 hockeyapp.net
0.0.0.0 cdns.gigya.com
0.0.0.0 s.zkcdn.net
0.0.0.0 manifest.auditude.com
0.0.0.0 cdn-gl.imrworldwide.com
0.0.0.0 seccdn-gl.imrworldwide.com

https://mirror1.malwaredomains.com/files/justdomains, see: http://malwaredomains.lehigh.edu/files/BOOT

@scafroglia93: As explained before, hosts files that are based on malware url's are tricky and should mostly be used in detection systems. I would like to avoid having to whitelist sites like pastebin.com cdn.discordapp.com googleusercontent.com etc.

scafroglia93 commented 4 years ago

don't worry, the second one was mantained manually.

It's not a honeypot of host, you can add it without any issue

osint.digitalside.it/Threat-Intel/lists/latestdomains.txt

beerisgood commented 4 years ago

https://mirror1.malwaredomains.com/files/justdomains, see: http://malwaredomains.lehigh.edu/files/BOOT

Well the "original" then doesn't use TLS: https://www.ssllabs.com/ssltest/analyze.html?d=malwaredomains.lehigh.edu so i stay with the mirror

notracking commented 4 years ago

@scafroglia93, it's good that it's manually maintained, but their moderation policy does not match ours if they include hosts as described in my previous reply. I will not add this one.

@beerisgood , I do trust my upstream providers not to inject/manipulate anything but I will update it!