Forgot to cpmmit this yesterday

Includes a fix for hagezi/dns-blocklists#1327, durablenapkin/scamblocklist#58, hagezi/dns-blocklists#409, hagezi/dns-blocklists#1330
iam-py-test · Jul 21, 2023 · c0c1ae4 · c0c1ae4
1 parent 619dd44
commit c0c1ae4
Show file tree

Hide file tree

Showing 5 changed files with 87 additions and 10 deletions.
diff --git a/anti-redirectors.txt b/anti-redirectors.txt
@@ -4,10 +4,9 @@
 ! Homepage: https://github.com/iam-py-test/my_filters_001
 ! Please report false positives & unblocked domains to me using the GitHub or GitLab (urls below). Thanks!
 ! Expires: 1 day
-! Last updated: 13/6/2023
+! Last updated: 20/7/2023
 ! Issues url: https://github.com/iam-py-test/my_filters_001/issues
 ! GitLab issues url (not checked as often): https://gitlab.com/iam-py-test/my_filters_001/-/issues
-! If you want shorter urls, check out DandelionSprout's Actually Legitimate URL Shortener Tool at https://raw.githubusercontent.com/DandelionSprout/adfilt/master/LegitimateURLShortener.txt
 
 ! Google redirects
 ||google.*/url?$document
@@ -412,6 +411,7 @@ youtube.com##+js(href-sanitizer,a[href*="https://www.youtube.com/redirect"], ?q)
 
 ! "shorte.st"
 ||sh.st^$document
+||ceesty.com^$document
 
 ! seem in use by malware
 ||cli.re^$document
@@ -568,3 +568,7 @@ youtube.com##+js(href-sanitizer,a[href*="https://www.youtube.com/redirect"], ?q)
 
 ! https://github.com/hagezi/dns-blocklists/issues/1313
 ||clk.asia^$document
+
+! not my analysis: https://app.any.run/tasks/5bc3d455-486d-4d74-9cae-557eeaf69f27/
+! my analysis: https://app.any.run/tasks/fc24d271-a114-4c43-b99b-8bf8e9f6c704
+||shre.su^$document
diff --git a/antidynamicdns.txt b/antidynamicdns.txt
@@ -320,6 +320,8 @@
 ||nsupdate.info^$document
 ||sieraddns.com^$document
 ||xddns.de^$document
+||dnsmax.com^$document
+||thatip.com^$document
 ! https://help.dyn.com/list-of-dyn-dns-pro-remote-access-domain-names/
 ||at-band-camp.net^$document
 ||ath.cx^$document

diff --git a/antimalware.txt b/antimalware.txt
@@ -3710,7 +3710,7 @@
 ! https://www.virustotal.com/gui/file/2ea599605c4d65902943f12e1114a71af7a40fa7dffbf018b0ee3e7a61aaeaa3/community
 ||dl02.s3.amazonaws.com/installers/424531/2gzbsoj4gxb.exe^$all
 
-! https://forums.malwarebytes.com/topic/281264-malware-bytes-scam-number-1-315-996-0560/?_fromLogin=1
+! https://forums.malwarebytes.com/topic/281264-malware-bytes-scam-number-1-315-996-0560/
 ||tradeford.com/us853558/malwarebytes-customer-service-1-315-996-o56o_p1049357.html^$all
 
 ! https://github.com/DandelionSprout/adfilt/pull/395
@@ -3914,7 +3914,6 @@
 
 ! https://forums.malwarebytes.com/topic/281893-discord-account-stealer/
 ||drive.google.com/file/d/1lvkYzenTwpcsl7vjsbds1J7MKSFxv-4D/view^$document
-||doc-0s-6k-docs.googleusercontent.com/docs/securesc/rfercc3a76jeult4d0h2382iop9rvhs7/bkokfcop5q4c5nh6ab7ua8fqrvfhqbut/1639701150000/13045886741651917350/15048584419024227515Z/1lvkYzenTwpcsl7vjsbds1J7MKSFxv-4D?e=download&nonce=m87re19eg7bia&user=15048584419024227515Z&hash=e46r3l57308v862803q96485oi1sd2jp^$all
 
 ! https://forums.malwarebytes.com/topic/281936-malware-campaing-distribuition-malicious-link/
 ||10dimensions.com^$all
@@ -4214,9 +4213,6 @@
 ! https://github.com/uBlockOrigin/uAssets/issues/11574
 ||rutracker-org.appspot.com^$all
 
-! https://scammer.info/t/forza-discord-server-hacked/90265
-||program-moderator.com^$all
-
 ! https://www.virustotal.com/gui/url/c25fe34c05cc8e9136027a67c277e175a5d6e35af921ee37bad98bdfeea6a2f9/community
 ||6201375e287cc50016414168.2go.me^$all
 ||splendid-fallacious-anaconda.glitch.me^$all
@@ -7798,7 +7794,6 @@
 ||95.216.94.138^$all
 
 ! malware download
-||goharpc.com^$all
 ||kellmda.click^$all
 
 ! many malware YouTube videos
@@ -7818,6 +7813,54 @@
 ! https://www.bleepingcomputer.com/news/security/hackers-exploiting-critical-wordpress-woocommerce-payments-bug/
 ||194.169.175.93^$all
 
+! https://github.com/hagezi/dns-blocklists/issues/1327
+||bgrfmi.com^$all
+||bpdnct.com^$all
+||bphfmm.com^$all
+||eweukr.com^$all
+||gycqna.com^$all
+||hcafpg.com^$all
+||ingzhe.com^$all
+||irtvro.com^$all
+||jggjh.com^$all
+||mnawew.com^$all
+||nlxini.com^$all
+||nvcrcf.com^$all
+||qmsvnh.com^$all
+||ritedn.com^$all
+||rrtype.com^$all
+||vgrcxa.com^$all
+||vgsksc.com^$all
+||whcfmp.com^$all
+||xyzgnc.com^$all
+||ybcgju.com^$all
+||jhzhis.com^$all
+||udwuyw.com^$all
+||zayatr.com^$all
+
+! https://forums.malwarebytes.com/topic/300362-rtp-detection-trojan-blocked-website/
+||ve2fjo6twajohak.top^$all
+
+! https://forums.malwarebytes.com/topic/300300-inbound-connections-attempts-sfc-found-corrupt-files-am-i-infected/
+||zappiehost.com^$all
+||tchangway.hk^$all
+
+! https://www.virustotal.com/gui/url/044d4e3d1e58f48e42cfb936d6ce3ab244bc85b8f0b1d5a84f3916584156bbd2/community
+! my analysis: https://app.any.run/tasks/9ead09a0-6f56-477b-8a27-9a85c5a803e6
+||bafkreibm2c232v5uuz7vkxcdkwdjye6oaoasxg5zkye7y3oyodm6olulou.ipfs.dweb.link^$all
+||lkalzzop.online^$all
+
+! https://www.virustotal.com/gui/url/1696219caa54a048bb1fa0c1e95aaf80b7336ddcbdcca5a2c24ae2847a62cd03/community
+! https://app.any.run/tasks/bce8c275-c977-46ee-bf0b-df5b0d9b2386
+||softwarextra.com^$all
+! https://tria.ge/230720-29xy6sba84/behavioral1
+||tds-packages-update.com^$all
+||168.119.178.159^$all
+
+! https://www.virustotal.com/gui/url/b3657b1279397010fa1735997ddd8605ff2093d50147387b5bf2ef5abace0509/community
+! my analysis: https://tria.ge/230720-3lb78sbb48/behavioral1
+||tracking-express-ups.com^$all
+
 ! ---- Scams ----
 
 ! websites pretending to be related to uBlock Origin - the real uBlock Origin is at https://github.com/gorhill/uBlock
@@ -14372,6 +14415,27 @@
 ! scam? notification spam & weird pharmaceutical ads
 ||us-trendingtoday.com^$document,popup
 
+! https://tria.ge/230718-vydmtscf83/behavioral1
+||truebuyerreview.com^$all
+||areyourealhuman.com^$all
+||cdn.areyourealhuman.com^$all
+
+! not my analysis: https://app.any.run/tasks/5bc3d455-486d-4d74-9cae-557eeaf69f27/
+! my analysis: https://app.any.run/tasks/fc24d271-a114-4c43-b99b-8bf8e9f6c704
+||eu.gtrxlnd7.com^$all
+||gtrxlnd7.com^$document
+
+! https://github.com/durablenapkin/scamblocklist/issues/58
+! https://github.com/hagezi/dns-blocklists/issues/1330
+||hotdebrid.com^$document
+||debridlink.com^$document
+||maxdebrid.com^$document
+! https://github.com/hagezi/dns-blocklists/issues/409
+||anydebrid.com^$document
+
+! https://tria.ge/230720-3qya9sbh2t/behavioral2
+||performintenselydevelopedinfo-product.info^$all
+
 ! ---- PUPs ----
 
 ! https://www.virustotal.com/gui/url/c7e3137c4baaad64dcbbafd1938f581f264944fa1e2c1aa1ebcff77ed2959082/links
@@ -14386,6 +14450,7 @@
 ! https://malwaretips.com/threads/total-av-is-it-a-scam.80362/
 ! https://github.com/uBlockOrigin/uAssets/issues/9355
 ! https://github.com/notracking/hosts-blocklists/issues/756#issuecomment-1172973042
+! https://tria.ge/230720-3qya9sbh2t/behavioral2
 ! *many* deceptive ads
 ||totalav.com^$all
 ||www.totalav.com^$all
@@ -14922,7 +14987,7 @@
 ||start.pdfsharkapp.com^$document
 ||searchmagiconline.com^$document
 ||start.searchmagiconline.com^$document
-||pdfsuperhero.com^$document
+||pdfsuperhero.com^$all
 ||stats.pdfsuperhero.com^$all
 ||bl.searchpoweronline.com^$document
 
@@ -15167,7 +15232,6 @@
 ||ratefinaukncei.info^$all
 
 ! adware
-||pdfsuperhero.com^$all
 ||pdfsuperhero.azureedge.net^$all
 ||pdfconverty.com^$all
 

diff --git a/special_lists/google-safe-browsing-reverse-engineered.txt b/special_lists/google-safe-browsing-reverse-engineered.txt
@@ -116,3 +116,5 @@
 ||votre-authentification-sg.com^$all
 ||dhl-support-colis.com^$all
 ||reconnections-mabanque.com^$all
+! as of 20/7/2023 (https://www.virustotal.com/gui/domain/americafirsta.top/community)
+||americafirsta.top^$all
diff --git a/wiki/fix-browser-problem.md b/wiki/fix-browser-problem.md
@@ -129,6 +129,11 @@ Windows:
  - Would recommend you go into the settings and turn off "Scan for Tracking Cookies". These are **not malware** and clutter up the scan results. It is better to [manage cookies from your browser's settings](#clear-browser-cache-and-cookies) rather than using 3rd-party tools, and it is even better to block trackers rather than just removing tracking cookies after the fact.
 - Malwarebytes: https://www.malwarebytes.com/mwb-download/thankyou
  - You **do not** need to buy it! The free version can remove malware just as well as the paid one.
+ - It will come with a trial version:
+ - The real-time protection may confict with your security software:
+ - You can disactivate the trial: https://support.malwarebytes.com/hc/en-us/articles/360040972954-Deactivate-Premium-Trial-in-Malwarebytes-for-Windows
+ - You can turn off real-time protection: https://support.malwarebytes.com/hc/en-us/articles/360038984793 (if you don't want the real time protection, you are better off disactivating the trial. The only downside is that you will never be able to use the trial again)
+ - Or if you want the real time protection (which **is not needed to clean your system**), you can exclude Malwarebytes from your security software and vice versa: https://support.malwarebytes.com/hc/en-us/articles/360038522974-Malwarebytes-for-Windows-antivirus-exclusions-list
  - You do not need to do a custom scan of your entire C:\ drive. The threat scan is enough
  - I would strongly recommend you unregister it from the Windows Security Center, as to avoid disabling Windows Defender
  - While the default scan settings are enough for normal usage, I would recommend enabling the "Scan for rootkits" option on infected systems: https://support.malwarebytes.com/hc/articles/360038984953-Security-settings-in-Malwarebytes-for-Windows