add TLDs to Anti-Malware List

[yokoffing]

Currently, I use my own list to supplement the Anti-Malware List by blocking extra TLDs. Most of the TLDs I have are from the Spamhaus list (or were on the Spamhaus top 10 list in recent months), new articles, NextDNS, and other lists. I've listed some below.

Instead of maintaining a separate list, I'd like to see the TLDs merged with your list. I'm curious if you'd be interested in adopting these entries.

Which entry/entries are you submitting?

! Abused TLDs
! [1] https://www.spamhaus.org/statistics/tlds/
! [2] https://webtribunal.net/blog/tld-statistics/
! [3] https://github.com/iam-py-test/my_filters_001/blob/main/enhanced_protection.txt
! [4] https://www.bleepingcomputer.com/news/security/verified-twitter-accounts-hacked-to-send-fake-suspension-notices/

||asia^$doc
||associates^$doc
||buzz^$doc
||cam^$doc
||casa^$doc
||ci^$doc
||cn^$doc
||cricket^$doc
||discount^$doc
||financial^$doc
||fit^$doc
||fun^$doc
||icu^$doc
||info^$doc,domain=~aboutads.info|~apowersoft.info|~austria.info|~avascan.info|~blockchain.info|~dnscrypt.info|~germany.info|~monstercock.info|~openbible.info|~pop-planet.info|~privatebin.info|~scammer.info|~spain.info|~steamdb.info|~worldometers.info
||live^$doc
||online^$doc
||rest^$doc
||shop^$doc
||surf^$doc
||tokyo^$doc
||wang^$doc
||webcam^$doc
||win^$doc
||work^$doc

Which things do they block, hide, or unbreak?

Abused TLDs

Which of my lists are you submitting it to?

https://github.com/DandelionSprout/adfilt/blob/master/Dandelion%20Sprout's%20Anti-Malware%20List.txt

Which adblocker(s) and version did you use when writing and testing the entries?

• uBlock Origin
• AdGuard (Paid desktop version)
• AdGuard (Gratis browser versions that aren't Manifest V3 nor Safari)
• AdBlock (Firefox or Manifest V2)
• Adblock Plus (Firefox or Manifest V2)
• AdGuard Home
• Blokada
• I Don't Care About Cookies (The extension)
• AdNauseam

Other(s): NextDNS

Adblocker version(s):

Which filterlists did you use? Failing to tell this will temporarily close the report until it has been told.

https://github.com/yokoffing/filterlists#recommended-filters-for-ublock-origin

(Optional) Which browser(s) and version did you use?

Firefox- uBO
Safari (mobile) - AdGuard

[DandelionSprout]

One thing that I admit is not widely known, is that the TLDs that are used in malware redirections, tend to be very, very different from those listed on at least Spamhaus.

As a result, more than half of the proposed TLD-block entries sadly cannot be added (and certainly not ones like .info, .cn, or .online), while the remainder would need to see visible use by malware sites or redirections before they could viably be included.

I feel I could consider the following ones, but it's not a 100% chance that even they would be added:

||associates^$doc
||discount^$doc
||rest^$doc
||webcam^$doc

[yokoffing]

Thank you for the feedback!

[DandelionSprout]

Having found time for this a bit late, I've now looked into the remaining 4 candidates:

• .associates: A fair bit of use among US law firms. Can't be blocked.
• .discount: Google results for it seem shoddy, and the few sites that seem legitimate are in fact redirects to .com. Can be blocked.
• .rest: Oddly appears to be used by some restaurants. Can't be blocked at the moment.
• .webcam: Rare cases of use by European road services. Can't be blocked at the moment.