Lists icon indicating copy to clipboard operation
Lists copied to clipboard
verified publisher icon blocklistproject

Invalid entries on abuse list

Open pallebone opened this issue 2 years ago • 7 comments

Hi there,

Pihole reports invalid entries:

[i] Target: https://blocklistproject.github.io/Lists/abuse.txt [✓] Status: No changes detected [✓] Parsed 435166 exact domains and 0 ABP-style domains (ignored 11 non-domain entries) Sample of non-domain entries: - "securelogin.paypal.it.webapps.mpp.home.autenticazione.2oflranvbs3drvbmwvj2afac0dybr9qinmkumyfng8gnth1q4ah4fi6ecuft.jafinafara.f" - "securelogin.paypal.it.webapps.mpp.home.autenticazione.alh5zrdnvj7gdymtzxhyea6dsbap6co6om1edtrodnv8c8rsvyg1pb4id5n0.jafinafara.f" - "securelogin.paypal.it.webapps.mpp.home.autenticazione.cfrsfp8hcpkwdzsetpo8vir0wi1t64yyfq5knbn4ckw231kifi4nz3a9st5m.jafinafara.f" - "securelogin.paypal.it.webapps.mpp.home.autenticazione.cybgzbqmymjbfcvgdi7aqceiao6d7yfvzclrsxf5whay3gcbddhg8lo81jax.jafinafara.f" - "securelogin.paypal.it.webapps.mpp.home.autenticazione.gx86fkitocomhes0vfdqv6d1hpsyoxzulwqr8oalqooyt7xfbrwwmznue6it.jafinafara.f"

Kind regards Peter

pallebone avatar Jun 03 '23 17:06 pallebone

[i] Target: https://blocklistproject.github.io/Lists/malware.txt [✓] Status: No changes detected [✓] Parsed 435272 exact domains and 0 ABP-style domains (ignored 12 non-domain entries) Sample of non-domain entries: - "protection201-account.6827-update.team.com8serv1130.webs001231cr-cm-lgin-submmit-id99-l0gin-submito9-id.ppi11781-lo0gin-loogiin-" - "securelogin.paypal.it.webapps.mpp.home.autenticazione.2oflranvbs3drvbmwvj2afac0dybr9qinmkumyfng8gnth1q4ah4fi6ecuft.jafinafara.f" - "securelogin.paypal.it.webapps.mpp.home.autenticazione.alh5zrdnvj7gdymtzxhyea6dsbap6co6om1edtrodnv8c8rsvyg1pb4id5n0.jafinafara.f" - "securelogin.paypal.it.webapps.mpp.home.autenticazione.cfrsfp8hcpkwdzsetpo8vir0wi1t64yyfq5knbn4ckw231kifi4nz3a9st5m.jafinafara.f" - "securelogin.paypal.it.webapps.mpp.home.autenticazione.cybgzbqmymjbfcvgdi7aqceiao6d7yfvzclrsxf5whay3gcbddhg8lo81jax.jafinafara.f"

pallebone avatar Jun 03 '23 17:06 pallebone

[i] Target: https://blocklistproject.github.io/Lists/phishing.txt [✓] Status: No changes detected [✓] Parsed 190229 exact domains and 0 ABP-style domains (ignored 6 non-domain entries) Sample of non-domain entries: - "blog.btdeployments.cu.m" - "www.barclaycard.co.uk-personal-codeb6259568de39651d7a-login.id-107sbtd9cbhsbtd5d80a13c0db1f546757jnq9j5754675780483825.exaways.c" - "www.https.portale-titolari-nexi-italia-online-verifica-nexi.it.infomazione.nexi-identita.conto.nexi.bp2ip.dayasinergibisnis.co.i" - "www.login.microsoftonline.com.common.oauth2.authorize.clientid4345a7b9.9a63.4910.a426-35363201d503.response.spreadsheetlimited.c" - "www.login.microsoftonline.com.common.oauth2.authorize.clientid4345a7b99a634910a42635363201d503.response.mode.form.postresponse.t"

pallebone avatar Jun 03 '23 17:06 pallebone

[i] Target: https://blocklistproject.github.io/Lists/abuse.txt [✓] Status: No changes detected [✓] Parsed 435166 exact domains and 0 ABP-style domains (ignored 11 non-domain entries) Sample of non-domain entries: - "securelogin.paypal.it.webapps.mpp.home.autenticazione.2oflranvbs3drvbmwvj2afac0dybr9qinmkumyfng8gnth1q4ah4fi6ecuft.jafinafara.f" - "securelogin.paypal.it.webapps.mpp.home.autenticazione.alh5zrdnvj7gdymtzxhyea6dsbap6co6om1edtrodnv8c8rsvyg1pb4id5n0.jafinafara.f" - "securelogin.paypal.it.webapps.mpp.home.autenticazione.cfrsfp8hcpkwdzsetpo8vir0wi1t64yyfq5knbn4ckw231kifi4nz3a9st5m.jafinafara.f" - "securelogin.paypal.it.webapps.mpp.home.autenticazione.cybgzbqmymjbfcvgdi7aqceiao6d7yfvzclrsxf5whay3gcbddhg8lo81jax.jafinafara.f" - "securelogin.paypal.it.webapps.mpp.home.autenticazione.gx86fkitocomhes0vfdqv6d1hpsyoxzulwqr8oalqooyt7xfbrwwmznue6it.jafinafara.f"

[i] Target: https://blocklistproject.github.io/Lists/drugs.txt [✓] Status: No changes detected [✓] Parsed 26562 exact domains and 0 ABP-style domains (ignored 26 non-domain entries) Sample of non-domain entries: - "161.203.16.2" - "163.1.186.1" - "192.67.198.3" - "193.154.247.2" - "195.20.225.9"

[i] Target: https://blocklistproject.github.io/Lists/malware.txt [✓] Status: No changes detected [✓] Parsed 435272 exact domains and 0 ABP-style domains (ignored 12 non-domain entries) Sample of non-domain entries: - "protection201-account.6827-update.team.com8serv1130.webs001231cr-cm-lgin-submmit-id99-l0gin-submito9-id.ppi11781-lo0gin-loogiin-" - "securelogin.paypal.it.webapps.mpp.home.autenticazione.2oflranvbs3drvbmwvj2afac0dybr9qinmkumyfng8gnth1q4ah4fi6ecuft.jafinafara.f" - "securelogin.paypal.it.webapps.mpp.home.autenticazione.alh5zrdnvj7gdymtzxhyea6dsbap6co6om1edtrodnv8c8rsvyg1pb4id5n0.jafinafara.f" - "securelogin.paypal.it.webapps.mpp.home.autenticazione.cfrsfp8hcpkwdzsetpo8vir0wi1t64yyfq5knbn4ckw231kifi4nz3a9st5m.jafinafara.f" - "securelogin.paypal.it.webapps.mpp.home.autenticazione.cybgzbqmymjbfcvgdi7aqceiao6d7yfvzclrsxf5whay3gcbddhg8lo81jax.jafinafara.f"

[i] Target: https://blocklistproject.github.io/Lists/phishing.txt [✓] Status: No changes detected [✓] Parsed 190229 exact domains and 0 ABP-style domains (ignored 6 non-domain entries) Sample of non-domain entries: - "blog.btdeployments.cu.m" - "www.barclaycard.co.uk-personal-codeb6259568de39651d7a-login.id-107sbtd9cbhsbtd5d80a13c0db1f546757jnq9j5754675780483825.exaways.c" - "www.https.portale-titolari-nexi-italia-online-verifica-nexi.it.infomazione.nexi-identita.conto.nexi.bp2ip.dayasinergibisnis.co.i" - "www.login.microsoftonline.com.common.oauth2.authorize.clientid4345a7b9.9a63.4910.a426-35363201d503.response.spreadsheetlimited.c" - "www.login.microsoftonline.com.common.oauth2.authorize.clientid4345a7b99a634910a42635363201d503.response.mode.form.postresponse.t"

techroy23 avatar Jun 10 '23 04:06 techroy23

I'm not use pihole. I think it's about invalid TLDs entries and I found it's in https://blocklistproject.github.io/Lists/alt-version/phishing-nl.txt

~$ grep -E '\.(adbf5a778175ee757c3|goy8b2cc5808b734242446|k8k4hc79ld1h41hk|lczmqwnjuqcix973|obchsulds9wrkdhwsi|seriouslycheapflights|theplazaartscent)$' phishing-nl.txt 
https.office.microsoftonline.mail.default.error.a35ot1s6dhy84si7et7jv7.h1qahhah1c8v3gkdvkhlj37i1.dla9zhsj7pskhn.k8k4hc79ld1h41hk
https.office.microsoftonline.mail.default.error.ztv2jso6af43tldk2vh86h7y7tf.0jkxjwhxhhk9jw6ndau.w7j4vkfkj76of.obchsulds9wrkdhwsi
myscreenname.aol.com.logincqr1434f91e14e61be374f236df6bd32e77772.999b6064cc4ba375cc0d415be95807ecdeed6neo.goy8b2cc5808b734242446
paypal.it.adbf5a778175ee757c34d0eba4e932bc.adbf5a778175ee757c34d0eba4e932bc.adbf5a778175ee757c34d0eba4e932bc.adbf5a778175ee757c3
whatsapp.com-615863251de85511d7a-update.security.trackid.piwikb7c1867dd7ba9c57.730fb9c10f9c87a27d0f400ef95e8993.theplazaartscent
www.onlinebanking.iombank.com.default.aspx.refererident.a8d3606d7540718e65db3ab5d55c2fb3a2acf83beid47noscr.seriouslycheapflights
www.poste.it.lczmqwnjuqcix9737gs1gtw4mionoit9.lczmqwnjuqcix9737gs1gtw4mionoit9.lczmqwnjuqcix9737gs1gtw4mionoit9.lczmqwnjuqcix973

Use this script (invalid_tlds_remover.sh) to remove invalid TLDs entry

Regards

ngadmini avatar Jun 14 '23 15:06 ngadmini

List still has issues:

[i] Target: https://blocklistproject.github.io/Lists/abuse.txt [✓] Status: No changes detected [✓] Parsed 435166 exact domains and 0 ABP-style domains (ignored 11 non-domain entries) Sample of non-domain entries: - "securelogin.paypal.it.webapps.mpp.home.autenticazione.2oflranvbs3drvbmwvj2afac0dybr9qinmkumyfng8gnth1q4ah4fi6ecuft.jafinafara.f" - "securelogin.paypal.it.webapps.mpp.home.autenticazione.alh5zrdnvj7gdymtzxhyea6dsbap6co6om1edtrodnv8c8rsvyg1pb4id5n0.jafinafara.f" - "securelogin.paypal.it.webapps.mpp.home.autenticazione.cfrsfp8hcpkwdzsetpo8vir0wi1t64yyfq5knbn4ckw231kifi4nz3a9st5m.jafinafara.f" - "securelogin.paypal.it.webapps.mpp.home.autenticazione.cybgzbqmymjbfcvgdi7aqceiao6d7yfvzclrsxf5whay3gcbddhg8lo81jax.jafinafara.f" - "securelogin.paypal.it.webapps.mpp.home.autenticazione.gx86fkitocomhes0vfdqv6d1hpsyoxzulwqr8oalqooyt7xfbrwwmznue6it.jafinafara.

pallebone avatar Jun 27 '23 12:06 pallebone

also on this list: [i] Target: https://blocklistproject.github.io/Lists/malware.txt [✓] Status: No changes detected [✓] Parsed 435272 exact domains and 0 ABP-style domains (ignored 12 non-domain entries) Sample of non-domain entries: - "protection201-account.6827-update.team.com8serv1130.webs001231cr-cm-lgin-submmit-id99-l0gin-submito9-id.ppi11781-lo0gin-loogiin-" - "securelogin.paypal.it.webapps.mpp.home.autenticazione.2oflranvbs3drvbmwvj2afac0dybr9qinmkumyfng8gnth1q4ah4fi6ecuft.jafinafara.f" - "securelogin.paypal.it.webapps.mpp.home.autenticazione.alh5zrdnvj7gdymtzxhyea6dsbap6co6om1edtrodnv8c8rsvyg1pb4id5n0.jafinafara.f" - "securelogin.paypal.it.webapps.mpp.home.autenticazione.cfrsfp8hcpkwdzsetpo8vir0wi1t64yyfq5knbn4ckw231kifi4nz3a9st5m.jafinafara.f" - "securelogin.paypal.it.webapps.mpp.home.autenticazione.cybgzbqmymjbfcvgdi7aqceiao6d7yfvzclrsxf5whay3gcbddhg8lo81jax.jafinafara.f"

pallebone avatar Jun 27 '23 12:06 pallebone

Finally this list also:

[i] Target: https://blocklistproject.github.io/Lists/phishing.txt [✓] Status: No changes detected [✓] Parsed 190229 exact domains and 0 ABP-style domains (ignored 6 non-domain entries) Sample of non-domain entries: - "blog.btdeployments.cu.m" - "www.barclaycard.co.uk-personal-codeb6259568de39651d7a-login.id-107sbtd9cbhsbtd5d80a13c0db1f546757jnq9j5754675780483825.exaways.c" - "www.https.portale-titolari-nexi-italia-online-verifica-nexi.it.infomazione.nexi-identita.conto.nexi.bp2ip.dayasinergibisnis.co.i" - "www.login.microsoftonline.com.common.oauth2.authorize.clientid4345a7b9.9a63.4910.a426-35363201d503.response.spreadsheetlimited.c" - "www.login.microsoftonline.com.common.oauth2.authorize.clientid4345a7b99a634910a42635363201d503.response.mode.form.postresponse.t"

pallebone avatar Jun 27 '23 12:06 pallebone