[list]: Add lists from Hydra Dragon Antivirus

[HydraDragonAntivirus]

Contact Details

[email protected]

What's your idea?

This project could really use Hydra Dragon Antivirus 21.6 million Website and IPv4 IPv6 blacklist as optional https://github.com/HydraDragonAntivirus/HydraDragonAntivirus/tree/main/website

Code of Conduct

• I agree to follow this project's Code of Conduct

[T145]

Interesting project, but there's not a lot of documentation in general. I have a few questions about your website lists:

1. If you're only recommending your IPv4 and IPv6 lists to be added to Black Mirror (which from my understanding are website/IP_Addresses.7z and website/ipv6.txt respectively), why are they not updated at least daily (as IPs are extremely volatile)?
2. Where do you get the information that's in the lists?
3. Regarding domains, what is your criteria for blocking them? There seem to be a lot of porn and drop-shipping/scam sites.

[HydraDragonAntivirus]

I looked every blacklist from internet and tested in my AV real time website filtering. I don't have so much time to update automatically. I updated this list always manually instead of automatically. My flags generally based on tracking cookie, spam, malware, botnet, phishing, scam, suspicious websites, greyware, mining etc. Here is my old messgae which I credit too many websites Hydra Dragon Antivirus active sources: virusshare.com FossAV BatchAntivirus Abusech Steven Black Ultimatehostblacklist github https://vxug.fakedoma.in/samples/ https://www.usom.gov.tr/ malwares.com clamav.net https://www.reddit.com/r/netsec/comments/gp1rm/list_of_malicious_domains_and_ip_blocklists/ https://winhelp2002.mvps.org/ future plans: https://www.iblocklist.com/subscribe virussign.com heuristics: https://bazaar.abuse.ch/browse.php?search=file_type%3Abat and Hypatia database maybe waiting for 10k pdf malwares.com still waiting for access https://www.youtube.com/watch?v=4U_AAtMel94 https://www.vx-underground.org/ I should add Linux malware database. non-active source example: https://justdomains.github.io/blocklists/ so big https://www.reddit.com/r/Malware/comments/7fabu5/sites_to_download_malware/ plans: I realized that I can improve my self at open source virus detection and reverse engineering Currently my antivirus right now is the best open source antivirus in the world and I should unite my project with clamav and improve his heuristics and I need api and also need check are system files deleted also use rootkit hunter also auditd detect init 0 etc. should be added is shutdown etc. runnied realize them new active source: https://malshare.com/daily/?C=M;O=A https://github.com/phpMussel/Signatures

[T145]

Thanks, that helps a bit. Due to IPs changing so much, and wanting to focus on feeds that update daily regarding IPs, I'll pass on that section. Moving on to the domains list, I've begun doing more triage and found illegal entries, like the following:

# 007freepics.com Issue 489 # ... (which makes it clear you're using TheBlocklistProject)
[1rx.io] # ... Which I'm guessing comes from MVPS, or a similarly-formatted list
clk.rtpdn*.com # ... And other wildcard domains
# And thousands of "blogspot" domains! I wouldn't consider Blogspot sites to be actively malicious anymore.

[HydraDragonAntivirus]

https://www.virustotal.com/gui/domain/ydozochojojkherindarorikhastjmeaa.blogspot.com

[T145]

(Just a side note that if English isn't your native tongue feel free to respond in whichever language you prefer!)

I'm not sure what that's supposed to prove? It has a garbage domain name, so most services that "intelligently" detect phishing or fraud services are going to flag domains that look like that. If you feel that Blogspot domains need to remain in your list, you're free to do with your provisions as you see fit. I'm only offering my advice.

I try to make Black Mirror as practical as possible, and in my experience Blogspot domains haven't been used in significant cyber attacks or phishing schemes. They only serve to bloat lists, and from my recollection originate from the UT Capitole lists. If you're seeking to block porn, great! But your implied mission statement having "Antivirus" in the name is that you're focused on security only. This is why I spell out what I'm blocking and why in a manifesto, b/c I want people to know what they're using.

[HydraDragonAntivirus]

Yeh you are right. I should not keep blogspot.

[T145]

Placing this on hold until the lists improve in quality, and the project has more clear documentation.

[HydraDragonAntivirus]

I now whitelisting very aggressively.

[HydraDragonAntivirus]

I noticed that your blacklist also causing false positives so I now doing whitelisting very aggressively again

[HydraDragonAntivirus]

Example your list also contains blogspot.com and microsoft.com etc. you can look this whitelist https://github.com/HydraDragonAntivirus/HydraDragonAntivirus/blob/main/website/whitelister.txt

[T145]

Reference my manifesto regarding why certain hosts are blocked. Part of the reason I started Black Mirror to begin with was that other large blocklist projects would advertise blocking something only to include a large amount of other things in their lists. As such there may be areas where our definitions diverge, but in the case of VirusTotal there's definitely an overlap so thanks for catching that!