AB-Solution - The Ad Blocking Solution

[thelonelycoder]

* Can or Cannot filter HTTPS resources? Maybe it can? Client installs new certificate in browser?

AB-Solution together with pixelserv-tls most certainly blocks https ads.

What features would you need to lose to be able to run it without USB storage? Has anyone tested this? Or is it "not negotiable"

You would loose all features. AB-Solution cannot and will not install to RAM or other memory on the router except a permanently attached USB device.
The free space you see in / (the root or in /tmp) is volatile memory, created new at every boot.
And the /jffs partition is not large enough to hold all the data and scripts that AB accumulates or creates during installation and normal operation.

 

[thelonelycoder]

I need to exchange my USB stick, what's the easiest way to secure my whitelist for AB and Skynet?
is there an easy way to backup/restore or copy?

As @Asad Ali writes, you could use the built in backup feature to save your whitelist, blacklist and even the certificates.

The best and simplest way would be to copy over the content of the old drive and save to the new device.
To do that, just unplug your router and do the above, making sure the new device has the same label as the old one.
Plug the new device in and boot the router, then open the AB UI, it will fix whatever there's to fix.

 

[Flipmode11]

I try that as you wrote....nothing better...

I see no ad in your picture, just the remnant of a blocked ad. So I consider this a success and the advertisment being blocked.
AB-Solution and pixelserv-tls blocked the ad but not the rest of the code, which cannot be suppressed for some content.

@thelonelycoder Exactly. Can you get someone to modify the first post to explain this very simple summary of how they differ - in capitals and bold maybe?

@bayern1975 What you and people keep doing is comparing a Browser plug-in blocking solution to a Network-wide blocking solution.
The Browser-based solution is Element-Based, meaning a the page is requested from server, it is undergoes pre-processing, elements are removed, then during rendering the buttons or banners are removed.
However the Router-based solution is Host-Based, meaning it is indescriminate - it will block *everything* from that server - domain.xyz/folder, domain.xyz/i/logo.png - everything! It does not perform any pre or post processing of the page.

The only problem with the Router-based or Hosts-based methods is that browsers (Chrome, FF, Yandex, Opera...) will still try and be clever and communicate back to their servers - running back and forth, trying to predict the next page and cache it. I just switch it off - the Internet is fast enough for me!

 

[thelonelycoder]

@thelonelycoder hi !Once upon a time, I could install the very old legacy ab solution, think the prior 1 version on a linux ubuntu virtual machine to poison the dnsmasq and obtain the same results as if it was on the router, could this be achieved with the recent versions? I ask because at this moment I cant use my router, and I would really like to use your script again... I know I could just poison the windows hosts files... but anyway, is it posible?
Thanks..

The predecessor of AB-Solution and manual install of the necessary scripts might still work for you, with some modifications.
This will take you back to the a forgotten time in the history of AB:
https://www.snbforums.com/threads/adblocking-with-combined-hosts-file.15309/

The current version and the eventually first release of AB4.o will not install or work on non-Asuswrt-Merlin firmware.
You'll have to wait until I enable it in AB4.x to install on non-Asus compatible firmware or or other Linux variant based devices.

 

[thelonelycoder]

@thelonelycoder Exactly. Can you get someone to modify the first post to explain this very simple summary of how they differ - in capitals and bold maybe?

By someone you mean me? I'm the sole coder of AB, with heavy input in the form of suggestions and code-borrowing from other script writers. And beta testers and users like you.
Your suggested descriptions and comparisons is really meant for the AB Website, not the #1 post. I have cleaned that one up so I don't have to modify it every time I have an update. The https://www.ab-solution.info website will be rearranged along with the release of AB4.0. I postpone additional info's on it until then.

 

[Raphie]

I just reinstalled, How do I overwrite my new cerificates with my old ones? they seem locked? tried stopping pixelserv but that didn't help? I'm using FTP

 

[Butterfly Bones]

I need to exchange my USB stick, what's the easiest way to secure my whitelist for AB and Skynet?
is there an easy way to backup/restore or copy?

This is redundant because thelonelycoder has answered above but you might tag this post for reference.
https://www.snbforums.com/threads/ab-solution-the-ad-blocking-solution.37511/page-89#post-357054

For Skynet, in the menu, press 11 then choose 6 to backup to /jffs. Restore using 11 and then 7 after installing using the script Adamm provides or AMTM.

I just did all these in an upgrade from a 68u to a 86u and Entware upgrade from arm7 to arm8. I installed AB-Solution, used it to install Entware and Pixelserv (tried with AMTM but arm8 Entware is disabled for now). Copied old AB-Solution directory to new router and opened AB-Solution and boom! all whitelist and blacklist entries restored!. (Of course then ABS shares these with Skynet.)

Then used AMTM to install Skynet, did the Skynet menu restore after copying the Skynet backup to the new router /jffs. Then used AMTM to install DNSCrypt. All smooth sailing with the close cooperation of AMTM / AB-Solution and Skynet.

 

[Flipmode11]

'Someone' was just a hint lol. Should have used 's...
It was more about the fact ppl probably just dive head first into AB via /install :B

Good to read about your v4 plans - I've only returned after upgrading (AC66U > AC86U). Such a relief to find a project actively maintained with clear future goals. Most projects are badly documented, erroneous and closed source!

The advantages of both router vs browser-based would be great on a page 1 FAQ - you are missing an intro and I see the question repeated by others (doesn't have to be in the 1st post). There are +ve's and -ve's for both approaches, but you would know those benefits better than me!

Just answered my own question about sources used in your solution, and which belong to which group. [https://www.ab-solution.info/use/hosts-files.html]
Keep up the great work!

...

Ironic, as I was compiling and (constantly) updating a unified hosts file for all client machines and servers. After 6 months I just gave up - wanted to be able to create 25 subscription list and integrate it into Asus Merlin, but no time with elderly parents w/ parkinson's and dementia and needing looking after! Too many updates, too time consuming, too cumbersome, too many lazy siblings ... <insert excuse here>... So I compiled my own lists of hosts that were not on any 3rd party block list. 25 lists in one, 16 sources, ~ 402,000 hosts at 7MB (35,000 lines w/ comments). After deciding to only update quarterly it was easier, but having to update clients and servers was just too inconvenient. Anyway, I kept #& and & for use with Hostsman, and just copy and paste and then remove duplicates.

Other solutions like AdGuard S/W were brilliant time-savers, plus Comodo/Adguard and other malicious-filtering DNS servers were fantastic time-savers to combat this - plus allowed for DNS client to remain enabled in Windows and custom sources and EasyList subscriptions w/ AdGuard for Windows....

Also, have you used VyprVPN? They integrate malicious server blocking as a setting in their Desktop/Mobile applications. Issue is that it does not include any advert/tracker servers that I am aware of.

Snippet from my old archaic project:
[hide]

# #===========================================================================#
# | View file in Notepad++ as 'HTML' or 'PHP' to Expand & Collapse Groups.    |
# | Press 'ALT'+'0' (Zero) to Fold ALL Sections, Click [+] to Expand a Group. |
# #===========================================================================#
#
# #===========================================================================#
# | CUSTOM HOST RECORDS: Insert Custom Records & Block / Override Resolution. |
# |     Example: Make domains resolve to an internal I.P. '12.23.34.45'       |
# |              12.23.34.45  example.dev company.com clients.local dev.local |
# #===========================================================================#<?
0.0.0.0 localhost localhost.local localhost.localdomain
::1 localhost localhost.local localhost.localdomain
fe80::1%lo0 localhost
255.255.255.255 broadcasthost
#?>
#
# #===========================================================================#
# | CUSTOM CONTENT BLOCK LIST | ANALYTICS, ADVERTS, BANNERS & IFRAMES, ETC... |
# | +-------------------------------------+---------------------------------+ |
# | | ADD CUSTOM BLOCKING ENTRIES BELOW!  |              UPDATED 2018.__.__ | |
# #===========================================================================#<?
#
Facebook, Google, Pinterest, Linkedin, Twitter, Tumblr, Instagram, Intellitxt, Doubleclick, 2o7.
#?>
#
# #===========================================================================#
# |              25-IN-1 MALICIOUS SERVER & HOSTNAME BLOCK LIST!              |
# |  Consolidated List of Advertising, Malware, Spyware, Phishing, Hijacker,  |
# | Analytics, Privacy Tracker, Bad Network, Exploit, Malicious Server Hosts. |
# | +-----------------------------------------------------------------------+ |
# | | RE-COMPILED, CONSOLIDATED & UPDATED QUARTERLY!   402,738 @ 2017.08.22 | |
# #===========================================================================#
#
# Includes the following server host name block-lists:
#  -> Badd Boyz Hosts (GitHub.com/MitchellKrogza) Adverts Malware 2017.08.21.388 ~8,027;
#  -> BlockZilla (BlockZilla.Jimdo.com GitHub.com/Zpacman) ATS Adverts/Trackers vD60 2017.08.01 ~446;
#  -> Cameleon (SysCtl.org) ATS Adverts/Trackers 2017.04.05 ~21,271;
#  -> Dan Pollock (SomeoneWhoCares.org) Adverts Trackers Spyware Malware 2017.08.15 ~8,554;
#  -> Disconnect (Disconnect.me) Adverts Malware 2017.08.20 ~5,555;
#  -> hpHosts (Hosts-File.net) ATS Adverts/Trackers 2017.08.08 ~48,021;
#  -> hpHosts (Hosts-File.net) EMD Malware 2017.08.22 ~171,561;
#  -> hpHosts (Hosts-File.net) EXP Exploits 2017.07.07 ~12,318;
#  -> hpHosts (Hosts-File.net) HJK Hijackers 2017.06.11 ~74;
#  -> KADHosts [w/o .PL] (GitHub.com/Azet12) Adverts Malware Fraud Scams 2017.07.31 ~665;
#  -> Malware Domains (MalwareDomains.com) Malicious Malware Exploits 2017.06.13 ~24,842;
#  -> Malware Domains List (MalwareDomainList.com) Phishing Malware Exploits 2017.07.29 ~1,152;
#  -> MVPS (WinHelp2002.MVPS.org) Malicious Exploit Malware Parasites 2017.08.08 ~13,173;
#  -> Peter Lowe (Pgl.YoYo.org) ATS Adverts/Trackers 2017.08.21 ~2,451;
#  -> Secure Mecca BadHosts.msw (SecureMecca.com) Malware Exploit 2016.12.28 ~22,663;
#  -> SPAM 404 (Spam404.com) SPAM & Scams 2017.08.16 ~5,883;
#  -> Spybot S&D (Safer-Networking.org) Adverts Spyware 2017.08.15 ~15,629;
#  -> Steven Black (GitHub.com/StevenBlack) Adverts Malware 2017.08.21 ~38,307;
#  -> Zeus IP BlockList (iBlockList.com ZeusTracker.Abuse.ch) Adverts Malware 2017.08.17 ~2,146;
#
#
# >> Badd Boyz Hosts - Adverts Malware #<?
# https://github.com/mitchellkrogza/Badd-Boyz-Hosts/blob/master/hosts
0.0.0.0 000free.us 000owamail0.000webhostapp.com 007angels.com ...
# << Badd Boyz Hosts #?>
#
# >> BlockZilla - ATS Adverts/Trackers #<?
# https://raw.githubusercontent.com/zpacman/Blockzilla/master/Blockzilla.txt
0.0.0.0 204st.us 247realmedia.com 360yield.com 3gl.net ...
# << BlockZilla #?>
#
# >> Cameleon - ATS Adverts/Trackers #<?
# http://sysctl.org/cameleon/hosts.win
0.0.0.0 000dom.revenuedirect.com 000info.com 005.free-counter.co.uk 006.free-counter.co.uk ...
# << Cameleon #?>
#
# >> Dan Pollock - Adverts Trackers Spyware Malware #<?
# http://someonewhocares.org/hosts/zero/
0.0.0.0 ------ some very 'lude' domain names ------
# << Dan Pollock #?>
#
# >> Disconnect - Adverts Trackers Malware #<?
# https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt | /simple_malware.txt | /simple_tracking.txt | /simple_malvertising.txt
0.0.0.0 0000mps.webpreview.dsl.net 0001.2waky.com 001wen.com ...
# << Disconnect #?>
#
# >> hpHosts - ATS Adverts/Trackers #<?
# https://hosts-file.net/ad_servers.txt
#& hpHosts (Ad and tracking servers only) &
0.0.0.0 007.go2cloud.org 00zasdf.pw 0427d7.se 050003.voodoo.com ...
# << hpHosts ATS #?>
#
# >> hpHosts - EMD Malware #<?
# https://hosts-file.net/emd.txt
#& hpHosts EMD List &
0.0.0.0 0.gvt0.com 000-101.org 00005ik.rcomhost.com 0000663c.tslocosumo.us ...
# << hpHosts EMD #?>
#
# >> hpHosts - EXP Exploits #<?
# https://hosts-file.net/exp.txt
#& hpHosts EXP List &
0.0.0.0 0asisdating.com 0lost.littleriverretreat.net 119ex3.focot.focus-outdoors.com ...
# << hpHosts EXP #?>
#
# >> hpHosts - HJK Hijackers #<?
# https://hosts-file.net/hjk.txt
#& hpHosts HJK List &
0.0.0.0 100ksearches.com 17173.com 51.net 51115.com ...
# << hpHosts HJK #?>
#
# >> KADHosts [w/o .PL] - Adverts Malware Fraud Scams #<?
# https://raw.githubusercontent.com/azet12/KADhosts/master/KADhosts.txt
#& KADHosts List &
0.0.0.0 maendo.tv msphacks.net motifiles.com www.fajnefanty.com ...
# << KADHosts #?>
#
# >> Malware Domains - Malicious Malware Exploits #<?
#& Malware Domains &
0.0.0.0 00-lawyer.com 019201.webcindario.com 01lm.com 021id.net ...
# << Malware Domains #?>
#
# >> Malware Domains List - Phishing Malware Exploits #<?
# http://malwaredomainlist.com/hostslist/hosts.txt
#& Malware Domain List &
0.0.0.0 0koryu0.easter.ne.jp above.e-rezerwacje24.pl achren.org ads.wikipartes.com ...
# << Malware Domains List #?>
#
# >> MVPS - Malicious Exploit Malware Parasites #<?
# http://winhelp2002.mvps.org/hosts.txt
#& MVPS Hosts List &
0.0.0.0 ad.activesolutions.cz cms.ad2click.nl tag1.adaptiveads.com www.adbanner.ro ...
# << MVPS #?>
#
# >> Peter Lowe - ATS Adverts/Trackers #<?
# https://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&mimetype=plaintext&useip=0.0.0.0&showintro=1
#& Peter Lowes ATS List &
0.0.0.0 abruptroad.com actuallysheep.com acuty1adsrv.com adincube.com ...
# << Peter Lowe #?>
#
# >> Secure Mecca BadHosts - Malware Exploit #<?
# http://www.securemecca.com/Downloads/hosts.txt
#& SecureMecca Hosts &
0.0.0.0 www.00webcams.com www.0427d7.se 0c9d8370d.se www.0c9d8370d.se ...
# << Secure Mecca BadHosts #?>
#
# >> SPAM 404 - SPAM & Scams #<?
# https://raw.githubusercontent.com/Dawsey21/Lists/master/adblock-list.txt
0.0.0.0 astucetriche.fr bestgamesfiles.com booshare.net burnshare.net ...
# << SPAM 404 #?>
#
# >> Spybot S&D - Adverts Spyware #<?
# Start of entries inserted by Spybot - Search & Destroy
0.0.0.0 www.007guard.com 007guard.com 008i.com www.008k.com ...
# << Spybot S&D #?>
#
# >> Steven Black - Adverts Malware #<?
# https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
0.0.0.0 30-day-change.com adsmws.cloudapp.net apps.id.net data.cnn.com ...
# << Steven Black #?>
#
# >> Zeus IP BlockList - Advert Malware #<?
# https://www.iblocklist.com/lists
0.0.0.0 a2.tp-media.se addcontrol.net adrenaline.cz ads.raasnet.com ...
# << Zeus IP BlockList #?>
#

[/hide]

 

[ThanksForThis]

Feature request being posted here as Github repo doesn't include addons.
update-hosts.add , ln 213. Can you allow already stripped lists such as https://mirror1 (.) malwaredomains (.) com/files/justdomains and similarly constructed formats to be accepted by the parser?

I cannot praise this project enough. Your work, along with the others associated on both pixelserv-tls and ab-solution projects protect and safeguard otherwise susceptible targets and vulnerable demographics. I am happy to deploy this on every setup I'm involved with.

Implement my feature request or not, I am extremely grateful for all of your work and the Merlin community.

-This is a throwaway, responses are unlikely.
Thanks again,
an internet dweller.

 

[thelonelycoder]

Feature request being posted here as Github repo doesn't include addons.
update-hosts.add , ln 213. Can you allow already stripped lists such as https://mirror1 (.) malwaredomains (.) com/files/justdomains and similarly constructed formats to be accepted by the parser?

I cannot praise this project enough. Your work, along with the others associated on both pixelserv-tls and ab-solution projects protect and safeguard otherwise susceptible targets and vulnerable demographics. I am happy to deploy this on every setup I'm involved with.

Implement my feature request or not, I am extremely grateful for all of your work and the Merlin community.

-This is a throwaway, responses are unlikely.
Thanks again,
an internet dweller.

I'm not sure what you mean. Any direct link to a hosts file works out of the box, you just have to add it to your custom blocking file type.
I have seen many outages with malwaredomain and decided this hosts file will no longer be used directly in AB4. It will be replaced, along with some other hosts files, with Steven Blacks hosts list. This list includes all of them.

 

[ThanksForThis]

I'm not sure what you mean. Any direct link to a hosts file works out of the box, you just have to add it to your custom blocking file type.
I have seen many outages with malwaredomain and decided this hosts file will no longer be used directly in AB4. It will be replaced, along with some other hosts files, with Steven Blacks hosts list. This list includes all of them.

It is not to be confused with malwaredomainlist.

Malwaredomains provides analytical lists of suspect domains, similar to SANS' ISC feed providing automated analysis and risk assessments in a format that is pre-stripped of nullrouted addresses, making the sed stripping return an error in AB-Solution's update-hosts.add as there is nothing to remove that prefixes the domain to be added to the blacklist.

These are not hosts files, but domain lists formatted exclusively with bracket returns and nothing else but comment blocks.

I hope I described it more accurately, as I was very vague prior without realizing it.


To be clear, the functionality I'm looking for is equally easy to enact while preserving the autoupdate integrity of AB-Solution by something as simple as making a script to append one of the two addresses update-hosts.add's sed line looks for and depositing them into a repository for myself to use.

I was just putting forth the idea, it by no means is in any way a significant thing.

 

[thelonelycoder]

It is not to be confused with malwaredomainlist.

Malwaredomains provides analytical lists of suspect domains, similar to SANS' ISC feed providing automated analysis and risk assessments in a format that is pre-stripped of nullrouted addresses, making the sed stripping return an error in AB-Solution's update-hosts.add as there is nothing to remove that prefixes the domain to be added to the blacklist.

These are not hosts files, but domain lists formatted exclusively with bracket returns and nothing else but comment blocks.

I hope I described it more accurately, as I was very vague prior without realizing it.


To be clear, the functionality I'm looking for is equally easy to enact while preserving the autoupdate integrity of AB-Solution by something as simple as making a script to append one of the two addresses update-hosts.add's sed line looks for and depositing them into a repository for myself to use.

I was just putting forth the idea, it by no means is in any way a significant thing.

A link to such a file would greatly increase the ability to ponder your question.

 

[Adamm]

Small QOL suggestion. A function to find what list a domain is sourced from (similar to how my "stats search malware xxx.xxx.xxx.xxx" command works in Skynet). Handy to have a better idea of why a domain in question was blocked.

 

[ThanksForThis]

A link to such a file would greatly increase the ability to ponder your question.

Examples of known sources of blacklists in said format include but are not limited to:
MalwareDomains
https://mirror1.malwaredomains.com/files/justdomains
SANS' ISC Automated feeds and associated sensitivity level of detection
https://isc.sans.edu/feeds/suspiciousdomains_Low.txt
https://isc.sans.edu/feeds/suspiciousdomains_Medium.txt
https://isc.sans.edu/feeds/suspiciousdomains_High.txt
Disconnect.me's lists
https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt
https://s3.amazonaws.com/lists.disconnect.me/simple_malware.txt
https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt
https://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt

And so on.

Initially I thought, oh just allow any entry through, but obviously that is a security risk if a hosts file is compromised as you've clearly considered in your script.
Otherwise instead of else to an error, perhaps run it through a function to append a default address of 0 or 127 to run back through the stripper.

I understand this could make an impact on the time to process all entries, but seeing as this would only really be used on custom configurations I would expect users with that involvement with their config to understand the implications of feeding exceptionally large lists into AB-Solution on their system and/or RAM.

 

[Xentrk]

I think you're right; keeping ads outside the LAN should speed internal traffic.

At the browser level, with the right blocklists the plugins will provide additional protection against malware and ads. Then the plugins also seem to remove even the calls for ads from some web pages... which makes them display more nicely.

On the other hand, frequently I'll be waiting for a page to load and see in the Status Bar "Waiting for plugin Adblock Plus........." which makes me grumpy. But not too grumpy. So. Pros and cons I suppose.

Try uBlock or uBlock Origin as alternatives to Adblock Plus.

 

[M@rco]

@thelonelycoder I received a New Firmware Notification from AB-Solution this morning and somehow the new version displays incorrectly:

Asuswrt-Merlin firmware version _0. is now available for your router at 192.168.1.1.

 

[thelonelycoder]

@thelonelycoder I received a New Firmware Notification from AB-Solution this morning and somehow the new version displays incorrectly:

Asuswrt-Merlin firmware version _0. is now available for your router at 192.168.1.1.

Due to the version format change in Asuswrt-Merlin the firmware update notification is incomplete in AB3.x. I have no plans to change that in that version.
The good thing is, the notification served its purpose, even with a wrong version string.

It will work correctly in AB4.x:

Hey there!

A new Asuswrt-Merlin firmware is available for your THE-BEAST router at 192.168.2.1.

Installed version: 384.4_beta3

Latest available stable version: 384_4_0

See the changelog for what's new:
For Asuswrt-Merlin 380.xx branch: https://asuswrt.lostrealm.ca/changelog
For Asuswrt-Merlin 382.xx/384.xx branch: https://asuswrt.lostrealm.ca/changelog-382

Downloads are available at: https://asuswrt.lostrealm.ca/download

Very truly yours,
Your THE-BEAST router (Model type RT-AC86U)

 

[thelonelycoder]

The addon pixelserv-tls.add v3.11.5 is now available

This update adds a choice to install 32bit or 64bit Entware version for aarch64 based routers during a new install.
Use cu to update to this latest version.

Users bugged by the "preparing temporay whitelist" typo in the file update-hosts.add may use 12 to update both files.

 

[thelonelycoder]

Examples of known sources of blacklists in said format include but are not limited to:
MalwareDomains
https://mirror1.malwaredomains.com/files/justdomains
SANS' ISC Automated feeds and associated sensitivity level of detection
https://isc.sans.edu/feeds/suspiciousdomains_Low.txt
https://isc.sans.edu/feeds/suspiciousdomains_Medium.txt
https://isc.sans.edu/feeds/suspiciousdomains_High.txt
Disconnect.me's lists
https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt
https://s3.amazonaws.com/lists.disconnect.me/simple_malware.txt
https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt
https://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt

And so on.

Initially I thought, oh just allow any entry through, but obviously that is a security risk if a hosts file is compromised as you've clearly considered in your script.
Otherwise instead of else to an error, perhaps run it through a function to append a default address of 0 or 127 to run back through the stripper.

I understand this could make an impact on the time to process all entries, but seeing as this would only really be used on custom configurations I would expect users with that involvement with their config to understand the implications of feeding exceptionally large lists into AB-Solution on their system and/or RAM.

Adding support for such "just domains" lists is not planned for AB-Solution.
The main reason is, I cannot check that the file is compatible and usable as a hosts file in AB.
I would have to verify that each line is indeed a domain name, even if stripped of the comments. This is simple with a "IP domain.com" pair and also eliminates the need to check for incompatible uBlock filter lists.

A prime example of a major cause of problems is the "Site" entry in all of the isc.sans.edu files you linked:

#
#   DShield.org Suspicious Domain List
#    (c) 2018 DShield.org
#   some rights reserved. Details http://creativecommons.org/licenses/by-nc-sa/2.5/
#   use on your own risk. No warranties implied.
#   primary URL: http://www.dshield.org/feeds/suspiciousdomains_Low.txt
#
#   comments: info@dshield.org
#    updated: Sat Mar 17 04:08:44 2018 UTC
#   
#    This list consists of Low Level Sensitivity website URLs
#     Columns (tab delimited):
#
#      (1) site
#
Site
agiftcard724.com

While the commented lines are stripped, what am I going to do with that Site line? What is it even doing there, un-commented?

 

[thelonelycoder]

Small QOL suggestion. A function to find what list a domain is sourced from (similar to how my "stats search malware xxx.xxx.xxx.xxx" command works in Skynet). Handy to have a better idea of why a domain in question was blocked.

I'll look into that. It'll be possible in AB4 as I keep the original named hosts file as backup. AB3 does it as well but not named, just a numbered file.