URL Shortener Block/Allow Lists

[Dynamic5912]

If I were to use the URL Shortener Blocklist (to block legitimate and maliciously used domains) but at the same time run the Allowlist (to allow "legitimate" domains) - would it then mean that just the maliciously used domains in the Blocklist would remain blocked and the rest allowed?

I presume the difference in domains in the Allowlist is because it doesn't include the ones used for malicious purposes?

I see 10046 domains in the Blocklist and 9826 domains in the Allowlist - which i suppose means 220 domains are classed as malicious...??

[hagezi]

We've discussed this topic here before, but I can't find it.

The URL shortener blacklist is checked against SecrueDNS (Cloudflare, Quad9, DNS4EU, Umbrella etc.), and flagged shorteners do not end up on the URL shortener allowlist, but rather on the TIF.

Therefore, using the blacklist and allowlist simultaneously does not make sense. The blacklist is intended for use when unblocking the shorteners that you need yourself.

[Dynamic5912]

Out of curiosity, I compared the URL Shortener Blocklist vs Allowlist domains and data-matched between them.

There's 218 domains on the Blocklist that do not appear on the Allowlist - all good so far.

I took those 218 domains and compared it with domains in the TIF, and only 37 of the 218 domains also appear in the TIF, and 181 do not appear in the TIF - is this intentional or an oversight?

Domains that do appear in TIF:

00m.in^
1ll.us^
amz.run^
bitly.lc^
defwdsccvf.today^
s.et4.de^
facebookid.live^
faceboook-app.com^
go.ly^
google-139382.com^
grabify.org^
ju.mp^
katzr.net^
lihi1.com^
lihi3.cc^
lmy.de^
microsoftaistories.com^
microsoftfiles.live^
migly.in^
my-google.live^
myrxbmember.info^
mysp.ac^
psce.pw^
psee.io^
qptr.ru^
goo-gl.ru.com^
shorten.tv^
shre.ink^
shrtlk.click^
snifferip.com^
ssur.cc^
titok.website^
to.lk^
url1.io^
urls.fr^
urlsshares.cc^
yip.su^

Domains that do not appear in TIF:

0987.win^
0bs.de^
153in.net^
2no.co^
2s.gg^
2u.pw^
2ur.jp^
2ww.me^
3ly.link^
3xs.live^
42url.com^
4x.si^
52.nu^
707.su^
98pro.cc^
9lick.me^
9m.no^
abit.ly^
abre.ai^
agr.my^
alias.live^
anytimefitnessinstagram.com^
ap.lc^
appurl.io^
arnogo.net^
arshorten.com^
ateng.me^
beam.to^
bersatu.me^
biolinky.co^
bit-ely.com^
bitli.pro^
bitly.bz^
bitly.gold^
bitly.team^
blltly.com^
bom.so^
bom.to^
bpl.kr^
buly.kr^
casashort.live^
centi.ai^
cesinthi.com^
cfg.me^
chop.ad^
cml.lol^
come.ac^
cuq.in^
curl.ro^
cuts.al^
cuts.kr^
cuts2.com^
cutt.cx^
cvfmiij.wiki^
s.devh.in^
did.li^
dokdo.in^
dub.sh^
dwz.mk^
e.vg^
envs.sh^
filmygallery1.my^
flashsc.re^
flq.us^
ge.tt^
glo.wf^
gmy.su^
goo.by^
google-photo.live^
googleidmaps.live^
goto.now^
han.gl^
hideuri.com^
hm.ru^
hmp.me^
hotm.art^
i8.ae^
idz-do.pl^
ilang.in^
inlnk.ru^
inx.lv^
iplogger.com^
ir.cx^
ishortify.com^
jamp.to^
jii.li^
jos.bio^
joskale.me^
kamo.es^
keepo.io^
kkc.tech^
l8.nu^
lihi.cc^
lihi3.com^
link.ac^
link-trim.in^
link1s.com^
linkpop.com^
linkvip88.org^
lkdin.io^
llink.to^
ln.run^
lnkz.at^
lynki.link^
m-r.pw^
minifi.ca^
mq.gy^
msfy.in^
mub.me^
mylinkinb.io^
nal.la^
nathanaeldan.pro^
nullrefer.com^
og1.in^
ohw.tf^
okshort.net^
opn.my^
oyn.at^
paw.wf^
pixly.me^
prephe.ro^
pxl.fm^
pxlme.me^
qr-codes.io^
qrcd.org^
qrcodedynamic.com^
qrsu.io^
rcl.ink^
reducelnk.com^
replug.link^
retireetravelcare.sbs^
reurl.cc^
revlk.com^
risu.io^
rotf.lol^
rvr.link^
sc.link^
sdu.sk^
shorten.ee^
shorten.is^
shorten.world^
shorter.me^
shortin.id^
shortlurl.com^
shortu.be^
shorturl.kg^
shrtru.com^
smaintenance.com^
smollq.cc^
spoo.me^
swtt.cc^
temu.to^
tgr.jp^
thinl.ink^
tinu.be^
titleagentmarketing.com^
toss.is^
twitterpan.com^
u-link.asia^
u2l.io^
u3l.co^
u4y.ch^
ucamli.com^
unesa.me^
ur4l.com^
url-shortener.me^
urlis.net^
urlra.com^
urlsrt.eu^
vix.cx^
vnxy.me^
wow.link^
xbig.info^
xtr.bz^
xurl.es^
ykm.de^
yww.uy^
d.yzh.li^
zig.ht^
zpr.io^
zrr.kr^

[hagezi]

That's definitely a bug, I'll have to take a look at it.

[hagezi]

This should be fixed in the next release. Outdated data was processed. Currently, there are 94 domains that are not on the allow list and should end up on the TIF.

[Dynamic5912]

Will that mean that the difference between the blocklist, allowlist and TIF will now even out?

I counted 181 domains not appearing in TIF that were on the blocklist but not the allowlist.

[hagezi]

Currently, there are 94 shorteners blocked by Quad9. That is my reference. I had the entire blacklist checked. So the difference is 94 domains, as already mentioned.

The whole allowlist is more or less pointless to me, which is why it's not linked in the readme. I would never use it. Someone wanted it, now it's just creating work.

[hagezi]

Via build system:

10001 native-shortener.txt
94 exclude-allow-shortener.txt
9907 allow-shortener.txt