From 0f7799b8f196d4cec9f66be053eece5eb60da6af Mon Sep 17 00:00:00 2001
From: SukkaW <isukkaw@gmail.com>
Date: Sun, 2 Mar 2025 16:02:41 +0800
Subject: [PATCH] Update Reject Hosts & Tighten the Phishing Hosts

---
 Build/lib/get-phishing-domains.ts | 39 +++++++++++++++++++++++--------
 Source/non_ip/reject.conf         |  1 +
 2 files changed, 30 insertions(+), 10 deletions(-)

diff --git a/Build/lib/get-phishing-domains.ts b/Build/lib/get-phishing-domains.ts
index cd181a26..98af9795 100644
--- a/Build/lib/get-phishing-domains.ts
+++ b/Build/lib/get-phishing-domains.ts
@@ -88,6 +88,11 @@ const sensitiveKeywords = createKeywordFilter([
   'allegrolokalnie',
   'thetollroads'
 ]);
+const fakeTldKeywords = createKeywordFilter([
+  '.pl-',
+  '.com-',
+  '.net-'
+]);
 const lowKeywords = createKeywordFilter([
   'transactions-',
   'payment',
@@ -111,7 +116,8 @@ const lowKeywords = createKeywordFilter([
   'passwordreset',
   '.google-',
   'recover',
-  'banking'
+  'banking',
+  'shop'
 ]);
 
 const processPhihsingDomains = cache(function processPhihsingDomains(domainArr: string[]): string[] {
@@ -195,12 +201,14 @@ const processPhihsingDomains = cache(function processPhihsingDomains(domainArr:
     }
   });
 
-  // console.log({
-  //   score: domainScoreMap['awicksin.com'],
-  //   count: domainCountMap.get('awicksin.com')
-  // });
-
-  // console.log({ duplicateCount, domainArrLen: domainArr.length });
+  if (require.main === module) {
+    console.log({
+      v: 1,
+      score: domainScoreMap['com-paytollbydv.world'],
+      count: domainCountMap.get('com-paytollbydv.worldx'),
+      domainArrLen: domainArr.length
+    });
+  }
 
   return domainArr;
 }, {
@@ -241,14 +249,25 @@ export function calcDomainAbuseScore(subdomain: string, fullDomain: string = sub
 
   const hitLowKeywords = lowKeywords(fullDomain);
   const sensitiveKeywordsHit = sensitiveKeywords(fullDomain);
+  const fakeTldKeywordsHit = fakeTldKeywords(fullDomain);
 
   if (sensitiveKeywordsHit) {
-    weight += 10;
+    weight += 15;
     if (hitLowKeywords) {
-      weight += 6;
+      weight += 10;
+      if (fakeTldKeywordsHit) {
+        weight += 8;
+      }
+    }
+    // besides add for low hit, always add extra here
+    if (fakeTldKeywordsHit) {
+      weight += 10;
     }
   } else if (hitLowKeywords) {
-    weight += 1.7;
+    weight += 1.8;
+    if (fakeTldKeywordsHit) {
+      weight += 5;
+    }
   }
 
   const subdomainLength = subdomain.length;
diff --git a/Source/non_ip/reject.conf b/Source/non_ip/reject.conf
index 0446074d..18f168db 100644
--- a/Source/non_ip/reject.conf
+++ b/Source/non_ip/reject.conf
@@ -55,6 +55,7 @@ DOMAIN-KEYWORD,adktrack
 DOMAIN-KEYWORD,track.msadcenter
 DOMAIN-KEYWORD,dc.pimentaafricana
 DOMAIN-KEYWORD,-txtagstore
+DOMAIN-KEYWORD,thetollroads-
 
 DOMAIN,stun.smartgslb.com