puzzceworkdistkebur.tk badware

AdguardTeam / AdguardFilters

AdGuard Content Blocking Filters

https://adguard.com/

GNU General Public License v3.0

3.23k stars 638 forks source link

puzzceworkdistkebur.tk badware #76201

Closed JobcenterTycoon closed 3 years ago

JobcenterTycoon commented 3 years ago

Description: click on the yellow button it redirects to badware crap http://mediazlez.pp.ua/d/nEDt2mkU17

For me the badware is coming from puzzceworkdistkebur.tk so this domain need to be blocked. I think the domain walhalagame.fun need to be blocked too because its only provide fake downloads

Current behaviour:

Steps to reproduce the problem:

click on the yellow button. Now you will get redirected to a download link with malware download.

Virustotal scan: https://www.virustotal.com/gui/file/afa45ed317b277c3a16b4f47c48c20a370089b8187d9cdcadfcea1baf9933a03/detection

System configuration

Filters:

Information	Value
Operating system:	Windows 10
Browser:	Firefox developer
AdGuard version:	3.5.31
Filters enabled:	Default + Adguard tracking protection + Adguard annoyances + Adguard germany + phishing and malware protection enabled
AdGuard DNS:	None

JobcenterTycoon commented 3 years ago

More: http://failsame.ru/file/7b289e redirects to suzamense.com and sevenonex.space and recangedesna.ml and newfind.cloudns.cl with badware

Alex-302 commented 3 years ago

Never visit sites, hosted on pp.ua:) It is like bulletproof hosthing.

JobcenterTycoon commented 3 years ago

Yes now i know the domains are random (changed daily)

But mediazlez.pp.ua and walhalagame.fun are not random and its effective to block this. Im tried a few downloads but all redirect to the same badware files. Im searched but i don't saw any legitimate link on these 2 sites.

lolka4toli commented 3 years ago

Blacklisted.

JobcenterTycoon commented 3 years ago

I have more very suspect domains (stable - exist over multiply weeks).

https://zhirhacks.pro/fortnite or https://zhirhacks.pro/csgo or https://zhirhacks.pro/overwatch redirect to mega.nz sites with malware downloads. I already reportet many domains to mega.nz but they get nearly every day a new mega.nz domain. They protect the zip with a password to avoid antivirus detection and putting the password (simple passwords like 1234 or 1111) under the download link

https://nemosiau.icu/wCKsn5 same as above ... this site have no main site (just redirect to google) so its looks like they just use the domain to redirect to malware crap

https://fortniteswapper.fun link to malware downloads. First they used mega.nz but now they use another file hoster without fast malware file deletion

http://injectx.online/ redirector

https://app-inject.com/ just redirect to ads and scam (the complete spectrum ... fake captchas, fake giveaway, hundrets of redirects, ...)