Closed iam-py-test closed 3 years ago
Thanks, added all.
Ok, thanks!
Question: What is the criteria for adding a domain?
Additional domain report:
totalav.com
https://www.virustotal.com/gui/domain/www.totalav.com/community
https://www.virustotal.com/gui/domain/totalav.com/community
https://safeweb.norton.com/reviews?url=totalav.com
https://www.mywot.com/scorecard/totalav.com
https://www.mywot.com/scorecard/safetydetectives.com
Has fake AV, very determined to sell, gets ads on all kinds of domains to draw people in.
I add domains that aren't listed in mainstream filter lists and are (1) used in social-media spam/phishing campaigns, (2) redirects that weren't expected (usually from expired domains), (3) aggressive ads or popups that evade uBlockOrigin, (4) fake virus warnings and tech support scams, (5) listed by AV companies as malicious or e.g. try to download unwanted files, or (6) deceptive ads that appear to be phishing/scams. I don't add ordinary advertising domains to this filter list, though I maintain my own personal list in uBO.
I add domains that aren't listed in mainstream filter lists and are (1) used in social-media spam/phishing campaigns, (2) redirects that weren't expected (usually from expired domains), (3) aggressive ads or popups that evade uBlockOrigin, (4) fake virus warnings and tech support scams, (5) listed by AV companies as malicious or e.g. try to download unwanted files, or (6) deceptive ads that appear to be phishing/scams. I don't add ordinary advertising domains to this filter list, though I maintain my own personal list in uBO.
I reported it because the community reports say it promotes its own fake av very aggressively.
Thank you for maintaining this list & fixing this issue! Maybe should add link to this issue so people know why it is blocked
I would like to report the following filters to block malware domains:
https://safeweb.norton.com/report/show?url=com-repair-windows.live https://www.siteadvisor.com/sitereport.html?url=com-repair-windows.live https://www.siteadvisor.com/sitereport.html?url=microsoft.com-repair-windows.live https://yandex.com/safety/?url=microsoft.com-repair-windows.live https://www.virustotal.com/gui/url/f616050b625e09419d8986295aab0c338f4139d3130d5c2865362fd869eeb0b8/detection
See https://github.com/iam-py-test/my_filters_001/blob/911702c7afa23ce238e0a00c69831aca591ab5c2/antimalware.txt#L651 for more information. The domain seems offline but according to https://github.com/uBlock-LLC/uBlock/issues/1839#issuecomment-852183358 it is easy to do that to get de-blocklisted.
This domain has existed in my blocklists so long (apparently I forgot to add where I got it from) that I am not sure how I found this domain
https://labs.sucuri.net/signatures/sitecheck/malware-rks_injection/ https://blog.sucuri.net/2011/01/malware-update-co-cc.html https://www.fortiguard.com/webfilter?q=http%3A%2F%2Fgoogle-analytisc.co.cc&version=8 https://safeweb.norton.com/report/show?url=http%3A%2F%2Fgoogle-analytisc.co.cc https://www.virustotal.com/gui/url/6cc9c5dbd531e82102590df163142db0c248de81b831372a35fb281d90a6c768/detection https://www.urlvoid.com/scan/google-analytisc.co.cc/! https://www.mywot.com/en/scorecard/google-analytisc.co.cc https://sitecheck.sucuri.net/results/google-analytisc.co.cc
cham-event.com
: https://www.fortinet.com/blog/threat-research/another-bitcoin-exchange-scam-this-time-live-on-youtube https://www.virustotal.com/gui/url/6fa027286c324e76d56a0144122699600f4c654870f1f6b6ee15b67d009ebda9/detection https://safeweb.norton.com/report/show?url=cham-event.com https://www.siteadvisor.com/sitereport.html?url=cham-event.com1800support.weebly.com
: https://www.bleepingcomputer.com/news/security/tech-support-scammers-lure-victims-with-fake-antivirus-billing-emails/ https://safeweb.norton.com/report/show_mobile?name=1800support.weebly.com https://www.virustotal.com/gui/url/f241ee0024a97c2bea5acdcd60ac116dc588a7084dd151a2dfdcb76a2749c35c/detection https://www.urlvoid.com/scan/1800support.weebly.com/ https://www.fortiguard.com/webfilter?q=1800support.weebly.comSorry for overwhelming you with domains