search

VernonStow / Filterlist

Blocklist for websites likely to be harmful or annoying, meant to supplement mainstream blocklists.
6 stars 1 forks source link

Domain report (#2) #3

Closed iam-py-test closed 3 years ago

iam-py-test commented 3 years ago

I would like to report the following filters to block malware domains:

com-repair-windows.live$all
# Used to infect and redirect websites
mcloudjs.com$all
googieapls.com$all
google-analytisc.co.cc$all
# Bitcoin scam
# https://www.fortinet.com/blog/threat-research/another-bitcoin-exchange-scam-this-time-live-on-youtube
cham-event.com$all
# Scam domain
1800support.weebly.com$document

https://safeweb.norton.com/report/show?url=com-repair-windows.live https://www.siteadvisor.com/sitereport.html?url=com-repair-windows.live https://www.siteadvisor.com/sitereport.html?url=microsoft.com-repair-windows.live https://yandex.com/safety/?url=microsoft.com-repair-windows.live https://www.virustotal.com/gui/url/f616050b625e09419d8986295aab0c338f4139d3130d5c2865362fd869eeb0b8/detection

See https://github.com/iam-py-test/my_filters_001/blob/911702c7afa23ce238e0a00c69831aca591ab5c2/antimalware.txt#L651 for more information. The domain seems offline but according to https://github.com/uBlock-LLC/uBlock/issues/1839#issuecomment-852183358 it is easy to do that to get de-blocklisted.

This domain has existed in my blocklists so long (apparently I forgot to add where I got it from) that I am not sure how I found this domain

https://labs.sucuri.net/signatures/sitecheck/malware-rks_injection/ https://blog.sucuri.net/2011/01/malware-update-co-cc.html https://www.fortiguard.com/webfilter?q=http%3A%2F%2Fgoogle-analytisc.co.cc&version=8 https://safeweb.norton.com/report/show?url=http%3A%2F%2Fgoogle-analytisc.co.cc https://www.virustotal.com/gui/url/6cc9c5dbd531e82102590df163142db0c248de81b831372a35fb281d90a6c768/detection https://www.urlvoid.com/scan/google-analytisc.co.cc/! https://www.mywot.com/en/scorecard/google-analytisc.co.cc https://sitecheck.sucuri.net/results/google-analytisc.co.cc

cham-event.com: https://www.fortinet.com/blog/threat-research/another-bitcoin-exchange-scam-this-time-live-on-youtube https://www.virustotal.com/gui/url/6fa027286c324e76d56a0144122699600f4c654870f1f6b6ee15b67d009ebda9/detection https://safeweb.norton.com/report/show?url=cham-event.com https://www.siteadvisor.com/sitereport.html?url=cham-event.com

1800support.weebly.com: https://www.bleepingcomputer.com/news/security/tech-support-scammers-lure-victims-with-fake-antivirus-billing-emails/ https://safeweb.norton.com/report/show_mobile?name=1800support.weebly.com https://www.virustotal.com/gui/url/f241ee0024a97c2bea5acdcd60ac116dc588a7084dd151a2dfdcb76a2749c35c/detection https://www.urlvoid.com/scan/1800support.weebly.com/ https://www.fortiguard.com/webfilter?q=1800support.weebly.com

Sorry for overwhelming you with domains

VernonStow commented 3 years ago

Thanks, added all.

iam-py-test commented 3 years ago

Ok, thanks!

iam-py-test commented 3 years ago

Question: What is the criteria for adding a domain?

iam-py-test commented 3 years ago

Additional domain report: totalav.com https://www.virustotal.com/gui/domain/www.totalav.com/community https://www.virustotal.com/gui/domain/totalav.com/community https://safeweb.norton.com/reviews?url=totalav.com https://www.mywot.com/scorecard/totalav.com https://www.mywot.com/scorecard/safetydetectives.com Has fake AV, very determined to sell, gets ads on all kinds of domains to draw people in.

VernonStow commented 3 years ago

I add domains that aren't listed in mainstream filter lists and are (1) used in social-media spam/phishing campaigns, (2) redirects that weren't expected (usually from expired domains), (3) aggressive ads or popups that evade uBlockOrigin, (4) fake virus warnings and tech support scams, (5) listed by AV companies as malicious or e.g. try to download unwanted files, or (6) deceptive ads that appear to be phishing/scams. I don't add ordinary advertising domains to this filter list, though I maintain my own personal list in uBO.

iam-py-test commented 3 years ago

I add domains that aren't listed in mainstream filter lists and are (1) used in social-media spam/phishing campaigns, (2) redirects that weren't expected (usually from expired domains), (3) aggressive ads or popups that evade uBlockOrigin, (4) fake virus warnings and tech support scams, (5) listed by AV companies as malicious or e.g. try to download unwanted files, or (6) deceptive ads that appear to be phishing/scams. I don't add ordinary advertising domains to this filter list, though I maintain my own personal list in uBO.

I reported it because the community reports say it promotes its own fake av very aggressively.

iam-py-test commented 3 years ago

Found this report on Reddit too https://www.reddit.com/r/antivirus/comments/dwlnlf/totalav_scam/ https://discussions.apple.com/thread/8226797 https://malwaretips.com/threads/total-av-is-it-a-scam.80362/

iam-py-test commented 3 years ago

Thank you for maintaining this list & fixing this issue! Maybe should add link to this issue so people know why it is blocked