Malware domain report - Githubissues

VernonStow / Filterlist

Blocklist for websites likely to be harmful or annoying, meant to supplement mainstream blocklists.

6 stars 1 forks source link

Malware domain report #5

Closed iam-py-test closed 3 years ago

iam-py-test commented 3 years ago

Malware domains from https://www.joesandbox.com/analysis/431924/0/html#domains:

alphastand.win$all
alphastand.trade$all
parkingcrew.net$all

Malware domain used to infect other sites: 2677.in See https://blog.sucuri.net/2010/06/mass-infection-of-iisasp-sites-2677-inyahoo-js.html, https://www.mywot.com/en/scorecard/2677.in, https://www.virustotal.com/gui/url/f507e6a0a01f24299ff14722397af662bf0ec9cdcf111af4a378c0be9696d3ac/detection

iam-py-test commented 3 years ago

@VernonStow A spam domain I found on https://adblockplus.org/forum/viewtopic.php?f=10&t=82319 (a spam post that got taken down). I don't know if you will accept it without verification & with the post removed, but thought I'd post it anyway. Domain: unitedmedicines.com

VernonStow commented 3 years ago

None are currently listed as malicious at urlvoid.com, but oddly enough, Firefox 89 warns on joesandbox.com.

Thanks anyway, and best regards.

ETA: today (June 12) AdGuard DNS now blocks joesandbox.com with this message: Access denied 2021-06-11

iam-py-test commented 3 years ago

None are currently listed as malicious at urlvoid.com, but oddly enough, Firefox 89 warns on joesandbox.com.

Thanks anyway, and best regards.

ETA: today (June 12) AdGuard DNS now blocks joesandbox.com with this message:

Weird. I have visited joesandbox many times and it’s pretty popular.

https://www.virustotal.com/gui/domain/joesandbox.com/community & https://www.virustotal.com/gui/url/891dec033b1e5eb48b16a91442e66ef3d2dcb78431dfe61696a5fb13ab1cb52e/detection. Maybe it is flagged because it contains malware, but it is just used for malware analysis.

Also, maybe it’s just me, but urlvoid seems like it’s broken. Sites are flagged by something like Google or Fortuniguard but Urlvoid shows no detections. Personally, I use VirusTotal combined with Norton

VernonStow commented 3 years ago

I had no problem visiting joesandbox.com today on FF 89 with Quad9 DNS, so it was probably a false positive from Ad Guard. (I can't access Virus Total because it strangely requires me to solve an unsolvable CAPTCHA every time, probably because I use a shared IP address.)