aurorastore.org: badware

lucasmz-dev commented 6 months ago

Prerequisites

[X] This is NOT a YouTube, Facebook, Twitch or a shortener/hosting site report. These sites MUST be reported by clicking their respective links.
[X] I read and understand the policy about what is a valid filter issue.
[X] I verified that this issue is not a duplicate. (Search here to find out.)
[X] I did not remove any of the default filter lists, or I have verified that the issue was not caused by removing any of the default lists.
[X] I did not enable additional filter lists, or I have verified that the issue still occurs without enabling additional filter lists.
[X] I do not have custom filters/rules, or I have verified that the issue still occurs without custom filters/rules.
[X] I am not using uBlock Origin along with other content blockers.
[X] I have verified that the web browser's built-in content blocker/tracking protection, network wide/DNS blocking, or my VPN is not causing the issue.
[X] I have verified that other extensions are not causing the issue.
[X] If this is about a breakage or detection, I have verified that it is caused by uBlock Origin and isn't a site issue.
[ ] I did not answer truthfully to ALL the above checkboxes.

URL(s) where the issue occurs.

https://aurorastore.org

Description

This domain does not seem to be official. The official domain for Aurora is https://auroraoss.com. Not even talking about the obvious issues with references to 'game mod'. Right now it doesn't seem to be spreading malware as it seems to redirect to the official downloads, even if broken, but the future risk is there.

Other extensions used

none

Screenshot(s)

Configuration

Details

```yaml uBlock Origin: 1.57.2 Firefox: 125 filterset (summary): network: 136113 cosmetic: 50270 scriptlet: 19726 html: 1777 listset (total-discarded, last-updated): default: user-filters: 0-0, never ublock-filters: 37981-109, 1h.11m Δ ublock-badware: 8530-0, 1h.11m Δ ublock-privacy: 882-2, 1h.11m Δ ublock-unbreak: 2325-2, 1h.11m Δ ublock-quick-fixes: 202-21, 1h.11m Δ easylist: 86869-177, 1h.11m Δ easyprivacy: 50859-64, 1h.11m Δ urlhaus-1: 12690-0, now plowe-0: 3729-1160, now spa-1: 5595-89, now filterset (user): [empty] userSettings: [none] hiddenSettings: [none] supportStats: allReadyAfter: 292 ms (selfie) maxAssetCacheWait: 54 ms cacheBackend: indexedDB popupPanel: blocked: 3 network: googlesyndication.com: 3 extended: ##ins.adsbygoogle[data-ad-slot] ```

stephenhawk8054 commented 6 months ago

For non-authentication website, better to block when there's obvious evidence of malware. Otherwise, when website's owner complains, we don't have any reliable evidence to back up the decision.

JobcenterTycoon commented 6 months ago

0 VT detections https://www.virustotal.com/gui/url/9c384314235a976099a8c75a12c9007bd55064f6f9fea73d4c10a8e5d9213293?nocache=1

We don’t block just because the site "seems to be unofficial", there must be a thread like malware, phishing, spam, scam or something.

uBlockOrigin / uAssets