meltedpleasandtws.shop: Malware

[ghost]

Prerequisites

• [X] This is NOT a YouTube, Facebook, Twitch or a shortener/hosting site report. These sites MUST be reported by clicking their respective links.
• [X] I read and understand the policy about what is a valid filter issue.
• [X] I verified that this issue is not a duplicate. (Search here to find out.)
• [X] I did not remove any of the default filter lists, or I have verified that the issue was not caused by removing any of the default lists.
• [X] I did not enable additional filter lists, or I have verified that the issue still occurs without enabling additional filter lists.
• [X] I do not have custom filters/rules, or I have verified that the issue still occurs without custom filters/rules.
• [X] I am not using uBlock Origin along with other content blockers.
• [X] I have verified that the web browser's built-in content blocker/tracking protection, network wide/DNS blocking, or my VPN is not causing the issue.
• [X] I have verified that other extensions are not causing the issue.
• [X] If this is about a breakage or detection, I have verified that it is caused by uBlock Origin and isn't a site issue.
• [ ] I did not answer truthfully to ALL the above checkboxes.

URL(s) where the issue occurs.

meltedpleasandtws.shop
meltedpleasandtws.shop/api

Description

It's a malicious website that Stealer malware connects to

Other extensions used

none

Screenshot(s)

Screenshot(s)

Configuration

Details

```yaml ```

[JobcenterTycoon]

What can uBO do against this? uBO only blocks network requests in the browser. Blocking sites which perform outside of the browser would just bloat uBOs lists.

[ghost]

I've been told that uAssets is for malware and phishing reports as well, under "Badware". I've reported dozens of them in the past, and it all went well. Has uBO's policy changed? Because I'm unaware.

[JobcenterTycoon]

Yes malware and phishing which perform in the browser. uBlock filters – Badware risks is designed for uBO, not for DNS blockers and its not a antivirus.

[ghost]

This website has multiple subdomains, some of which contain content. For example, the /api+ (not just /api) subdomain hosts Russian content and shows the highest malware positives on VirusTotal compared to the other subdomains I've found so far. Malware connecting to this domain is one possibility, which uBlock Origin can't protect against, yes, but users could also be vulnerable through their browsers if another website redirects them to these subdomains, which may contain malware.

[JobcenterTycoon]

Ok malicious content which can harm browser users is a case for uBO.

To make it more clear:

• Malicious activity outside of the browser: Report to security vendors.
• Malicious acitvity which can’t be properly blocked by uBO (like massive rotating malware/phishing URLs from emails without useful patterns/sites which are down or obsolete within a few days): Report to security vendors and report abuse like malicious emails to the hoster.
• stable malware payloads (like https://example.com/malprogram.exe): Report to URLhaus uBO has the URLhaus list enabled by default.
• Local Fakeshops/Fraud: law enforcement and sites which collect such sites.
• Malicious sites which are browser related and which can be blocked by uBO: Report here.