Closed ghost closed 3 months ago
I can't reproduce the popup despite clicking many places on the page.
there's nothing malicious ads on this site its just activator which iam pretty sure all av softwares will block
uBO does a good job of blocking popups, however, there is always a chance it could miss a future malicious ad or popup. Try visiting the website with uBO turned off, and you'll understand what I mean. Wouldn't it be better if this domain were blocked altogether? It's not a legitimate website anyway, and even the activator it offers is malware, as seen here: https://www.youtube.com/watch?v=mDyODRZq1GA
yeah pretty sure every illegal software patchers are malware
Most AV vendors flagging the download as a "HackTool", "Crack" or "AutoKMS" so its not malware. Same for the downloads on many sites you reported in https://github.com/uBlockOrigin/uAssets/issues/24193
"I get popups with uBO off" is not a reason to hard block a site. When we would start to block sites with this reason we would block the half internet...
"Maybe it spreading malware in the future" is not a reason to block a site.
Okay, I understand.
However, most of these websites distribute software that, after installation, contact other malicious domains, download InfoStealers from them, and send users' data without their knowledge.
They're (the websites I reported) sources of malware and offer no benefit to users, only harmful software. Thats why I reported them.
Interesting. From what I saw on one sample, it connects to rnofor4ht.top
and mofor4ht.top
for example.
Also, the downloaded file from kms-full.com
is obfuscating its files to avoid analysis, is avoiding being run in a VM and is using delayed execution, which is suspicious. VirusTotal
kms-full.com
got added 10 hours ago already https://github.com/uBlockOrigin/uAssets/commit/5dc64eed2e6876a9e9e34ba290522614c4a0f128
Anyways, I will test them analytically and report again if I find anything new and specific beyond what was already blocked earlier.
Prerequisites
URL(s) where the issue occurs.
Description
This website is a total nightmare. It is filled with malicious and phishing ads and pop-ups. Clicking anywhere results in a random malicious website appearing. I recommend blocking this domain entirely, as there are multiple associated malicious domains. Something might slip past uBO, potentially leading to users being scammed or worse.
Here are a few of the many malicious/phishing/adware domains it connects to:
Other extensions used
none
Screenshot(s)
Screenshot(s)
Configuration
Details
```yaml ```