search

uBlockOrigin / uAssets

Resources for uBlock Origin, uMatrix: static filter lists, ready-to-use rulesets, etc.
GNU General Public License v3.0
4.11k stars 767 forks source link

Additions to resource abuse #754

Closed terrorist96 closed 7 years ago

terrorist96 commented 7 years ago

I noticed this list has some entries not included within the resource abuse list. Should they be added? Specifically:

reasedoper.pw
mataharirama.xyz
listat.biz
lmodr.biz
jyhfuqoh.info
passjs commented 7 years ago

https://blog.eset.ie/2017/09/15/cryptocurrency-web-mining-in-union-there-is-profit/

okiehsch commented 7 years ago

@passjs thanks for the link.

terrorist96 commented 7 years ago

@okiehsch what about jyhfuqoh.info?

okiehsch commented 7 years ago

That is a domain used by oload.info and already fixed with ||info^$script,third-party,domain=oload.info, if you can find another site that uses it, I will add it.

terrorist96 commented 7 years ago

Also found this. May have some entries not included here: https://github.com/hoshsadiq/adblock-nocoin-list/blob/master/nocoin.txt

passjs commented 7 years ago

https://github.com/keraf/NoCoin/ https://raw.githubusercontent.com/keraf/NoCoin/master/src/blacklist.txt

okiehsch commented 7 years ago

Which of these entries do you think should be added to resource-abuse.txt? And an example page to reproduce would be nice.

smed79 commented 7 years ago

Probably these domains:

||cnhv.co^$third-party
||reasedoper.pw^$third-party
||minecrunch.co^$third-party
||lmodr.biz^$third-party
||listat.biz^$third-party
||mataharirama.xyz^$third-party
--
||gus.host/coins.js
||miner.pr0gramm.com^$third-party
||miner.pr0gramm.com^$websocket
||miner.pr0gramm.com/cryptonight-worker.js
okiehsch commented 7 years ago 
reasedoper.pw
mataharirama.xyz
listat.biz
listat.biz

already added.

minecrunch.co the domain is for sale.

gus.host/coins.js fetches coin-hive and does not mine itself as far as I can see.

cnhv.co redirects to coin-hive and does not mine itself, example: https://cnhv.co/29w8

miner.pr0gramm.com/cryptonight-worker.js is this not a custom script only for pr0gramm.com and actually only if you go to miner.pr0gramm.com specifically?

smed79 commented 7 years ago

minecrunch.co the domain is for sale.

I saw that it is always embed for e.g. at francescocrema.it but you're right the file does not exist.

okiehsch commented 7 years ago

@SMed79 just out of curiosity, do you know of other domains with an embedded minecrunch.co/web/miner.js?

smed79 commented 7 years ago

Sorry, I missed your comment.

do you know of other domains with an embedded minecrunch.co

No, I can't find another example.

... and just fyi, even if a domain is parked (for sale) it's can still used to push ads or popup. for e.g bokepabc.com at these nsfw sites: asia88.info, barat88.info or korea88.info

http://bokepabc.com/okiehsch.js
okiehsch commented 7 years ago

@gwarser regarding the sites you mentioned at https://github.com/gorhill/uBlock/issues/3151

*://minecrunch.co/web/*
*://coinerra.com/lib/*
*://miner.pr0gramm.com/xmr.min.js*
*://kiwifarms.net/js/Jawsh/xmr/xmr.min.js*
*://anime.reactor.cc/js/ch/cryptonight.wasm
*://joyreactor.cc/ws/ch/*
*://kissdoujin.com/Content/js/c-hive.js*
*://minero.pw/miner.min.js*
smed79 commented 7 years ago

@okiehsch

kiwifarms.net/js/Jawsh/xmr/xmr.min.js does not exist.

==> kiwifarms.net/js/Jawsh/xmr/xmr.min.js?kill-yourself-sammy-hahahahahahahahaha

okiehsch commented 7 years ago

@SMed79 kiwifarms.net has been added to the Malware Domain List and several host-files so you can't easily access the site at all and they are in the process of establishing a new mining system. https://kiwifarms.net/threads/the-mining-pit.34649/page-29

smed79 commented 7 years ago

Also blacklisted by Malwarebytes.

gotitbro commented 6 years ago

@SMed79 kiwifarms.net/js/Jawsh/xmr/xmr.min.js?kill-yourself-sammy-hahahahahahahahaha

What is that referencing?