ublockorigin[.]com malware (Invalid)

[iam-py-test]

Prerequisites

• [X] This is not a support issue or a question
  • Support issues and questions are handled at /r/uBlockOrigin
• [X] I performed a cursory search of the issue tracker to avoid opening a duplicate issue
  • Your issue may already be reported.
• [ ] I tried to reproduce the issue when...
  • [ ] uBlock Origin is the only extension
  • [ ] uBlock Origin with default lists/settings
  • [ ] using a new, unmodified browser profile
• [X] I am running the latest version of uBlock Origin

URL(s) where the issue occurs

https://ublockorigin.com (The malware url - I have not visited it for security reasons) https://duckduckgo.com/?q=ublock+origin&ia=web (The DuckDuckGo search results)

Describe the issue

ublockorigin.com is a fake uBlock Origin website which is at the top of the DuckDuckGo search results and appears to serve malware. Because uAssets has blocked other fake uBlock Origin websites (Examples, https://github.com/uBlockOrigin/uAssets/issues/5854, https://github.com/gorhill/uBlock/wiki/Badware-risks#ublockorg)

### Screenshot(s)

Versions

• Browser/version: Firefox 88.0.1
• uBlock Origin version: uBlock Origin v1.35.2 (Can also reproduce with uBlock Origin development build v1.35.3b3)

Settings

• For antimalware lists I have uBlock filters – Badware risks, 💊 Dandelion Sprout's Anti-Malware List, Phishing URL Blocklist, The Block List Project - Ransomware List, Antimalware*, and a few others (All listed in settings images).

Advanced User Mode is on.

Notes

ublockorigin.com is the top result in DuckDuckGo so people will click on it: https://duckduckgo.com/?q=ublock+origin&ia=web

ublockorigin.com tries to look like a real uBlock Origin related site, even their favicon is the uBlock Origin symbol:

curl shows it claims it is the real uBlock Origin:

ublockorigin.com is identified by McAfee WebAdvisor as malicious: https://www.siteadvisor.com/sitereport.html?url=ublockorigin.com VirusTotal: https://www.virustotal.com/gui/url/1a306d3988f539861d6c6f62018dbea77250ecc353e39732640be5113b036d74/detection

There are no issues about ublockorigin.com in uAssets or uBlock: https://github.com/uBlockOrigin/uAssets/issues?q=ublockorigin.com https://github.com/gorhill/uBlock/issues?q=ublockorigin.com No entries in badware.txt (I just updated it)

*Which is a custom list I created

[iam-py-test]

I can provide other information (i.e. OS) if needed

[mapx-]

https://www.reddit.com/r/uBlockOrigin/comments/hyct22/i_created_an_unofficial_ublockorigincom_homepage/

[iam-py-test]

Oh. Sorry, I did not see that. Thank you @mapx-

[krystian3w]

Maybe need daily checking whois to exclude problem of ensuring the continuity of domain/hosting payments or broker silent sold to new hands.

https://lookup.icann.org/lookup

https://godaddy.com/whois/results.aspx?checkAvail=1&domain=ublockorigin.com

Registry Expiration: 2022-12-05 22:08:55 UTC Created: 2016-12-05 22:08:55 UTC

Mailing Address: [V]la[a]ms [B]ra[b]ant, B[e]lg[i]um

[ajayyy]

ublockorigin.com is now misleading people into thinking some "AI" tools are created by the same people as uBlock Origin