diff --git a/antimalware.txt b/antimalware.txt index 2a8a4c9d..4645aad8 100644 --- a/antimalware.txt +++ b/antimalware.txt @@ -3,7 +3,7 @@ ! Homepage: https://github.com/iam-py-test/my_filters_001 ! Expires: 1 day ! Last updated: 2024-11-24 -! Version: 20241124.1 +! Version: 20241124.2 ! Description: This list aims to protect against scams, phishing, malware, some stalkerware, and potentially unwanted programs (PUPs). It includes a version of vxvault.net's list, modified by me to work in adblockers. ! Issues url: https://github.com/iam-py-test/my_filters_001/issues ! GitLab issues url (not checked as often): https://gitlab.com/iam-py-test/my_filters_001/-/issues @@ -2912,117 +2912,8 @@ ||rebrand.ly/McAfeeSecurity2022ActivateDownload^$all ||45.15.157.132^$all -! this is totally not what online malware sandboxes are for, but -! https://tria.ge/221205-15q5dsfb9z/behavioral1#network -||adthereis.buzz^$all -||ftrec.adthereis.buzz^$all -! subdomains -||czudf.adthereis.buzz^$all -||dlaho.adthereis.buzz^$all -||uyfox.adthereis.buzz^$all -||bukwg.adthereis.buzz^$all -||vriuj.adthereis.buzz^$all -||qcfhr.adthereis.buzz^$all -||vmvyu.adthereis.buzz^$all -||sxvne.adthereis.buzz^$all -||tzoca.adthereis.buzz^$all -||vqzao.adthereis.buzz^$all -||stypo.adthereis.buzz^$all -||rzukq.adthereis.buzz^$all -||buvaf.adthereis.buzz^$all -||kmkab.adthereis.buzz^$all -||ecgax.adthereis.buzz^$all -||tfseo.adthereis.buzz^$all -||pydqn.adthereis.buzz^$all -||jspov.adthereis.buzz^$all -||xdaxi.adthereis.buzz^$all -||cxyyv.adthereis.buzz^$all -||rzhxs.adthereis.buzz^$all -||ihclh.adthereis.buzz^$all -||mzqyv.adthereis.buzz^$all -||ovanj.adthereis.buzz^$all -||nnkjm.adthereis.buzz^$all -||zcuea.adthereis.buzz^$all -||mnqre.adthereis.buzz^$all -||vnzdj.adthereis.buzz^$all -||bxauc.adthereis.buzz^$all -||drauy.adthereis.buzz^$all -||gkgfw.adthereis.buzz^$all -||ribsl.adthereis.buzz^$all -||czhif.adthereis.buzz^$all -||cupyx.adthereis.buzz^$all -||ypnjk.adthereis.buzz^$all -||agexq.adthereis.buzz^$all -||ojhjn.adthereis.buzz^$all -||mrmgk.adthereis.buzz^$all -||hwkjq.adthereis.buzz^$all -||povvx.adthereis.buzz^$all -||pkciz.adthereis.buzz^$all -||drpgq.adthereis.buzz^$all -||inrtc.adthereis.buzz^$all -||tifrl.adthereis.buzz^$all -||lqgqc.adthereis.buzz^$all -||hlrjd.adthereis.buzz^$all -||dqnib.adthereis.buzz^$all -||ydhet.adthereis.buzz^$all -||izszd.adthereis.buzz^$all -||lshph.adthereis.buzz^$all -||cclct.adthereis.buzz^$all -||mzstz.adthereis.buzz^$all -||hzuhg.adthereis.buzz^$all -||qkefc.adthereis.buzz^$all -||furbf.adthereis.buzz^$all -||aealu.adthereis.buzz^$all -||imolc.adthereis.buzz^$all -||gjzsn.adthereis.buzz^$all -||rvoko.adthereis.buzz^$all -||jfope.adthereis.buzz^$all -||kngev.adthereis.buzz^$all -||fkpbd.adthereis.buzz^$all -||atyqv.adthereis.buzz^$all -||tfkbt.adthereis.buzz^$all -||ghevg.adthereis.buzz^$all -||mtvam.adthereis.buzz^$all -||zsa0i.adthereis.buzz^$all -||pxzib.adthereis.buzz^$all -||bbpky.adthereis.buzz^$all -||xtfaq.adthereis.buzz^$all -||ggyjx.adthereis.buzz^$all -||wqweo.adthereis.buzz^$all -||ycxds.adthereis.buzz^$all -||vpemr.adthereis.buzz^$all -||updsl.adthereis.buzz^$all -||pnwut.adthereis.buzz^$all -||svgpj.adthereis.buzz^$all -||afmqv.adthereis.buzz^$all -||fcwli.adthereis.buzz^$all -||bejnh.adthereis.buzz^$all -||uzvfz.adthereis.buzz^$all -||eapmj.adthereis.buzz^$all -||hiaxn.adthereis.buzz^$all -||nglkk.adthereis.buzz^$all -||04pl0.adthereis.buzz^$all -||xbufq.adthereis.buzz^$all -||kfchx.adthereis.buzz^$all -||eqtzo.adthereis.buzz^$all -||xkrws.adthereis.buzz^$all -||rabyl.adthereis.buzz^$all -||vrrip.adthereis.buzz^$all -||yrjrq.adthereis.buzz^$all -||oimxs.adthereis.buzz^$all -||mnlnd.adthereis.buzz^$all -||lubpm.adthereis.buzz^$all -||uvcbk.adthereis.buzz^$all -||bhqgv.adthereis.buzz^$all -||jzewf.adthereis.buzz^$all -||edbek.adthereis.buzz^$all -||bmvbj.adthereis.buzz^$all -||wmsxu.adthereis.buzz^$all -||mfxzk.adthereis.buzz^$all - ! https://scammer.info/t/i-made-a-game-can-you-test-play-discord-trojan/114861 ! https://tria.ge/221208-n68plshh69/behavioral1 -||mediafire.com/file/bu394h0oi025wpt/ExtremeUpdate.exe/file^$all ||kqnfkpoccicxiudstqonfotuwsrhuxkwhqjjfsbjhonoubrccy.nl^$all ! https://app.any.run/tasks/82e6d95e-3fd5-4bf6-873e-3d7379d495e3 @@ -3031,9 +2922,6 @@ ||fitgirl-repacks-site.org^$all ||bluemediafiles.top^$all -! https://forums.malwarebytes.com/topic/292825-outgoing-connection-blocked-due-to-trojan-vbcexe/ -||na.luckpool.net^$all - ! https://forums.malwarebytes.com/topic/292876-detected-trojan-windowsmicrosoftnetframeworkv4030319applaunchexe/ ||tininshassama.xyz^$all @@ -3071,8 +2959,8 @@ ||microauth.ru^$all ! https://forums.malwarebytes.com/topic/293076-google-docs-extension-malware/ -||goog.goodsearchez.com^$document ||goodsearchez.com^$document +||goog.goodsearchez.com^$document ! https://forums.malwarebytes.com/topic/293086-i-keep-getting-data-crypto-mining-trojans-in-my-chrome-extensions-folder/ ||daggerhashimoto.eu.nicehash.com^$all @@ -3093,17 +2981,11 @@ ||gg.gg/teamviewer-prem-free^$all ||mediafire.com/file/z0mvgi2bjbotamf/TeamViewerPremium.rar/file^$all -! https://virustotal.com/gui/file/1727a5f6484628f4493ac2befaf48b47d88376128992c2787959c00b306da048/detection -||bit.ly/3VtsAd2^$document -||mediafire.com/file/umf43herutudu71/After+Effects.rar/file^$all - ! https://github.com/DandelionSprout/adfilt/discussions/163#discussioncomment-4502840 (with no adblocker, I got an ad which downloaded https://virustotal.com/gui/file/7c4c570fb381176736d956ee84c5fb01b6e4638fe122e7a2e1f7335d08edb1d6/detection) ||ecomefuk.xyz^$all ! https://app.any.run/tasks/f4e39100-c15b-4cd3-9a2c-3401df4435d4 ! https://tria.ge/221227-3mk7jagg99 -||thyr65qw.cfd^$all -||5rd5tgh.cfd^$all ||116.203.121.167^$all ! https://www.hybrid-analysis.com/sample/f2e12223da0ae00323260f8dadbdd1596f7ce8fcd2e2520fde0aefc6fd19a88b @@ -3162,7 +3044,6 @@ ! https://tria.ge/230104-qcf4lsbb81/behavioral2 ! https://www.hybrid-analysis.com/sample/a2f1e5de0f6a32a2b202a973b4deebb0f3f3fd0c16001a010594ced932b17a07 ! https://virustotal.com/gui/file/a2f1e5de0f6a32a2b202a973b4deebb0f3f3fd0c16001a010594ced932b17a07/detection -||1weset6y.cfd^$all ! https://threatfox.abuse.ch/ioc/1064537/ ! https://threatfox.abuse.ch/ioc/1064536/ ! https://threatfox.abuse.ch/ioc/1064660/ @@ -3254,8 +3135,6 @@ ||cdn.progriu.top^$all ! https://tria.ge/230114-ra56dsch4w/behavioral2 -||er76njy.click^$all -||vghu896yh.cfd^$all ! https://threatfox.abuse.ch/ioc/1068340/ and https://threatfox.abuse.ch/ioc/1068341/ ||146.70.86.11^$all ||69.46.15.158^$all @@ -3266,8 +3145,8 @@ ||ormoredeta.xyz^$all ! https://forums.malwarebytes.com/topic/293881-hijackautoconfigurlprxysvrrst-backdoorfarfli/ -||g.agametog.com^$all ||agametog.com^$document +||g.agametog.com^$all ! https://bazaar.abuse.ch/sample/13b4cf644bcb21bc1fe99e77bc919b8114ce44e6f0cca5872b689185c57606bc/ ! my analysis (all credit to whoever originally reported this) @@ -3280,10 +3159,6 @@ ! https://blog.sucuri.net/2023/01/finding-removing-malware-from-weebly-sites.html ||circuitingratitude.com^$all -! https://forums.malwarebytes.com/topic/294262-fake-firefox-update/ (account required) -! credit to https://forums.malwarebytes.com/profile/3800-porthos/ -||84df4578bffsd.info^$all - ! https://forums.malwarebytes.com/topic/294335-repeated-blocked-website-trojan-compromised-logs/ ||dellenshop.top^$document @@ -3316,16 +3191,6 @@ ||cbphe.com^$all ||cbpheback.com^$all -! https://bazaar.abuse.ch/sample/89da2eee6af1c267e164bd9b24866bcac56588fe67efaf3bdb9aa98afa8cf990/ -! https://bazaar.abuse.ch/sample/7df24f04c4df829cd9e643cd9be596d0996b79d1fbb9422c75a17741f10414a4/ (all credit to abusech) -||pusgpaxnddw.top^$all -||qlmhxmwlyhr.top^$all -||qmudnleqjjx.top^$all - -! https://github.com/AdguardTeam/AdguardFilters/issues/141376 -||watch-online.7oc5b1i3v4iu.top^$all -||7oc5b1i3v4iu.top^$all - ! from internal discussion ! https://urlhaus.abuse.ch/url/2524904/ ! (my analysis) https://tria.ge/230201-nxx7hsda77/behavioral2 @@ -3336,10 +3201,10 @@ ||21bustqisw2.top^$document ! from search results -||331454283.jirikrcmar-photography.cz^$all ||jirikrcmar-photography.cz^$document -||dh4jf8fjs.affiliatemarketing.news^$all +||331454283.jirikrcmar-photography.cz^$all ||affiliatemarketing.news^$document +||dh4jf8fjs.affiliatemarketing.news^$all ! https://forums.malwarebytes.com/topic/294619-trojan-hijack-browser/ ! https://app.any.run/tasks/9cdd662f-9642-4406-8797-03f021ce6370 @@ -3355,13 +3220,9 @@ ! (my analysis) https://app.any.run/tasks/1da745f3-0a79-44b4-9490-0ce55609f1e2 ||un-titled.co/remain/DNS/index.php$document -! https://virustotal.com/gui/url/7aa7958a7cb1509cd70a8c935c6c3eb96c46f2fc7b05cb3862f9bd9299308627/community -! (my analysis) https://app.any.run/tasks/e795f6aa-589a-4b6f-8352-403b055bdf5d -||hotmail-107217.weeblysite.com^$all - ! NSFW: https://app.any.run/tasks/84fe2ec3-067b-4095-8a4f-e74636671351 -||message.okaynotification.com^$all ||okaynotification.com^$all +||message.okaynotification.com^$all ||notice.okaynotification.com^$all ||click.okaynotification.com^$all ||update.okaynotification.com^$all @@ -3372,10 +3233,6 @@ ||morecash.click^$all ||gamebee.club^$document -! https://forums.malwarebytes.com/topic/294675-mygov-scamfraudpersonal-detail-theft-alert/ (account required) -! (my analysis) https://app.any.run/tasks/463e490a-12bb-4afd-a496-f5500177b794/ -||quickttax.top^$all - ! https://github.com/AdguardTeam/AdguardFilters/issues/142226 ! https://app.any.run/tasks/91ca9115-952b-479f-8f9d-360e096e558b ||qfdsq.inghesatin.com^$all @@ -3384,26 +3241,10 @@ ||videoadblockerpro.com^$all ||watchadfree.info^$all ||stop-adblocker.info^$all -||ia9j0.top^$all -||yk946.top^$all -||ayybt.top^$all -||yz9iy.top^$all -||9sgqi.top^$all ||pivoms.live^$all -||ys2fr.top^$all -||9elo3.top^$all -||zjvw7.top^$all -||z4r0w.top^$all -||8yqet.top^$all ||wheeshoo.net^$document ||justquiz39.pushalert.co^$all ||easyadblocker.info^$all -||wbofc.top^$all -||x435f.top^$all -||w6got.top^$all -||xk9tx.top^$all -||wiruv.top^$all -||xpdep.top^$all ||shoesauto3.xyz^$document ! https://forums.malwarebytes.com/topic/294740-trojans-will-not-disappear-and-mb-wont-stop-blocking-websites/ @@ -3421,7 +3262,6 @@ ||79.137.248.136^$all ||79.137.206.31^$all ||85.192.40.253^$all -||mediafire.com/file/4n5bc37ank892fh/Expert-PC_2023.rar/file^$all ! https://github.com/uBlockOrigin/uAssets/issues/16704 ! https://app.any.run/tasks/dbfbbaca-9fd5-4466-8a29-9e0519b77589 @@ -3436,19 +3276,8 @@ ||xe5j8.inghesatin.com^$all ||ggjt8.inghesatin.com^$all ||world-games.click^$all -||bynsd.top^$all -||8eatj.top^$all -||7ya1q.top^$all -||bhnx4.top^$all -||899h3.top^$all ! https://app.any.run/tasks/53948f39-666f-4083-aa4e-bd5f215d29e2 ||dykbo.inghesatin.com^$all -||cqw59.top^$all -||ajfgq.top^$all -||8lmm7.top^$all -||ifmom.top^$all -||yhvua.top^$all -||dejig.live^$all ! https://github.com/iam-py-test/my_filters_001/issues/109 ||btc.latest-articles.com^$all @@ -3535,7 +3364,6 @@ ||xx-yz.xyz^$all ! https://github.com/blocklistproject/Lists/issues/933 -||jNKmS0zFuEh.click^$all ||pjljo54uk.click^$all ||v1asy4ncr.click^$all ||p5tvhrlw30h.click^$all @@ -3570,8 +3398,6 @@ ||9bghqk3avg2gnh.click^$all ||6t09fag307ep.click^$all ||bit.ly/3S7o1VK^$all -||mega.nz/file/5w4QWZCR#pYyDSqxzjS4LzhLW9ZYvAWzxhuM3rPGh0wl7r64tDLs^$all -||mega.nz/file/AwQghbKa#GAcaJZR9cIRl3lRWYZhD5gkHtGL8Y63fKOAnCbM-9FU^$all ! https://tria.ge/230216-sgsz3shg3w/behavioral2 ! https://threatfox.abuse.ch/ioc/1077934/ ||83.217.11.27^$all @@ -3623,12 +3449,10 @@ ! https://virustotal.com/gui/file/aaa1beed5908f05cd7e4dc405ec763deecd6177b0bf78f0faa9cd54eed14bc34/detection ||mesoftwares.vip^$all -||drive.google.com/uc?export=download&confirm=no_antivirus&id=11WhDE3Xy7c5AkKS24P0EzS8S8LUNjIAY^$all ! https://app.any.run/tasks/82180609-bf2b-4565-88cd-e3cb2c8e6456/ (someone else's anyrun, credit to them) ||rebrand.ly/30p0zqg^$all ||telegra.ph/Download-Link-11-24-17^$all -||mediafire.com/file/3sdq84zpxzmoio5/Setup_%2528PAS%2524_5577%2529.rar/file^$all ||95.217.14.200^$all ! https://app.any.run/tasks/1aa45c59-b90f-47a2-8fb9-7915a377055a/ @@ -3893,12 +3717,9 @@ ||youtubebplan.com^$all ||www.youtubebplan.com^$all -! https://forums.malwarebytes.com/topic/297425-annoying-outbound-443-malware/ -||87cibrsm009t2lj.buzz^$all - ! https://forums.malwarebytes.com/topic/297570-phishing/ (account required) -||0.drroham.ir^$all ||drroham.ir^$document +||0.drroham.ir^$all ! shared by ryan ||updatefreecompletelytheproduct.vip^$all @@ -3972,7 +3793,6 @@ ! (my analysis) https://tria.ge/230519-1bgzmagd36/behavioral1 ! (not my analysis) https://threatfox.abuse.ch/ioc/1115696/ -||drive.google.com/uc?export=download&confirm=no_antivirus&id=1A9NdUYUf5k-qcrYlGfffVBqql6g4bLfv^$all ||195.123.227.138^$all ! https://github.com/uBlockOrigin/uAssets/issues/18141 @@ -4117,9 +3937,6 @@ ||dokumentasoluciones.com^$all ||208.67.104.60^$all -! https://forums.malwarebytes.com/topic/299263-claims-to-be-google-bard-ai/ (account required) -||sites.google.com/view/newbardai^$all - ! https://forums.malwarebytes.com/topic/299557-malware-sample-suspected-crypto-stealer/ (account required) ! my analysis: https://tria.ge/230629-tq712aeb59/behavioral1 ||infinitycrypto.app^$all @@ -4140,7 +3957,6 @@ ! https://forums.malwarebytes.com/topic/299589-suspicious-file/ (account required) ! my analysis: https://tria.ge/230630-tngfaseg9t/behavioral1 -||biustargamez.itch.io^$all ||213.255.247.174^$all ! https://forums.malwarebytes.com/topic/299435-help-with-redirects-on-my-google-browser/ @@ -6884,10 +6700,6 @@ ostrowlubelski.pl##^responseheader(location) ! https://github.com/mitchellkrogza/phishing/pull/478 ||yanisac.com^$document -! https://infosec.exchange/@urldna/113096629309195362 -! my analysis: https://tria.ge/240907-rrcv6sybkq/behavioral1 -||nameless2020.github.io^$all - ! https://github.com/mitchellkrogza/phishing/pull/479 ||albapietra.com.br^$document @@ -6905,7 +6717,6 @@ ostrowlubelski.pl##^responseheader(location) ! https://infosec.exchange/@urldna/113120340213435536 ||help-metamask-org-$document,domain=~translate.goog -||help-metamask-org-us.webflow.io^$all ! orange.fr phishing ||login-orange-fr.webflow.io^$all @@ -6915,8 +6726,7 @@ ostrowlubelski.pl##^responseheader(location) ||secure---sso-robinhood-com-autth.webflow.io^$all ||secure---sso-robinhood-com-$document,domain=~translate.goog -! AT&T phishing -||att-verification-542-9acc4c.webflow.io^$all +! AT&T phishing (att-verification-542-9acc4c.webflow.io) ||att-verification-*.webflow.io^$document ! CoinBase phishing @@ -6927,8 +6737,7 @@ ostrowlubelski.pl##^responseheader(location) ! many different phishing domains *wallett*.webflow.io^$document -! Outlook phishing -||microsoft-outlook-11402a.webflow.io^$all +! Outlook phishing (microsoft-outlook-11402a.webflow.io) ||microsoft-outlook-*.webflow.io^$document ! many metamask phishing websites @@ -6939,9 +6748,6 @@ ostrowlubelski.pl##^responseheader(location) ||metamoask-login.$document ||matamasxtensiion.$document -! https://github.com/durablenapkin/scamblocklist/issues/86 -||ww3.dane-cr2024.io.webm.ru^$all - ! https://github.com/hagezi/dns-blocklists/issues/3706 ||fyjkxzq.shop^$document ||uszjj.fyjkxzq.shop^$document @@ -7202,7 +7008,6 @@ ostrowlubelski.pl##^responseheader(location) ||xn--airupespaa-19a.com^$document ||xn--airuptrkiye-yhb.com^$document ||airup-fi.com^$document -||airup-it.shop^$document ! https://github.com/hagezi/dns-blocklists/issues/4362 ! my analysis: https://tria.ge/241119-amgj5ayelr/behavioral1 @@ -7318,6 +7123,7 @@ ostrowlubelski.pl##^responseheader(location) ! https://github.com/hagezi/dns-blocklists/issues/4417 ||sale-friday.store^$all +||black-sales.cloud^$all ! ---- Scams ----