Sample details: 588db3e359390beec970b5bfa8619f7e --

Hashes
MD5: 588db3e359390beec970b5bfa8619f7e
SHA1: 06c2f38be179475269f4337eba5d717000c644f5
SHA256: 5befc1b9dd644f9de219dc7d5b80c4ca7abdbe76551e5ce47cd0f541aa3db179
SSDEEP: 192:KLyOaWF8gZdnAieUdqM40G5gIsLBBgWMehveTD6cIYMPsMNqt10xn:KTniv+v+6cvuXAS
Details
File Type: UTF-8
Yara Hits
YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/Big_Numbers3 | YRP/WarpStrings | YRP/Warp |
Parent Files
eae8b84e9121563341a0e4a268df0094
Strings
		! Title: uBlock filters 
 Badware risks
! Description: For sites documented to put users at risk of installing adware/crapware etc.
!              The purpose is to at least ensure a user is warned of the risks ahead.
! Expires: 4 days
! Licence: https://github.com/uBlockOrigin/uAssets/blob/master/LICENSE
! Homepage: https://github.com/uBlockOrigin/uAssets
! GitHub issues: https://github.com/uBlockOrigin/uAssets/issues
! GitHub pull requests: https://github.com/uBlockOrigin/uAssets/pulls
! Each entry has to be well enough sourced, see:
! https://github.com/gorhill/uBlock/wiki/Badware-risks
! Using request of type `document` will cause the whole site to be blocked through
! strict blocking, yet the site will render properly if a user still decide to
! go ahead.
! 2014-10-22: http://assiste.com/01Net.html
! 2013-03-25: http://www.malekal.com/2011/07/09/pctutotuto4pc-association-avec-01net/
! 2012-10-31: http://www.journaldunet.com/solutions/dsi/des-malwares-sur-telecharger-com-01net-1012.shtml
! 2012-10-30: http://www.lesnumeriques.com/appli-logiciel/telecharger-depuis-01net-nuit-gravement-a-sante-pc-n26763.html
! 2012-06-17: http://www.malekal.com/2012/06/17/01net-pc-optimizer-pour-ne-pas-optimiser-son-pc/
! 2012-02-17: http://neosting.net/logiciels/01net-et-softonic-ajoutent-aussi-un-installeur-publicitaire.html
||01net.com/telecharger/$document
! https://github.com/uBlockOrigin/uAssets/issues/42
! 2015-05-04: http://www.randombrick.de/downloads-von-chip-de-ueber-den-chip-installer-vermeiden/
! 2015-04-??: http://anleitung.trojaner-board.de/chip-installer
chip.de##[href^="javascript:DownloadStartInit"]
! 2015-03-11: http://blog.emsisoft.com/2015/03/11/mind-the-pup-top-download-portals-to-avoid/
! 2015-01-21: http://www.howtogeek.com/207692/yes-every-freeware-download-site-is-serving-crapware-heres-the-proof/
! 2015-01-11: http://www.howtogeek.com/198622/heres-what-happens-when-you-install-the-top-10-download.com-apps/
! 2012-06-27: http://insecure.org/news/download-com-fiasco.html
! 2011-12-05: http://seclists.org/nmap-announce/2011/5
! 2011-08-22: http://www.extremetech.com/computing/93504-download-com-wraps-downloads-in-bloatware-lies-about-motivations
! https://github.com/uBlockOrigin/uAssets/issues/926
! ||download.cnet.com^$document
! 2015-08-12: https://isc.sans.edu/diary/.COM.COM+Used+For+Malicious+Typo+Squatting/20019
!     via https://twitter.com/SwiftOnSecurity/status/631972601460494336
! 2013-12-10: https://blog.whitehatsec.com/why-com-com-should-scare-you/
||com.com^$document
! 2015-06-18: http://www.information-age.com/industry/software/123459675/hotbed-malware-another-blow-sourceforge-google-discovers-588-pages-malicious-software
! 2015-06-02: https://blog.l0cal.com/2015/06/02/what-happened-to-sourceforge/
! 2015-05-28: http://libregraphicsworld.org/blog/entry/anatomy-of-sourceforge-gimp-controversy
! 2015-05-17: http://lifehacker.com/antiadware-gets-rid-of-bundled-crapware-on-popular-down-1702818594
! 2015-03-11: http://blog.emsisoft.com/2015/03/11/mind-the-pup-top-download-portals-to-avoid/
! 2015-01-21: http://www.howtogeek.com/207692/yes-every-freeware-download-site-is-serving-crapware-heres-the-proof/
! 2014-11-25: http://blog.tedd.no/2014/11/25/sourceforge-malware/
! ||sourceforge.net^$document
! https://github.com/uBlockOrigin/uAssets/issues/476
! 2015-05-17: http://lifehacker.com/antiadware-gets-rid-of-bundled-crapware-on-popular-down-1702818594
! 2015-03-11: http://blog.emsisoft.com/2015/03/11/mind-the-pup-top-download-portals-to-avoid/
! 2013-05-23: http://www.intego.com/mac-security-blog/another-problematic-softonic-installer-brings-adware/
! 2013-04-19: http://www.esecurityplanet.com/malware/softonic-delivers-adware.html
! 2013-04-17: http://www.intego.com/mac-security-blog/softonic-download-site-briefly-delivers-trojan-adware-installer/
! 2012-02-17: http://neosting.net/logiciels/01net-et-softonic-ajoutent-aussi-un-installeur-publicitaire.html
! ||softonic.com^$document
! https://github.com/uBlockOrigin/uAssets/issues/79
||flexytalk.net^
||quickdomainfwd.com^
! https://blog.malwarebytes.com/cybercrime/2017/05/roughted-the-anti-ad-blocker-malvertiser/
||roughted.com^
||roughted.com^$inline-script
! https://github.com/uBlockOrigin/uAssets/issues/1547
||vlc.de^$document
! https://github.com/uBlockOrigin/uAssets/issues/1738
||audacity.de^$document
! https://github.com/uBlockOrigin/uAssets/issues/1853
||havenworks.com^$document
! https://github.com/uBlockOrigin/uAssets/issues/1943
||securetoolext.com^$document
! https://github.com/NanoAdblocker/NanoFilters/issues/99
upload.ac##+js(remove-attr.js, checked, #chkIsAdd)
! https://github.com/HandyUserscripts/AntiAdware/issues/52
upload4earn.org##+js(remove-attr.js, checked)
! https://github.com/gorhill/uBlock/wiki/Badware-risks#ublockorg
||ublock.org^$document
! https://github.com/uBlockOrigin/uAssets/issues/3060
! https://www.bleepingcomputer.com/news/security/fake-websites-for-keepass-7zip-audacity-others-found-pushing-adware/
! https://www.virustotal.com/#/file/a5616985e92ca7c1df3b132d2da2ef33c64f38ba2dca40445017037473d7d014/detection
! https://twitter.com/certbund/status/1127864403276091393
||7zip.es^$document
||7zip.fr^$document
||7zip.it^$document
||adblock.fr^$document
||appdownloads.co^$document
||aresgalaxy.es^$document
||audacity.es^$document
||audacity.fr^$document
||audacity.it^$document
||audacity.pl^$document
||azureus.es^$document
||bittorrent.es^$document
||bleachbit.com^$document
||blender3d.es^$document
||blender3d.fr^$document
||bluestacksdownloads.com^$document
||calibre.it^$document
||celestia.es^$document
||celestia.fr^$document
||clonezilla.es^$document
||clonezilla.fr^$document
||clonezilla.it^$document
||cyberduck.de^$document
||cyberduck.es^$document
||cyberduck.fr^$document
||cyberduck.it^$document
||filezilla.es^$document
||filezilla.fr^$document
||filezilla.it^$document
||filezilla.net^$document
||filezilla.pl^$document
||filezilla.pt^$document
||freefilesync.com^$document
||freerapid.fr^$document
||garagebandforpc.org^$document
||gimp.es^$document
||gparted.fr^$document
||gparted.it^$document
||greenshot.fr^$document
||greenshot.org^$document
||handbrake.es^$document
||handbrake.it^$document
||inkscape.es^$document
||inkscape.fr^$document
||inkscape.it^$document
||izarc.fr^$document
||jdownloader.fr^$document
||keepass.com^$document
||keepass.es^$document
||keepass.fr^$document
||keepass.it^$document
||notepad2.com^$document
||open-office.fr^$document
||paintnet.es^$document
||paintnet.fr^$document
||paintnet.it^$document
||pdfcreator.pt^$document
||pdfsam.com^$document
||peazip.com^$document
||qbittorrent.com^$document
||scribus.fr^$document
||scribus.it^$document
||senuti.org^$document
||sharex.es^$document
||smplayer.org^$document
||songbird.es^$document
||stellarium.es^$document
||stellarium.fr^$document
||telecharger-openoffice.fr^$document
||thunderbird.es^$document
||truecrypt.es^$document
||truecrypt.fr^$document
||truecrypt.it^$document
||truecrypt.pl^$document
||unetbootin.net^$document
||unetbootin.org^$document
||utorrent.it^$document
||virtualbox.es^$document
||virtualbox.pl^$document
! https://github.com/uBlockOrigin/uAssets/issues/3730
! https://blog.sucuri.net/2018/10/malicious-redirects-from-newsharecounts-com-tweet-counter.html
||newsharecounts.s3-us-west-2.amazonaws.com/nsc.js$script
! https://github.com/uBlockOrigin/uAssets/issues/4014
! https://www.virustotal.com/#/url/ac1fe407af0592489e7ef1ff2a62e381f05be08311e010fc4a5736b94b08d070/detection
! https://www.scumware.org/report/104.27.174.25.html
||driverfix.com^$document
! https://github.com/uBlockOrigin/uAssets/issues/4137
||governiamo.com^$document
! https://github.com/uBlockOrigin/uAssets/issues/4201
||whatsaappp.com^$document
||check-now.net^$document
||googlo.co^$document
||yahoo-news.co^$document
! https://github.com/uBlockOrigin/uAssets/issues/4201#issuecomment-458340273
||5qg9ibt1a6.com^$document
||atreus.hexenschmiede.info^$document
||axxmtjambo.xyz^$document
||browsergames2018.com^$document
||chairgaubsy.com^$document
||epailseptox.com^$document
||hentaiplaytime.com^$document
||jobhelpr.com^$document
||lameterthenhep.info^$document
||lavfd.net^$document
||microsoft.com-repair-windows.live^$document
||notification-time.com^$document
||o4uxrk33.com^$document
||viewmypdf.com^$document
! https://github.com/uBlockOrigin/uAssets/issues/4236
||dnbard.com^$document
! https://github.com/uBlockOrigin/uAssets/issues/4656
||bitcoinqrcodegenerator.win^$document
! streaming-foot.club badware
||streaming-foot.club^$document
! com-guest.info badware
||com-guest.info^$document
! dnsleaktest.net badware
||dnsleaktest.net^$document
! foxload.com badware
||foxload.com^$document
! aksia.co badware
! Ref: https://www.bleepingcomputer.com/news/security/phisher-announces-more-attacks-against-hedge-funds-and-financial-firms/
||aksia.co^$document
! ReImagePlus links
! https://github.com/uBlockOrigin/uAssets/issues/5136
! Ref: https://forums.malwarebytes.com/topic/194200-removal-instructions-for-reimage-repair/
! https://windowsreport.com/extend-windows-laptop-battery-life/
windowsreport.com##.code-block
! https://appuals.com/fix-error-0x800701e3-on-windows-7-8-1-10/
appuals.com##.appua-reimage-top
appuals.com##.info.box
! https://ugetfix.com/ask/how-to-fix-windows-store-error-0x8000ffff/
pcseguro.es,sauguspc.lt,sichernpc.de,ugetfix.com,wyleczpc.pl##.download_button_info_texts
pcseguro.es,sauguspc.lt,sichernpc.de,ugetfix.com,wyleczpc.pl##.js-download_button_additional_links
pcseguro.es,sauguspc.lt,sichernpc.de,ugetfix.com,wyleczpc.pl##.primary_download
pcseguro.es,sauguspc.lt,sichernpc.de,ugetfix.com,wyleczpc.pl##.sidebar_download_inner
pcseguro.es,sauguspc.lt,sichernpc.de,ugetfix.com,wyleczpc.pl##div.attention-button-box-green
! https://www.thewindowsclub.com/fix-windows-update-error-0xc1900130-on-windows-10
thewindowsclub.com##.entry-content > div > strong:has-text(find & fix Windows error)
! https://www.majorgeeks.com/files/details/patch_my_pc.html
majorgeeks.com##b:has(a[target^="reimage"])
||majorgeeks.com/images/icons/red_icon_18x17px.png$image
! https://github.com/uBlockOrigin/uAssets/issues/5187
||check-prizes-now2.life^$document
! Lapsed domain that once hosted adblock lists, several of whom are now used for bad purposes
! https://github.com/uBlockOrigin/uAssets/issues/5307
||adblock.gjtech.net^$document
||spam404bl.com^$document
||securemecca.com^$document
||hufilter.hu^$document
||fredfiber.no^$document
! Badware
||kuhoot.it^$document
||getawesome6.com^$document
||forwrdnow.com^$document
||findthebestoffer.com^$document
ex.com^$document
||get.mysecurify.com^$document
||topreadtoday.com^$document
! https://github.com/uBlockOrigin/uAssets/issues/5305#issuecomment-484340767
! https://github.com/uBlockOrigin/uAssets/issues/5305#issuecomment-484341498
||horizonme.net^
||icecreamsmax.com^
! Fake cloudflare screen
! https://github.com/uBlockOrigin/uAssets/issues/5305#issuecomment-484754393
! https://github.com/uBlockOrigin/uAssets/issues/5489#issuecomment-488207423
||36512300.com^
||bks-11.com^
||doggroomingbycaitlin.com^
||gmboxx.com^
||kalidub.website^
||mr.media-bucket.com^
! https://github.com/uBlockOrigin/uAssets/issues/5386
||okom.wroc.pl^
! https://github.com/NanoMeow/QuickReports/issues/965#issuecomment-485274387
||pl.allsports4free.club^
||pl.allsports4u.club^
! https://github.com/uBlockOrigin/uAssets/issues/5409
||discount.s3blog.org^
||s3blog.org^$3p
||crvtck.com^
||dataprovider.biz^
! https://github.com/uBlockOrigin/uAssets/issues/5442
||tplinkextender.net^
! https://github.com/uBlockOrigin/uAssets/issues/4862#issuecomment-486941006
||upload4earn.org^$document
! https://www.reddit.com/r/uBlockOrigin/comments/bmnjfg/found_a_pretty_nasty_malware_site_had_to_kill/
||internet-security-73bd67kl.tk^$document
! Look-alike domain for keepassxc.org, redirects to spam/malware domains
||keepassxc.com^$document
! switching to malware
||ahzahg6ohb.com^$document
||ay8ou8ohth.com^$document
! https://github.com/uBlockOrigin/uAssets/issues/5638
1tvv.ru,2012-drakon.ru,2012-god.ru,2015-god-kozy.ru,alterprogs.ru,bike-pro.ru,bilsh.com,careers.ua,daily-news.com.ua,darksound.ru,dengiua.com,diplom4rabota.ru,dynamo-kiev.com,electronika.spb.ru,faxnews.ru,fond-sovest.ru,fotochki.com,gamesnice.ru,glashataj.info,god-zmei.ru,godkota.ru,godkozy.ru,gogofiles.net,gorod-zlatoust.ru,great-income.ru,gsm-csb.ru,guitar-love.ru,healthystyle.info,huaweiclub.ru,i-no.ru,igeek.ru,intell.in.ua,jampo.com.ua,jusonline.ru,kaspianchoob.com,livegif.ru,lock-omsk.ru,marafonec.com,maxigame.su,mcomp.org,mediahouse.com.ua,miptic.ru,mir-kliparta.ru,mobile-novinki.ru,myimperia.ru,nakapote.com,nb-yanao.ru,neodrive.ru,nepoleno.ru,newsdnya.ru,newsinmir.com,nokia-lifestyle.ru,novoden.ru,obzh.ru,onegadget.ru,orbita-lviv.com,pingola.ru,pokemongo-go.ru,pravpost.org.ua,rao-ees.ru,ratnet.od.ua,remontidekor.ru,softgaz.ru,sosedi2015.ru,spletnius.ru,stuffed.ru,submarine.od.ua,sup-idea.com,supreme2.ru,tic.com.ua,tipslife.ru,topicnews.net,turmouse.ru,uralmtk.ru,usetrans.com,v2013.ru,vhoru.com.ua,vkulake.com,vnebi.com,vremechko.org,vremyamn.ru,webrecepty.info,amurutro.ru,ap7.ru,gadgetblog.ru,globalomsk.ru,obzh.ru,yuriblog.ru,zakryma.ru,zamanula.ru,zheltaya.ru##+js(abort-on-property-read.js, document.getElementById)
! https://github.com/uBlockOrigin/uAssets/issues/5805
||newsfile.club^$document
||blackawardago.com^$document
||clickpush.biz^$document
! https://github.com/uBlockOrigin/uAssets/issues/5854
||ublockerext.com^
! Badware
||undings.biz^$document
! https://github.com/uBlockOrigin/uAssets/issues/5923
gamemod.pro,taigameandroid.asia##[href*="//appandroider.com"]
||appandroider.com^
! https://github.com/uBlockOrigin/uAssets/issues/6097
||gamekeys.gq^$all
! https://forums.lanik.us/viewtopic.php?f=62&p=149407#p149406
||buzzadnetwork.com^$all
! https://arstechnica.com/information-technology/2019/08/google-play-app-with-100-million-downloads-executed-secret-payloads/
||abcdserver.com^$all