-
Notifications
You must be signed in to change notification settings - Fork 9
/
antipup.txt
118 lines (101 loc) · 5.42 KB
/
antipup.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
[Adblock Plus 2.0]
! Title: iam-py-test's anti-PUP list
! Description: This list blocks sites promoting PUPs, unreliable antivirus review sites, very poorly made malware removal guides, scummy adblockers, "snake oil" programs, and legitimate software installers which bundle other unrelated software
! Last updated: 2023-11-10
! Expires: 5 days
! Homepage: https://github.com/iam-py-test/my_filters_001
! TotalAV
||totalav.com^$all
! https://safeweb.norton.com/report/show?url=https://www.safetydetectives.com/blog/speeding-up-your-pc/
! https://www.mywot.com/scorecard/safetydetectives.com
! Has link which redirects to hxxps://www.totalav[.]com/ultra-deal?exit which is a known fake AV
||safetydetectives.com^$document
||www.safetydetectives.com^$document
! https://duckduckgo.com/?q=best+antivirus&ia=web without adblocker
! Promotes PCProtect and TotalAV, along with other Protected net PUPs
||trustedantiviruscompare.com^$document
! Also promotes Protected net scams. Popups with coupons for TotalAV.
! Reports TotalAV/PCProtect/Scanguard as best at everything
||10bestantivirus.com^$document
! TotalAV has a YouTube channel
||youtube.com/watch?v=9ocPeo-y6t4^$document
||youtube.com/c/TotalAV^$document
! browser extensions
||addons.mozilla.org/en-US/firefox/user/13039502/^$document
||addons.mozilla.org/en-US/firefox/addon/total-adblock/^$document
||addons.mozilla.org/en-US/firefox/addon/total-webshield/^$document
||addons.mozilla.org/en-US/firefox/addon/totalav-pva/^$document
||addons.mozilla.org/en-US/firefox/addon/totalav-safe-site/^$document
! TotalAV affiliate links
||bit.ly/total-av^$document
||visit-techdeals.com/3eQeCSQ^$document
||cnews.link/get-totalav$document
||cnews.link/totalav-$document
||cnews.link/try-totalav-$document
||cnews.link/get-totaladblock_$document
! https://windowsreport[.]com/open-source-antivirus/
windowsreport.com##.antivirus-item:has(img[alt="TotalAV Antivirus Logo"])
! hxxps://winaero.com/execti-run-programs-trustedinstaller/
||winaero.com/blog/wp-content/uploads/2020/04/OU-PCR-300.png^$all
winaero.com##.widget:has([href="/fix-classic-issues-performance/"])
! SpyHunter
! https://scammer.info/t/2-spyware-com-is-a-fake-technical-website/69836
! promotes known PUPs i.e. Reimage, Spyhunter as 'solutions'. Better yet, they say 'you cannot remove every virus with only one security tool [...] After trying Reimage, you should also run a free SpyHunter scanner'. Twice the PUPs, twice the fun?
||2-spyware.com^$document
||www.2-spyware.com^$document
! Spyhunter is promoted often as a magic solution
||malwareguide112.com^$document
! promotes Spyhunter, the guides aren't helpful (https://www.virustotal.com/gui/url/915dc692a7ce0e94224009ea20f25b63cacdab10d46d4ea5064f83ac6b0be950)
||pcsafetygeek.com^$document
! promotes Spyhunter
||cybosectech.com^$document
! Spyhunter promotion, acts like MacOS can be infected with Windows malware
||cfoc.org^$document
! https://github.com/iam-py-test/my_filters_001/issues/119
! https://forums.malwarebytes.com/topic/303863-cryptpkocryptpko1-and-cryptsigcryptsig1-in-registry-and-cant-delete/
||sensorstechforum.com^$document
! Zeta Adblock
! https://github.com/iam-py-test/investigations/blob/main/2021/11/13/1.md
||chrome.google.com/webstore/detail/zeta-adblock/okfdbakkmcdmbmfnjeiifakgjgdfhddf^$document
||docs.google.com/document/d/1FS7-6-nEO4nVv8fqhbbS_4kSIBRg0Uy54Gx7ErDS6cg/edit^$all
! https://twitter.com/iam_py_test/status/1464292233004433410
||byebyeads.org^$document
||chrome.google.com/webstore/detail/bye-bye-ads/hmhhfebnmmdjdpmcognacjklpbcepjak^$document
||vought.removeads.workers.dev^$third-party
! just exists to promote outbyte
||filewhopper.com^$document
||wiki-drivers.com^$document
! appears to be uBlock Origin, but with tracking added
||adremover.org^$document
! makes a ton of useless software, inc "Registry cleaners", "memory cleaners" (https://www.howtogeek.com/171424/why-memory-optimizers-and-ram-boosters-are-worse-than-useless/), etc
! while some of their software seems like it might be helpful to some people, I am chosing to block the entire website anyway
||wisecleaner.com^$document
||wisecleaner.net^$document
||wisecleaner.eu^$document
||wisecleaner.com.cn^$document
! https://app.any.run/tasks/250acb64-71cf-49db-a78d-9723a4c5bfe7/
||cleanpcinfections.com^$document
! https://app.any.run/tasks/6039d54a-b706-445f-b39f-6973e1d39b86/
||easysolvemalware.com^$document
! bundled installer - https://forums.malwarebytes.com/topic/299299-malwarebytes-and-videowizard-all-in-one-dvd-video-converter/
! my analysis: https://tria.ge/230622-ab1tmabh94/behavioral1
||videowizard-all-in-one-dvd-video-converter.en.softonic.com^$document
! https://tria.ge/230705-3ac1dshf7z/behavioral1
! https://app.any.run/tasks/c3057271-4453-4437-b619-3ee08588db54 (broke)
||getconvertpdf.com^$document
! https://forums.malwarebytes.com/topic/301486-vetting-cleanmymac/
||cleanmymac.com^$document
||macpaw.com^$document
! https://tria.ge/230825-31j7dshd61/behavioral1
||utorrent.com^$document
! https://tria.ge/230830-l7yjxseb6z/behavioral1
||chromnius-secure.com^$document
||rdtk.chromnius-secure.com^$document
||premiumworldapp.com^$document
||free.premiumworldapp.com^$document
! https://tria.ge/231002-nhasnsbb63/behavioral1
||fontdeterminerpro.com^$document
! https://tria.ge/231009-m46lssed76/behavioral1 (cloudflared)
||chromstera.com^$document
||secure.chromstera.com^$document
||www.chromstera.com^$document