Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

False Positive [www.yasir252.com] #241

Closed
MagicalAlchemist opened this issue Jan 24, 2023 · 6 comments
Closed

False Positive [www.yasir252.com] #241

MagicalAlchemist opened this issue Jan 24, 2023 · 6 comments

Comments

@MagicalAlchemist
Copy link

Link : www.yasir252.com

I think it makes more sense to go into a piracy blocklist than into a malware / ads and tracker blocklist.
@hagezi
Copy link
Owner

hagezi commented Jan 24, 2023
edited
Loading

Yes. ;)

grafik

@hagezi
Copy link
Owner

hagezi commented Jan 24, 2023

Fixed.

@hagezi hagezi closed this as completed Jan 24, 2023
@MagicalAlchemist
Copy link
Author

nice, thank you.

@MagicalAlchemist
Copy link
Author

@hagezi can you unblock this one more time?

@iam-py-test
Copy link

iam-py-test commented Jul 14, 2023
edited
Loading

This appears to come from my blocklist (though also a few others), so I'll look into unblocking

iam-py-test added a commit to iam-py-test/my_filters_001 that referenced this issue Jul 14, 2023
@iam-py-test
Disable entry
f0dcafa 
As per hagezi/dns-blocklists#241
Also copy from badmojr/1Hosts#1500
@iam-py-test
Copy link

iam-py-test commented Jul 14, 2023
edited
Loading

Short answer: I'm hesitant to unblock it, but so far I don't see any evidence the site it's self is malicious. However, it does host quite a few malicious ads.
Long answer:
The site's a complete adwall and I spent half my time clicking fake download buttons before I found the real one[1].
The file I downloaded claimed to be Glasswire (which was what I tried to download). However, while I did get a Glasswire setup window, I did not ever end up with it installed. Instead, I ended up with what acted like malware [1]. Oddly, that executable does appear to be the legitimate Glasswire [2]. In fact, it is identical to version 2.3.449 from the legitimate Glasswire website. The "crack" DLL included gets 0 detection on VT[3], and without any evidence to the contrary (and I lack the skills to reverse engineer it), I must assume it too is safe. Both with and without that DLL, it seems to install a legitimate (but broken) version of Glasswire[4]. It seems that the Glasswire installer tries to fingerprint the machine it's running on, which is sketchy, however, given that this occurs with just the plain exe installed - which is signed and identical to the one from the website for that version - I guess this is just Glasswire.
This website is blocked by the notracking list (though I am unsure why, and given it is currently unmaintained[5], I wouldn't decide based on that factor alone) and detected by 8 engines on VT [6].
In my opinion, it's not a site I would personally trust (even with a content blocker installed). However, I have commented out the entries blocking it in iam-py-test/my_filters_001@f0dcafa. If someone can provide more evidence either way, then I will either remove it completely or reblock it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@MagicalAlchemist @iam-py-test @hagezi