Malakke

Level 4
Hello friends. I'm playing with some malware from Malware Vault in a Virtualbox image of Windows 7. When i try to download some pack from zippyshare links, usually open a new tab with a scareware alerts... Is there any way to block this tabs? I wonder if i could do this with Ublock Origin. Thanks

Regards
 

DardiM

Level 26
Trusted
Malware Hunter
Verified
Y

yigido

Using Adguard here and no redirect to other pages :cool:
I think a clicker adv. is hidden under download button.
Can you please add the following rules to your uBO user filter?
Code:
/worker.php$domain=songspk.live|zippyshare.com
|http://$script,third-party,xmlhttprequest,domain=zippyshare.com
 

DardiM

Level 26
Trusted
Malware Hunter
Verified
Very oftent, the bad part isn't put when you click on the button to download, but when the page is loaded.

Look for one request on the website (just loading the webpage) :

http: //www23.zippyshare.com/v/....../file.html

18:38:37 -- dom 28-10-2016 #10.zip
18:38:36 scrip
https: //www. gstatic.com/recaptcha/api2/r20161024122636/recaptcha__fr.js
18:38:36 image http: //www23.zippyshare.com/images/favicon2.ico
18:38:36 script https: //www. google.com/recaptcha/api.js?render=explicit
18:38:36 image http: //www23.zippyshare.com/images/favicon2.ico
18:38:36 /a/display.php? -- script http: //www .maxonclick.com/a/display.php?r=1142807
18:38:36 /a/display.php? -- script http: //www .maxonclick.com/a/display.php?r=1142801
18:38:36 /a/display.php? -- script http: //www .maxonclick.com/a/display.php?r=1142795

18:38:36 addthis.com/addthis_widget.js << script http: //s7.addthis.com/js/300/addthis_widget.js#pubid=ra-4d7009770839a69f
18:38:36 ||addthis.com^$important,third-party -- script http: //s7.addthis.com/js/300/addthis_widget.js#pubid=ra-4d7009770839a69f
18:38:36 google-analytics.com/ga.js << script http: //www .google-analytics.com/ga.js
18:38:36 ||google-analytics.com^ -- script http: //www.google-analytics.com/ga.js
18:38:36 @@||zippyshare.com^$elemhide ++ elemhide http: //www23.zippyshare.com/v/....../file.html
18:38:36 inline-script 28-10-2016 #10.zip
18:38:36 doc 28-10-2016 #10.zip
http: //www23.zippyshare.com/v/H3​

uBlock Origin activated.

If not activated, a lot of more is loaded
 
Last edited:

Malakke

Level 4
Using Adguard here and no redirect to other pages :cool:
I think a clicker adv. is hidden under download button.
Can you please add the following rules to your uBO user filter?
Code:
/worker.php$domain=songspk.live|zippyshare.com
|http://$script,third-party,xmlhttprequest,domain=zippyshare.com
Thanks. It seems it works. I'll try next samples.

What browser do you use? If chrome try this in blacklist mode and blacklist zippyshare so it can't spawn new tab.
JavaScript Popup Blocker

If you use firefox use this to change the settings so nothing can do popup
Simple Popup Blocker

Also make sure you are not clicking a false download button. About ads ublock origin should have you covered.
Thanks for your advice.

Very oftent, the bad part isn't put when you click on the button to download, but when the page is loaded.

Look for one request on the website (just loading the webpage) :

<Removed>

uBlock Origin can block it.
Yes. I have blocked maxonclick and addthis, but sometimes appear new sites that i have not blocked...
 
Last edited by a moderator: