Author

Topic: ScamWhammer - Block scam websites and promotions with your adblocker (Read 809 times)

legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
Awesome man... I am a long time user of https://badbitcoin.org/ and I promote it at every opportunity I get, so I will most definitely add this to my favorites tools to use.

I think it is genius to use it as a adblocker type plugin ...because you do not have to redirect to another site to be warned if something is a scam or not. (Brilliant concept)

You know, I like the fact that the community are pitching in effort and time like this to create tools to Police ourselves... that is after all what Crypto currencies are all about.                        Thank you for your contribution!

You're welcome. I saw the news of badbitcoin halting operations because they ran out of funding. I have been told they use special, very expensive tools to verify whether a website is really a scam or a false positive, so that explains why there are only a handful of sites added each week although there are many more scams that go online in that time.

I accidentally deleted a list of their domains I put together from my S3 bucket so I will have to find a way to recreate them.
legendary
Activity: 3542
Merit: 1965
Leading Crypto Sports Betting & Casino Platform
Awesome man... I am a long time user of https://badbitcoin.org/ and I promote it at every opportunity I get, so I will most definitely add this to my favorites tools to use.

I think it is genius to use it as a adblocker type plugin ...because you do not have to redirect to another site to be warned if something is a scam or not. (Brilliant concept)

You know, I like the fact that the community are pitching in effort and time like this to create tools to Police ourselves... that is after all what Crypto currencies are all about.                        Thank you for your contribution!
full member
Activity: 455
Merit: 106
Wow, it is a good thing to someone like me who get scammed by this HYIP scam websites (only 1 time (i learned now)), New to the cryptocurrencies and earning coins is gonna be easy (that's what they thinking) and they ended being scammed by this websites. I think it is good for them (also me) to use this.
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
Bump.

This is not a dead project, it's just that bip39validator has been taking most of my time.

I think it would be wiser to make a fork of chromium or some other browser and hard-code the sites and the warning banner in there so I'm not hampered by addon limitations.

(Also I'm thinking of delisting things like exchange sites, I'm shifting the focus to catching ponzis and doubler scams as quickly as possible)
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
I was looking at your list, and I'm confused about some of the characters.

crypto.net##DIV
01crypto.net^$document

What do those bolded letters mean?

Also, could you make this list in a CSV format for import into a database?  Smiley

Those characters are special adblock syntax, they identify different parts of the HTML. Particularly ^$document selects the entire tag, and ##DIV selects the outermost
tag, which I need because some adblockers don't like blocking the whole tag. It's the reason why Scamwhammer blanks out some pages on some adblockers instead of displaying a blocked banner.

I don't like the way I'm writing them now because it's very tedious and it would be better if I just have a list of plain old links I can feed to an addon I'll make.

I guess I can make a CSV list out of it but as you probably noticed, Scamwhammer's in a little haitus (and my online activity has kind of reduced), in part because my place has started to get power outages every day Undecided I'll try my best.



Alright, CSV dump of the domains is ready. It's more understandable than the text file I have now. It has name and date added columns and is accessible at https://github.com/ZenulAbidin/scamwhammer/blob/master/domains.csv.
Vod
legendary
Activity: 3668
Merit: 3010
Licking my boob since 1970
I was looking at your list, and I'm confused about some of the characters.

crypto.net##DIV
01crypto.net^$document

What do those bolded letters mean?

Also, could you make this list in a CSV format for import into a database?  Smiley
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
Bump and periodic reminder that this project is not dead, other things have been occupying my time currently.
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
Having thought about it, this isn't going to be successful in the long term without it's own browser extension. For now, let's concentrate on the provably scam websites (bitcoin doublers etc). Instead of loading the page in question it should draw a big warning that this site is a scam with a link to this thread, optionally with a button that lets the proceed anyway. However I don't have an ETA for this as this requires me to learn how to develop extensions.

I'm open to feedback about this idea. Maybe as a way to protect the extension from being spoofed I could make a signed message with the extension's filehashes, since I already have a PGP key ready. A consequence of this is that it won't be listed on extension galleries like Chrome Web Store, a favorite gathering place for phishers to put extensions impersonating real ones, and that it would have to be downloaded manually here. Fake announcements with malware would then be easy to squash as Lafu is doing a terrific job doing.

You shouldn't blocked a scam website instantly without the opinion of other users because you need a certain basis why websites should be banned and blocked from advertising. People aren't dumb about knowing if the website is a fraud and should stop operating in an exchange, you also need some point of view of other users to know if a website is a fraud.

I am excluding all the exchanges from this for now, until I can gather a large enough userbase that blocks them from the obvious scams.
sr. member
Activity: 1120
Merit: 272
First 100% Liquid Stablecoin Backed by Gold
Thanks. Ultimately I want ScamWhammer for become a community effort in the long term so I don't have to babysit it continuously.

Perhaps instead of blocking the high-risk sites right now, I can wait until I get about 10 people who are willing to make a consensus to decide if those sites should be included, which would obsolete rule 3 above. Because I doubt exchange diehards are going to use the list if they know if their favorite exchange is on it. I want as many people to use the list as possible.

You shouldn't blocked a scam website instantly without the opinion of other users because you need a certain basis why websites should be banned and blocked from advertising. People aren't dumb about knowing if the website is a fraud and should stop operating in an exchange, you also need some point of view of other users to know if a website is a fraud.

Any plans to develop a stand alone browser extension?  It would be cool to have the option to add some sort of warning (a reference link would be nice also) stickied at the top of any site on the list instead of just blocking them.

Warning is also good to prevent sudden judgement without even knowing advantages about a certain websites that popped up in an exchange. Totally blocking it will not help you to become comfortable unless you're easily irritated by those.

legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
Do you have to manually input the scam websites or it automatically identify them like search engine web crawlers, I do not see it in your pitch but I think that this has a big potential. Does it work like adblocker? Cause if that is how it function then it can be a good thing because you will stand out from the rest.

Currently I have to insert the sites manually, as I don't know of a way to automate detecting a website by crawling it.

Does it work on mobiile and does this project works for all browsers? I believe that more people are using their mobile phones so I asked of this question, with regards to the browser, I think the more the merrier.

Yes, it works on any browser, including mobile ones, as long as it has an adblocker and they add this filter list.



On an unrelated note I need to fix all my entries to have http:// and https:// at the beginning of the name. Right now, if you try to go to any trustpilot page belonging to a scam website, like

Code:
https://www.trustpilot.com/review/bitcoingenerator.me

Then it will also be blocked, and that's not the behavior I want. It currently blocks the page if the name appears anywhere in the URL not just in the domain name.
sr. member
Activity: 1624
Merit: 315
Leading Crypto Sports Betting & Casino Platform
Do you have to manually input the scam websites or it automatically identify them like search engine web crawlers, I do not see it in your pitch but I think that this has a big potential. Does it work like adblocker? Cause if that is how it function then it can be a good thing because you will stand out from the rest. Does it work on mobiile and does this project works for all browsers? I believe that more people are using their mobile phones so I asked of this question, with regards to the browser, I think the more the merrier.
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
How will scam be determined? Is it completely central? Or is there an algorithm to block the abusers and who are the trusted people to do it?

Currently I'm scraping HYIPLogs (an aggregation of HYIP domains) and the Badbitcoin badlist (frequently updated list of scam domains) using Javascript and then paste the domains in the filter list. This is what I use to scrape HYIPLogs, I run it in my browser's DevTools:

Code:
l = []
for(i of document.getElementsByClassName('name-box')) {
    l.push(i.firstElementChild.attributes['href'].nodeValue.split('/')[2])
}
console.log(l.length)
console.log(l.join("\n"))

And this retrieves the historic badlist from 2014 to 2018, since the rest can only be accessed by using search:

Code:
l = []
for (i of document.getElementsByClassName('bltabcontent')) {
    for (j of i.children) {
        if (j.className === "bl_item nobreak" || j.className === "nobreak") {
            l.push(j.children[0].innerText)
        }
    }
}
console.log(l.length)
console.log(l.join("\n"))

I sent Badbitcoin an email today asking for a way for them to provide me with the rest of the domains, I'll see if they respond.

Will you list some members-list of this forum? For example, [1] & [2]

Yes, I'll list those soon. Thank you for the links.

Will puny-code domains be included?

Yes, in fact, I already have a few hunded punycode domains impersonating MyEtherWallet, which I took from MetaMask's list. Currently there isn't a site that lists all of them yet but the general idea would be to use a domain registrar's API to see if puny-code domains have been registered. These github projects are a good start https://github.com/topics/typosquatting

This page can convert the unicode domain name to punycode https://www.punycoder.com/

I want to take the controls from https://www.irongeek.com/homoglyph-attack-generator.php and write a script to guess similar sounding domain names.

Are there plans to cooperate with Brave’s browser to include such lists in its shields?

That sounds like a good idea. Can you explain what a shield is? I haven't used Brave browser before.

Some links on your site only work after manually refreshing the page.

If you mean links on my website, can you PM me the links? I had to make some tweaks to the site to get it working on Github Pages so maybe I botched something in the process.

From ---> https://zenulabidin.github.io/#/about-me, I noticed that you are from the Arab countries. I hope you will join the Arabic board --> https://bitcointalk.org/index.php?board=241.0.

You can find me there too  Smiley



Edit: So I got a response from the Badbitcoin team. Without going into details they declined to give me the list. So it looks like I will be forced to use the search tool to look for the rest of the domains.
legendary
Activity: 2702
Merit: 4002
How will scam be determined? Is it completely central? Or is there an algorithm to block the abusers and who are the trusted people to do it?
Will you list some members-list of this forum? For example, [1] & [2]
Will puny-code domains be included?
Are there plans to cooperate with Brave’s browser to include such lists in its shields?
Some links on your site only work after manually refreshing the page.



From ---> https://zenulabidin.github.io/#/about-me, I noticed that you are from the Arab countries. I hope you will join the Arabic board --> https://bitcointalk.org/index.php?board=241.0.



[1] tvplus006 - 160+ List of Scam Projects
[2] ICOEthics - scam list 2018-2019
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
Cool idea.

My first thought: I think you should find some sort of third party to arbitrate in cases where the owner of the site applies to be removed, or a site is submitted and it's a 'close call'.  You need some evidence that your decisions are without bias.  Giving yourself absolute power in which sites are on the list or not is a going to hurt the chances of this taking off.  I would expect most sites that are aware they on the list to claim something like: "we're only on the list bc our competitors paid NotATether."

Thanks. Ultimately I want ScamWhammer for become a community effort in the long term so I don't have to babysit it continuously.

Perhaps instead of blocking the high-risk sites right now, I can wait until I get about 10 people who are willing to make a consensus to decide if those sites should be included, which would obsolete rule 3 above. Because I doubt exchange diehards are going to use the list if they know if their favorite exchange is on it. I want as many people to use the list as possible.

Any plans to develop a stand alone browser extension?  It would be cool to have the option to add some sort of warning (a reference link would be nice also) stickied at the top of any site on the list instead of just blocking them.

I'm a little skeptical of making a separate browser extension for this, because it's possible that it gets hacked while I'm not looking and a malicious version is served for download instead, especially since this project is in its infancy with hardly any users. The filter list would need at least 100K users before people would see an extension I make as reputable.

The way some of the adblockers are showing a banner saying the site has been blocked while giving you an option to proceed anyway is the kind of thing I want to show. But since Adblock and friends can't do this, I whited out the sites as a temporary solution. I also think displaying a warning at the top of the page is vulnerable to social engineering by the scam site, as they could write on their site something like "Ignore the scam warning above, we have 5 star ratings on TrustPilot".
legendary
Activity: 2716
Merit: 2093
Join the world-leading crypto sportsbook NOW!
Cool idea.

My first thought: I think you should find some sort of third party to arbitrate in cases where the owner of the site applies to be removed, or a site is submitted and it's a 'close call'.  You need some evidence that your decisions are without bias.  Giving yourself absolute power in which sites are on the list or not is a going to hurt the chances of this taking off.  I would expect most sites that are aware they on the list to claim something like: "we're only on the list bc our competitors paid NotATether."

Any plans to develop a stand alone browser extension?  It would be cool to have the option to add some sort of warning (a reference link would be nice also) stickied at the top of any site on the list instead of just blocking them.


legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
Reserved.
Scammers, if you're reading this thread, watch out for RoboCop.

legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org

ScamWhammer is a filter list for cryptocurrency scam websites, Youtube videos, Play Store downloads, Medium pages and more.

This filter list is unfinished, hence why it's in the Project Development section.

Currently there are over 25,000 unique scam websites (20,000 HYIPs and 5000 scams) in the filter list, but almost no pages because I haven't gathered many yet. It incorporates all the HYIPs in HYIPLogs (Javascript warning: lots of ads) and the listed badsites on the Badbitcoin badlist. I don't have an automated way to retrieve typosquatted domains yet so most of them are missing from the list.

It works with Adblock and Adblock Plus by removing the page content, and Adguard and uBlock Origin by blocking the site outright. Due to Adblock limitations, entire sites can't be blocked so instead it hides their page content.

How to use

Add the URL of this filter list https://raw.githubusercontent.com/ZenulAbidin/scamwhammer/master/filter-blocklist.txt (huge file) to your adblocker. The procedure varies depending on the adblocker you are using so look it up on the internet if you're not sure how to add a custom filter list. The list goes stale every 7 days. This may change in the future.

The goal is to get this filter list included in adblockers by default, when they are installed into the browser.

How I choose which sites get blocked

Again, this filter list is by no means limited to whole sites, it works perfectly fine with arbitrary URLs, including those with queries at the end such as ?action=post;board=12.0.

For the purposes of the rules below I will call all pages off the domain(s) promoting the site, such as Youtube videos, Google Play Store app pages, Medium pages, etc. URLs.

1) If the site in question is in the Badlist, then its domains and all URLs will be included.

2) If the site is an HYIP, its domains and all URLs will also be included.1

3) (Temporarily retracted) If the site in question is a controversial exchange, casino or other cryptocurrency operation, then all of its domains, but no individual URLs, will be included. For the purpose of making rules, a site is controversial if it either a) has at least 3 open credible scam accusations against it or b) the official bitcointalk account representing the site has an active flag against it. I regard a scam accusation as open if the associated thread is less than 5 years old2 and not locked or otherwise labeled "closed", and as credible if the scam accusation in question indicates that the site mishandled funds (individual users' accounts getting hacked are not credible, but if the whole site gets hacked and the site does not replenish its funds then that's credible).

4) All typosquatting and foriegn-character-typosquatting domains impersonating non-controversial (genuine) and controversial sites will be included indiscriminately.3

5) Sites and URLs will not be removed from the list if they are taken down. Sites may be removed if the domain is sold to someone who then uses it for a legitimate activity, but associated URLs will not be removed.

6) I reserve the right to change, and or remove criteria or include and remove individual sites at any time.

NEW 7) Sites and URLs of faucets won't be added to the list unless they have a deposit option.

1 Because I believe that HYIPs are no different from gambling, the only difference being HYIPs make explicit promises of guarantee to make a profit which is clearly lying. If you don't like this decision then feel free to add your favorite HYIP site to your adblocker's whitelist.

2 An issue arises if the associated scam accusation is credible. In that case as long as the remaining credible scam accusations is less than 3, I'll remove the domains from the list and let them go at good-faith. On one hand the site may have cleaned up its act since then and the topic starter forgets to lock the thread (this part happens frequently) but on the other hand I'm not sure this is the best thing to do, feel free to tell me your suggestions about this.

3 Typosquatting something like an exchange or casino is an inherently malicious thing to do, and if there are URLs associated with the typosquatting site, those will also be included in the list.

Here are the list of sites that are currently in the list according to rule 3. I anticipate more will be added to the list. Temporarily inactive


These rules are designed to make it easy for me to select sites to add to the list while I browse the Scam Accusations board.

Homepage   Github repo

If you would like to request permission to edit the ScamWhammer repository, this is the thread to do so. It requires you submit a pull request with the filter rules added properly. See the github repo README for instructions on how to add filter rules manually.

I'm also going to request the BadBitcoin staff for access to the raw list of scam sites so I can include them all at once, searching for them one by one is proving to be exhausting.

This topic will be self-moderated because reports for inclusion here and requests from exclusion from it will be handled in separate threads, to make things easier to navigate. Please keep discussion here on-topic about ScamWhammer.

Associated threads
Report inclusions into ScamWhammer here.
Request removals from ScamWhammer here.

Changelog:
2020-07-21: Add CSV file of blocked domains with name and date added columns
2020-05-03: Add rule 7, temporarily retract rule 3
Jump to: