Jump to content

Recommended Posts

1 minute ago, MON5TERMATT said:

its already hard to get this not to flag with calling files with powershell and we ask that users turn off av's just for that reason

People hate that or don't know how. But those are the same folks that will download anything blindly using Discord. :o

 

Link to post
Share on other sites

20 minutes ago, Porthos said:

People hate that or don't know how. But those are the same folks that will download anything blindly using Discord. :o

 

we had one of our admins post one of those scams for free nitro earlier, its amazing how a admin that runs a pc group can still be hacked

Ill also just drop this here

 

name: antiscam
rank: 2
event: on-message
if:
  - if-any:
     - message-matches-any: ["*steamconm*", "*stearncor*", "*steamncon*", "*steamcommi*", "*steamcomun*", "*steamcommun*", "*steamcomminut*"]
     - message-matches-any: ["*steamcommunytu*", "*steamcommunityu*", "*steancommunytiu*", "*stearncomminuty*"]
     - message-matches-any: ["*d1scord*", "*dlscord*", "*discorb*", "*discorcl*", "*discords-*", "*d1scord-*", "*discordgift*", "*d1scord-gift*", "*dlscord-gift*"]
     - message-matches-any: ["*discordgift*", "*d1scord-gifts*", "*dlscord-gifts*", "*d1scord-claim*", "*dlscord-claim*", "*d1scord-airdrop*", "*dlscord-airdrop*"]
     - message-matches-any: ["*d1scord-nitro*", "*dlscord-nitro*", "*nitrogift*", "*discord*wales*", "*givenitro*", "*free-nitro*", "*roblox-com*"]
     - message-matches-any: ["*?pantner*", "*give-nitro*", "*com/gift*", "*info/promo*", "*trade/offer*", "*giveaway/discord*", "*&token*", "*/airdrop*"]
  - if-not:
     - is-staff: true
do:
  - ban-user-and-delete: 1
  - send-mod-log: "User banned for linking a malicious URL." 
  - notify-staff:
      title: "Malicious Link"
      content: "$user_mention has sent a malicious link in $channel_mention - `$message_clean`"
      jump_to_ctx_message: true
      qa_target: $user_id # Quick action target
      qa_reason: "Phishing Link/Token Grabber" # Quick action reason, optional
      no_repeat_for: 30 seconds # Ensures that this notif. won't be sent again in the next 30 secs
      no_repeat_key: $rule_name-1 # An unique key that identifies this notif., make sure to set this too
  - send-message: [$channel_id, "Malicious Link was detected and removed (User may of been token logged)"]
  - delete-last-message-sent-after: 60 seconds

 

Link to post
Share on other sites

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 1/12/22
Protection Event Time: 8:38 PM
Log File: ef521c6c-7419-11ec-9253-ac1203da070e.json

-Software Information-
Version: 4.5.0.152
Components Version: 1.0.1538
Update Package Version: 1.0.49717
License: Premium

-System Information-
OS: Windows 10 (Build 19044.1415)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, C:\Program Files\Google\Chrome\Application\chrome.exe, Blocked, -1, -1, 0.0.0, , 

-Website Data-
Category: RiskWare
Domain: medicatusb.xyz
IP Address: 31.22.4.101
Port: 80
Type: Outbound
File: C:\Program Files\Google\Chrome\Application\chrome.exe

(end)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.