search

AdguardTeam / AdguardFilters

AdGuard Content Blocking Filters
https://adguard.com/
GNU General Public License v3.0
3.16k stars 632 forks source link

trk.peace-fruit-wool-detail.run #158316

Closed adguard-bot closed 1 year ago

adguard-bot commented 1 year ago

Issue URL (Ads)

https://trk.peace-fruit-wool-detail.run/gg/jz?to=https%3A%2F%2Fresidencepluck.com%2Ftsr2a9rwye%3Fkey%3D1d2bdfeaede324440ed74db9757f69d5%26psid%3D91cxa710-rcyf-4j7x-9415-4d348a478y10-tz3u%26clickid%3DoXvawEuXFYQ8izqm4XEfD9ow

Comment

SCAM domain. Tries to redirect to fake YouTube or casinos

Screenshots

Screenshot 1 ![Screenshot 1](https://cdn.adguard.info/sitereports/gw0bvinn30o4k0480w40s0s4484k8wojow5esqwkh4.jpg?nc=1)

System configuration

Information value
Platform: -
Browser: -
Filters: Privacy:
AdGuard Tracking Protection
DandelionSprout commented 1 year ago

Let's just block ://trk.*.run/$document right off the bat. Absolutely nothing good could result from such a URL pattern.

We should also block residencepluck.com and the other 9,000 domains hosted on its malware IPs: https://securitytrails.com/domain/residencepluck.com/dns

Alex-302 commented 1 year ago

Need the source site.

@DandelionSprout Why do you add ,~inline-font to that rules?

on its malware IPs:

Blocking Amazon or CF IPs is a bad idea.

Let's just block ://trk.*.run/$document

do you know more domains like that?

DandelionSprout commented 1 year ago

Why do you add ,~inline-font to that rules?

uBlock Origin's entry counting system counts $all as 5 entries, so I use ,~inline-font to only make it count as 4.

Blocking Amazon or CF IPs is a bad idea.

I don't get the impression these are Amazon IPs. Seems to be from a compromised hosting service called servers.com.

do you know more domains like that?

According to https://docs.securitytrails.com/reference/domain-search:

``` trk.aboard-melted-original-folks.run trk.ago-gave-collect-jet.run trk.ancient-necessary-ground-opposite.run trk.animal-charge-score-captured.run trk.answer-powder-sentence-constantly.run trk.anyway-steep-it-wealth.run trk.avoid-shade-game-mud.run trk.baby-definition-heat-suppose.run trk.ball-said-audience-white.run trk.bright-rays-glass-low.run trk.building-youth-spread-loss.run trk.caught-willing-listen-explanation.run trk.chief-attached-managed-get.run trk.citizen-double-dust-tree.run trk.contrast-length-locate-ability.run trk.different-rabbit-product-paragraph.run trk.drawn-pilot-breathing-compare.run trk.dropped-be-dish-original.run trk.effort-port-stomach-merely.run trk.eleven-dawn-nice-mainly.run trk.evening-angle-game-selection.run trk.every-children-journey-nobody.run trk.fear-mirror-fight-shape.run trk.financialcache.run trk.fog-expression-strange-would.run trk.forth-lips-lonely-recognize.run trk.forty-wash-pattern-sets.run trk.gather-strike-medicine-burst.run trk.gentle-shallow-them-sale.run trk.gently-material-explain-printed.run trk.gently-ruler-income-price.run trk.gift-moving-decide-manufacturing.run trk.happen-claws-wet-ground.run trk.has-donkey-leader-model.run trk.headed-ice-thick-office.run trk.hearing-hundred-skill-brother.run trk.him-due-upper-back.run trk.himself-beside-plane-steel.run trk.hit-yourself-join-improve.run trk.inch-instrument-rose-outer.run trk.instead-trap-average-making.run trk.joggo.run trk.jump-are-clock-mirror.run trk.knife-wrapped-setting-edge.run trk.laid-loud-taken-character.run trk.layers-upon-morning-by.run trk.lion-usually-taken-can.run trk.lying-at-torn-those.run trk.married-wish-throat-angry.run trk.measure-go-flat-language.run trk.metal-previous-particularly-four.run trk.natural-date-smell-mood.run trk.naturally-thick-pure-fruit.run trk.newspaper-told-deal-luck.run trk.office-sent-other-solution.run trk.ought-feature-mean-carry.run trk.outer-circle-dust-active.run trk.pattern-pupil-engineer-whispered.run trk.peace-fruit-wool-detail.run trk.peace-go-excellent-represent.run trk.pick-paid-engine-page.run trk.piece-standard-however-relationship.run trk.planning-way-taught-stepped.run trk.plates-alphabet-research-cry.run trk.plenty-perfectly-cost-master.run trk.popular-industry-favorite-eaten.run trk.porch-remarkable-buried-hope.run trk.pride-fuel-primitive-anything.run trk.prove-struck-describe-able.run trk.river-dirty-notice-shut.run trk.rope-sum-musical-able.run trk.route-president-jump-no.run trk.scientific-neighborhood-level-greater.run trk.shorter-zero-string-suit.run trk.show-waste-myself-during.run trk.shut-hair-product-sky.run trk.smoke-cattle-related-create.run trk.soil-spring-little-lost.run trk.song-public-mad-kind.run trk.supply-nice-equator-too.run trk.surface-equipment-spread-gather.run trk.tell-opposite-construction-frozen.run trk.thepipeline.run trk.threw-tin-center-coat.run trk.trap-community-shelf-best.run trk.troops-wait-condition-catch.run trk.truck-lucky-seed-first.run trk.village-adventure-addition-wave.run trk.wash-unit-nor-them.run trk.week-stomach-shout-frame.run trk.wide-composition-planned-gun.run trk.wife-poem-bound-live.run trk.winter-molecular-ten-start.run trk.worry-fact-spread-paint.run trk.write-hit-neighborhood-region.run trk.wrong-too-friend-grown.run trk.year-atmosphere-share-lower.run ```

Of those 97, only 1 seem halfway legitimate (trk.joggo.run).

Alex-302 commented 1 year ago

uBlock Origin's entry counting system counts $all as 5 entries, so I use ,~inline-font to only make it count as 4.

Is not it redundant, if you want to block bad domain?

Of those 97, only 1 seem halfway legitimate (trk.joggo.run).

Ok, added your rule.