search

uBlockOrigin / uAssets

Resources for uBlock Origin, uMatrix: static filter lists, ready-to-use rulesets, etc.
GNU General Public License v3.0
4.07k stars 761 forks source link

datingdeserving.com #10003

Closed spirillen closed 3 years ago

spirillen commented 3 years ago

Prerequisites

I tried to reproduce the issue when...

URL(s) where the issue occurs

https://github.com/easylist/easylist/pull/8674/files

Describe the issue

I'm searching for the documentation for adding datingdeserving.com to the BadWare list

https://github.com/uBlockOrigin/uAssets/blob/6b2beef57b7d12bc6b03dbb77f2833700577dd39/filters/badware.txt#L734

The only ref is blaming the commit, which leads me to https://github.com/uBlockOrigin/uAssets/commit/1f3b77c5eda8c4eb65f4fd531432d1df33af14ac#commitcomment-54976790 but still no comments on what makes you think there is a badware risk on this domain. The trails went cold in lack of traces and comments.

Screenshot(s)

image

uBlock Origin version

uBlock Origin 1.37.2

Browser name and version

FF ubuntu repo

Settings

Notes

No response

uBlock-user commented 3 years ago

Seems like a mass addition of urls under fraud category.

@Yuki2718

Yuki2718 commented 3 years ago

I don't understand what this issue is about. Direct URL access returns 403 currently but I didn't take a note of full URL - generally I keep them only shortly.

spirillen commented 3 years ago

@Yuki2718 it's about the why it is added as badware in the first place, otherwise it a bit hard to incorporate it into any other blacklists if you can't point to a argument (proof) for why. And it appears you are the only one blacklisting it... https://duckduckgo.com/?q=%22datingdeserving.com%22&t=ffab&ia=web

image

publicwww doesn't have anything on it. That's why I'm asking, and again, how did you end up there in the first place @Yuki2718 :smiley:

  • generally I keep them only shortly

Do understand you, this one just seems a bit to short

krystian3w commented 3 years ago

how did you end up there in the first place

Maybe form AdGuard anti-fraud report.

Maybe this was fake with "S" "E" "X" Badoo questionnaire. Very close, it's some chat with a bot ...

krystian3w commented 3 years ago

On Google I found online urls:

https://t.co/WM95Cn16GB
https://i.datingdeserving.com/l/push-external3/?encodedPath=L2wvcHVzaC1leHRlcm5hbDMvPw%3d%3d&ext=1&affiliateId=l69553&site=https%3a%2f%2fbigosext69.com%2fl%2f25%2fhingefuck3%2f1-w3mr%2fglobal%2f&userAgent=Mozilla%2f5.0+(Linux%3b+Android+10%3b+AC2003)+AppleWebKit%2f537.36+(KHTML%2c+like+Gecko)+Chrome%2f92.0.4515.115+Mobile+Safari%2f537.36&language=fr&subscribeMethod=chat_popup_ext_subscribe_v3_rand&vertical=dating&siteLang=fr&extImageUrl=images%2fen%2fgirl16.jpg&extTpl=36&extTplLogo=16#
https://t.co/w1PYuum9mX
https://a.datingdeserving.com/l/push-external/?ext=1&affiliateId=l77236&site=https%3a%2f%2fsinder4.com%2fl%2f25%2ftimerv2%2f1-w1m%2fglobal%2f&userAgent=Mozilla%2f5.0+(Linux%3b+Android+11%3b+SM-A125F)+AppleWebKit%2f537.36+(KHTML%2c+like+Gecko)+Chrome%2f92.0.4515.115+Mobile+Safari%2f537.36&language=vi-VN&subscribeMethod=chat_popup_ext_subscribe&vertical=dating&siteLang=vi&extTpl=1 
<title id="title1">SexChat - You have three new messages.</title>
English version transleted form detected Polish ![obraz](https://user-images.githubusercontent.com/35370833/133329049-c41d5d7e-ae1a-4667-b975-f0b7787d63a3.png) 
<title id="title1">SexMessenger - you have 1 new message</title>
English broken version screen ![obraz](https://user-images.githubusercontent.com/35370833/133329206-f3435e10-1509-497c-9d3a-a9e9130671cd.png) 
<title id="title1">SexChat - Vous avez reçu 3 messages</title>
French version, no based on my PC/Geolocalization without auto translate to English ![obraz](https://user-images.githubusercontent.com/35370833/133329494-1d6536ca-56a3-49b7-a6ab-bb9231bbac7c.png)
spirillen commented 3 years ago

and now it looks more like adware than badware... (stay corrected adware is badware :smiley: )

and maybe a notation to the adult lists....

krystian3w commented 3 years ago

The screens are already in the spoler (too many place are wasted), there are no naked breasts there at most a heavily exonerated delcolt and rather the first "top model" lady looks like has a flesh-colored bra (or mask the size of the cup / nipples quite well).

As for the notification, not everyone reads the comment above the line, so you would have to reach for a hack:

domain=~NSFW-chat-bait

krystian3w commented 3 years ago

I found push notification wall with NSFW (nipples):

https://a.datingdeserving.com/l/push-external/

https://user-images.githubusercontent.com/35370833/133331924-21f51917-1fce-4ca3-9eb8-fe2f21b375c0.png (hidden breasts by red rectangle)

krystian3w commented 3 years ago

On duck duck go also I see this domain at twitter:

obraz

Badware accounts/bots?

https://t.co/h4vb0kCe3z?amp=1 https://a.datingdeserving.com/l/push-external3/?encodedPath=L2wvcHVzaC1leHRlcm5hbDMvPw==

https://t.co/o9skCGiMfa?amp=1 https://e.datingdeserving.com/l/push-external3/?encodedPath=L2wvcHVzaC1leHRlcm5hbDMvPw==

https://t.co/PSzSg2LXsT?amp=1 https://c.datingdeserving.com/l/push-external3/?encodedPath=L2wvcHVzaC1leHRlcm5hbDMvPw==

https://t.co/cBmFCUKLlj?amp=1 https://b.datingdeserving.com/l/push-external3/?encodedPath=L2wvcHVzaC1leHRlcm5hbDMvPw==

spirillen commented 3 years ago

:rofl: A spyware spam domain that warne's about similar domains :rofl:

ss ![image](https://user-images.githubusercontent.com/44526987/133333232-18bc1505-1db6-4075-9c17-c4a5e16f8cc2.png)

I tried to figure out what that "Click Allow" was, but i only get "The connection has timed out" on the tor network... anyone who dare to look in the source to see what it would allow?

spirillen commented 3 years ago

Ok

got it but no where to click allow...

Click to expand ![image](https://user-images.githubusercontent.com/44526987/133335375-fadaa191-5a93-4c30-a573-8dfbdfa569ea.png) 
<!DOCTYPE html>
<html>
<head>
    <meta http-equiv="Content-Type" content="text/html;charset=utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <link rel="manifest" href="manifest.json">
    <link href="css/style.css?v=1.1" rel="stylesheet" type="text/css">

    <script src="js/trls.js?v=1.18"></script>
    <script src="js/push-subscriber.js?v=2.0"></script>
</head>
<body>

<img id="js-spinner" src="images/loader.gif" class="hide">

<div id="tpl1" class="subscribe-tpl1">
    <div class="image-wrapper"><img class="branding-logo" id="image" src=""></div>
    <div id="subscribeText">
        <p id="subText1" class="offer-text1">Click <strong>'Allow'</strong> to let me chat with you. I'd love to know you better.</p>
        <p id="subText2" class="offer-text2">We can shake a little after you register <span>(it's free).</span></p>
    </div>
</div>

<div id="tpl2" class="subscribe-tpl2" style="display: none">
    <p id="subText1" class="offer-text1"></p>
    <p id="subText2" class="offer-text2"></p>
    <div class="subscribe-image">
        <div class="image-label"><span id="nameAge"></span></div>
        <div class="image-wrapper"><img class="branding-logo" id="image" src=""></div>
    </div>
</div>

<img height="1" width="1" style="display:none" src="https://p-analytics.life/pxl.png" />
</body>
</html>
spirillen commented 3 years ago

Ok, reconnized it now. If you look in js/trls.js?v=1.18 then it is something I have seen in another dating thing.

I would call it AdWare with a pinch of adultery

<script src="js/trls.js?v=1.18"></script>
<script src="js/push-subscriber.js?v=2.0"></script>

It will be categorized as such here https://mypdns.org/my-privacy-dns/matrix/-/issues/2773

uBlock-user commented 3 years ago

Btw no need to open an issue if you have a question regarding a filter, ask at the commit itself which you already found.

krystian3w commented 3 years ago

But he can't found this big commit and few people now subscribe notify for comments (I newer watch comments in my commits, use nick name instead).

uBlock-user commented 3 years ago

The rule is quite clear -- Support issues and questions are handled at /r/uBlockOrigin. GitHub is for reporting issues only.

krystian3w commented 3 years ago

got it but no where to click allow...

in notify cloud beetween url bar (allow spam push).

spirillen commented 3 years ago

The rule is quite clear -- Support issues and questions are handled at /r/uBlockOrigin. GitHub is for reporting issues only.

And that should happens how?? without violating my privacy? @uBlock-user you might know I'm all about privacy/democracy and down that road as I also mentioned for @Yuki2718 yesterday. reddit is 100 of limit here

drill reddit.com
;; ->>HEADER<<- opcode: QUERY, rcode: NXDOMAIN, id: 2064
;; flags: qr rd ra ; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 
;; QUESTION SECTION:
;; reddit.com.  IN      A

;; ANSWER SECTION:

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; Query time: 1 msec

The same rules applies for the other spyware domains like fakebook, twitter etc

uBlock-user commented 3 years ago

Already told you - https://github.com/uBlockOrigin/uAssets/issues/10003#issuecomment-919527238

uBlock-user commented 3 years ago

Either way, there are no exceptions for the rule.

spirillen commented 3 years ago

That's up to you. I actually don't care, but if you have a record without any records I do not consider this as a Support as it you who forgot to keep records.

uBlock-user commented 3 years ago

but if you have a record without any records I do not consider this as a Support as it you who forgot to keep records.

Learn to respect the rules of the repository, this pointless back and forth has gone unnecessarily long.