Closed lartingyou closed 1 month ago
stephenhawk8054
commented
1 month ago That domain is object storage domain and also used for other purposes. Blocking it will block many other non-malicious links like https://us-east-1.linodeobjects.com/theplayfulwyvernplayers/PLAY.html as well.
lartingyou
commented
1 month ago What about the frequent intermediate redirection domains used in the chain? Here's a typical result from the "redirect path" extension in chrome once you click the linodeobjects.com link (I redacted the URLs to not include full links):
https://airwheel.website/
https://www.settleworldcode.com/
https://www.route2content.com/
https://incredibletechgizmoz.com/Just now, I had another (similar) scam link that starts with
https://8zetuizt254zzu2z5.s3.amazonaws.com/but also has intermediate links to settleworldcode.com and others.
I guess the scammers aren't just using linodeobjects.com.
stephenhawk8054
commented
1 month ago I need exact links to reproduce the issue, otherwise I can't do much with just these information.
lartingyou
commented
1 month ago I understand. These scammers even put an "ip=x.x.x.x" in the URL, so I can't divulge. I guess uBlock won't be useful. Anyway, exploring the avenues.
Prerequisites
URL(s) where the issue occurs.
(actually any *.linodeobjects.com domain, as it's a kind of whack-a-mole redirection operation).
I don't want to provide the complete URL (which is proof of the redirect chaining) for privacy reasons. It contains a base64-encoded key that potentially identifies the email address. Even the beginning of the URL (domain name) could be compromising my identity.
Description
I'm asking for an addition to uBO for all sites on linodeobjects.com.
For months (years) I get a spam a day on average that has a URL on linodeobjects.com that is the start of a redirect chain. The link sends people through 5+ redirects to finally a site that is usually a scam survey promoting a free product. In the end, one must put a credit card to "receive" the object. I'm not 100% sure it's a Phish site (reporting it to Google's safe site has never had any effect that I can tell).
I'm not sure what name there is for this scam, but I've reported it HUNDREDS of times to abuse@linode.com via spamcop with NO RESULTS. Perhaps if uBO blocks this exploited domain, the people who try to access "legitimate" sites on linodeobjects.com will complain and the abuse will finally take action? I suspect the scammers want to keep the volume of complaints low to pass under the thresholds for AI-processed complaints.
Other extensions used
none
Screenshot(s)
Note: the screenshot is of the destination site <-- click at your own risk! (which is always different, as the linodeobjects.com page redirects sometimes 7 times). The spams always contain linodeobjects.com domain URIs as the start, however.
Screenshot(s)
Configuration
Details
```yaml uBlock Origin: 1.59.0 Chromium: 129 filterset (summary): network: 154625 cosmetic: 119044 scriptlet: 29581 html: 0 listset (total-discarded, last-updated): added: adguard-cookies: 31908-41, now fanboy-cookiemonster: 52132-3999, now ublock-cookies-adguard: 1757-28, now ublock-cookies-easylist: 1757-1757, now default: user-filters: 24-3, never easylist: 85351-475, now easyprivacy: 53074-650, now plowe-0: 3550-1, now ublock-badware: 11271-6, now ublock-filters: 40216-384, now ublock-privacy: 1190-22, now ublock-quick-fixes: 147-0, now ublock-unbreak: 2464-0, now urlhaus-1: 25925-0, now filterset (user): [array of 24 redacted] trustedset: added: [array of 42 redacted] hostRuleset: added: [array of 2 redacted] userSettings: advancedUserEnabled: true hiddenSettings: [none] supportStats: allReadyAfter: 386 ms (selfie) maxAssetCacheWait: 278 ms cacheBackend: indexedDB popupPanel: blocked: 1 network: trk-consulatu.com: 1 ```