Closed ExtRIELICi closed 5 days ago
the redirect is blocked by .com/api/users*^pii=&in=false^$document
Please report the sites which using this crap instead of just reporting the unstable badware domain.
I found it in gamatotv.info
, which is quite a popular website in Greece and Cyprus.
The javascript popup coming from https://gamatotv.info/fbb53bfb0e7dad3e75ca078edbe1cf98.js
but there is also a <a>
tag with https://zqvee2re50mr.com/yu932ns0?key=c8efb1f92002fe49f29900703554cfb6
(both popups blocked with generic rules already).
Maybe also the link itself can be blocked if its stable:
simplest filter to hide: ###ads5
(EL contains ###ads50
)
link target: gamatotv.info##a[rel="noopener"][onclick^="javascript:window.open('https://"][onclick*="?key="]
@Yuki2718 something known here?
download links on site also has popups
gmtcloud.best###ads5
||gamatotv.info^$script,3p
something known here?
I don't, the best I know is that those Apate web/VexTrio links with key=
are also spread via email. If it is globally seen in the web too, maybe worth considering generic cosmetic filters.
Prerequisites
URL(s) where the issue occurs.
Description
This is a malicious domain that hides within search bars and other places in some websites. It doesn't seem to be blocked by uBlock Origin.
Other extensions used
none
Screenshot(s)
Screenshot(s)
Configuration
Details
```yaml ```