Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BLOCK] #32

Open
CyanoTex opened this issue Nov 25, 2021 · 7 comments
Open

[BLOCK] #32

CyanoTex opened this issue Nov 25, 2021 · 7 comments
Assignees
@brianclemens

Comments

@CyanoTex
Copy link

CyanoTex commented Nov 25, 2021
edited

Domain List
jwobzj.findiovers.com porn
@spirillen
Copy link

spirillen commented Nov 25, 2021
edited

image

image

drill findiovers.com @9.9.9.10
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 37934
;; flags: qr rd ra ; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 
;; QUESTION SECTION:
;; findiovers.com.      IN      A

;; ANSWER SECTION:

;; AUTHORITY SECTION:
findiovers.com. 900     IN      SOA     ns-1288.awsdns-33.org. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400

drill www.findiovers.com @9.9.9.10
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 11475
;; flags: qr rd ra ; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0 
;; QUESTION SECTION:
;; www.findiovers.com.  IN      A

;; ANSWER SECTION:
www.findiovers.com.     3600    IN      CNAME   llbkq.abtrcker.com.
llbkq.abtrcker.com.     3600    IN      CNAME   j1.jump4geo.com.
j1.jump4geo.com.        60      IN      A       52.19.101.114

So where is the porn? this looks more like a tracking domain to me.

@CyanoTex
Copy link
Author

image

image

drill findiovers.com @9.9.9.10
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 37934
;; flags: qr rd ra ; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 
;; QUESTION SECTION:
;; findiovers.com.      IN      A

;; ANSWER SECTION:

;; AUTHORITY SECTION:
findiovers.com. 900     IN      SOA     ns-1288.awsdns-33.org. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400

drill www.findiovers.com @9.9.9.10
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 11475
;; flags: qr rd ra ; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0 
;; QUESTION SECTION:
;; www.findiovers.com.  IN      A

;; ANSWER SECTION:
www.findiovers.com.     3600    IN      CNAME   llbkq.abtrcker.com.
llbkq.abtrcker.com.     3600    IN      CNAME   j1.jump4geo.com.
j1.jump4geo.com.        60      IN      A       52.19.101.114

So where is the porn? this looks more like a tracking domain to me.

🤨 I'll edit my post then.

I could have sworn that when I visited it, it showed 18+ stuff. Oh well. 🤷

@spirillen
Copy link

if it was adult contents why the add it the ads filter? 😕

image

@CyanoTex
Copy link
Author

if it was adult contents why the add it the ads filter? 😕

image

You said it looked more like a tracking domain than it was porn.

@spirillen
Copy link

Ok 😃 I see it now, it was my fault is changed from ads to adult to tracking..

So where is the porn? this looks more like a tracking domain to me.

completely forgotten that line.

@CyanoTex
Copy link
Author

Ok 😃 I see it now, it was my fault is changed from ads to adult to tracking..

So where is the porn? this looks more like a tracking domain to me.

completely forgotten that line.

🤨
That's some weird website if it can change like that.

@CyanoTex
Copy link
Author

CyanoTex commented Nov 27, 2021
edited

Ok 😃 I see it now, it was my fault is changed from ads to adult to tracking..

So where is the porn? this looks more like a tracking domain to me.

completely forgotten that line.

Okay, so, I found this TikTok profile:
Screenshot_20211127-235129_TikTok.png

And if I recall correctly, I found the domain I posted for blocking, which came from:
http://toktik.website/17n3n65c6ju7

And uBlock Origin stopped me because of this filter:
Screenshot_20211127-235302_Firefox.png

@spirillen
Copy link

spirillen commented Nov 28, 2021
edited

Step one and two... Curl

Remember to add this domain to redirection(tracking)

curl -I 'http://toktik.website/17n3n65c6ju7'
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sun, 28 Nov 2021 02:59:56 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/7.2.34
X-Robots-Tag: noindex
Location: https://jwobzj.findiovers.com/c/da57dc555e50572d?s1=144766&s2=1342764&j1=1

server: nginx
date: Sun, 28 Nov 2021 03:01:57 GMT
content-type: text/html; charset=utf-8
set-cookie: unique_id=61a2f0fd00018da0; Path=/; Expires=Thu, 27 Jan 2022 03:01:57 GMT; Secure; SameSite=None
set-cookie: unique_id2=61a2f0fd0002f2bd; Path=/; Expires=Sat, 26 Feb 2022 03:01:57 GMT; Secure; SameSite=None
set-cookie: 61a2f0fd0002f2bd_c=1; Path=/; Expires=Sat, 26 Feb 2022 03:01:57 GMT; Secure; SameSite=None
set-cookie: ref_token=144766; Path=/; Expires=Tue, 28 Dec 2021 03:01:57 GMT; Secure; SameSite=None
set-cookie: impression=; Path=/; Expires=Sun, 28 Nov 2021 03:01:57 GMT; Secure; SameSite=None
set-cookie: 61a2f0fd0002f2bd_sl=[266226]; Path=/; Expires=Sun, 12 Dec 2021 03:01:57 GMT; Secure; SameSite=None

Step 3: fire up Whonix...

The thing is this is not an adult site....

OF curse at another visit the comes a pair of lovely drawn boo*s it is a tracking/redirecting (adware) domain. apparently only to collect data before redirecting you to hushlove.com: https://mypdns.org/my-privacy-dns/porn-records/-/issues/1775 by using the spyware from authbill.com

Ive added this one as adware as there are no adult on the domain.

The following domains have been blacklisted in the process of investigating this issue:

conclusion

The reported domain is NSFW

There are more to blacklist than this domain...

Thankls for the report @CyanoTex

@CyanoTex
Copy link
Author

CyanoTex commented Dec 2, 2021

Step one and two... Curl

Remember to add this domain to redirection(tracking)

curl -I 'http://toktik.website/17n3n65c6ju7'
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sun, 28 Nov 2021 02:59:56 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/7.2.34
X-Robots-Tag: noindex
Location: https://jwobzj.findiovers.com/c/da57dc555e50572d?s1=144766&s2=1342764&j1=1

server: nginx
date: Sun, 28 Nov 2021 03:01:57 GMT
content-type: text/html; charset=utf-8
set-cookie: unique_id=61a2f0fd00018da0; Path=/; Expires=Thu, 27 Jan 2022 03:01:57 GMT; Secure; SameSite=None
set-cookie: unique_id2=61a2f0fd0002f2bd; Path=/; Expires=Sat, 26 Feb 2022 03:01:57 GMT; Secure; SameSite=None
set-cookie: 61a2f0fd0002f2bd_c=1; Path=/; Expires=Sat, 26 Feb 2022 03:01:57 GMT; Secure; SameSite=None
set-cookie: ref_token=144766; Path=/; Expires=Tue, 28 Dec 2021 03:01:57 GMT; Secure; SameSite=None
set-cookie: impression=; Path=/; Expires=Sun, 28 Nov 2021 03:01:57 GMT; Secure; SameSite=None
set-cookie: 61a2f0fd0002f2bd_sl=[266226]; Path=/; Expires=Sun, 12 Dec 2021 03:01:57 GMT; Secure; SameSite=None

Step 3: fire up Whonix...

The thing is this is not an adult site....

OF curse at another visit the comes a pair of lovely drawn boo*s it is a tracking/redirecting (adware) domain. apparently only to collect data before redirecting you to hushlove.com: https://mypdns.org/my-privacy-dns/porn-records/-/issues/1775 by using the spyware from authbill.com

Ive added this one as adware as there are no adult on the domain.

The following domains have been blacklisted in the process of investigating this issue:

conclusion

The reported domain is NSFW

There are more to blacklist than this domain...

Thankls for the report @CyanoTex

http://witok.xyz/16k51ef5h7w7

Goes to the same website, but I'm pretty sure it's the same as that toktik website.

spirillen added a commit to mypdns/matrix that referenced this issue Dec 2, 2021
@spirillen
witok.xyz
39b39bc 
Closes https://mypdns.org/my-privacy-dns/matrix/-/issues/3775

See also:
  - tiuxo/hosts#32 (comment)

Changes to be committed:
	modified:   source/redirector/wildcard.list
	modified:   source/tracking/wildcard.list
@spirillen
Copy link

Thank, have added witok.xyz I have added it to my lists.

But I started to wonder if this list actually is maintained... @brianclemens ??

@brianclemens
Copy link
Contributor

@spirillen recently I'm not finding much time to maintain this list due to my involvement in Rocky Linux. I pay attention to reports of erroneously blocked items, but not so much requests to add entries because they are often not relevant to the purpose of this list. The purpose of this list is to block ads / etc on Japanese sites that anglocentric lists don't cover.

@spirillen
Copy link

Hey @brianclemens sounds like a good balance for you 👍

If you feel like it, then my project includes the hole world wide web 😉 Meaning, if you find my work acceptable+ why not refer to it for the non .jp records? and since I do not understand Japanese, well I'm open to add a ping to you if you like.

@CyanoTex
Copy link
Author

CyanoTex commented Dec 8, 2021

Thank, have added witok.xyz I have added it to my lists.

But I started to wonder if this list actually is maintained... @brianclemens ??

http://toksell.xyz/100cyrrwcrh0

Seems to be the same concept as the one I told you about. Rather new, my NextDNS config blocked it for being a new domain.

There's also a little bit of a pattern with these profiles using "tik" or "tok".

@spirillen
Copy link

http://toksell.xyz/100cyrrwcrh0

Seems to be the same concept as the one I told you about. Rather new, my NextDNS config blocked it for being a new domain.

There's also a little bit of a pattern with these profiles using "tik" or "tok".

Thanks @CyanoTex

This gave the following reports:

spirillen added a commit to mypdns/matrix that referenced this issue Dec 9, 2021
@spirillen
toksell.xyz
8509120 
Closes https://mypdns.org/my-privacy-dns/matrix/-/issues/3847

See also:
  - tiuxo/hosts#32 (comment)
  - https://mypdns.org/my-privacy-dns/porn-records/-/issues/1932

Changes to be committed:
	modified:   source/redirector/wildcard.list
@spirillen
Copy link

@brianclemens, My comments ain't spam. they are made i correspondence to your license

Creative Commons Attribution 4.0 International

hosts/LICENSE

Lines 210 to 237 in 2f3f789

Section 3 -- License Conditions.
Your exercise of the Licensed Rights is expressly made subject to the
following conditions.
a. Attribution.
1. If You Share the Licensed Material (including in modified
form), You must:
a. retain the following if it is supplied by the Licensor
with the Licensed Material:
i. identification of the creator(s) of the Licensed
Material and any others designated to receive
attribution, in any reasonable manner requested by
the Licensor (including by pseudonym if
designated);
ii. a copyright notice;
iii. a notice that refers to this Public License;
iv. a notice that refers to the disclaimer of
warranties;
v. a URI or hyperlink to the Licensed Material to the
extent reasonably practicable;

And to make a quote to why I have made most of my resent comments

@brianclemens wrote in #32 (comment):
@spirillen recently I'm not finding much time to maintain this list due to my involvement in Rocky Linux. I pay attention to reports of erroneously blocked items, but not so much requests to add entries because they are often not relevant to the purpose of this list. The purpose of this list is to block ads / etc on Japanese sites that anglocentric lists don't cover.

@spirillen spirillen mentioned this issue Jan 4, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@brianclemens brianclemens

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@brianclemens @spirillen @CyanoTex