Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Malicious domains #25899

Closed
10 of 11 tasks
ExtRIELICi opened this issue Nov 3, 2024 · 5 comments
Closed
10 of 11 tasks

Malicious domains #25899

ExtRIELICi opened this issue Nov 3, 2024 · 5 comments

Comments

@ExtRIELICi
Copy link

ExtRIELICi commented Nov 3, 2024
edited
Loading

Prerequisites

  • This is NOT a YouTube, Facebook, Twitch or a shortener/hosting site report. These sites MUST be reported by clicking their respective links.
  • I read and understand the policy about what is a valid filter issue.
  • I verified that this issue is not a duplicate. (Search here to find out.)
  • I did not remove any of the default filter lists, or I have verified that the issue was not caused by removing any of the default lists.
  • I did not enable additional filter lists, or I have verified that the issue still occurs without enabling additional filter lists.
  • I do not have custom filters/rules, or I have verified that the issue still occurs without custom filters/rules.
  • I am not using uBlock Origin along with other content blockers.
  • I have verified that the web browser's built-in content blocker/tracking protection, network wide/DNS blocking, or my VPN is not causing the issue.
  • I have verified that other extensions are not causing the issue.
  • If this is about a breakage or detection, I have verified that it is caused by uBlock Origin and isn't a site issue.
  • I did not answer truthfully to ALL the above checkboxes.

URL(s) where the issue occurs.

https://7ng6v3lu3c.execute-api.us-east-1.amazonaws.com
https://kra18.com/

Description

Malicious domains, part of a malicious Chrome extension. More info here and here.

Other extensions used

none

Screenshot(s)

Screenshot(s)

Configuration

Details 


    
      		
    

      
  





        



            

              
            

        

      


      
    








      

    



      

  
      



  

  @Yuki2718





  


    

      

  

    

        
    
    

  


      
          
  
      
            Copy link

  

      
    

  


  

      

  
    Contributor


      

  


  

    

      

      
            Yuki2718
  

      

      

      commented


        Nov 3, 2024


      
    


  





      


        


  
    

      
          
I don't think uBO can block requests from other extensions, so blocking them would be pointless.

      		
    

  





        


            

            

              
            

        

      


      

            
  

    
  
    
    

  

  



    












      

  
      



  

  @ExtRIELICi





  


    

      

  

    

        
    
    

  


      
          
  
      
            Copy link

  

      
    

  


  

      



      

  Author


  


  

    

  





      


        


  
    

      
          
kra18.com is commonly associated with affiliate fraud, at least from what I understand, so blocking it would be beneficial overall, as it is likely used in other malicious domains and scams as well.

      		
    

  





        


            

            

              
            

        

      


      

            
  

    
  
    
    

  

  



    












      

  
            

    


  


  
    
  
  

    
  Yuki2718 

      added a commit
        to easylist/easylist
      that referenced
      this issue

    
      Nov 3, 2024
    
    

      


  

    

      


  

      
        @Yuki2718
  





      

        
          M: Update uBlockOrigin/uAssets#25899
        


      


      

          

    
    
    

  

      


      

          

    
    
    

  

  

    
  



      


      
      

        
          cb43797
        
      

    

  




    

  









      

  
      



  

  @Yuki2718





  


    

      

  

    

        
    
    

  


      
          
  
      
            Copy link

  

      
    

  


  

      

  
    Contributor


      

  


  

    

      

      
            Yuki2718
  

      

      

      commented


        Nov 3, 2024


      
    


  





      


        


  
    

      
          
Also added 7ng6v3lu3c.execute-api.us-east-1.amazonaws.com as EL can be used in network-level.

      		
    

  





        


            

            

              
            

        

      


      

            
  

    
  
    
    

  

  



    












      

  
      



  

  @stephenhawk8054





  


    

      

  

    

        
    
    

  


      
          
  
      
            Copy link

  

      
    

  


  

      

  
  Member


      

  


  

    

  





      


        


  
    

      
          
@Yuki2718 uBOL doesn't have strict-blocked unless specified with $all or $doc, so I think it's still better to address in our list with type too.

      		
    

  





        


            

            

              
            

        

      


      

            
  

    
  
    
    

  

  



    












      

  
      



  

  @Yuki2718





  


    

      

  

    

        
    
    

  


      
          
  
      
            Copy link

  

      
    

  


  

      

  
    Contributor


      

  


  

    

      

      
            Yuki2718
  

      

      

      commented


        Nov 5, 2024


      
    


  





      


        


  
    

      
          


uBOL doesn't have strict-blocked unless specified with $all or $doc, so I think it's still better to address in our list with type too.




Didn't know that, but I doubt this is intended behavior. Or is it?

      		
    

  





        


            

            

              
            

        

      


      

            
  

    
  
    
    

  

  



    
















  
  

    

      

  





  




  
  

              

  
    Sign up for free
    to join this conversation on GitHub.
    Already have an account?
    Sign in to comment


  



  






  
                  




    

  


      
  

    Assignees
  



        

    No one assigned







      


  


  

    Labels
  



    

    None yet







      

  

    

        

    Projects
  


        




    None yet




  



      


  

    
  

    Milestone
  


      No milestone





    
      
          


  

    
      

        
    

    Development
  




              
No branches or pull requests







    
  




        
      

    

  
      

  

    

      3 participants
    

    

        
          @Yuki2718 
        
          @stephenhawk8054 
        
          @ExtRIELICi