Uassets: bypass notification

no filters block push...

@mapx- badfilter:

/ntfc.php?$script

url:

https://www1.ecleneue.com/pushredirect/?placementid=10729309&clickid=5743133391&t=1561836513&dest=https%3A%2F%2Fwww.dropbox.com%2Fs%2Flwph95lsyuv21kw%2FLDOE_v1.8_Mod_iOSGods_Div.zip%3Fdl%3D0

blocked:

https://pushokey.com/ntfc.php?p=2553225&ucis=true&m=https&nbinp=true&var=10729309&ymid=5743133391

@kenviet links open after 4 redirect in maranhesduve.club site.

After getting redirected through maranhesduve.club I arrive at

without any notification on my end.

You no have any:

https://p1.maranhesduve.club/?tag_id=759228&sub_id1=10729309&sub_id2=5946832176255722117&cookie_id=1a5d90e7-dcc7-4ee2-9bf1-0d76f9a4ce5e&lp=adfly_allow&convert=Your%20Video%20Is%20Ready%20To%20Stream&allb=redirect&ob=redirect&href=https%3A%2F%2Fwww.dropbox.com%2Fs%2Flwph95lsyuv21kw%2FLDOE_v1.8_Mod_iOSGods_Div.zip%3Fdl%3D0&hop=-1&info=&sub=p1

https://p2.maranhesduve.club/?tag_id=759228&sub_id1=10729309&sub_id2=5946832176255722117&cookie_id=1a5d90e7-dcc7-4ee2-9bf1-0d76f9a4ce5e&lp=adfly_allow&convert=Your%20Video%20Is%20Ready%20To%20Stream&allb=redirect&ob=redirect&href=https%3A%2F%2Fwww.dropbox.com%2Fs%2Flwph95lsyuv21kw%2FLDOE_v1.8_Mod_iOSGods_Div.zip%3Fdl%3D0&hop=0&info=&sub=p2

https://p1.maranhesduve.club/?tag_id=759228&sub_id1=10729309&sub_id2=5946832176255722117&cookie_id=1a5d90e7-dcc7-4ee2-9bf1-0d76f9a4ce5e&lp=adfly_allow&convert=Your%20Video%20Is%20Ready%20To%20Stream&allb=redirect&ob=redirect&href=https%3A%2F%2Fwww.dropbox.com%2Fs%2Flwph95lsyuv21kw%2FLDOE_v1.8_Mod_iOSGods_Div.zip%3Fdl%3D0&hop=-1&info=&sub=p1

I do have those and I also get the screenshot of the OP but I get automatically redirected to the dropbox site without me having to do anything.

for me site wait for allow push and push also blocked on sister domain:

https://www1.ecleneue.com/pushredirect/?placementid=10729309&clickid=5743133391&t=1561839614&dest=https%3A%2F%2Fwww.dropbox.com%2Fs%2Flwph95lsyuv21kw%2FLDOE_v1.8_Mod_iOSGods_Div.zip%3Fdl%3D0

```
https://www2.ecleneue.com/pushredirect/?placementid=10729309&clickid=5743133391&t=1561839614&dest=https%3A%2F%2Fwww.dropbox.com%2Fs%2Flwph95lsyuv21kw%2FLDOE_v1.8_Mod_iOSGods_Div.zip%3Fdl%3D0&reason=Deny1
````

https://www3.ecleneue.com/pushredirect/?placementid=10729309&clickid=5743133391&t=1561839614&dest=https%3A%2F%2Fwww.dropbox.com%2Fs%2Flwph95lsyuv21kw%2FLDOE_v1.8_Mod_iOSGods_Div.zip%3Fdl%3D0&reason=Deny1

no reddirect to drobox...

Well, not for me and I would not badfilter /ntfc.php?$script maybe allow it for the site only if necessary.
Let's wait and see if mapx- can reproduce.

I cannot arrive at dropbox even whitelisting

@@||pushokey.com/ntfc.php$script,domain=ecleneue.com
@@||pushlaram.com/ntfc.php$script,domain=ecleneue.com

Do you get the same result if you go to
sprysphere.com/DvHm?
The shortener leads to a mediafire site on my end.

yeah, same behaviour the destination page (waiting for allow) is
https://www1.ecleneue.com/pushredirect/?placementid=3860662&clickid=5744570877&t=1561845822&dest=https%3A%2F%2Fgloyah.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9oYWpyMWZqd2cwb2IxL0ZSUDIwMTg%3D%2F2df3c7c1bae1ddeeeeea3e09ff221ae2

I never get to ecleneue.com.
It's sprysphere --> gloyah --> maranhesduve --> mediafire on my end.

If it does not work at all on your end adding an exception for the push notification seems pointless.

using a hungarian ip:

• FF => sprysphere --> gloyah --> maranhesduve (not arriving on mediafire)
• chrome => sprysphere --> gloyah --> ecleneue (not arriving on mediafire)

Does it work if you whitelist maranhesduve or ecleneue?

No effect => still waiting allow

Well, then it seems to be a site issue on your end, though I don't know why it works for me without doing anything and for krystian3w it works after adding the exceptions.

ecleneue.*,maranhesduve.*##+js(abort-on-property-read.js, Notification.requestPermission)

maybe works to disable webpush if for other users allow notify is no needed.

I can't reproduce anything either opening the link in the op goes through correctly with no issue.

edit: so i tested it a few times with/without ubo it just seems to be random whether or not if it lets you through. Probably just an issue with the site i've had a lot of issues with adfly clones in the past.

I can reproduce on firefox android....
Site needs to allow push notifications
Then it drops you to Dropbox at the expense of 3rd party trackers exposure
@jspenguin2017 🐧can you help here

I can reproduce, final destination is https://www.dropbox.com/s/lwph95lsyuv21kw/LDOE_v1.8_Mod_iOSGods_Div.zip?dl=0.

We need a new script snippet.

Eh... The notification is requested from a service worker... We can't inject script snippets to service workers...

The only way I can think of interfering with it is to periodically revoke the notification permission for those bad domains.

Redirection?

FF => sprysphere --> gloyah --> maranhesduve > p1.maranhesduve.club
chrome => sprysphere --> gloyah --> ecleneue  > www4.ecleneue.com

website should ignore notification after 4 tests.

Hum... Yea, if you do not grant notification it will try ~5 times then give up.

https://www4.ecleneue.com/pushredirect/?placementid=10729309&clickid=5743133391&t=1561927096&dest=https%3A%2F%2Fwww.dropbox.com%2Fs%2Flwph95lsyuv21kw%2FLDOE_v1.8_Mod_iOSGods_Div.zip%3Fdl%3D0

for me www4 no need:

@@/ntfc.php?$script,domain=ecleneue.com

Hum... Yea, if you do not grant notification it will try ~5 times then give up.

That is what I get at my end, maranhesduve automatically reloads 4 times and then I get redirected to dropbox or mediafire in the two linked examples.

Try IP change /clear data...repeatedly visiting site with same IP/data, site will
give up allowing you to destination site

Stuck at please press allow to continue on first time visit with different ip
No matter how much I wait

For my ecleneue.com is broken and manualy I must change wwwX to www4.

maranhesduve.com I must deny push 3 times or manualy change pX to p1 (numbering down - to lower).

In Firefox also have both domains maranhesduve.club and ecleneue.com.

Maybe fix mara if my IP is not guilty:

! 1.07.2019 maranhesduve.club
||pixel.maranhesduve.club^$xmlhttprequest
||maranhesduve.club^$script

idk whatever it's fixed. yesterday, I had to allow it in order to arrive at dropbox
I removed notification permission after but still let me arrive at it lol

Cookies / IP as suggested by @ghajini?

Or block all scripts and xhr helps on mara.

still stuck and iam waiting for more than 10 mins for site to autoredirect to destination site
https://user-images.githubusercontent.com/20338483/60672562-567e2700-9e93-11e9-8bf0-239da508ea64.png

source page served
https://pastebin.com/nkdF7HSC

@mapx- ,@okiehsch ,@jspenguin2017,if it's useful to you

function redirectUser(url) {   | window.location.replace(url);   | }   |     | (function() {   | var url = new URL(window.location.href);   | var pci = url.searchParams.get('clickid');   | var t = url.searchParams.get('t');   | var ppi = url.searchParams.get('placementid');   | var dest = url.searchParams.get('dest');   | var site = url.searchParams.get('site');   | var tag = document.createElement('script');   | var destination = decodeURIComponent('https://www.dropbox.com/s/lwph95lsyuv21kw/LDOE_v1.8_Mod_iOSGods_Div.zip?dl=0');   |     | var domain = window.location.host;   | var parts = domain.split('.');   | var sub = parts[0];   | var sub_num = sub.split('www');   |     | sub_num = Number(sub_num[1]);   |     | if (!sub_num) { sub_num = 1 } else { sub_num = sub_num+1 }   |     | if (sub_num == 5) {   | setTimeout(redirectUser, 3000, destination);   | return;   | }   |     | var next_domain = 'https://www' + sub_num + '.' + parts[1] + '.' +parts[2] + '/pushredirect/?site=' + site + '&placementid=' + Number(ppi) + '&clickid=' + Number(pci) + '&t=' + t + '&dest=' + encodeURIComponent(dest);   |     | tag.type = 'text/javascript';   | tag.dataset['sdk'] = 'sdk';   |     | var android = navigator.userAgent.toLowerCase().includes("android");   |     | if (android) {   | tag.src = '//pushokey.com/ntfc.php?p=2553230&ucis=true&m=https&nbinp=true' + '&var='+ ppi + '&ymid=' + pci;   | } else {   | tag.src = '//pushokey.com/ntfc.php?p=2553225&ucis=true&m=https&nbinp=true' + '&var='+ ppi + '&ymid=' + pci;   | }   |     | tag.onload = () => {   | sdk.onBeforePermissionPrompt(function() { });   | sdk.onPermissionDefault(function() {   | next_domain = next_domain + '&reason=Deny1';   | setTimeout(redirectUser, 3000, next_domain);   | return;   | });   | sdk.onPermissionAllowed(function() {   | window.location.replace(destination);   | });   | sdk.onPermissionDenied(function() {   | next_domain = next_domain + '&reason=Deny2';   | setTimeout(redirectUser, 3000, next_domain);   | return;   | });   | sdk.onAlreadySubscribed(function() {   | window.location.replace(destination);   | });   | };   | document.head.appendChild(tag);   | })();   |     | </script>   |

ecleneue.com maybe still broken by /ntfc.php?$script

try:

@@/ntfc.php?$script,domain=ecleneue.com

||ecleneue.com/desktopsw.js$script,domain=ecleneue.com
||pushokey.com^$xmlhttprequest,domain=ecleneue.com

@ghajini Huh, the destination URL is hard coded in the DOM? We can probably make a bypass for it...

I noted it down, I don't know when I can have time to look into this though, I'm too busy these weeks.

Another such site

https://ww10.ouo.today/?cr=aHR0cDovL3VsdGltYXRlLnR1cmtkb3duLmNvbS9saW5rLnBocD9saW5rPWFIUjBjSE02THk5Nk1ta3VZMjl0TDI5a1IweHhSMHQ2&oID=82904

Screenshot=

https://user-images.githubusercontent.com/20338483/61239037-7e8c4680-a72d-11e9-847c-aceea5002d66.jpg

Block scripts cannot bait this ww10.ouo.today...

https://github.com/AdguardTeam/AdguardFilters/issues/37022 similar.

Adguard browser extension works with their annoyance filters enabled.....
Similar/other way can be done ?
@okiehsch, @gorhill, @jspenguin2017

uBO no support custom script as filter and uBO may no add any new scriplet.

Try baypass addon/user script (ViolentMonkey/TamperMonkey)?

• https://github.com/Artemis-Lunanite/tampermonkey/blob/ff3087e22908e7197feaf66f46ca66da7008f1ef/ad.fly/skippable.js#L7
• https://github.com/timmyrs/Universal-Bypass/blob/328d51246d3e7837a3033c971287ce84c82c69bf/background.js#L418

Oh, the destination is in GET parameter? Wow, how did I miss that.

i get redirected to http://xterca.net/-36715UDWO/BiZZ?rndad=521214842-1564420884 and i get anti Adblock

  */ad_top_*$1p,image,domain=xterca.net,redirect=1x1.gif
*/popunder.*$3p,image,domain=xterca.net,redirect=1x1.gif

@@||d1nmxiiewlx627.cloudfront.net^$script,domain=xterca.net

But better maybe one scriplet?

cloudfront.net load also ads, so EasyList block d1nmxiiewlx627....

Closed without any fix?

xterca.net gone as timeout counter with Anti-Adblock (IMO) or fixed silent anywhere (IDK).

sprysphere.com and other notification domains no worth for uBO resources?

• it's like https://github.com/uBlockOrigin/uAssets/issues/6098
  still opened
• only @gorhill could tell us if a scriptlet could fix such issues
• someone could test if a userscript like this 1
  https://greasyfork.org/en/scripts/382794-oxy-cloud-download-helper/code

could help in this case too ?

http://larati.net/-36715GEIC/BiZZ?rndad=637050862-1566237639

same as https://github.com/uBlockOrigin/uAssets/issues/5890#issuecomment-516083618

could help:

  */ad_top_*$1p,image,domain=xterca.net|larati.net,redirect=1x1.gif
*/popunder.*$3p,image,domain=xterca.net|larati.net,redirect=1x1.gif

@@||d1nmxiiewlx627.cloudfront.net^$script,domain=xterca.net|larati.net
*/*.php?$1p,subdocument,domain=xterca.net|larati.net,redirect=noop.html

http://larati.net/-36715GEIC/BiZZ?rndad=637050862-1566237639

Have you updated your uBO-filters list? That site was reported two days ago and subsequently fixed.

I end up at
https://www.dropbox.com/s/lwph95lsyuv21kw/LDOE_v1.8_Mod_iOSGods_Div.zip?dl=0
without me doing anything.

ok - on mobile works and again comeback to broken:

• https://www1.ecleneue.com/pushredirect/?placementid=10729309&clickid=5743133391&t=1566276790&dest=https%3A%2F%2Fwww.dropbox.com%2Fs%2Flwph95lsyuv21kw%2FLDOE_v1.8_Mod_iOSGods_Div.zip%3Fdl%3D0 - blocked 3p push script?

• And maranhesduve.club - redrect working (no need accept web-push)

Anyways we are stuck(with default updated filters) at please press allow to continue

Anyways we are stuck

Nope:

• for my: block almost all scripts on maranhesduve.club disable push verification.

• ecleneue.com broken by https://github.com/uBlockOrigin/uAssets/issues/5890#issuecomment-508545692 even probably on www1.ecleneue.com, www2.ecleneue.com, www3.ecleneue.com (www4.ecleneue.com didn't check push anymore, so assumes you reject three times and AdFly finally let pass).

at please press allow to continue

IMO better whitelist tribe in AdGuard - works only on maranhesduve.club / ecleneue.com (problematic sites needed individual scripts or deactivating CSP in Firefox)

if we don't use scriplets in Violent/TamperMoney or non-default uBO resources load from advanced settings.

Similar site

https://sparbuttantowa.pro/LRODTI?tag_id=777823&sub_id1=195668&sub_id2=6977632712313340712&cookie_id=f7919b46-c2e2-4e8e-b916-7f065a57bacd&lp=loading&tb=redirect&allb=redirect&ob=redirect&href=https%3A%2F%2Freroplittrewheck.pro%2F%3Ftid%3D778547%26noocp%3D1%26subid%3D195668&hop=7

adding here the other issue (oxy.cloud)
https://github.com/uBlockOrigin/uAssets/issues/6098

1. https://www1.debrahinton.pro/pushredirect/?site=adfly&network=1&ppi=4264276&pci=2458551268&t=1573403816&dest=https%3A%2F%2Fcowner.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2Rvd25sb2FkL2xkM2JmbzIyN21qbW9ray9OZXZlcmVuZGluZ19Ub3dlci56aXA%3D%2F1eedd59c2840350d9bf7d87f0df4a43d
   

   no help block all scripts and xhr

2. https://www2.lucienmann.pro/pushredirect/?network=1&site=adfly&ppi=4264276&pci=2458551268&t=1573403816&dest=https%3A%2F%2Fcowner.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2Rvd25sb2FkL2xkM2JmbzIyN21qbW9ray9OZXZlcmVuZGluZ19Ub3dlci56aXA%3D%2F1eedd59c2840350d9bf7d87f0df4a43d
   

   no tested block all xhr and scripts.

3. https://www3.sherwoodsutton.pro/pushredirect/?network=1&site=adfly&ppi=4264276&pci=2458551268&t=1573403816&dest=https%3A%2F%2Fcowner.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2Rvd25sb2FkL2xkM2JmbzIyN21qbW9ray9OZXZlcmVuZGluZ19Ub3dlci56aXA%3D%2F1eedd59c2840350d9bf7d87f0df4a43d
   

   no tested block all xhr and scripts.

4. https://www4.ramirocampos.pro/pushredirect/?network=1&site=adfly&ppi=4264276&pci=2458551268&t=1573403816&dest=https%3A%2F%2Fcowner.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2Rvd25sb2FkL2xkM2JmbzIyN21qbW9ray9OZXZlcmVuZGluZ19Ub3dlci56aXA%3D%2F1eedd59c2840350d9bf7d87f0df4a43d
   

   no tested block all xhr and scripts.

It looks like redirecting to the dest parameter doesn't work, there's probably other validations on server side. I'll still keep the script snippet though, might be useful in other cases. It's privileged for now, as I'm not sure if it can be misused.

Despite multiple issues to fix Bing Ads, there has been no response whatsoever and agitation from repo maintainers:
So, referencing my issue here:
https://github.com/uBlockOrigin/uAssets/issues/6887#issuecomment-578509029

Let's name and shame ublock origin until their ego issues get resolved.

Your issue has already been resolved so I don't see why you need to spam it constantly.

@mapx- http://sprysphere.com/BiZZ redirects to gatustox.net which was fixed recently. No need to keep it open ?

well, I don't know if all other sites were fixed .. however we don't have for now a specific fix (scriptlet). I'd say we can close it for now.

if all other sites were fixed

what other sites ?

oxy.cloud ? (see above)

Go to https://oxy.cloud/d/pyH, Click on the free download blue button,

Get redirected from news-fbe.com and till 10.news-fbe.com and then finally reach -- https://oxy.cloud/d/pyH/2/9d9c30a7bad75647eebca17ade51869f

Add oxy.cloud##+js(ra, disabled) to My Filters and refresh the page, wait till the bar get filled to 100 % and then click Download File blue button, and file gets downloaded.

Not seeing any issue here either except the disabled button which can be fixed with the above filter.

ok then .. fix it and we can close the thread

@mapx- Actually enabling the button back doesn't help, file will not be downloaded until the bar gets filled (100 %) and once the bar is filled the button does get enabled, so should we still enable it by force ?

I still get

which is the original issue, right ?

i get that too and i wait for a minute or less and I get redirected.

I'm stuck on that page, so I cannot test further

Is gstatic.com blocked when you get stuck on news-fbe.com ? I get stuck if I block gstatic.com

no, nothing blocked, using chrome + default settings

which is the original issue, right ?

Correct, I don't get stuck but let's leave the issue open. It's not like we are drowning in open issues.

Must be a Chrome issue then, work on Firefox.

This site have it too
https://shre.su/F0NV

for my generate 5-6 redirect on "gumk.pro"

at end open https://oxy.st/d/mAvb with your apk cracked (or modded) game.

and oxy have ad:

oxy.st##.adv-wrap

This site have it too
https://shre.su/F0NV

Specific to Chrome as above, can't reproduce on Firefox.

Any custom scriptlet that I can use at userresourcelocation
working solution is present in nano defender but extension is unsupported/unavailable as of now in firefox android extension platform ....

URL =

https://www42.elbaestes.pro/pushredirect/?network=1&site=adfly&ppi=2220594&pci=6707862119&t=1608455433&dest=https%3A%2F%2Fonleech.me%2Fshort%3Fomg%3DvrUMDPLgiiO-BEck9ry8DVovYO_tLrxKyOJUZcP2P_GKiECapmtnoCaoLZsFENe38x_5UsHKh6y-gRv4JDo9kE7g6L5w8T6GCF4NbjZLhENMkEDVSCfgq2IcG0DEbA18

Got from https://exe.app/U8JdoJM

Issue=

can't proceed further to destination site, stuck at site saying Please press 'Allow' to continue

Platform=

firefox android stable

Note=

Please consider fixing this in ublock origin itself @gwarser @gorhill

grant-fake-notification no help for these ad-fly short url engine = bugged by useage serviceWorker.