Reversing Archives - Strona 2 z 35

Dzisiaj natrafiłem na ciekawy przypadek na stronie internetowej klienta, gdzie w sekcji <head> znalazłem tonę reguł CSS przypominających trochę działanie ad-blockerów.

W pierwszej chwili pomyślałem, że to jakiś spam, albo że strona została zhakowana.

Spójrzcie sami:

Wygląda dziwnie, wręcz podejrzanie z listą spamerskich domen… Po rozwinięciu:

:root a[href^="https://gamehag.com/r/"],
:root a[href^="http://affiliates.bet-at-home.com/processing/clickthrgh.asp"],
:root [href^="//ro88qcuy.com/"],
:root A[href*="beaffiliates.com/processing/clickthrgh.asp"],
:root img[alt="reklama"],
:root div#skapiec_ad,
:root ads-top-layer,
:root a[href^="https://www.solutions4ad.com/partner/scripts/click.php"],
:root a[href^="http://advmanager.techfun.pl/redirect/"],
:root a[href="http://www.likeplus.eu/clickback"],
:root a[href*="adnow.com/click"],
:root a[href*="://tracking.linktogame.com/aff_c"],
:root [id^="sponsorowany"],
:root [id^="slot_ad_billboard"],
:root [id^="pianoMediaBoxInfo"],
:root [id^="giercowniaAd"],
:root [id^="ceneoaffcontainer"],
:root [id^="bunyad_ads_widget"],
:root [id^="banner_900x"],
:root [id^="ad_box"],
:root [id^="AdsDetailsTop"],
:root [id*="-billboard-advert"],
:root ul.sharing-tools,
:root [href^="http://adserwer."],
:root [href*=".novem.pl/"],
:root [class^="adSrodek"],
:root IMG[title^="Sponsorowan"],
:root A[href*="/emisja.contentstream.pl/_/ctr/"],
:root a[href*="techmaniak.pl/www/gact/ckk.php"],
:root adblock-modal-component,
:root adblock-detect,
:root [class][data-sitename][data-header-version] > div[id^="detection-block"],
:root topadblock,
:root script[src^="http://free-shoutbox.net/app/webroot/shoutbox/sb.php?shoutbox="] + #freeshoutbox_content,
:root input[onclick^="window.open('http://www.FriendlyDuck.com/"],
:root img[alt^="Fuckbook"],
:root iframe[src^="http://static.mozo.com.au/strips/"],
:root div[jscontroller="U835zd"] + c-wiz[jsrenderer="YnuqN"],
:root div[id^="zergnet-widget"],
:root div[id^="traffective-ad-"],
:root div[id^="sticky_ad_"],
:root div[id^="rc-widget-"],
:root div[id^="q1-adset-"],
:root div[id^="proadszone-"],
:root div[id^="lazyad-"],
:root div[id^="gtm-ad-"],
:root div[id^="ezoic-pub-ad-"],
:root div[id^="dmRosAdWrapper"],
:root div[id^="div-adtech-ad-"],
:root div[id^="dfp-slot-"],
:root div[id^="dfp-ad-"],
:root div[id^="block-views-topheader-ad-block-"],
:root div[id^="advt-"],
:root div[id^="advads_"],
:root div[id^="ads300_600-widget"],
:root input[onclick^="window.open('http://www.friendlyduck.com/"],
:root div[id^="ads300_250-widget"],
:root div[id^="ads300_100-widget"],
:root div[id^="ads250_250-widget"],
:root div[id^="ads120_600-widget"],
:root [id$="reklamy"],
:root div[id^="adrotate_widgets-"],
:root div[id^="ad_script_"],
:root div[id^="ad_rect_"],
:root div[id^="ad_position_"],
:root div[id^="ad-server-"],
:root div[id^="ad-cid-"],
:root div[id^="acm-ad-tag-"],
:root div[id^="YFBMSN"],
:root div[id^="ADV-SLOT-"],
:root div[data-spotim-slot],
:root div[data-role="sidebarAd"],
:root div[data-native_ad],
:root div[data-mediatype="advertising"],
:root div[data-id-advertdfpconf],
:root div[data-crl="true"][data-id^="CarouselPLA-"],
:root div[data-content="Advertisement"],
:root div[data-adunit],
:root div[data-adunit-path],
:root div[data-adname],
:root div[class^="zn-sponsored-outbrain-"],
:root div[class^="proadszone-"],
:root div[class^="pane-google-admanager-"],
:root div[class^="lifeOnwerAd"],
:root div[class^="largeRectangleAd_"],
:root div[class^="kiwiad-popup"],
:root div[class^="kiwiad-desktop"],
:root div[class^="index_adBeforeContent_"],
:root div[class^="index_adAfterContent_"],
:root div[class^="index__adWrapper"],
:root div[class^="block-openx-"],
:root div[class^="backfill-taboola-home-slot-"],
:root div[class^="articleAdUnitMPU_"],
:root div[class^="advertisement-desktop"],
:root IMG[src^="http://www.audiostereo.pl/banery/"],
:root div[class^="adsbutt_wrapper_"],
:root div[class^="ads-partner-"],
:root div[class^="adbanner_"],
:root div[class^="ad_position_"],
:root div[class^="SponsoredAds"],
:root div[class^="ResponsiveAd-"],
:root div[class^="PreAd_"],
:root div[class^="Display_displayAd"],
:root div[class^="Directory__footerAds"],
:root div[class^="BannerAd_"],
:root div[class^="AdhesionAd_"],
:root div[class^="Ad__bigBox"],
:root div[class^="Ad__adContainer"],
:root div[id^="divAdvAD_"],
:root div[class^="ad_border_"],
:root div[class^="AdItem-"],
:root div[class^="AdEmbeded__AddWrapper"],
:root span[data-component-type="s-ads-metrics"],
:root div[class^="AdBannerWrapper-"],
:root div[class*="_AdInArticle_"],
:root div[class*="-storyBodyAd-"],
:root div[cel_widget_id="dpx-sponsored-products-detail_csm_instrumentation_wrapper"],
:root div[id^="adfox_"],
:root div#main > div.D1fz0e,
:root div > [class][onclick*=".updateAnalyticsEvents"],
:root bottomadblock,
:root aside[id^="tn_ads_widget-"],
:root a[href="http://upfiles.net/ref/"],
:root [class^="sponsorowany"],
:root aside[id^="adrotate_widgets-"],
:root amp-ad-custom,
:root a[target="_blank"][onmousedown="this.href^='http://paid.outbrain.com/network/redir?"],
:root a[target="_blank"][href^="http://api.taboola.com/"],
:root a[style="display:block;width:300px;min-height:250px"][href^="http://li.cnet.com/click?"],
:root div[class^="BlockAdvert-"],
:root a[src^="https://www.utherverse.com/net/"],
:root a[onmousedown^="this.href='http://paid.outbrain.com/network/redir?"][target="_blank"] + .ob_source,
:root a[onmousedown^="this.href='http://paid.outbrain.com/network/redir?"][target="_blank"],
:root div[role="navigation"] + c-wiz > script + div > .kxhcC,
:root a[onclick*="//m.economictimes.com/etmack/click.htm"],
:root a[href^="https://zononi.com/"],
:root a[href^="https://www.what-sexdating.com/"],
:root a[href^="https://www.vewwrmp.com/"],
:root a[href^="https://www.spyoff.com/"],
:root a[href^="https://www.share-online.biz/affiliate/"],
:root a[href^="https://www.securegfm.com/"],
:root a[href^="https://www.privateinternetaccess.com/"] > img,
:root a[href^="https://www.passeura.com/"],
:root div[id^="amzn-assoc-ad"],
:root a[href^="https://www.oboom.com/ref/"],
:root div[itemtype="http://schema.org/WPAdBlock"],
:root a[href^="https://www.nudeidols.com/cams/"],
:root a[href^="https://www.mypornstarcams.com/landing/click/"],
:root a[href^="https://www.kingsoffetish.com/tour?partner_id="],
:root div[data-adzone],
:root a[href^="https://www.iyalc.com/"],
:root a[href^="https://www.goldenfrog.com/vyprvpn?offer_id="][href*="&aff_id="],
:root a[href^="https://www.get-express-vpn.com/offer/"],
:root a[href^="https://www.gambling-affiliation.com/cpc/"],
:root a[href^="https://www.clicktraceclick.com/"],
:root a[href^="https://www.camyou.com/?cam="][href*="&track="],
:root a[href^="https://www.camsoda.com/enter.php?id="],
:root a[href^="https://www.brazzersnetwork.com/landing/"],
:root a[href^="https://mob1ledev1ces.com/"],
:root a[href^="https://www.bet365.com/"][href*="affiliate="],
:root a[href^="https://www.bebi.com"],
:root a[href^="https://www.awin1.com/cread.php?awinaffid="],
:root a[href^="https://www.adskeeper.co.uk/"],
:root a[href^="http://farm.plista.com/pets"],
:root a[href^="https://windscribe.com/promo/"],
:root a[href^="https://unreshiramor.com/"],
:root a[href^="http://ad-emea.doubleclick.net/"],
:root a[href^="https://understandsolar.com/signup/?lead_source="][href*="&tracking_code="],
:root div[id^="tms-ad-dfp-"],
:root a[href^="https://trust.zone/go/r.php?RID="],
:root a[href^="https://trf.bannerator.com/"],
:root a[href^="http://go.247traffic.com/"],
:root a[href^="https://bestcond1tions.com/"],
:root a[href^="https://trappist-1d.com/"],
:root a[href^="https://traffic.bannerator.com/"],
:root a[href^="https://tracking.truthfinder.com/?a="],
:root #rhs_block .xpdopen > ._OKe > div > .mod > ._yYf,
:root a[href^="https://tracking.gitads.io/"],
:root a[href^="https://track.ultravpn.com/"],
:root a[href^="https://www.adultempire.com/"][href*="?partner_id="],
:root a[href^="https://track.healthtrader.com/"],
:root a[href^="https://track.clickmoi.xyz/"],
:root [href*="://clickserve.dartsearch.net/link/click"],
:root a[href^="https://control.trafficfabrik.com/"],
:root a[href^="https://track.52zxzh.com/"],
:root .ra[align="right"][width="30%"],
:root a[href^="https://axdsz.pro/"],
:root a[href^="https://tour.mrskin.com/"],
:root a[href^="https://t.mobtya.com/"],
:root a[href^="https://t.hrtyj.com/"],
:root a[href^="https://t.hrtye.com/"],
:root a[href^="https://syndication.optimizesrv.com/splash.php?"],
:root a[href^="http://connectlinking6.com/"],
:root a[href^="http://cdn3.adexprts.com/"],
:root a[href^="https://spygasm.com/track?"],
:root div[id^="ad-div-"],
:root a[href^="https://secure.eveonline.com/ft/?aid="],
:root a[href^="https://secure.bstlnk.com/"],
:root div[class^="kiwi-ad-wrapper"],
:root a[href^="https://rev.adsession.com/"],
:root [href*=".trackmstr.com"],
:root a[href^="https://refpasrasw.world/"],
:root a[href^="https://refpaexhil.top/"],
:root AD-SLOT,
:root a[href^="https://pubads.g.doubleclick.net/"],
:root a[href^="https://prf.hn/click/"][href*="/camref:"],
:root a[href^="https://prf.hn/click/"][href*="/adref:"],
:root #rhs_block .mod > .gws-local-hotels__booking-module,
:root a[href^="http://www.my-dirty-hobby.com/?sub="],
:root a[href^="https://porndeals.com/?track="],
:root a[href^="https://offerforge.net/"],
:root div[id^="ad_head_celtra_"],
:root a[href^="https://t.grtyi.com/"],
:root a[href^="https://myusenet.xyz/"],
:root a[href^="https://my-movie.club/"],
:root a[href^="https://msecure117.com/"],
:root a[href^="https://mk-cdn.net/"],
:root a[href^="https://mk-ads.com/"],
:root a[href^="https://misspkl.com/"],
:root a[href^="https://medleyads.com/"],
:root iframe[src^="https://tpc.googlesyndication.com/"],
:root a[href*=".approvallamp.club/"],
:root a[href^="https://landing1.brazzersnetwork.com"],
:root a[href^="http://adrunnr.com/"],
:root a[href^="https://landing.brazzersplus.com/"],
:root a[href^="https://land.rk.com/landing/"],
:root .lads[width="100%"][style="background:#FFF8DD"],
:root a[href^="https://land.brazzersnetwork.com/landing/"],
:root a[href^="https://juicyads.in/"],
:root a[href^="https://join.virtuallust3d.com/"],
:root a[href^="http://www.uniblue.com/cm/"],
:root a[href^="https://join.sexworld3d.com/track/"],
:root a[href^="https://join.dreamsexworld.com/"],
:root a[href^="https://incisivetrk.cvtr.io/click?"],
:root a[href^="https://iactrivago.ampxdirect.com/"],
:root a[href^="https://iac.ampxdirect.com/"],
:root div[data-ismultirow="true"][data-id^="CarouselPLA-"],
:root a[href^="https://horny-pussies.com/tds"],
:root a[href^="https://graizoah.com/"],
:root td[valign="top"] > .mainmenu[style="padding:10px 0 0 0 !important;"],
:root a[href^="http://feedads.g.doubleclick.net/"],
:root a[href^="https://redsittalvetoft.pro/"],
:root a[href^="https://googleads.g.doubleclick.net/pcs/click"],
:root a[href^="http://cdn.adstract.com/"],
:root a[href^="https://gogoman.me/"],
:root div[jsdata*="CarouselPLA-"][data-id^="CarouselPLA-"],
:root a[href^="https://go.trackitalltheway.com/"],
:root a[href^="https://go.stripchat.com/"][href*="&campaignId="],
:root a[href^="https://go.julrdr.com/"],
:root a[href^="https://go.hpyrdr.com/"],
:root a[href^="https://adnetwrk.com/"],
:root a[href^="https://go.gldrdr.com/"],
:root div[id^="mainads"],
:root a[href^="https://go.currency.com/"],
:root a[href^="https://track.afftck.com/"],
:root a[href^="http://guideways.info/"],
:root a[href^="https://go.cmrdr.com/"],
:root a[href*=".inclk.com/"],
:root a[href^="https://go.ad2up.com/"],
:root a[href^="https://freeadult.games/"],
:root a[href^="https://fonts.fontplace9.com/"],
:root a[href^="http://clkmon.com/adServe/"],
:root a[href^="https://flirtaescopa.com/"],
:root a[href^="https://fleshlight.sjv.io/"],
:root a[href^="https://fakelay.com/"],
:root a[href^="https://earandmarketing.com/"],
:root [lazy-ad="leftthin_banner"],
:root a[href^="https://dynamicadx.com/"],
:root .GFYY1SVE2 > .GFYY1SVD2 > .GFYY1SVG5,
:root a[href^="https://djtcollectorclub.org/"][href*="?affiliate_id="],
:root a[href^="https://tc.tradetracker.net/"] > img,
:root a[href^="//srv.buysellads.com/"],
:root a[href^="https://dianches-inchor.com/"],
:root a[href^="http://adf.ly/?id="],
:root a[href^="https://uncensored3d.com/"],
:root a[href^="https://creacdn.top-convert.com/"],
:root a[href*="=exoclick"],
:root a[href^="https://www.chngtrack.com/"],
:root iframe[src^="https://pagead2.googlesyndication.com/"],
:root a[href^="https://retiremely.com/"],
:root a[href^="https://cpmspace.com/"],
:root .commercial-unit-mobile-top > .v7hl4d,
:root a[href^="https://click.plista.com/pets"],
:root a[href^="https://chaturbate.xyz/"],
:root a[href^="http://look.djfiln.com/"],
:root a[href^="https://chaturbate.jjgirls.com/"][href*="?tour="],
:root a[href^="https://chaturbate.com/in/?track="],
:root a[href^="https://chaturbate.com/in/?tour="],
:root a[href^="https://chaturbate.com/affiliates/"],
:root [href*="wap4dollar.com/"],
:root .__y_elastic .__y_item,
:root a[href^="https://mcdlks.com/"],
:root a[href^="https://bs.serving-sys.com"],
:root .mod > ._jH + .rscontainer,
:root a[href^="https://blackorange.go2cloud.org/"],
:root a[href^="https://affiliates.bet-at-home.com/processing/"],
:root a[href^="https://ads.ad4game.com/"],
:root a[href^="https://betway.com/"][href*="&a="],
:root a[href^="http://www.linkbucks.com/referral/"],
:root a[href^="https://azpresearch.club/"],
:root a[href^="https://awptjmp.com/"],
:root a[href^="http://www.fleshlight.com/"],
:root a[href^="https://aweptjmp.com/"],
:root a[href^="https://awentw.com/"],
:root a[href^="https://albionsoftwares.com/"],
:root a[href^="//postlnk.com/"],
:root a[href^="https://affiliate.rusvpn.com/click.php?"],
:root a[href^="//bwnjijl7w.com/"],
:root a[href^="https://adultfriendfinder.com/go/page/landing"],
:root a[href*="pussl3.com"],
:root a[href^="https://adswick.com/"],
:root .GKJYXHBF2 > .GKJYXHBE2 > .GKJYXHBH5,
:root ADS-RIGHT,
:root a[href^="https://adserver.adreactor.com/"],
:root a[href^="https://refpaano.host/"],
:root a[href^="https://meet-to-fuck.com/tds"],
:root a[href^="https://adhealers.com/"],
:root a[href^="https://static.fleshlight.com/images/banners/"],
:root app-advertisement,
:root a[href^="https://ad.doubleclick.net/"],
:root a[href^="http://zevera.com/afi.html"],
:root a[href^="http://go.oclaserver.com/"],
:root a[href^="https://ad.atdmt.com/"],
:root .trc_rbox .syndicatedItem,
:root a[href^="https://aaucwbe.com/"],
:root a[href^="http://xtgem.com/click?"],
:root a[href^="https://ads.trafficpoizon.com/"],
:root div[class^="local-feed-banner-ads"],
:root a[href^="http://wxdownloadmanager.com/dl/"],
:root a[href^="http://www.zergnet.com/i/"],
:root a[onmousedown^="this.href='http://staffpicks.outbrain.com/network/redir?"][target="_blank"] + .ob_source,
:root a[href^="http://www.usearchmedia.com/signup?"],
:root a[href^="http://www.torntv-downloader.com/"],
:root a[href^="http://www.tirerack.com/affiliates/"],
:root a[href^="http://www.text-link-ads.com/"],
:root a[href^="https://weedzy.co.uk/"][href*="&utm_"],
:root a[href^="http://pokershibes.com/index.php?ref="],
:root a[href^="https://usenetxs.website/"],
:root a[href^="https://gghf.mobi/"],
:root a[href^="http://www.terraclicks.com/"],
:root a[href^="https://ads-for-free.com/click.php?"],
:root a[href^="http://www.socialsex.com/"],
:root a[onmousedown^="this.href='https://paid.outbrain.com/network/redir?"][target="_blank"],
:root a[href^="http://www.sfippa.com/"],
:root a[href^="http://www.xmediaserve.com/"],
:root a[href^="http://www.sex.com/videos/?utm_"],
:root a[href^="http://paid.outbrain.com/network/redir?"],
:root a[href^="http://www.sex.com/?utm_"],
:root a[href^="http://secure.signup-page.com/"],
:root a[href^="http://www.quick-torrent.com/download.html?aff"],
:root a[href^="http://www.pinkvisualgames.com/?revid="],
:root a[href^="https://trklvs.com/"],
:root a[href^="http://www.paddypower.com/?AFF_ID="],
:root a[href^="http://www.onwebcam.com/random?t_link="],
:root a[href^="https://go.247traffic.com/"],
:root a[href^="http://www.freefilesdownloader.com/"],
:root a[href^="http://www.mysuperpharm.com/"],
:root .trc_rbox_border_elm .syndicatedItem,
:root a[href^="http://www.myfreepaysite.com/sfw_int.php?aid"],
:root a[href^="http://www.myfreepaysite.com/sfw.php?aid"],
:root .rhsvw[style="background-color:#fff;margin:0 0 14px;padding-bottom:1px;padding-top:1px;"],
:root a[href^="http://www.moneyducks.com/"],
:root a[href^="http://bcntrack.com/"],
:root a[href^="http://www.securegfm.com/"],
:root a[href^="http://www.liversely.net/"],
:root [href*="//trackmstr.com"],
:root [href*="prayuserparka.com/"],
:root a[href^="http://www.idownloadplay.com/"],
:root a[href^="http://www.hitcpm.com/"],
:root a[href^="http://fusionads.net"],
:root a[href^="http://www.hibids10.com/"],
:root div[class^="awpcp-random-ads"],
:root [href*="//securesafemembers.com"],
:root a[href^="http://www.graboid.com/affiliates/"],
:root a[href^="http://www.gamebookers.com/cgi-bin/intro.cgi?"],
:root div[id^="div_openx_ad_"],
:root a[href^="http://www.friendlyquacks.com/"],
:root a[href^="https://www.financeads.net/tc.php?"],
:root a[href*=".tfaln.com/"],
:root a[href^="http://www.friendlyduck.com/AF_"],
:root a[href^="https://content.oneindia.com/www/delivery/"],
:root a[href^="http://www.fpcTraffic2.com/blind/in.cgi?"],
:root a[href^="http://www.flashx.tv/downloadthis"],
:root .trc_rbox_div a[target="_blank"][href^="http://tab"],
:root a[href^="https://americafirstpolls.com/"],
:root a[href^="http://clickserv.sitescout.com/"],
:root a[href^="http://www.firstload.de/affiliate/"],
:root a[href^="http://www.twinplan.com/AF_"],
:root a[href^="http://www.fducks.com/"],
:root a[href^="http://www.easydownloadnow.com/"],
:root a[href^="http://www.duckssolutions.com/"],
:root a[href^="https://offers.refchamp.com/"],
:root a[href^="https://go.trkclick2.com/"],
:root a[href^="https://www.mrskin.com/account/"],
:root a[href^="http://www.duckcash.eu/"],
:root a[href^="http://go.seomojo.com/tracking202/"],
:root a[href^="http://www.downloadweb.org/"],
:root a[href^="http://www.down1oads.com/"],
:root [href^="https://ad-server.kei.pl/"],
:root a[href^="https://trafficmedia.center/"],
:root a[href^="http://www.dealcent.com/register.php?affid="],
:root a[href^="https://ad.zanox.com/ppc/"],
:root .rscontainer > .ellip,
:root a[href^="http://www.clkads.com/adServe/"],
:root a[href^="https://track.interactivegf.com/"],
:root div[class^="adpubs-"],
:root a[href*="deliver.trafficfabrik.com"],
:root a[href^="http://www.cash-duck.com/"],
:root a[href^="https://aff-ads.stickywilds.com/"],
:root a[href^="http://www.bitlord.me/share/"],
:root .grid > .container > #aside-promotion,
:root a[href^="http://www.babylon.com/welcome/index?affID"],
:root a[onmousedown^="this.href='/wp-content/embed-ad-content/"],
:root a[href^="//adbit.co/?a=Advertise&"],
:root a[href^="http://popup.taboola.com/"],
:root a[href^="https://fast-redirecting.com/"],
:root a[href^="http://www.sexgangsters.com/?pid="],
:root a[href^="http://www.amazon.co.uk/exec/obidos/external-search?"],
:root a[href^="http://go.ad2up.com/"],
:root a[href^="https://badoinkvr.com/"],
:root a[href*="/adServe/banners?"],
:root a[href^="http://www.adxpansion.com"],
:root .plistaList > .itemLinkPET,
:root a[href^="http://www.adbrite.com/mb/commerce/purchase_form.php?"],
:root a[href^="http://www.adultdvdempire.com/?partner_id="][href*="&utm_"],
:root a[href^="http://www.ragazzeinvendita.com/?rcid="],
:root a[href^="http://www.TwinPlan.com/AF_"],
:root a[href^="https://www.googleadservices.com/pagead/aclk?"],
:root a[href^="http://www.1clickdownloader.com/"],
:root [href*="://clkpl.tradedoubler.com/"],
:root a[href^="http://www.123-reg.co.uk/affiliate2.cgi"],
:root div[itemtype="http://www.schema.org/WPAdBlock"],
:root a[href^="http://wopertific.info/"],
:root a[href^="http://bodelen.com/"],
:root a[href^="http://wgpartner.com/"],
:root a[href^="http://web.adblade.com/"],
:root a[href^="https://go.onclasrv.com/"],
:root a[href^="http://wct.link/"],
:root a[href^="https://topoffers.com/"][href*="/?pid="],
:root a[href^="http://vinfdv6b4j.com/"],
:root a[href^="http://us.marketgid.com"],
:root a[href^="http://ul.to/ref/"],
:root a[href^="http://ucam.xxx/?utm_"],
:root a[href^="https://adsrv4k.com/"],
:root a[href^="http://trk.mdrtrck.com/"],
:root a[href^="http://traffic.tc-clicks.com/"],
:root a[href^="http://www.liutilities.com/"],
:root a[href^="http://www.dl-provider.com/search/"],
:root a[href^="http://tc.tradetracker.net/"] > img,
:root a[href^="http://tracking.deltamediallc.com/"],
:root div[aria-label="Ads"],
:root a[href^="http://axdsz.pro/"],
:root a[href^="https://go.ebrokerserve.com/"],
:root a[href^="http://galleries.securewebsiteaccess.com/"],
:root a[href^="http://stateresolver.link/"],
:root a[href^="http://sharesuper.info/"],
:root a[href^="https://awecrptjmp.com/"],
:root a[href^="http://server.cpmstar.com/click.aspx?poolid="],
:root a[href^="http://see.kmisln.com/"],
:root a[href^="//db52cc91beabf7e8.com/"],
:root a[href^="https://go.nordvpn.net/aff"] > img,
:root a[href^="http://secure.vivid.com/track/"],
:root a[href^="http://www.downloadthesefiles.com/"],
:root a[href^="http://secure.cbdpure.com/aff/"],
:root aside[id^="advads_ad_widget-"],
:root a[href^="http://lp.ezdownloadpro.info/"],
:root a[href^="http://uploaded.net/ref/"],
:root a[href^="https://www.nutaku.net/signup/landing/"],
:root a[href^="http://s9kkremkr0.com/"],
:root a[href^="http://azmobilestore.co/"],
:root a[href^="http://s5prou7ulr.com/"],
:root a[href^="https://easygamepromo.com/ef/custom_affiliate/"],
:root a[href^="http://record.betsafe.com/"],
:root a[href^="http://mo8mwxi1.com/"],
:root a[href^="https://bnsjb1ab1e.com/"],
:root a[href^="https://prf.hn/click/"][href*="/creativeref:"],
:root a[href^="//oardilin.com/"],
:root a[href^="http://pwrads.net/"],
:root a[href^="http://promos.bwin.com/"],
:root a[data-redirect^="https://paid.outbrain.com/network/redir?"],
:root a[href^="http://play4k.co/"],
:root a[href^="http://partner.sbaffiliates.com/"],
:root div[id^="ad-gpt-"],
:root a[href^="http://pan.adraccoon.com?"],
:root a[href*="//ezofferz.com/"],
:root a[href^="https://dltags.com/"],
:root a[href^="http://onclickads.net/"],
:root a[href^="http://n.admagnet.net/"],
:root a[href^="//awejmp.com/"],
:root a[href^="http://mob1ledev1ces.com/"],
:root a[href^="http://mmo123.co/"],
:root a[href^="http://media.paddypower.com/redirect.aspx?"],
:root a[href^="https://fileboom.me/pr/"],
:root a[href^="http://marketgid.com"],
:root a[href^="http://liversely.net/"],
:root div[id^="drudge-column-ads-"],
:root a[href^="http://tour.mrskin.com/"],
:root [src^="/Redirect.a2b?"],
:root a[href^="http://linksnappy.com/?ref="],
:root a[href^="https://deliver.ptgncdn.com/"],
:root a[href^="http://latestdownloads.net/download.php?"],
:root a[data-redirect^="http://click.plista.com/pets"],
:root .section-subheader > .section-hotel-prices-header,
:root a[href^="http://landingpagegenius.com/"],
:root a[href^="http://keep2share.cc/pr/"],
:root [src*="https://cdn.cloudimagesb.com/"],
:root a[href^="http://k2s.cc/pr/"],
:root a[href^="http://k2s.cc/code/"],
:root a[href^="http://www.revenuehits.com/"],
:root a[href^="http://install.securewebsiteaccess.com/"],
:root .widget-pane-section-result[data-result-ad-type],
:root a[href^="http://imads.integral-marketing.com/"],
:root div[id^="crt-"][style],
:root a[href^="http://igromir.info/"],
:root a[href^="https://intrev.co/"],
:root a[href^="http://https://www.get-express-vpn.com/offer/"],
:root a[href^="http://searchtabnew.com/"],
:root a[href*="?adlivk="][href*="&refer="],
:root a[href^="//look.djfiln.com/"],
:root a[href^="http://greensmoke.com/"],
:root a[href^="https://look.utndln.com/"],
:root a[href^="//5e1fcb75b6d662d.com/"],
:root #tads[aria-label],
:root a[href^="http://googleads.g.doubleclick.net/pcs/click"],
:root aside[itemtype="https://schema.org/WPAdBlock"],
:root a[href^="https://watchmygirlfriend.tv/"],
:root .nrelate .nr_partner,
:root a[href^="http://go.xtbaffiliates.com/"],
:root a[href^="http://go.mobisla.com/"],
:root a[href^="http://g1.v.fwmrm.net/ad/"],
:root a[href^="http://freesoftwarelive.com/"],
:root a[href^="http://adtrackone.eu/"],
:root a[href^="http://finaljuyu.com/"],
:root a[href^="http://fileloadr.com/"],
:root a[href^="http://delivery.clickonometrics.pl/campaign="],
:root a[href^="http://t.wowtrk.com/"],
:root a[href^="//syndication.dynsrvtbg.com/splash.php?"],
:root a[href^="http://extra.bet365.com/"][href*="?affiliate="],
:root a[href^="http://ethfw0370q.com/"],
:root a[href^="https://tracking.comfortclick.eu/"],
:root [id^="bunyad_ads_"],
:root a[href^="http://elitefuckbook.com/"],
:root a[href^="http://eclkmpsa.com/"],
:root a[href^="http://earandmarketing.com/"],
:root a[href*=".mfroute.com/"],
:root #content > #center > .dose > .dosesingle,
:root a[href^="http://campaign.bharatmatrimony.com/track/"],
:root a[href*="3wr110.xyz/"],
:root a[href^="http://d2.zedo.com/"],
:root a[href^="https://iqoption.com/lp/mobile-partner/"][href*="?aff="],
:root a[href^="http://cp.cbbp1.com"],
:root a[href^="http://codec.codecm.com/"],
:root a[href^="https://paid.outbrain.com/network/redir?"],
:root a[href^="http://www.downloadplayer1.com/"],
:root a[href^="http://clicks.binarypromos.com/"],
:root a[href^="https://dediseedbox.com/clients/aff.php?"],
:root [href^="/ucmini.php"],
:root a[href^="http://www.wantstraffic.com/"],
:root a[href^="http://databass.info/"],
:root div[class^="AdCard_"],
:root a[href^="http://www.urmediazone.com/signup"],
:root a[href^="http://click.plista.com/pets"],
:root a[href^="http://chaturbate.com/affiliates/"],
:root a[href^="http://www.firstload.com/affiliate/"],
:root a[href^="http://www.friendlyadvertisements.com/"],
:root a[href^="http://go.fpmarkets.com/"],
:root a[href^="//00ae8b5a9c1d597.com/"],
:root a[href^="http://cdn3.adbrau.com/"],
:root [href^="https://secure.bmtmicro.com/servlets/"],
:root a[href^="http://amzn.to/"] > img[src^="data"],
:root a[href^="http://bs.serving-sys.com/"],
:root a[href^="http://cpaway.afftrack.com/"],
:root a[href^="http://cdn.adsrvmedia.net/"],
:root [lazy-ad="top_banner"],
:root a[href^="http://360ads.go2cloud.org/"],
:root a[href^="http://dftrck.com/"],
:root a[href^="http://casino-x.com/?partner"],
:root a[href^="http://record.sportsbetaffiliates.com.au/"],
:root a[href^="http://campeeks.com/"][href*="&utm_"],
:root div[class^="index_displayAd_"],
:root a[href^="http://adultgames.xxx/"],
:root a[href^="https://s.zlink2.com/"],
:root a[href^="http://semi-cod.com/clicks/"],
:root a[href^="http://campaign.bharatmatrimony.com/cbstrack/"],
:root a[href^="http://istri.it/?"],
:root a[href^="https://gamescarousel.com/"],
:root a[href^="http://www.trizer.pl/?utm_source"],
:root a[href^="http://yads.zedo.com/"],
:root a[href^="https://bullads.net/get/"],
:root a[href^="http://down1oads.com/"],
:root a[href^="http://buysellads.com/"],
:root a[href^="https://uncensored.game/"],
:root a[href^="http://betahit.click/"],
:root a[href^="https://torguard.net/aff.php"] > img,
:root a[href^="http://bestorican.com/"],
:root a[href^="http://bcp.crwdcntrl.net/"],
:root a[href^="http://bc.vc/?r="],
:root a[href^="http://banners.victor.com/processing/"],
:root a[href^="http://www.fbooksluts.com/"],
:root [href^="https://aff.sendhub.pl/"],
:root a[href^="http://www.cdjapan.co.jp/aff/click.cgi/"],
:root a[href^="http://intent.bingads.com/"],
:root a[href^="//api.ad-goi.com/"],
:root a[href*="//ridingintractable.com/"],
:root a[href^="http://c.actiondesk.com/"],
:root a[href^="http://affiliate.glbtracker.com/"],
:root a[href^="https://transfer.xe.com/signup/track/redirect?"],
:root a[href^="http://anonymous-net.com/"],
:root a[href^="http://hotcandyland.com/partner/"],
:root a[href^="http://affiliates.thrixxx.com/"],
:root a[href^="http://affiliate.coral.co.uk/processing/"],
:root a[href^="http://aff.ironsocket.com/"],
:root a[href^="http://adsrv.keycaptcha.com"],
:root a[href^="https://secure.adnxs.com/clktrb?"],
:root a[href^="http://adserver.adtechus.com/"],
:root a[href^="http://adserver.adreactor.com/"],
:root a[href^="//go.onclasrv.com/"],
:root .GHOFUQ5BG2 > .GHOFUQ5BF2 > .GHOFUQ5BG5,
:root #\5f _mom_ad_2,
:root a[href^="http://ads.sprintrade.com/"],
:root a[href^="https://www.mrskin.com/tour"],
:root a[href^="http://adserver.adtech.de/"],
:root a[href^="http://cwcams.com/landing/click/"],
:root a[href^="http://ads.betfair.com/redirect.aspx?"],
:root a[href^="http://reallygoodlink.extremefreegames.com/"],
:root a[href^="http://adlev.neodatagroup.com/"],
:root a[href^="http://ad.doubleclick.net/"],
:root a[href^="https://k2s.cc/pr/"],
:root a[href^="http://ad.au.doubleclick.net/"],
:root a[href*=".directtl.xyz/"],
:root a[href^="https://clickadilla.com/"],
:root a[href^="http://websitedhoome.com/"],
:root .ob_container .item-container-obpd,
:root a[href^="http://www.adskeeper.co.uk/"],
:root a[href^="http://srvpub.com/"],
:root [data-dynamic-ads],
:root a[href^="http://a.adquantix.com/"],
:root a[href^="http://NowDownloadAll.com"],
:root a[href^="http://adtrack123.pl/"],
:root ad-desktop-sidebar,
:root [id*="MGWrap"],
:root a[href^="http://9amq5z4y1y.com/"],
:root a[href^="http://1phads.com/"],
:root a[href^="https://ismlks.com/"],
:root a[href^="//zenhppyad.com/"],
:root [href*="://affiliates-solutions.com/click/"],
:root a[href^="//www.pd-news.com/"],
:root [href*=".doubleclick-net.com"],
:root a[href^="//www.mgid.com/"],
:root a[href^="http://lp.ncdownloader.com/"],
:root a[href^="//pubads.g.doubleclick.net/"],
:root a[href^="https://www.travelzoo.com/oascampaignclick/"],
:root a[href^="https://see.kmisln.com/"],
:root a[href^="http://refer.webhostingbuzz.com/"],
:root a[onmousedown^="this.href='http://staffpicks.outbrain.com/network/redir?"][target="_blank"],
:root a[href^="//nlkdom.com/"],
:root a[href^="//medleyads.com/spot/"],
:root a[href^="https://ilovemyfreedoms.com/"][href*="?affiliate_id="],
:root [href*=".afftracks.online/"],
:root div[class^="Component-dfp-"],
:root a[href^="//healthaffiliate.center/"],
:root .l-container > #fishtank,
:root a[href^="http://www.ducksnetwork.com/"],
:root a[href^="//go.vedohd.org/"],
:root [onclick*="content.ad/"],
:root a[href^="https://clixtrac.com/"],
:root [id^="ad_iframe"],
:root a[href^="//4f6b2af479d337cf.com/"],
:root a[href^="//4c7og3qcob.com/"],
:root a[href^="https://www.arthrozene.com/"][href*="?tid="],
:root a[href^="http://tezfiles.com/pr/"],
:root #rhs_block > ol > .rhsvw > .kp-blk > .xpdopen > ._OKe > ol > ._DJe > .luhb-div,
:root a[href^=".vddfe.club/"],
:root [href^="/ucdownloader.php"],
:root a[href^="https://awejmp.com/"],
:root [href*="//go2page.net"],
:root a[href^=" http://www.sex.com/"][href*="&utm_"],
:root .GPMV2XEDA2 > .GPMV2XEDP1 > .GPMV2XEDJBB,
:root a[href*="onclkds."],
:root a[href^="https://adclick.g.doubleclick.net/"],
:root a[href*=".intab.fun/"],
:root a[href*="get-express-vpn.xyz"],
:root a[href*="=adscript"],
:root #mn #center_col > div > h2.spon:first-child,
:root a[href*="=Adtracker"],
:root a[href^="http://4c7og3qcob.com/"],
:root a[href^="https://trusted-click-host.com/"],
:root a[href^="https://members.linkifier.com/public/affiliateLanding?refCode="],
:root a[href^="https://jmp.awempire.com/"],
:root [href^="https://wct.link/"],
:root a[href^="https://track.totalav.com/"],
:root a[href^="http://ad-apac.doubleclick.net/"],
:root c-wiz[jsrenderer="YnuqN"] > div > div > .Rn1jbe,
:root a[href*="/servlet/click/zone?"],
:root a[href^="http://refpaano.host/"],
:root a[href*="/cmd.php?ad="],
:root a[href^="http://track.trkvluum.com/"],
:root #atvcap + #tvcap > .mnr-c > .commercial-unit-mobile-top,
:root a[href*="/adrotate-out.php?"],
:root a[href^="https://track.trkinator.com/"],
:root div[id^="ad-position-"],
:root a[data-redirect^="this.href='http://paid.outbrain.com/network/redir?"],
:root a[href^="http://liversely.com/"],
:root a[href^="http://www.firstclass-download.com/"],
:root a[href*="//bongacams7.com/track?"],
:root div[id^="advads-"],
:root a[href^="http://www.myfreecams.com/?co_id="][href*="&track="],
:root a[href^="https://track.afcpatrk.com/"],
:root a[href*="bbelements.com/please/"],
:root a[href*=".ad-center.com/"],
:root a[href*=".udncoeln.com/"],
:root a[href*=".trust.zone"],
:root a[href*=".surfmdia.com/"],
:root a[href*=".smartadserver.com"],
:root a[href^="https://a.bestcontentfood.top/"],
:root .commercial-unit-mobile-top .jackpot-main-content-container > .UpgKEd + .nZZLFc > div > .vci,
:root a[href*="delivery.trafficfabrik.com"],
:root #ads > .dose > .dosesingle,
:root a[href*=".revimedia.com/"],
:root .commercial-unit-desktop-rhs > div[jscontroller="YD5eo"],
:root [id^="div-gpt-ad"],
:root .__ywvr .__y_item,
:root #flowplayer > div[style="position: absolute; width: 300px; height: 275px; left: 222.5px; top: 85px; z-index: 999;"],
:root a[href^="http://www.on2url.com/app/adtrack.asp"],
:root a[href^="http://download-performance.com/"],
:root a[href^="https://farm.plista.com/pets"],
:root a[href*=".red90121.com/"],
:root a[href^="http://www.greenmangaming.com/?tap_a="],
:root a[href*=".opskln.com/"],
:root a[href^="http://z1.zedo.com/"],
:root a[href*=".irtyc.com/"],
:root div[id^="div_ad_stack_"],
:root a[href*=".ichlnk.com/"],
:root div[id^="ad_bigbox_"],
:root #content > #right > .dose > .dosesingle,
:root #assetsListings[style="display: block;"],
:root a[href^="http://9nl.es/"],
:root [lazy-ad="leftbottom_banner"],
:root a[href*=".fwd28.com/"],
:root div[id^="yandex_ad"],
:root a[href^="https://www.pornhat.com/"][rel="nofollow"],
:root a[href^="https://www.hotgirls4fuck.com/"],
:root a[href^="http://y1jxiqds7v.com/"],
:root a[href*=".frtyl.com/"],
:root a[href^="http://api.content.ad/"],
:root a[href*=".clkcln.com/"],
:root a[href^="http://www.badoink.com/go.php?"],
:root a[class="RBAd"],
:root a[href^="http://a63t9o1azf.com/"],
:root a[href*=".axdsz.pro/"],
:root div[class^="adUnit_"],
:root a[href^="https://deliver.tf2www.com/"],
:root a[href^="http://spygasm.com/track?"],
:root .ob_dual_right > .ob_ads_header ~ .odb_div,
:root [src*="//www.dianomi.com/smartads.epl"],
:root a[href*=".adk2x.com/"],
:root a[href*=".allsports4you.club"],
:root a[href^="https://track.bruceads.com/"],
:root div[data-adservice-param-tagid="contentad"],
:root #MAIN.ShowTopic > .ad,
:root a[id^="ads_banner_"],
:root a[href^="https://porngames.adult/?SID="],
:root a[href^="http://findersocket.com/"],
:root a[href^="https://m.do.co/c/"] > img,
:root [href*=".ltroute.com/"],
:root [id^="boxRegioPromoTab"],
:root div[class*="margin-Advert"],
:root #tads + div + .c,
:root a[href^="//jsmptjmp.com/"],
:root .commercial-unit-mobile-top .jackpot-main-content-container > .UpgKEd + .nZZLFc > .vci,
:root a[href^="https://financeads.net/tc.php?"],
:root #ssmiwdiv[jsdisplay],
:root a[href*=".adform.net/"],
:root a[href^="http://duckcash.eu/"],
:root a[href^="http://www.mobileandinternetadvertising.com/"],
:root a[href^="http://join3.bannedsextapes.com/track/"],
:root a[data-widget-outbrain-redirect^="http://paid.outbrain.com/network/redir?"],
:root .GB3L-QEDGY .GB3L-QEDF- > .GB3L-QEDE-,
:root a[data-url^="http://paid.outbrain.com/network/redir?"] + .author,
:root [href*=".jetx.info/"],
:root div[id^="cns_ads_"],
:root a[data-obtrack^="http://paid.outbrain.com/network/redir?"],
:root a[href^="http://www.getyourguide.com/?partner_id="],
:root [onclick^="window.open('https://www.brazzersnetwork.com/landing/"],
:root adblocker,
:root #resultspanel > #topads,
:root a[href^="http://admrotate.iplayer.org/"],
:root a[href^="http://espn.zlbu.net/"],
:root a[href^="https://vod09197d7.club/"],
:root [href^="/admdownload.php"],
:root [onclick^="window.open('window.open('//delivery.trafficfabrik.com/"],
:root a[href="http://www.livelooker.com"],
:root a[href^="https://keep2share.cc/pr/"],
:root [id*="MarketGid"],
:root a[href^="https://scurewall.co/"],
:root .commercial-unit-desktop-rhs > .iKidV > .Ee92ae + .P2mpm + .hp3sk,
:root div[class*="_browserAdOuterContainer_"],
:root [name^="google_ads_iframe"],
:root a[data-oburl^="http://paid.outbrain.com/network/redir?"],
:root a[href^="http://refpa.top/"],
:root a[href*="//bongacams.com/track?"],
:root a[href^="https://servedbyadbutler.com/"],
:root a[data-redirect^="http://paid.outbrain.com/network/redir?"],
:root a[href^="https://explore.findanswersnow.net/"],
:root [id^="adframe_wrap_"],
:root .mw > #rcnt > #center_col > #taw > #tvcap > .c,
:root a[href^="https://playuhd.host/"],
:root [href^="https://go.affiliatexe.com/"],
:root a[href^="http://mgid.com/"],
:root a[href*=".adsrv.eacdn.com/"] > img,
:root [href*="//etracking.pro"],
:root a[href^="http://www.fonts.com/BannerScript/"],
:root a[href^="http://c.ketads.com/"],
:root a[href^="http://6kup12tgxx.com/"],
:root [class^="ADbox"],
:root a[href^="http://www.roboform.com/php/land.php"],
:root a[href^="http://online.ladbrokes.com/promoRedirect?"],
:root a[href^="//mob1ledev1ces.com/"],
:root .ra[width="30%"][align="right"] + table[width="70%"][cellpadding="0"],
:root a[href^="http://www.coiwqe.site/"],
:root iframe[id^="google_ads_frame"],
:root a[href^="http://www.bet365.com/"][href*="affiliate="],
:root a[href^="http://www.bluehost.com/track/"] > img,
:root a[data-url^="http://paid.outbrain.com/network/redir?"],
:root a[href^="https://www.popads.net/users/"],
:root a[href^="http://adultfriendfinder.com/p/register.cgi?pid="],
:root a[href*="a2g-secure.com"],
:root #\5f _nq__hh[style="display:block!important"],
:root div[data-flt-ve="sponsored_search_ads"],
:root [href^="https://affect3dnetwork.com/track/"],
:root [href^="http://raboninco.com/"],
:root .GFYY1SVD2 > .GFYY1SVC2 > .GFYY1SVF5,
:root [href^="https://join3.bannedsextapes.com"],
:root [href^="https://bulletprofitsmartlink.com/"],
:root a[href^="http://www.pinkvisualpad.com/?revid="],
:root a[href^="https://www.oneclickroot.com/?tap_a="] > img,
:root DFP-AD,
:root a[href^="//porngames.adult/?SID="],
:root a[href^="https://www.friendlyduck.com/AF_"],
:root [href^="http://advertisesimple.info/"],
:root a[href^="http://secure.hostgator.com/~affiliat/"],
:root [onclick^="window.open('http://adultfriendfinder.com/search/"],
:root [href*=".revrtb.com/"],
:root .mod > .gws-local-promotions__border,
:root .icons-rss-feed + .icons-rss-feed div[class$="_item"],
:root a[data-oburl^="https://paid.outbrain.com/network/redir?"],
:root a[href^="http://affiliates.score-affiliates.com/"],
:root [href^="/ucdownload.php"],
:root a[href^="http://allaptair.club/"],
:root a[href^="http://affiliates.pinnaclesports.com/processing/"],
:root #header + #content > #left > #rlblock_left,
:root a[href^="http://partners.etoro.com/"],
:root [id^="google_ads_iframe"],
:root a[href^="https://www.g4mz.com/"],
:root a[href^="http://webgirlz.online/landing/"],
:root [href*="cadsecs.com/"],
:root a[href^="http://adserving.unibet.com/"],
:root [href*="//trackout.business"],
:root #rhs_block .mod > .luhb-div > div[data-async-type="updateHotelBookingModule"],
:root a[href^="http://adclick.g.doubleclick.net/"],
:root [href*="//mclick.net"],
:root [href^="https://refpahrwzjlv.top/"],
:root a[href^="http://czotra-32.com/"],
:root [id*="nokaut_ads_"],
:root div[role="navigation"] + c-wiz > div > .kxhcC,
:root a[href^="http://www.download-provider.org/"],
:root a[href*=".qertewrt.com/"],
:root [href*="//doubleclick-net.com"],
:root a[href^="http://deloplen.com/afu.php?zoneid="],
:root [id*="ScriptRoot"],
:root [href*=".xiloy.site/"],
:root [src^="http://api.lanistaads.com/ServeAd?"],
:root a[href^="http://webtrackerplus.com/"],
:root a[href^="https://ad13.adfarm1.adition.com/"],
:root a[href^="http://clickandjoinyourgirl.com/"],
:root a[href*=".xromp.com/landing/click/"],
:root #center_col > #res > #topstuff + #search > div > #ires > #rso > #flun,
:root [href*=".trackout.business"],
:root #center_col > #taw > #tvcap > .rscontainer,
:root [href*=".securesafemembers.com"],
:root [href*=".grtya.com/"],
:root .gbfwa > div[class$="_item"],
:root a[href^="https://goraps.com/"],
:root [href*=".etracking.pro"],
:root #main-content > [style="padding:10px 0 0 0 !important;"],
:root #center_col > #resultStats + div[style="border:1px solid #dedede;margin-bottom:11px;padding:5px 7px 5px 6px"],
:root a[href^="https://www.oboom.com/ad/"],
:root [href*=".adcampo.com/"],
:root [data-ad-module],
:root a[href^="http://get.slickvpn.com/"],
:root a[href^="https://track.themadtrcker.com/"],
:root a[href^="http://hyperlinksecure.com/go/"],
:root a[href^="http://xads.zedo.com/"],
:root a[href^="http://www.affiliates1128.com/processing/"],
:root a[href^="http://c.jumia.io/"],
:root [class^="div-gpt-ad"],
:root [href*=".go2page.net"],
:root a[href^="http://hd-plugins.com/download/"],
:root a[href^="//voyeurhit.com/cs/"],
:root a[href^="http://www.afgr3.com/"],
:root [ad-id^="googlead"],
:root .ra[align="left"][width="30%"],
:root a[href^="https://trackjs.com/?utm_source"],
:root AFS-AD,
:root [id^="ad-wrap-"],
:root #center_col > #\5f Emc,
:root a[href^="http://ads2.williamhill.com/redirect.aspx?"],
:root AD-TRIPLE-BOX,
:root #center_col > div[style="font-size:14px;margin-right:0;min-height:5px"] > div[style="font-size:14px;margin:0 4px;padding:1px 5px;background:#fff8e7"],
:root a[href*=".trck5.com/"],
:root .trc_rbox_div .syndicatedItem,
:root a[href^="http://www.streamate.com/exports/"],
:root [href*="maskip.co/"],
:root a[href^="https://www.firstload.com/affiliate/"],
:root .trc_related_container div[data-item-syndicated="true"],
:root a[href^="http://aflrm.com/"],
:root div[id^="google_dfp_"],
:root [href*="get-download.club/"],
:root .section-result[data-result-ad-type],
:root a[href^="https://syndication.exoclick.com/splash.php?"],
:root #mn div[style="position:relative"] > #center_col > div > ._dPg,
:root a[href*="//bongacams5.com/track?"],
:root FBS-AD,
:root a[href^="http://see-work.info/"],
:root .inlineNewsletterSubscription + .inlineNewsletterSubscription div[class$="_item"],
:root a[href*=".orange2258.com/"],
:root #taw > .med + div > #tvcap > .mnr-c:not(.qs-ic) > .commercial-unit-mobile-top,
:root .plista_widget_belowArticleRelaunch_item[data-type="pet"],
:root a[href*=".clksite.com/"],
:root a[href^="http://www.webtrackerplus.com/"],
:root .GJJKPX2N1 > .GJJKPX2M1 > .GJJKPX2P4,
:root a[href*=".bang.com/"][href*="&aff="],
:root #topstuff > #tads,
:root a[href*=".purple6401.com/"],
:root [id^="componentsPromotionsOffers"],
:root a[href^="http://goldmoney.com/?gmrefcode="],
:root a[href^="http://papi.mynativeplatform.com:80/pub2/"],
:root LEADERBOARD-AD,
:root #mn #center_col > div > h2.spon:first-child + ol:last-child,
:root a[href*=".cfm?fp="][href*="&prvtof="],
:root a[href*="n47adshostnet.com/"],
:root #center_col > #taw > #tvcap > .commercial-unit-desktop-top,
:root .plistaList > .plista_widget_underArticle_item[data-type="pet"],
:root a[href^="http://servicegetbook.net/"],
:root #rhs_block > #mbEnd,
:root a[href^="http://cinema.friendscout24.de?"],
:root [lazy-ad="lefttop_banner"],
:root a[href^="http://www.mrskin.com/tour"],
:root .jobs-information-call-to-action + .jobs-information-call-to-action div[class$="_item"],
:root a[href^="https://go.hpyjmp.com/"],
:root .vi-lb-placeholder[title="ADVERTISEMENT"],
:root a[href^="http://www.menaon.com/installs/"],
:root a[href^="http://taboola-"][href*="/redirect.php?app.type="],
:root .mw > #rcnt > #center_col > #taw > .c,
:root .commercial-unit-mobile-top > div[data-pla="1"],
:root #rhs_block > script + .c._oc._Ve.rhsvw,
:root #\5f _mom_ad_12,
:root .__zinit .__y_item,
:root TopTextAd,
:root .ch[onclick="ga(this,event)"],
:root .__ywl .__y_item,
:root div[id^="div-ads-"],
:root a[onmousedown^="this.href='https://paid.outbrain.com/network/redir?"][target="_blank"] + .ob_source,
:root a[href^="http://at.atwola.com/"],
:root #center_col > #resultStats + #tads,
:root .__yinit .__y_item,
:root a[href^="https://secure.cbdpure.com/aff/"],
:root a[href^="https://affiliate.bitbay.net/"],
:root AMP-AD,
:root iframe[src*="mellowads.com"],
:root .__y_inner > .__y_item,
:root a[href^="https://affiliate.geekbuying.com/gkbaffiliate.php?"],
:root #cnt #center_col > #res > #topstuff > .ts,
:root a[href^="https://landing.brazzersnetwork.com/"],
:root #cnt #center_col > #taw > #tvcap > .c._oc._Lp,
:root div[class^="hp-ad-rect-"],
:root a[href^="http://dwn.pushtraffic.net/"],
:root a[href$="/vghd.shtml"],
:root a[href^="https://a.adtng.com/"],
:root a[href^="http://static.fleshlight.com/images/banners/"],
:root #rhswrapper > #rhssection[border="0"][bgcolor="#ffffff"],
:root .Mpopup + #Mad > #MadZone,
:root a[href^="http://ads.expekt.com/affiliates/"],
:root a[href^="http://www.streamtunerhd.com/signup?"],
:root a[href^="http://www.seekbang.com/cs/"],
:root a[href^="http://syndication.exoclick.com/"],
:root a[href^="http://bluehost.com/track/"],
:root a[href^="http://fsoft4down.com/"],
:root a[href*="ad2upapp.com/"],
:root a[href^="https://www.adxtro.com/"],
:root a[href^="http://click.payserve.com/"],
:root iframe[src^="http://ad.yieldmanager.com/"],
:root a[href^="http://pubads.g.doubleclick.net/"],
:root a[href^="http://serve.williamhill.com/promoRedirect?"],
:root a[href^="http://www.gfrevenge.com/landing/"],
:root a[href^="http://hpn.houzz.com/"],
:root a[href^="http://45eijvhgj2.com/"],
:root [href*=".mclick.net"],
:root #center_col > #taw > #tvcap > .cu-container > .commercial-unit-desktop-top,
:root a[href*="//promo-bc.com/track?"] { display: none !important; }
:root a[href^="https://sexsimulator.game/tab/?SID="],
:root .rc-cta[data-target],
:root #rhs_block > .ts[cellspacing="0"][cellpadding="0"][style="padding:0"],
:root div[data-ad-underplayer],
:root #mbEnd[cellspacing="0"][cellpadding="0"],
:root a[href^="http://3wr110.net/"],
:root .trc_rbox_div .syndicatedItemUB,
:root a[href^="https://www.im88trk.com/"],
:root a[href^="http://ffxitrack.com/"],
:root #center_col > #main > .dfrd > .mnr-c > .c._oc._zs,
:root a[href^="https://squren.com/rotator/?atomid="],
:root div[id^="adspot-"],
:root #\5f _admvnlb_modal_container,
:root a[href^="//40ceexln7929.com/"],
:root #center_col > #resultStats + div + #res + #tads,
:root a[href^="//88d7b6aa44fb8eb.com/"],
:root a[href^="http://www.afgr2.com/"],
:root #mn div[style="position:relative"] > #center_col > ._Ak,
:root #tadsb[aria-label],
:root a[href*="//bongacams2.com/track?"],
:root #center_col > #resultStats + #tads + #res + #tads,
:root a[href^="//z6naousb.com/"],
:root a[href^="https://reachtrgt.com/"],
:root div[data-subscript="Advertising"],
:root div[class$="dealnews"] > .dealnews,
:root a[href^="http://t.mdn2015x2.com/"],
:root div[class^="Ad__container"],
:root a[href^="http://adprovider.adlure.net/"],
:root a[href^="http://rs-stripe.wsj.com/stripe/redirect"],
:root #main_col > #center_col div[style="font-size:14px;margin:0 4px;padding:1px 5px;background:#fff7ed"],
:root a[data-nvp*="'trafficUrl':'https://paid.outbrain.com/network/redir?"],
:root [href^="https://www.xvbelink.com/"],
:root a[href^="http://www.sex.com/pics/?utm_"],
:root a[href^="http://vo2.qrlsx.com/"],
:root a[href^="http://engine.newsmaxfeednetwork.com/"],
:root a[href^="http://ad.yieldmanager.com/"],
:root a[href^="http://www.plus500.com/?id="],
:root #flowplayer > div[style="z-index: 208; position: absolute; width: 300px; height: 275px; left: 222.5px; top: 85px;"],
:root a[href^="https://giftsale.co.uk/?utm_"],
:root a[href^="https://syndication.dynsrvtbg.com/splash.php?"] { display: none !important; }

Wyłączyłem adblockera (uBlock Origin), ale reguły dalej tkwiły na stronie klienta.

Pomyślałem może, że ukrywa faktyczne linki wstrzyknięte przez kod PHP dla samego SEO juice, ale to też nie było to…

Po krótkiej analizie w footerze strony znalazłem link do dziwnego skryptu JS na jeszcze dziwniejszej domenie:

<script type="text/javascript" src="https://cdn.ywxi.net/js/1.js" async></script>

Adres mi nic nie mówił, ale Google szybko znalazł, że skrypt należy do mechanizmu McAfee Secure „chroniącego” strony przed hakerami 😀

https://blog.trustedsite.com/2018/07/20/technical-implementation-of-mcafee-secure-certification/

Czyli, że jak ktoś Ci się włamie na stronę, zamieści linki do spamerskich stron, to dzielny skrypt firmy McAfee go wizualnie ukryje przed twoimi użytkownikami, wykorzystując regułę CSS:

{ display: none !important; }

Genialne… Ich tysiąc sztywnych reguł na pewno ochroni każdą zhakowaną stronę 😉

Dodatkowo zablokuje też reklamy na stronie jeśli takowe masz (i dzięki nim zarabiasz, albo zarabiałeś, dzielny skrypt McAfee upewni się, że twoi użytkownicy ich nie zobaczą):

:root img[alt="reklama"],
:root div#skapiec_ad,
:root ads-top-layer,
...
:root [id^="sponsorowany"],
:root [id^="slot_ad_billboard"],
:root [id^="pianoMediaBoxInfo"],
:root [id^="giercowniaAd"],
:root [id^="ceneoaffcontainer"],
:root [id^="bunyad_ads_widget"],
:root [id^="banner_900x"],
:root [id^="ad_box"],
:root [id^="AdsDetailsTop"],
:root [id*="-billboard-advert"],
:root ul.sharing-tools,
:root [href^="http://adserwer."],
:root [href*=".novem.pl/"],
:root [class^="adSrodek"],
:root IMG[title^="Sponsorowan"],
...

Koniec końców okazało się, że klient rok temu korzystał faktycznie z ich „certyfikacji” czy nawet płacił za to, ale porzucił to, zostawiając jednak ten nieszczęsny skrypt JS.

O ile blokowanie spamerskich stron ma jakiś tam sens, to sam mechanizm jest idiotyczny, spowalnia działanie samej strony, engine przeglądarki musi przerobić cały kod HTML tysiącami reguł, które i tak nic nie zrobią, a najbardziej nieetyczne jest blokowanie samych reklam, których po prostu właściciel strony chce mieć i nie ma to nic wspólnego z cyber bezpieczeństwem.

Narzędzia do reversingu w 2022

Odblokowanie pliku Excel

Antidebugging w aplikacjach Android

JObfuscator – Obfuskator dla Javy

McAfee SECURE certification – śmiech na sali

Jak rozpakować VMProtect?

Tagi

Linki

Projekty