uBlock origins and why it's gay. I'll go over one example real quick, uBlock uses functionality from NoScript but did it badly.
Correct me if i am wrong but NoScript uses or used to at least identify certain elements on a page and would insert tags specific to NoScript before loading the web resource entirely, presumably in order to block the stuff that was tagged. However uBlock's implementation didn't respect the NoScript tags or did so badly. I checked some history on Github and after some pressure he wrote this to address the problem.
(function() {
let noscripts = document.querySelectorAll('noscript');
if ( noscripts.length === 0 ) { return; }
let redirectTimer,
reMetaContent = /^\s*(\d+)\s*;\s*url=(['"]?)([^'"]+)\2/i,
reSafeURL = /^https?:\/\//;
let autoRefresh = function(root) {
let meta = root.querySelector('meta[http-equiv="refresh"][content]');
if ( meta === null ) { return; }
let match = reMetaContent.exec(meta.getAttribute('content'));
if ( match === null || match[3].trim() === '' ) { return; }
let url = new URL(match[3], document.baseURI);
if ( reSafeURL.test(url.href) === false ) { return; }
redirectTimer = setTimeout(( ) => {
location.assign(url.href);
},
parseInt(match[1], 10) * 1000 + 1
);
meta.parentNode.removeChild(meta);
};
let morphNoscript = function(from) {
if ( /^application\/(?:xhtml\+)?xml/.test(document.contentType) ) {
let to = document.createElement('span');
while ( from.firstChild !== null ) {
to.appendChild(from.firstChild);
}
return to;
}
let parser = new DOMParser();
let doc = parser.parseFromString(
'<span>' + from.textContent + '</span>',
'text/html'
);
return document.adoptNode(doc.querySelector('span'));
};
for ( let noscript of noscripts ) {
let parent = noscript.parentNode;
if ( parent === null ) { continue; }
let span = morphNoscript(noscript);
span.style.setProperty('display', 'inline', 'important');
if ( redirectTimer === undefined ) {
autoRefresh(span);
}
parent.replaceChild(span, noscript);
}
})();
It's called 'spoof_noscript.js' lol. Anyway, i've been messing with a bit of NodeJS and how Firefox works. In case i want to build an extension some day.
Anyway, enough of that, somewhere in the mess of js and html i found his name and website. Wasn't looking for that information but since i had it i decided to do some recon.
Lmao, look at all the CVE's,
Domain: http://raymondhill.net/
Server: Apache/2.0.52 (CentOS)
IP: 72.51.24.224
Hostnames: mail4.ehosting.ca
City: Vancouver
Country: Canada
Organization: Cogeco Peer 1
Updated: 2020-10-14T05:26:45.364977
Number of open ports: 9
Vulnerabilities:
CVE-2007-1890 CVE-2006-4625 CVE-2018-10549 CVE-2014-5459 CVE-2008-5658 CVE-2018-10545 CVE-2018-10547 CVE-2018-10546 CVE-2008-5557 CVE-2007-1380 CVE-2008-5498 CVE-2012-1172 CVE-2018-10548 CVE-2009-4143 CVE-2006-3011 CVE-2012-2311 CVE-2007-1461 CVE-2014-2497 CVE-2008-0599 CVE-2007-2872 CVE-2011-1468 CVE-2011-1469 CVE-2011-0421 CVE-2012-2688 CVE-2007-1700 CVE-2009-3294 CVE-2009-3292 CVE-2011-1467 CVE-2011-1464 CVE-2009-3291 CVE-2011-3182 CVE-2018-20783 CVE-2007-3007 CVE-2012-0057 CVE-2005-1344 CVE-2006-7243 CVE-2012-0883 CVE-2007-0906 CVE-2009-2626 CVE-2010-1130 CVE-2012-1823 CVE-2007-6388 CVE-2007-1864 CVE-2011-3639 CVE-2007-4465 CVE-2004-0885 CVE-2013-1643 CVE-2005-2088 CVE-2011-4317 CVE-2007-1581 CVE-2011-4885 CVE-2007-1285 CVE-2014-0098 CVE-2011-3348 CVE-2018-19520 CVE-2018-19396 CVE-2016-7478 CVE-2007-3799 CVE-2012-2143 CVE-2010-3870 CVE-2012-1171 CVE-2012-0831 CVE-2018-17082 CVE-2019-9639 CVE-2019-9638 CVE-2013-6438 CVE-2013-4248 CVE-2019-9637 CVE-2007-1376 CVE-2007-1582 CVE-2007-1583 CVE-2009-1891 CVE-2011-4415 CVE-2009-0754 CVE-2009-1890 CVE-2018-14883 CVE-2013-2249 CVE-2011-1153 CVE-2006-4154 CVE-2011-3607 CVE-2006-5706 CVE-2008-5624 CVE-2011-4718 CVE-2004-0942 CVE-2014-0237 CVE-2006-3747 CVE-2015-8994 CVE-2008-2384 CVE-2011-0419 CVE-2014-0238 CVE-2019-9023 CVE-2006-4812 CVE-2019-9021 CVE-2019-9024 CVE-2007-1396 CVE-2011-3192 CVE-2007-0909 CVE-2007-0905 CVE-2007-0907 CVE-2010-0425 CVE-2007-4658 CVE-2007-1825 CVE-2007-4657 CVE-2011-3368 CVE-2007-4652 CVE-2008-5625 CVE-2011-1092 CVE-2018-19935 CVE-2007-2727 CVE-2013-4635 CVE-2011-0708 CVE-2008-2666 CVE-2010-4697 CVE-2010-4699 CVE-2007-1888 CVE-2007-5000 CVE-2007-0910 CVE-2007-1452 CVE-2019-6977 CVE-2005-2728 CVE-2011-2483 CVE-2007-6750 CVE-2007-3997 CVE-2008-4107 CVE-2008-2168 CVE-2007-1824 CVE-2011-3267 CVE-2011-1466 CVE-2014-9427 CVE-2007-3998 CVE-2019-9641 CVE-2012-3365 CVE-2018-15132 CVE-2006-5178 CVE-2011-0752 CVE-2011-0755 CVE-2009-4418 CVE-2007-2509 CVE-2005-3352 CVE-2009-2699 CVE-2011-3268 CVE-2013-1635 CVE-2008-2051 CVE-2016-8612 CVE-2007-1835 CVE-2012-2336 CVE-2005-3357 CVE-2019-9020 CVE-2009-5016 CVE-2009-4142 CVE-2009-4018 CVE-2009-3293 CVE-2017-16642 CVE-2007-1887 CVE-2013-2110 CVE-2007-1885 CVE-2007-1884 CVE-2007-1883 CVE-2012-0031 CVE-2008-0456 CVE-2008-0455 CVE-2018-19395 CVE-2007-6203 CVE-2012-2386 CVE-2007-2510 CVE-2012-2376 CVE-2005-2700 CVE-2008-5814 CVE-2008-2108 CVE-2006-5465 CVE-2008-2107 CVE-2007-2844 CVE-2008-2050 CVE-2012-0789 CVE-2012-0788 CVE-2007-1001 CVE-2007-1718 CVE-2007-1717 CVE-2011-1470 CVE-2007-1710
Ports:
21/tcp
|-- SSL Versions: -SSLv2, -SSLv3, TLSv1, TLSv1.1, TLSv1.2
25/tcp Postfix smtpd
|-- SSL Versions: -SSLv2, -SSLv3, TLSv1, TLSv1.1, TLSv1.2
53/udp
80/tcp Apache httpd (2.0.52)
110/tcp
|-- SSL Versions: -SSLv2, -SSLv3, TLSv1, TLSv1.1, TLSv1.2
443/tcp Apache httpd (2.0.52)
|-- SSL Versions: -SSLv2, -SSLv3, TLSv1, TLSv1.1, TLSv1.2, TLSv1.3
|-- Diffie-Hellman Parameters:
Bits: 2048
Generator: 2
Fingerprint: RFC3526/Oakley Group 14
465/tcp Postfix smtpd
|-- SSL Versions: -SSLv2, -SSLv3, TLSv1, TLSv1.1, TLSv1.2
|-- Diffie-Hellman Parameters:
Bits: 2048
Generator: 2
587/tcp Postfix smtpd
|-- SSL Versions: -SSLv2, -SSLv3, TLSv1, TLSv1.1, TLSv1.2
8090/tcp
Didn't do a reverse dns or sub domain search, i just thought the sheer amount of CVE's as seen above was amusing. I did find this as the registrant's email when i did a whois.
https://tieredaccess.com/contact/e92bcac0-c8b4-4a77-859e-d47dba155ba2Pretty weird.
