ADBLK-25: Block Catapult Anti-Adblock Domains

Issue Information

Issue Type: Task
Priority: Major
Status: Open

Reported By:
Ben Tasker
Assigned To:
Ben Tasker
Project: Adblock Lists (ADBLK)
Resolution: Unresolved

Created: 2020-12-07 15:17:56
Time Spent Working

Observed being distributed via BunnyCDN and Cloudfront.


Hitting either domain with an non existing file results in Cannot GET /catapult/[something]. For the latter domain it's catapult/iliffe for the former it's catapult/adblockrelief

The name Catapult appears within the codebase as well.

The BunnyCDN based domain uses the flawed approach previously observed with Admiral - claiming that "circumvention" of the code is a violation of DMCA.

Toggle State Changes


app.min.js will bail if it can't download the safe.js file - so blocking the latter is actually sufficient
if (this.google_analytics_manager = e, this.ADBLOCKER_DETECTED = !1, !document.SAFERELIEF) return console.log("We have been unable to download the SAFERELIEF sentinel.  Bailing."), void(this.ADBLOCKER_DETECTED = !1);

However, this domain is clearly only intended to serve tracking code, so it makes more sense to block both anyway.

app.min.js refers to a bunch of other "ad" scripts (these are actually canary scripts). They contain heavily obfuscated code
 e.DownloadCanaryPair("//", "/ads/ads.js") : 1 == t ? e.DownloadCanaryPair("//", "/ads/ads.js") : 2 == t ? e.DownloadCanaryPair("//", "/adv/ads.js") : 3 == t ? e.DownloadCanaryPair("//", "/adv/ads.js") : 4 == t ? e.DownloadCanaryPair("//", "/ads/ads.js") : 5 == t ? e.DownloadCanaryPair("//", "/ads/ads.js") : e.DownloadCanaryPair("//", "/ads/ads.js")

Giving us the following

Again, probably better to just block the entire domains so that they can't later be used to serve the anti-adblock stuff (while whitelisting those files would nobble the canary, you're then at the mercy of whatever their code is doing)
For the former domain it's catapult/iliffe

Ahhh iliffe is a news publisher - they're obviously the customer.

Which means that is publisher specific - there's not much point blocking it as we can block that safe file instead
The anti-adblock screen is integrated with Jamatto Micropayments ( I'm not going to block them, as they're simply providing a micropayments service and (AFAICT) are just used by the anti-adblock solution rather than being behind it.
There's an example of another CatapultTools instance linked to from here -

This time the page loads

- (account name seemingly spp)

It bailed out because the "sentinel" (safe.js) couldn't be downloaded.

The canary pages in that are exactly the same as for the other - most likely the Cloudfront distribution sends a custom request header upstream to indicate which customer/publisher the requests are being served for.

So, the currently committed blocks work - but, if they move their sentinel to a new domain it may start triggering again.
Blocks were committed here - - seems I've accidentally broken the webhooks

Repo: adblocklists
Commit: 940137696a77504435d8e81d264670e9484dbbc7
Author: B Tasker <github@<Domain Hidden>>

Date: Mon Dec 07 15:42:56 2020 +0000
Commit Message: ADBLK-25 Block domains associated with the CatapultTools Anti-Adblock Setup

Added (+)

Webhook User-Agent


View Commit