ADBLK-25: Block Catapult Anti-Adblock Domains

app.min.js will bail if it can't download the safe.js file - so blocking the latter is actually sufficient

if (this.google_analytics_manager = e, this.ADBLOCKER_DETECTED = !1, !document.SAFERELIEF) return console.log("We have been unable to download the SAFERELIEF sentinel.  Bailing."), void(this.ADBLOCKER_DETECTED = !1);

However, this domain is clearly only intended to serve tracking code, so it makes more sense to block both anyway.

app.min.js refers to a bunch of other "ad" scripts (these are actually canary scripts). They contain heavily obfuscated code

 e.DownloadCanaryPair("//d35eux0j7ldw19.cloudfront.net", "/ads/ads.js") : 1 == t ? e.DownloadCanaryPair("//fjhsjkfhwqeirusdfjkh.azureedge.net", "/ads/ads.js") : 2 == t ? e.DownloadCanaryPair("//fjhsjkfhwqeirusdfjkh.azureedge.net", "/adv/ads.js") : 3 == t ? e.DownloadCanaryPair("//wejhrtlhjkltvicuiuyd.b-cdn.net", "/adv/ads.js") : 4 == t ? e.DownloadCanaryPair("//wejhrtlhjkltvicuiuyd.b-cdn.net", "/ads/ads.js") : 5 == t ? e.DownloadCanaryPair("//voldffgkdsllkjthlkjt.b-cdn.net", "/ads/ads.js") : e.DownloadCanaryPair("//d35eux0j7ldw19.cloudfront.net", "/ads/ads.js")

Giving us the following

d35eux0j7ldw19.cloudfront.net/ads/ads.js
fjhsjkfhwqeirusdfjkh.azureedge.net/ads/ads.js
fjhsjkfhwqeirusdfjkh.azureedge.net/adv/ads.js
wejhrtlhjkltvicuiuyd.b-cdn.net/adv/ads.js
wejhrtlhjkltvicuiuyd.b-cdn.net/ads/ads.js
voldffgkdsllkjthlkjt.b-cdn.net/ads/ads.js
d35eux0j7ldw19.cloudfront.net/ads/ads.js

Again, probably better to just block the entire domains so that they can't later be used to serve the anti-adblock stuff (while whitelisting those files would nobble the canary, you're then at the mercy of whatever their code is doing)

For the former domain it's catapult/iliffe

Ahhh iliffe is a news publisher - they're obviously the customer.

Which means that d1hnzacu959ev8.cloudfront.net is publisher specific - there's not much point blocking it as we can block that safe file instead

The anti-adblock screen is integrated with Jamatto Micropayments (Jamatto.com). I'm not going to block them, as they're simply providing a micropayments service and (AFAICT) are just used by the anti-adblock solution rather than being behind it.

There's an example of another CatapultTools instance linked to from here - https://github.com/uBlockOrigin/uAssets/issues/5994

This time the page loads

- https://d3mrx7ldhjaklg.cloudfront.net/app.min.js (account name seemingly spp)

It bailed out because the "sentinel" (safe.js) couldn't be downloaded.

The canary pages in that are exactly the same as for the other - most likely the Cloudfront distribution sends a custom request header upstream to indicate which customer/publisher the requests are being served for.

So, the currently committed blocks work - but, if they move their sentinel to a new domain it may start triggering again.

Blocks were committed here - https://github.com/bentasker/adblocklists/commit/940137696a77504435d8e81d264670e9484dbbc7 - seems I've accidentally broken the webhooks