Package: webext-https-everywhere Version: 2021.1.27-1 Debian Release: 11.9 Suite: bullseye
I recently found an odd request to http://ww25.https-rulesets.org/v1// ?subid1=<some tracking id> on opening the browser It seems the eff let the https-rulesets.org domain expire and it was registered by a third party last December: $ whois https-rulesets.org Domain Name: https-rulesets.org Registry Domain ID: REDACTED Registrar WHOIS Server: whois.tucows.com Registrar URL: http://www.tucows.com Updated Date: 2024-12-29T18:08:52Z Creation Date: 2024-12-24T18:08:08Z Registry Expiry Date: 2025-12-24T18:08:08Z Registrar: Tucows Domains Inc. Registrar IANA ID: 69 Registrar Abuse Contact Email: [email protected] Registrar Abuse Contact Phone: +1.4165350123 Domain Status: ok https://icann.org/epp#ok Name Server: ns15.abovedomains.com Name Server: ns16.abovedomains.com who put it on for sale. Now requests to https://www.https-rulesets.org/<something> redirect (302) to http://ww25.https-rulesets.org/<something>?subid1=<some id>, which show a This-domain-may-be-for-sale parking page (along a parking_session cookie). On webext-https-everywhere background-scripts/update_channels.js sets update_path_prefix: 'https://www.https-rulesets.org/v1/ which is used by background-scripts/update.js to perioically check for new rulesets automatically.
