LinkedIn requires users to be signed in for normal visitation, but certain high-trust crawlers are allowed as well. Here, we masquerade as Googlebot to get past the 999.
Instagram has been added back to the site list using the old picuki probe. This service DOES use Cloudflare, but it will function perfectly fine until rate limited. Once rate limited, sherlock-project/sherlock#2069 will suppress any false positives.
The following targets were fixed:
Archive[.]org
CGTrader
CNET
Contently
IFTTT
Linktree
xHamster
The following targets were removed:
HexRPG (auth wall)
ModelHub (defunct)
Oracle Communities (auth wall)
ModelHub was not added to ./removed_sites.md as the platform itself is shutting down (and will therefore never return to Sherlock). The other removed targets were documented normally.
BitcoinForum is currently down and suspected to be defunct. Since this is uncertain, however, a test condition was added to suppress false positives while allowing for normal operation upon the forum's return.
Recently, @ThePornHelper raised an issue related to OnlyFans false negative. After going through the issue, I tried checking for some popular onlyfans creators on sherlock and as per the issue raised all of them were giving false negative.
So, I checked with the current method of checking the username availability. It the following API url:
`https://onlyfans.com/api2/v2/users/grandmasterchefjojo`
It returns a 400 error code and doesn't work at all.
Why it's happening? It requires a token be passed in the headers to for it to work.
After this, I tried using BurpSuite to find any other way to check availability and unfortunately there aren't any.
Even the wrong onlyfans.com/thisusernamedoesntexist777 URL also returns 200 in HTTP response.
So, it's better to remove OnlyFans from supported sites list and add it to removed_sites.json
Thanks.
