hosts: [422 Domains / 138 IP Addresses] PropellerAds aka Samoukale, Ltd.
Spent a few hours reversing IP addresses connected to my.rtmark.net, because I foundpropeller-tracking.com being called on my network and it wasn’t blocked or “Google-able”.
I found all the information through SecurityTrails. Had to cut out one of the domains because it seemed like it was not resolving any A record. Most of the domains listed here have similar characteristics:
- Root domains having a
10 relay.bestofpost.comMX record - Hosted through
Webzilla B.V.and recently moved toRETN Limited
Blocked Domains and IP Addresses
propellerads domains.txt propellerads ip.txt
Server Replies
empty OK
Unsupported path
404 page not found
0x50001
curl: (6) Could not resolve host: vuftouks.com
<html>
<head><title>302 Found</title></head>
<body>
<center><h1>302 Found</h1></center>
<hr><center>nginx</center>
</body>
</html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
</head>
<body>
go.costaquire.com
</br>
京ICP备13004995号</br>
<a href=http://www.miibeian.gov.cn/>http://www.miibeian.gov.cn/</a></br>
</body>
</html>
Closing Comments
Seems like they are all safe to block, and I see some already in this list. This issue completes those domains (for now, who knows if they have a team that buys domains every day). At the moment, totaling 418 domains and 136 IP addresses.
If you can block through IP address, it seems safe to block the 139.45.195.0/24 and the 139.45.196.0/24 ranges. These websites have no particular manner anyways (imo) other than serving ads and tracking users.
About this issue
- Original URL
- State: closed
- Created 4 years ago
- Comments: 27 (7 by maintainers)
Commits related to this issue
- Issue #1357: add pub.trads.io. — committed to StevenBlack/hosts by StevenBlack 4 years ago
- Bai bai (#1) * Add domain from Issue #1349. * Updates from Tiuxo, Sinfonietta, yoyo.org, URLHaus, someonewhocares.org, KADhosts, hostsVN, and AdAway. * Release 2.7.0 * Add domains from Issue... — committed to ozzyonez12/hosts by ozzyonez12 4 years ago
- More propellerads — committed to liamengland1/mischosts by llacb47 4 years ago
- More propellerads — committed to liamengland1/mischosts by llacb47 4 years ago
Personally, I don’t know how helpful an addition this would be. Propellerads has so many domains and undoubtely they are registering more all the time. (similar to Popads) If this list tried to add every domain registered and used by Propellerads and Popads it would be adding new domains all the time. Plus the domains rotate all the time.
Adding these domains would only make sense IMO if someone ran an automated job to get the newest domains and make a PR every week or something, similar to https://github.com/ameshkov/circumvention-monitor.
If you are going to a website that uses these shady networks, the best thing to do is use uBlock Origin, which can abort the inline scripts causing the network requests. A hosts file alone will not protect you.
Work is done. I tested it against the domains listed above and they seem to have caught all of it.
@StevenBlack And nice work on the
.ghostscommand-line tool! It’s a nice utility to play around with.3,604 Domains 382 IP Addresses
File download
propellerads.ip.txt propellerads.domains.txt
@StevenBlack The
.iodomain doesn’t seem to be registered by PropellerAds. It’s the subdomainpub.trads.iothat’s being blocked, because the A records point to an IP Address PropellerAds use.And yeah, no doubt😅
Well Jacky @mrjackyliang, hosts file are, already, a big mess anyway 😄
@StevenBlack Give me until the end of the day before adding. I have more coming. Will be posting the rest up.
@llacb47 I get what you mean now with the scripts being loaded inline. The inline loading of scripts varies. Some don’t, some do. The list I mentioned above caught pretty much all of it, but I’m going to continue to dig further.
@dnmTX I got confused last night when you tagged me while answering @llacb47’s response with the inline tag. Probably I was just tired.
What I meant was that the PropellerAds domains are loaded by obfuscated inline scripts on the websites in my comment.