Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Random popup domain with CNAME *.ahacdn.me #44

Closed
bigdargon opened this issue Jun 6, 2022 · 4 comments
Closed

Random popup domain with CNAME *.ahacdn.me #44

bigdargon opened this issue Jun 6, 2022 · 4 comments
Assignees
@jellizaveta

Comments

@bigdargon
Copy link

Through recent monitoring, I discovered a random group of domains with CNAMEs from *.ahacdn.me. Should we block them?

#[cdn12359286.ahacdn.me]
0.0.0.0 0696e8978a.e0d4e3650c.com
#[cdn28786515.ahacdn.me]
0.0.0.0 8a129b6462.8d6fac2030.com
0.0.0.0 0b05d0612b.0565f1f90c.com
0.0.0.0 0fccf56c02.d14b19b49f.com
0.0.0.0 161e68ac42.dc7c0b823d.com
0.0.0.0 1a8eb62517.840df00e08.com
0.0.0.0 20fae701c7.8a080862f3.com
0.0.0.0 2431bce671.20239be1ae.com
0.0.0.0 28b9cfa1ce.a615d4c326.com
0.0.0.0 2933448a31.4e39c772dc.com
0.0.0.0 2fe5885777.b370db8cb7.com
0.0.0.0 30c3199523.4022cfe7d9.com
0.0.0.0 322c318d55.7d9bbf7e5b.com
0.0.0.0 33b9b88162.dc1c6c157e.com
0.0.0.0 3cc3906e85.7f59b515a6.com
0.0.0.0 41c1ffbaa1.24fa533251.com
0.0.0.0 441d65438d.b1f72fc1be.com
0.0.0.0 4dbd367a0f.d4624d2bc2.com
0.0.0.0 5092f667b4.c785e43db1.com
0.0.0.0 5265c011ae.60b8fe6ea3.com
0.0.0.0 54ef83e486.338f4d497f.com
0.0.0.0 6d710ff802.ddc08eb47c.com
0.0.0.0 72c73fef76.55a70c5ade.com
0.0.0.0 7eeb1771b0.86b16730f8.com
0.0.0.0 830b8fe930.864db374c6.com
0.0.0.0 8a4cba9e75.544e649ba3.com
0.0.0.0 8e15d1e530.551327fd36.com
0.0.0.0 91dacd27c8.d2e48d0dce.com
0.0.0.0 9aeded3984.cd239ecf15.com
0.0.0.0 9e0bb4f10a.c59538e98c.com
0.0.0.0 a1039d6267.1506527e41.com
0.0.0.0 a9de68097f.a40c129de3.com
0.0.0.0 aa9271e4a2.4d4ac172b7.com
0.0.0.0 b2903f16ac.c9c2b6b980.com
0.0.0.0 b4f91231ab.ea38b1fdc5.com
0.0.0.0 b79eac9131.12e42de17f.com
0.0.0.0 b94ea798af.ac2e81c7b8.com
0.0.0.0 c3b1aea9b1.b546c8dcd2.com
0.0.0.0 c5b6f5b3b0.856f639e2a.com
0.0.0.0 cb2d4d0a03.ce3fbb6bac.com
0.0.0.0 d9a902a337.593e7fec57.com
0.0.0.0 dd77535fba.3901da0f4a.com
0.0.0.0 e31130cb48.b1e50c8028.com
0.0.0.0 e4c8e13238.bad8b2e252.com
0.0.0.0 e605e5c0f1.12a8861c61.com
0.0.0.0 ec73c518ce.d6740c1a30.com
0.0.0.0 f00961160c.25391ebf69.com
0.0.0.0 fb9c1069a6.9f3f61c6a1.com
0.0.0.0 js.cabnnr.com
0.0.0.0 js.canstrm.com
0.0.0.0 js.capndr.com
0.0.0.0 js.natsdk.com
0.0.0.0 js.wpadmngr.com
0.0.0.0 js.wpshsdk.com
0.0.0.0 js.wpushsdk.com
0.0.0.0 sw.wpush.org
#[cdn44221613.ahacdn.me]
0.0.0.0 0490217d1b.39785fe3f1.com
0.0.0.0 07992b9524.ad1d862ce0.com
0.0.0.0 0f13eb71c8.74adf02407.com
0.0.0.0 11eeb6300b.c7673123bd.com
0.0.0.0 1c714c2b23.840df00e08.com
0.0.0.0 1e6cb6defd.338f4d497f.com
0.0.0.0 21ffc7a7c6.f21c8cd9a7.com
0.0.0.0 2c95056fda.855656c3a0.com
0.0.0.0 30590d9455.1aed915a81.com
0.0.0.0 4ba3b72b0c.713661e535.com
0.0.0.0 53ce09d439.255925943c.com
0.0.0.0 54705174db.8b1f93b707.com
0.0.0.0 55e0337459.92333cc277.com
0.0.0.0 582c054e5d.4022cfe7d9.com
0.0.0.0 5ad970a7c3.86b16730f8.com
0.0.0.0 70fe531675.3eb8f14569.com
0.0.0.0 767528f77a.342c15527e.com
0.0.0.0 7ccbc65df5.a615d4c326.com
0.0.0.0 7cf163435a.ddc08eb47c.com
0.0.0.0 81a3159d81.ba3d1a19fe.com
0.0.0.0 8ea6735569.24fa533251.com
0.0.0.0 9ee76635e7.45d2bbfb2a.com
0.0.0.0 b553ce7e52.c986493e7d.com
0.0.0.0 b581d46c65.6f7e85a9b7.com
0.0.0.0 b99bc0c857.f338113ad0.com
0.0.0.0 c89659e7cc.3a57c13de7.com
0.0.0.0 d0ec86fd23.6ff2f7bf3d.com
0.0.0.0 d1c52479fc.c9c2b6b980.com
0.0.0.0 d4701e7b64.21550edfab.com
0.0.0.0 e73daaeb4f.58c036d100.com
0.0.0.0 f4733d7c73.1d354c1645.com
#[cdn65182383.ahacdn.me]
0.0.0.0 js.jnkstff.com
#[cdn81910013.ahacdn.me]
0.0.0.0 na.nawpush.com

Also, there are 2 domains ntvpforever.com &cds.h5z9g8y6.hwcdn.net I'm tracking them. It's also possible that these CNAMEs only contain ads/trackers

#[ntvpforever.com]
0.0.0.0 0956a1534a.255925943c.com
0.0.0.0 0acbf53d71.711f421280.com
0.0.0.0 0b6ecb7f80.c986493e7d.com
0.0.0.0 5ab3edc5c1.342c15527e.com
0.0.0.0 61254102fd.92333cc277.com
0.0.0.0 68787fa2a4.0439c255ac.com
0.0.0.0 780f961964.b3fb511da0.com
0.0.0.0 7fe465ee76.f21c8cd9a7.com
0.0.0.0 92756fbe9c.3a57c13de7.com
0.0.0.0 c4045fee5e.90cd7fb7ca.com
0.0.0.0 c66ed6bbd0.866e69bc8e.com
0.0.0.0 da2870069a.c9c2b6b980.com
0.0.0.0 e8609911b3.c785e43db1.com
#[cds.h5z9g8y6.hwcdn.net]
0.0.0.0 js.wpnjs.com
0.0.0.0 js.wpnsrv.com
0.0.0.0 js.wpncdn.com
@TPS
Copy link

TPS commented Jun 6, 2022

This seems a whole lot like #41, just not quite as advanced.

@bigdargon
Copy link
Author

Thanks for your attention! I was still manually tracking and blocking each domain in my project when it was discovered by our team.

@Yuki2718
Copy link

Yuki2718 commented Jun 18, 2022
edited
Loading

IIRC ahacdn.me can not generally be blocked due to breakage.

@bigdargon
Copy link
Author

Most random domains with IP address 45.133.44.24 and 45.133.44.25 are popups (for subdomains ahacdn.me)

adguard pushed a commit that referenced this issue Oct 26, 2022
add ahacdn.me to config #44
980b36c
adguard pushed a commit that referenced this issue Oct 28, 2022
@jellizaveta
add ahacdn.me to config. #44
9d5cd23 
Merge in ADGUARD-FILTERS/cname-trackers from fix/44_ahacdn.me to master

Squashed commit of the following:

commit c918bf5
Author: Elizaveta Egorova <[email protected]>
Date:   Fri Oct 28 16:56:02 2022 +0300

    left the necessary domain

commit 6197636
Author: Elizaveta Egorova <[email protected]>
Date:   Wed Oct 26 20:02:42 2022 +0300

    add domain

commit 980b36c
Author: Elizaveta Egorova <[email protected]>
Date:   Wed Oct 26 19:09:12 2022 +0300

    add ahacdn.me to config #44
@jellizaveta jellizaveta mentioned this issue Nov 1, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jellizaveta jellizaveta

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@TPS @bigdargon @slavaleleka @Yuki2718 @jellizaveta