Good day - Please consider unblocking Unblocking www.amazonbusiness.com which is a redirect to business.amazon.com

Hello, while most of the Fathom tracking is already blocked in https://github.com/AdguardTeam/cname-trackers/blob/master/trackers/fathom.txt a few scripts pass through because they use a other CNAME domain.

Examples:

prefinery.com -> electric-eighten.b-cdn.net
steadybit.com -> type-thirtyseven.b-cdn.net
meinsmartplan.de -> gorgeous-easy.b-cdn.net

Example for the script: prefinery.com -> https://glowing-van.prefinery.com/script.js But the list only contains ant.prefinery.com

I don’t know if it can be fixed because b-cdn.net get widely used

Found on https://ja.cam4.com/female [NSFW]
https://s.st1net.com/splash.php?idzone=2336&orientation=landscape&screen_resolution=1920x1080&p=https%3A%2F%2Fja.cam4.com%2Ffemale&cookieconsent=false (=> tk6if76q.ab1n.net in Base)

@ameshkov per you request just making it official as discussed in StevenBlack's Repo.
Let us know when ready. Thank you 👍

The domain smartproxy.dataunlocker.com is cloaked with CNAME and is a tracking proxy. See this entry in uBlock Origin's assets for reference. Here's an example website: https://woodbrass.com/. It uses the domain 1bw7etm93lf.www.woodbrass.com to cloak tracking requests. The subdomain is random and might change, but doesn't do so very often. (Dataunlocker's website mentions this). It would be nice if it was added as a host for blocking though DNS.

https://dev.fingerprintjs.com/docs/subdomain-integration

We need to figure out what domain they use for CNAME tracker (not clear from the doc yet, could be acm-validations.aws.).

Let's use publicwww and look for their scripts that use custom endpoint:

const fpPromise = FingerprintJS.load({
  token: 'your-browser-token',
  endpoint: 'https://fp.yourdomain.com'
})

Per a note @ https://github.com/StevenBlack/hosts/releases/tag/3.11.3, this list has suddenly increased in size. I noticed the last few commits have huge net additions. Could anyone explain this abrupt growth?

Found on https://www.blick.ch/ausland/putins-perfider-plan-kreml-chef-will-offenbar-eigene-staedte-bombardieren-id17349557.html
https://pl02.owen.prolitteris.ch/na/vzm.13447-17349557 (=> pl02.prolitteris.2cnt.net)
I don't know who is 2cont but blocked by TPF and EP, some info at https://optout.2cnt.net/

They were initially not added for the amount of trouble (AdguardTeam/AdguardFilters#76213 (comment)) and now causing lots of - I showed a few examples in List Authors Chat. There should be many more.

Hello, it seems, that domain www3.raspberrypi.org is being blocked by this block list. It impacts the Raspberry Pi update process and renders the system outdated. Please, consider removing this domain from the list.

Following up on #4 (comment)

Could you also provide (and maintain) a JSON that maps between first party domains and CNAME domains?

Something like:

{
  "abc.some-first-party.com": "xyz.potential-tracker.com",
   ...
}

In cases of multiple CNAME records, could you provide just the one entry for the domain at the end of the chain (#4 (comment))?

The basic idea here is to enable canonical name lookups for a set of domains. The answers provided by the JSON should match answers provided by the dns.resolve() API.

For example:

browser.dns.resolve("alsgaj.chosun.com", ['canonical_name']).then(r=>{console.log(r.canonicalName)})
// prints gum.va1.vip.prod.criteo.com (not a.dnsdelegation.io)

• https://campaigns.williamhill.com/S.ashx?btag=a_180785b_141c_&affid=1486932&siteid=180785&adid=141&c= (=> wlwilliamhill.adsrv.eacdn.com) on forthegamblers.com

• https://track.10bet.com/S.ashx?btag=a_29999b_14c_&affid=1674273&siteid=29999&adid=14&c= (=> wl10bet.adsrv.eacdn.com) on www.profittipsters.com

Can be blocked by generic rule /S.ashx?btag and I already opened PR in EL, but the pattern may change.

Both www.moneyrates.com & www.quinstreet.com map to www.quinstreet.com.edgekey.net. Current DNS filters only block via ||quinstreet.com^ & so only catch 2nd domain, but this feels like a 2nd-iteration CNAME, & should catch 1st, as well. But that seems like it could false positive other domains of the pattern, as well. What's best way to catch these kind of scenarios? Right now, I'm just using user DNS filter ||quinstreet., which catches all of the above.

"https://ads.shopee.com.br/",
"https://ads.shopee.tw/",
"https://ads.shopee.sg/",
"https://ads.shopee.com.my/",
"https://ads.shopee.vn/",
"https://ads.shopee.co.th/",
"https://ads.shopee.ph/",
"https://ads.shopee.cn/",
"https://ads.shopee.kr/",
"https://ads.shopee.com.mx/

Above lists our affected sites,
Our site will be intercepted by the $popup rules
While we can open our sites by in the address bar, we cannot open them through new windows, especially for AdGuard interceptors.

The sites above are actually block, and although we use the CDN to record the static resources, we still can't use the site properly

OS/version: mac
Browser/version: Chrome: version 98
Adblock Extension/version: AdGuard: version 4.0.141

I really hope that you can reply to us
I wish you a happy work

Hi,
I would like to notice that brave and safari block CNAME-cloaked tracking. Moreover, on firefox you can use ublock origin until the bug will be closed.

Not sure how this one ended up on the list, but I believe it's a false positive. The domain belongs to https://corelight.com/ and hosts things such as http://www3.corelight.com/nsm@home (link on https://corelight.blog/2021/03/15/translating-query-into-action/).

I'm not affiliated with Corelight, just noticed it while scoping out the @home program.

This issue was originally raised here: StevenBlack/hosts#1648

https://urlfilter.adtidy.org/v1/findCloaked?domain=ads.bid

"cloaked_trackers": [
        {
            "disguise": "sing.envd07r9mf.ru",
            "tracker": "sing.lb.rtb.ads.bid"
        },
        {
            "disguise": "adv.ads2.bid",
            "tracker": "lb.rtb.ads.bid"
        },
        {
            "disguise": "avbr.13wynpuurt.ru",
            "tracker": "lb.rtb.ads.bid"
        },
        {
            "disguise": "avbr.c97eaqj38e.ru",
            "tracker": "lb.rtb.ads.bid"
        },
        {
            "disguise": "arvb.ewtcbedtmx.ru",
            "tracker": "lb.rtb.ads.bid"
        },
        {
            "disguise": "avb-sing.ewtcbedtmx.ru",
            "tracker": "sing.lb.rtb.ads.bid"
        }
    ]

Found on decrypt.co: https://fpa-cdn.decrypt.co/keys/decrypt.co/p.js (=> fpa-cdn-decrypt-co.parsely.com)
https://www.parse.ly/

Content analytics made easy

Twitch disguises requests to their tracking system under a hostname that resembles the one they use when serving video to the users. They employ a scheduled job to rotate the prefix periodically (the video-edge-41c9a6.pdx01 part), but it always resolves to the CNAME spade.sci.twitch.tv. This was once directly served over spade.twitch.tv, but after it was added to common ad filter lists, Twitch resorted to this way of enabling user tracking.

$ dig +short video-edge-41c9a6.pdx01.abs.hls.ttvnw.net # Fake video edge used to track events
spade.sci.twitch.tv.
science-edge-external-prod-73889260.us-west-2.elb.amazonaws.com.
52.10.9.205
34.210.146.165
52.41.114.21
52.34.161.102
52.33.93.28
52.41.142.156
54.69.146.250
34.214.200.59
$ dig +short video-edge-65ed1e.vie02.abs.hls.ttvnw.net # Original video edge
99.181.68.239

||mm.actionlink.jp^ is already in TPF
Test URL: https://www.office-com.jp/
Tracker URL example: https://al.office-com.jp/js/r.js (using FingerprintJS)
About the service: https://actionlink.jp/ (need translation, "Client-centered CRM platform")

URL: https://www.tus.ac.jp/
ma-jin is a marketing-automation tool by Geniee (https://geniee.co.jp/) : https://ma-jin.jp/
AdguardTeam/AdguardFilters@7b28d77

https://bup.bankofamerica.com/client/v3.1/web/wup?cid=barbie (=> wup-532e636f.us.v2.we-stats.com) on www.bankofamerica.com
we-stats.com is currently blocked by EP but not by AGTPF. Seen on https://bank.barclays.co.uk/olb/authlogin/loginAppContainer.do#/identification and will add soon, but I have no idea who is behind this analytics domain.

e.g. On www.cabazes.pt
https://track.hoodeffect.com/uniclick.js?defaultcampaignid=627e170335981a0001d4dc76&attribution=lastpaid&regviewonce=false&cookiedomain=cabazes.pt&cookieduration=30 (=> sin.rdtk.io)
On elevecosmetics.com
https://track.ogrowthlabs.com/uniclick.js?defaultcampaignid=61a116aac056b300014a547a&attribution=lastpaid&regviewonce=false&cookiedomain=elevecosmetics.com&cookieduration=30 (=> sin.rdtk.io)
||rdtk.io^ is in EasyList.

Maybe ://track.*/uniclick.js and ://track.*/events.js can catch most of them.

AdguardTeam/AdguardFilters#100496 (comment)

I forgot to take a note but I saw cdn.eeco.xyz/app.js too somewhere today.

URL: www.britishairways.com
Tracker: tagman.britishairways.com (=> edge-geo.nc0.co)

Its a request, but I would suggest that you include Last-Modified as part of your publish request-header.
Most lists include that for the subscribers to determine if and when the list has been updated and only perform complete download of the list if Last-Modified date has changed.

As an example based on Stevenblack list:

curl -I http://sbc.io/hosts/hosts
HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Length: 2785346
Content-Type: text/plain
Last-Modified: Fri, 01 Oct 2021 02:00:34 GMT
Accept-Ranges: bytes
ETag: "0dc81e68b6d71:0"
Server: NginX
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Powered-By: ASP.NET
Date: Sat, 02 Oct 2021 18:48:01 GMT

fastmailusercontent.com's whole point is to avoid tracking by loading images via a proxy. So now when I want to see images in email I can't unless I turn off everything for Fastmail.

These entities are/may be using cname:

a8.net
ad-cloud.jp
ebis.ne.jp
genieespv.jp

genieespv.jp tracker are already blocked by regex yet still good to add domains for DNS.

URL: https://yuzen-official.com/ (AdguardTeam/AdguardFilters@bc8bb6a)

About justuno: https://www.justuno.com/

Through recent monitoring, I discovered a random group of domains with CNAMEs from *.ahacdn.me. Should we block them?

#[cdn12359286.ahacdn.me]
0.0.0.0 0696e8978a.e0d4e3650c.com
#[cdn28786515.ahacdn.me]
0.0.0.0 8a129b6462.8d6fac2030.com
0.0.0.0 0b05d0612b.0565f1f90c.com
0.0.0.0 0fccf56c02.d14b19b49f.com
0.0.0.0 161e68ac42.dc7c0b823d.com
0.0.0.0 1a8eb62517.840df00e08.com
0.0.0.0 20fae701c7.8a080862f3.com
0.0.0.0 2431bce671.20239be1ae.com
0.0.0.0 28b9cfa1ce.a615d4c326.com
0.0.0.0 2933448a31.4e39c772dc.com
0.0.0.0 2fe5885777.b370db8cb7.com
0.0.0.0 30c3199523.4022cfe7d9.com
0.0.0.0 322c318d55.7d9bbf7e5b.com
0.0.0.0 33b9b88162.dc1c6c157e.com
0.0.0.0 3cc3906e85.7f59b515a6.com
0.0.0.0 41c1ffbaa1.24fa533251.com
0.0.0.0 441d65438d.b1f72fc1be.com
0.0.0.0 4dbd367a0f.d4624d2bc2.com
0.0.0.0 5092f667b4.c785e43db1.com
0.0.0.0 5265c011ae.60b8fe6ea3.com
0.0.0.0 54ef83e486.338f4d497f.com
0.0.0.0 6d710ff802.ddc08eb47c.com
0.0.0.0 72c73fef76.55a70c5ade.com
0.0.0.0 7eeb1771b0.86b16730f8.com
0.0.0.0 830b8fe930.864db374c6.com
0.0.0.0 8a4cba9e75.544e649ba3.com
0.0.0.0 8e15d1e530.551327fd36.com
0.0.0.0 91dacd27c8.d2e48d0dce.com
0.0.0.0 9aeded3984.cd239ecf15.com
0.0.0.0 9e0bb4f10a.c59538e98c.com
0.0.0.0 a1039d6267.1506527e41.com
0.0.0.0 a9de68097f.a40c129de3.com
0.0.0.0 aa9271e4a2.4d4ac172b7.com
0.0.0.0 b2903f16ac.c9c2b6b980.com
0.0.0.0 b4f91231ab.ea38b1fdc5.com
0.0.0.0 b79eac9131.12e42de17f.com
0.0.0.0 b94ea798af.ac2e81c7b8.com
0.0.0.0 c3b1aea9b1.b546c8dcd2.com
0.0.0.0 c5b6f5b3b0.856f639e2a.com
0.0.0.0 cb2d4d0a03.ce3fbb6bac.com
0.0.0.0 d9a902a337.593e7fec57.com
0.0.0.0 dd77535fba.3901da0f4a.com
0.0.0.0 e31130cb48.b1e50c8028.com
0.0.0.0 e4c8e13238.bad8b2e252.com
0.0.0.0 e605e5c0f1.12a8861c61.com
0.0.0.0 ec73c518ce.d6740c1a30.com
0.0.0.0 f00961160c.25391ebf69.com
0.0.0.0 fb9c1069a6.9f3f61c6a1.com
0.0.0.0 js.cabnnr.com
0.0.0.0 js.canstrm.com
0.0.0.0 js.capndr.com
0.0.0.0 js.natsdk.com
0.0.0.0 js.wpadmngr.com
0.0.0.0 js.wpshsdk.com
0.0.0.0 js.wpushsdk.com
0.0.0.0 sw.wpush.org
#[cdn44221613.ahacdn.me]
0.0.0.0 0490217d1b.39785fe3f1.com
0.0.0.0 07992b9524.ad1d862ce0.com
0.0.0.0 0f13eb71c8.74adf02407.com
0.0.0.0 11eeb6300b.c7673123bd.com
0.0.0.0 1c714c2b23.840df00e08.com
0.0.0.0 1e6cb6defd.338f4d497f.com
0.0.0.0 21ffc7a7c6.f21c8cd9a7.com
0.0.0.0 2c95056fda.855656c3a0.com
0.0.0.0 30590d9455.1aed915a81.com
0.0.0.0 4ba3b72b0c.713661e535.com
0.0.0.0 53ce09d439.255925943c.com
0.0.0.0 54705174db.8b1f93b707.com
0.0.0.0 55e0337459.92333cc277.com
0.0.0.0 582c054e5d.4022cfe7d9.com
0.0.0.0 5ad970a7c3.86b16730f8.com
0.0.0.0 70fe531675.3eb8f14569.com
0.0.0.0 767528f77a.342c15527e.com
0.0.0.0 7ccbc65df5.a615d4c326.com
0.0.0.0 7cf163435a.ddc08eb47c.com
0.0.0.0 81a3159d81.ba3d1a19fe.com
0.0.0.0 8ea6735569.24fa533251.com
0.0.0.0 9ee76635e7.45d2bbfb2a.com
0.0.0.0 b553ce7e52.c986493e7d.com
0.0.0.0 b581d46c65.6f7e85a9b7.com
0.0.0.0 b99bc0c857.f338113ad0.com
0.0.0.0 c89659e7cc.3a57c13de7.com
0.0.0.0 d0ec86fd23.6ff2f7bf3d.com
0.0.0.0 d1c52479fc.c9c2b6b980.com
0.0.0.0 d4701e7b64.21550edfab.com
0.0.0.0 e73daaeb4f.58c036d100.com
0.0.0.0 f4733d7c73.1d354c1645.com
#[cdn65182383.ahacdn.me]
0.0.0.0 js.jnkstff.com
#[cdn81910013.ahacdn.me]
0.0.0.0 na.nawpush.com

Also, there are 2 domains ntvpforever.com &cds.h5z9g8y6.hwcdn.net I'm tracking them. It's also possible that these CNAMEs only contain ads/trackers

#[ntvpforever.com]
0.0.0.0 0956a1534a.255925943c.com
0.0.0.0 0acbf53d71.711f421280.com
0.0.0.0 0b6ecb7f80.c986493e7d.com
0.0.0.0 5ab3edc5c1.342c15527e.com
0.0.0.0 61254102fd.92333cc277.com
0.0.0.0 68787fa2a4.0439c255ac.com
0.0.0.0 780f961964.b3fb511da0.com
0.0.0.0 7fe465ee76.f21c8cd9a7.com
0.0.0.0 92756fbe9c.3a57c13de7.com
0.0.0.0 c4045fee5e.90cd7fb7ca.com
0.0.0.0 c66ed6bbd0.866e69bc8e.com
0.0.0.0 da2870069a.c9c2b6b980.com
0.0.0.0 e8609911b3.c785e43db1.com
#[cds.h5z9g8y6.hwcdn.net]
0.0.0.0 js.wpnjs.com
0.0.0.0 js.wpnsrv.com
0.0.0.0 js.wpncdn.com

Hello! I'm interested in whether this data set can help Privacy Badger better classify what is and isn't third-party.

Could you point me to where I could learn more about how you collect the data (is it from traffic filtered by AdGuard DNS)? Source code links would be perfect.

I'm also interested in how you detect what is and isn't a tracker (by matching the cloaked domain against known tracker lists?).

How often will this list get updated?

Thank you for publishing this, and thanks so much for any assistance!

Andrey @ameshkov this issue is for information only. I think you'll find this interesting.

I'm developing a variety of helper tools, still to early for prime-time, but this is a preliminary finding from analyzing my hosts repo history.

The data for your list is here has the granularity of my commits, whose frequency has varied over the years.

This bash file is what I used on my repo to get data. This is easily adaptable for your use; feel free. I use Mathematica for the plot, but many other things can produce graphs like this from CSV data.

Issue 2014 in my repo (scroll-scroll-scroll) contains recent graphs of all the sources for my amalgamated lists...

https://urlfilter.adtidy.org/v1/findCloaked?domain=api.clickaine.com&oid=f7dcff40-451d-6b67-9484-9edc43a5492b

"cloaked_trackers": [
        {
            "disguise": "hruk.gumasi.top",
            "tracker": "api.clickaine.com"
        },
        {
            "disguise": "hruk.jjikk.top",
            "tracker": "api.clickaine.com"
        },
        {
            "disguise": "hruk.prikupok.com",
            "tracker": "api.clickaine.com"
        },
        {
            "disguise": "hruk.prikupok.icu",
            "tracker": "api.clickaine.com"
        },
        {
            "disguise": "icn.brandnewapp.pro",
            "tracker": "api.clickaine.com"
        },
        {
            "disguise": "ps1.reallifecam.to",
            "tracker": "api.clickaine.com"
        },
        {
            "disguise": "ps2.camcaps.to",
            "tracker": "api.clickaine.com"
        },
        {
            "disguise": "snow.snowdayonline.xyz",
            "tracker": "api.clickaine.com"
        },
        {
            "disguise": "wp.brandnewapp.pro",
            "tracker": "api.clickaine.com"
        },
        {
            "disguise": "ww1.willalland.info",
            "tracker": "api.clickaine.com"
        },
        {
            "disguise": "www.rtnews.pro",
            "tracker": "api.clickaine.com"
        },
        {
            "disguise": "ad.arabsex1.com",
            "tracker": "api.clickaine.com"
        },
        {
            "disguise": "api.rtnews.pro",
            "tracker": "api.clickaine.com"
        },
        {
            "disguise": "api.willalland.info",
            "tracker": "api.clickaine.com"
        },
        {
            "disguise": "app.rtnews.pro",
            "tracker": "api.clickaine.com"
        },
        {
            "disguise": "app.willalland.info",
            "tracker": "api.clickaine.com"
        },
        {
            "disguise": "c4n.xxx8.me",
            "tracker": "api.clickaine.com"
        },
        {
            "disguise": "ca.infomix.best",
            "tracker": "api.clickaine.com"
        },
        {
            "disguise": "ca.xxxshame.com",
            "tracker": "api.clickaine.com"
        },
        {
            "disguise": "cc.histoires-de-sexe-gratuites.com",
            "tracker": "api.clickaine.com"
        },
        {
            "disguise": "cc.opowiadaniaerotyczne-darmowo.com",
            "tracker": "api.clickaine.com"
        },
        {
            "disguise": "cc.pornorasskazy-intim.com",
            "tracker": "api.clickaine.com"
        },
        {
            "disguise": "cc.relatoseroticos-gratis.com",
            "tracker": "api.clickaine.com"
        },
        {
            "disguise": "cc.sersh.com",
            "tracker": "api.clickaine.com"
        },
        {
            "disguise": "cc.sexgeschichten-klub.com",
            "tracker": "api.clickaine.com"
        },
        {
            "disguise": "cc.sexgeschichten-kostenlos.com",
            "tracker": "api.clickaine.com"
        },
        {
            "disguise": "cc.sexgeschichten-xxx.com",
            "tracker": "api.clickaine.com"
        },
        {
            "disguise": "cc.sex-stories-xxx.com",
            "tracker": "api.clickaine.com"
        },
        {
            "disguise": "cc.sexverhalen-gratis.com",
            "tracker": "api.clickaine.com"
        },
        {
            "disguise": "clkn.apostle.onl",
            "tracker": "api.clickaine.com"
        },
        {
            "disguise": "clknrtrg.pro",
            "tracker": "api.clickaine.com"
        },
        {
            "disguise": "cln.willyporn.com",
            "tracker": "api.clickaine.com"
        },
        {
            "disguise": "cmd.maturexxxporno.net",
            "tracker": "api.clickaine.com"
        },
        {
            "disguise": "cn4.animehdl.net",
            "tracker": "api.clickaine.com"
        },
        {
            "disguise": "faq.brandnewapp.pro",
            "tracker": "api.clickaine.com"
        },
        {
            "disguise": "flare.vtube.to",
            "tracker": "api.clickaine.com"
        }
    ]

Currently, we have an issue with a couple of services that use CNAME not just for trackers, but for hosting microsites.

When a CNAME points to a tracking domain, blocking it does not cause any issues with the user experience since they just don't see that the blocking occurs. When a CNAME points to a microsite or a landing page, blocking the whole domain will actually prevent the user from visiting the website and this is often an undesirable behavior. At the same time, we still need to know that the microsite/LP points to a third-party so that we could apply additional limitations to these websites (disable cookies, for instance).

There's also a third category, clickthrough domains (i.e. they're used for redirecting user to a target domain). Blocking them completely also hurts the user experience so we should consider having another category for them.

Examples:

1. Eloqua - hs.eloqua.com is for microsites, t.eloqua.com
2. Branch.io - clickthrough domain

We should split the lists into "microsites", "clickthrough" and "trackers".

This list is very useful; many thanks!

It would be even more useful if it were in RPZ format. This (horrible) awk hack does exactly that:

awk '{ if ($0 !~ /^#/) print $0 " CNAME ." ; else { sub(/#/, ";"); print $0 }}' combined_disguised_trackers_justdomains.txt

Please consider providing an RPZ version of this list in addition to the AdBlock formatted version.

https://cstm.gumtree.com/coohq3h48teadx93.js?k41nwr92na00jrtm=njrya493&63e111mxh08e476m=bbc040ba-9011-4bc4-9513-7691502012bf&mqthc9cxgm6mawij=1 (=> h-gumtree.online-metrix.net) on my.gumtree.com

online-metrix.net is well-known fingerprint-for-fraud-prevention service. IIRC blocking their fingerprint very occasionaly causes trouble, but is mostly fine.

https://www.infonline. de/en/

uses various subdomains of iocnt.net for user data measurement.

Samples include

data-f1e447fbcf.   ingame.de -> ippenmed-relay.  iocnt. net -> relay-client-c08.iocnt.net
data-62650cd9a5.   golem.de -> golem-relay.i ocnt.net -> relay-client-c01.iocnt.net

  aus24-relay . iocnt .net
  mobgiga-relay .io cnt. net
  mobsued-relay.i ocnt .net
  ran-relay .iocnt. net
  wallston -relay .iocnt. net

Second Layer Cnames:

relay-client-c08 iocnt net
relay-client-c07 iocnt net
relay-client-c06 iocnt net
relay-client-c05 iocnt net
relay-client-c04 iocnt net
relay-client-c03 iocnt net
relay-client-c02 iocnt net
relay-client-c01 iocnt net

other domains where this service is used

data-17c7ec5f16 giga de
data-1abffd7711 wetteronline de
data-62650cd9a5 golem de
data-6590696975 wunderweib de
data-7462ea72ec augsburger-allgemeine de
data-af9f3dfb33 zeit de
data-c53e1346fa gamestar de
data-d5c733accc infonline de
data-f1e447fbcf ingame de
data-fb7f8b3ae8 heise de
data-fdbbf15b66 finanzen net

Please remove catholic.com from the blacklist

URL: (NSFW) www.liveme.com
https://sc.liveme.com/tags.js (=> h-liveme.online-metrix.net)

account.skrill.com
cdn1.skrill.com (=> h-skrill.online-metrix.net)

online-metrix.net is used by LexisNexis Risk Solutions (formerly ThreatMetrix), so-called anti-fraud, using fingerprinting.

👋 Hello Andrey @ameshkov and Slava @slavaleleka.

I am considering adding cname-trackers to my amalgamated hosts file at https://github.com/StevenBlack/hosts.

Discussion here.

This would go in the base list, which is included in all the optional variants we produce — for porn, social media, gambling, fake news, and combinations of those.

I see your license permits this derivative use, but I always ask first.

Good?

Thank you!

Hi,

you can find more cloacked CNAME trackers in the attached file. I hope it will be useful🤗

Please, take a look! This tracker list will be also included to AdGuard DNS filter?🤔

Thank you.
Cheers✌🏻

Hi,
Please, remove from your list info.specopssoft.com - this is a legitimate subdomain of specopssoft.com, which is not included in your list.

Found on top4football.com
https://affil.top4football.com/t3.js (=> cz.affilbox.cz)
affilbox.cz is blocked by both EP and AGTPF: https://www.affilbox.cz/ (apparently Czech affiliate provider)

Why is the domain www.amazonbusiness.com blocked? It seems to be legit.

Found on www.ancestry.com: https://refer.ancestry.com/core.js (=> ancestrydna.extole.com)
Refer-a-friend marketing so not pure tracker tho: https://www.extole.com/.

Found on jinjibu.jp​: https://send.mad-infeed.jp/seg.js => send-mad-infeed-jp.logly.co.jp
https://corp.logly.co.jp/: provides native-ad platform etc. But logly generally is not necessarily pure ad server/tracker, they provides recommendation service as well.

Found on https://www.fcbarcelona.jp/ja/
adtarget.fcbarcelona.jp (=> mboxedge32-alb.tt.omtrdc.net)

Tracedock domains found for: https://github.com/AdguardTeam/cname-trackers/blob/master/trackers/tracedock.txt

host10.carl-ras.dk
alpha.tracedock.com
apollo.plein.nl
beta.simpel.nl
dtch.brunel.nl
exc.ns.nl
host10.ncoi.nl
host11.polaroid.com
host12.rvshare.com
r.kleertjes.com
s3.smartphonehoesjes.nl
sta.tracedock.com
style.onvz.nl
tdapi.wickey.nl
tdep.hema.nl
tdep.kvk.nl
tdk.petsplace.nl
two.tracedock.com

I tried the available script but unfortunately I'm not familiar enough with CNAME records. The domains does won't return the trackers in my experience. Hopefully you can look into it!

  ✔ Successfully fetched trackers for domain: ec2-18-157-120-20.eu-central-1.compute.amazonaws.com
  ✔ Successfully fetched trackers for domain: ec2-18-159-204-220.eu-central-1.compute.amazonaws.com
  ✔ Successfully fetched trackers for domain: ec2-18-157-120-20.eu-central-1.compute.amazonaws.com
  ✔ Successfully fetched trackers for domain: ec2-18-157-133-231.eu-central-1.compute.amazonaws.com
  ✔ Successfully fetched trackers for domain: ec2-18-159-120-134.eu-central-1.compute.amazonaws.com
  ✔ TraceDock data successfully merged and stashed

Ref: easylist/easylist#9579

Hi, seems like there may be a false positive for sol.sfc.keio.ac.jp. It's being flagged as CNAME cloaking for Adobe Experience Cloud according to:

However, the site is a set of A/AAAA records that both resolve to IP addresses. (The site itself is a learning management system in use at my university hosted on Canvas LMS, which as far as I know doesn't use any internal tracking either).

There is 656 entries of randomly generated subdomains for this given domain, instead of trying to identify each sub-domain, we should block the whole domain.