ZeroHedge.com seems to have put up some new ads that really slow page loading down and make scrolling jerky.
Adding this regex to the blacklist is stopping them today but looking at the domain name this may turn into a game of Whack-A-Mole if they have a pile of throw-away domains to play with in addition to the multiple sub-domains they are using now. I saw about 15 variants on the 1nthp4i. sub but all with the fxdqgxfynma.com base
https://1nthp4i.fxdqgxfynma.com
(^|.)fxdqgxfynma.com$
Anyone have a better idea for blocking this kind of thing?
jfb
January 5, 2019, 1:54am
2
I'm not seeing ads or this behavior.
DNSThingy shows the following domains loaded when opening that site:
zerohedge.com
www.zerohedge.com
abd.investingchannel.com
www.googletagmanager.com
maxcdn.bootstrapcdn.com
imasdk.googleapis.com
ads.investingchannel.com
pagead2.googlesyndication.com
ajax.googleapis.com
Here is what I see on the page:
If I remove the blacklist and turn off my browser blocking I get a page full of ads and a page exit pop-up.
I don't have DNS Thingie, any other tool available that doesn't require a subscription?
jfb
January 5, 2019, 2:53pm
4
DNSThingy is a Chrome browser extension. No subscription that I am aware of.
I keep a clean copy of Chrome available just for testing items such as this. I have uBlock available on it, but disabled.
I ran this again and I'm not seeing any of the fynma domains being requested, either in DNSThingy or showing in the tail of the Pi-Hole log.
Perhaps this is location based, subscription based? Weird.
I had the same issue and had success by blocking ads.investingchannel.com and a regex entry for fxdqgxfynma.com .
jfb
January 5, 2019, 4:32pm
6
I tried this again using Chromium browser on the Pi (so the requests would be isolated to localhost in the logs, and easier to separate from other traffic on my Mac that uses that Pi-Hole). Same results.
I'm not seeing any requests for fynma.com or any subdomains of that. DNSThingy output below after going to several of the links on the page. I do have blocks for a few gvt1.com domains that were driven by regex, perhaps that is the difference.
zerohedge.com
www.zerohedge.com
cdn.jsdelivr.net
abd.investingchannel.com
imasdk.googleapis.com
ads.investingchannel.com
static.doubleclick.net
pagead2.googlesyndication.com
www.reddit.com
trends.revcontent.com
redirector.gvt1.com
68.106.66.195
ajax.googleapis.com
From the pihole-FTL.log (with REGEX debugging enabled):
[2019-01-05 10:20:37.280] DEBUG: Regex in line 4 "^(.+[-_.])??ad[sxv]?[0-9]*[-_.]" matches "ads.investingchannel.com"
[2019-01-05 10:24:03.053] DEBUG: Regex in line 2 "(^r[[:digit:]]+(\-+|\.+)[a-z]+\-+[[:alnum:]]+\-+[[:alnum:]]+\.)(googlevideo|gvt1)\.com$" matches "r1---sn-bvvbax-hjpe.gvt1.com"
Ah! more than one DNS Thingie, one I found was: https://www.dnsthingy.com/get-dnsthingy that installs on a router. Off to the Chrome extensions to see if I can find the one you use.
It could be location based, also because it is new or new to me as I had no issues there earlier in the week a phased roll-out. Hopefully they will work on it as it makes the site about unusable as things load and move about and the browser stalls and jerks.
jfb
January 5, 2019, 4:44pm
8
They may tie this to cookies. Worth a deletion of all their cookies and downloaded content.
Found DNSThingie Assistant, only one .fxdqgxfynma.com there this morning. Tagged -----
* ml314.com
* tps11024.doubleverify.com
* tps11011.doubleverify.com
* beacon-nf.rubiconproject.com
* px.moatads.com
* t.lkqd.net
* events.bouncex.net
* tps11017.doubleverify.com
* www.zerohedge.com
* tps11032.doubleverify.com
* pagead2.googlesyndication.com
* abd.investingchannel.com
* maxcdn.bootstrapcdn.com
* imasdk.googleapis.com
* ads.investingchannel.com
* secure.statcounter.com
* www.googletagservices.com
* dggaenaawxe8z.cloudfront.net
* js-sec.indexww.com
* www.google-analytics.com
* certify.alexametrics.com
* c.statcounter.com
* rules.quantcount.com
* securepubads.g.doubleclick.net
* s3.amazonaws.com
* ecdn.firstimpression.io
* pixel.adsafeprotected.com
* ad.wsod.com
* gads.pubmatic.com
* as-sec.casalemedia.com
* c.deployads.com
* ib.adnxs.com
* fastlane.rubiconproject.com
* pixel.quantserve.com
* sb.scorecardresearch.com
* us-u.openx.net
* in.ml314.com
* bidder.criteo.com
* sync.1rx.io
* px.owneriq.net
* 195aid0.fxdqgxfynma.com
* load77.exelator.com
* tpc.googlesyndication.com
* googleads.g.doubleclick.net
* stags.bluekai.com
* ib.3lift.com
* cdn.doubleverify.com
* assets.bounceexchange.com
* openx2-match.dotomi.com
* www.google.com
* tags.bluekai.com
* cm.g.doubleclick.net
* googleads4.g.doubleclick.net
* pixel.advertising.com
* image6.pubmatic.com
* api.bounceexchange.com
* cdn.firstimpression.io
* tlx.3lift.com
* ad.doubleclick.net
* a1798.casalemedia.com
* tps70.doubleverify.com
* ad.360yield.com
* cdn3.doubleverify.com
* stas.outbrain.com
* match.adsrvr.org
* s0.2mdn.net
* dsum-sec.casalemedia.com
* dsum.casalemedia.com
* dt.adsafeprotected.com
* ad.atdmt.com
* www.dianomi.com
* static.criteo.net
* data.dianomi.com
* trends.revcontent.com
* encrypted-tbn1.gstatic.com
* fonts.gstatic.com
* ads.pubmatic.com
* x.bidswitch.net
* acuityplatform.com
* labs.powr.com
* tps11036.doubleverify.com
* s.thebrighttag.com
* tracking.m6r.eu
* pixel.rubiconproject.com
* d.turn.com
* a.tribalfusion.com
* b1sync.zemanta.com
* tps11002.doubleverify.com
* media.powr.com
* tt3.zedo.com
* tps11016.doubleverify.com
* tps11029.doubleverify.com
* tps11022.doubleverify.com
* eb2.3lift.com
* sync.nationalmediaconnection.com
* tps11003.doubleverify.com
* tps11031.doubleverify.com
* tps11018.doubleverify.com
* tps11027.doubleverify.com
* tps.doubleverify.com
* ml314.com
* tps11024.doubleverify.com
* tps11011.doubleverify.com
* beacon-nf.rubiconproject.com
* px.moatads.com
* t.lkqd.net
* events.bouncex.net
* tps11017.doubleverify.com
* www.zerohedge.com
* tps11032.doubleverify.com
* pagead2.googlesyndication.com
* abd.investingchannel.com
* maxcdn.bootstrapcdn.com
* imasdk.googleapis.com
* ads.investingchannel.com
* secure.statcounter.com
* www.googletagservices.com
* dggaenaawxe8z.cloudfront.net
* js-sec.indexww.com
* www.google-analytics.com
* certify.alexametrics.com
* c.statcounter.com
* rules.quantcount.com
* securepubads.g.doubleclick.net
* s3.amazonaws.com
* ecdn.firstimpression.io
* pixel.adsafeprotected.com
* ad.wsod.com
* gads.pubmatic.com
* as-sec.casalemedia.com
* c.deployads.com
* ib.adnxs.com
* fastlane.rubiconproject.com
* pixel.quantserve.com
* sb.scorecardresearch.com
* us-u.openx.net
* in.ml314.com
* bidder.criteo.com
* sync.1rx.io
* px.owneriq.net
* 195aid0.fxdqgxfynma.com --------------------
* load77.exelator.com
* tpc.googlesyndication.com
* googleads.g.doubleclick.net
* stags.bluekai.com
* ib.3lift.com
* cdn.doubleverify.com
* assets.bounceexchange.com
* openx2-match.dotomi.com
* www.google.com
* tags.bluekai.com
* cm.g.doubleclick.net
* googleads4.g.doubleclick.net
* pixel.advertising.com
* image6.pubmatic.com
* api.bounceexchange.com
* cdn.firstimpression.io
* tlx.3lift.com
* ad.doubleclick.net
* a1798.casalemedia.com
* tps70.doubleverify.com
* ad.360yield.com
* cdn3.doubleverify.com
* stas.outbrain.com
* match.adsrvr.org
* s0.2mdn.net
* dsum-sec.casalemedia.com
* dsum.casalemedia.com
* dt.adsafeprotected.com
* ad.atdmt.com
* www.dianomi.com
* static.criteo.net
* data.dianomi.com
* trends.revcontent.com
* encrypted-tbn1.gstatic.com
* fonts.gstatic.com
* ads.pubmatic.com
* x.bidswitch.net
* acuityplatform.com
* labs.powr.com
* tps11036.doubleverify.com
* s.thebrighttag.com
* tracking.m6r.eu
* pixel.rubiconproject.com
* d.turn.com
* a.tribalfusion.com
* b1sync.zemanta.com
* tps11002.doubleverify.com
* media.powr.com
* tt3.zedo.com
* tps11016.doubleverify.com
* tps11029.doubleverify.com
* tps11022.doubleverify.com
* eb2.3lift.com
* sync.nationalmediaconnection.com
* tps11003.doubleverify.com
* tps11031.doubleverify.com
* tps11018.doubleverify.com
* tps11027.doubleverify.com
* tps.doubleverify.com
