Hello! Thank you for opening your first issue in this repo. It’s people like you who make these host files better!

Oh, and just found 4 more domains:

contehos.com
deloplen.com
ofphanpytor.com
rotumal.com

All domains having these IP addresses:

81.171.10.215
81.171.10.216

Oh, and just found 4 more domains:

contehos.com
deloplen.com
ofphanpytor.com
rotumal.com

All domains having these IP addresses:

81.171.10.215
81.171.10.216

All four of those domains are well known already.

contehos.com
ofphanpytor.com

are not in this list yet.

@llacb47 It might take a while to process them. Took me a good 7 hours to reverse it all manually.

@mrjackyliang no point to block all those PropellerAds domains as they heave very short lifespan and new once are generated in an instant,usually by script.
It will be helpful if you provide link to the website where all those occur so we can try to find the domain that triggers the script.

@dnmTX It's an inline script. There are also popups on these sites that cannot be blocked with hosts files. See here:

https://vidcloud9.com/videos/seven-samurai-hd-720p
https://vidlox.me/8mi9hir2zje2
https://movcloud.net/embed/wz-zlx3UdZq3
https://sendit.cloud/drax8sox3fv0

@dnmTX The problem is that they don't call through a proxy script. The domain is linked directly on to the source.

Viewing the source in Google Chrome:

view-source:https://viralstrangers.com/

You can see that it links directly to the IP addresses mentioned above:

<script src="//news.viralstrangers.com/notice.php?p=1564015&interstitial=1"></script>

When you Google "notice.php?p=" (with quotes) can reel in many of the domains shown as somewhat ad/malware/tracking type domains.

@mrjackyliang for inline scripts only using adblocker will help(the sad truth apparently).
Another thing i've noticed is that Chrome/Chromium are more vulnerable to those kind of scripts as they're being targeted.
The solution is to change your User Agent to Mozilla but this might break other websites to open properly.
See when blocking those domains is it gonna make any difference:
viralstrangers.com:
0.0.0.0 gloumsee.net
0.0.0.0 kagrooxa.net

sendit.cloud
0.0.0.0 louchees.net
0.0.0.0 voapozol.com

@dnmTX They aren't inline scripts. The domains being called are attached to the page itself and not called through a script which is what I meant.

Other than louchees.net, I found more information through SecurityTrails. Although, they don't seem like anything with ads or trackers as some of the websites are white-labeled blogs (possibly one of PA's tricks):
188.42.224.102
139.45.196.142
139.45.196.206
139.45.197.81
185.120.144.202
139.45.197.91
139.45.197.110 (sendit.cloud)

I also see mobisla.com being blocked through this list, but when I queried the domain, it doesn't even have an A record.

They aren't inline scripts.

What I meant was that the PropellerAds domains are loaded by obfuscated inline scripts on the websites in my comment.

They all share an mx record too. https://securitytrails.com/list/mx/relay.bestofpost.com

@llacb47 I only see these scripts linking to another domain using script tags. Going to check out the links you posted earlier.

And yeah, most of the domains all share the same MX record. Some of the subdomains don't have MX records. It's third-party btw, but the domains share the same characteristics as I mentioned above.

@llacb47 I get what you mean now with the scripts being loaded inline. The inline loading of scripts varies. Some don't, some do. The list I mentioned above caught pretty much all of it, but I'm going to continue to dig further.

@dnmTX I got confused last night when you tagged me while answering @llacb47's response with the inline tag. Probably I was just tired.

The 418 domains would yiely 376 additions given the 46-domain intersection.

$ ./ghosts -unique -c https://github.com/StevenBlack/hosts/files/4969793/propellerads.domains.txt
----------------------------------------
Base hosts file summary:
----------------------------------------
Location: https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
Domains: 57,660
Bytes: 1.8 MB
----------------------------------------
----------------------------------------
Compared hosts file summary:
----------------------------------------
Location: https://github.com/StevenBlack/hosts/files/4969793/propellerads.domains.txt
Domains: 418
Bytes: 6.4 kB
----------------------------------------
Intersection: 46 domains

unique in comparison list: 

[abbronzongor.com abburmyer.com abclefabletor.com abgligarchan.com abluvdiscr.com abskursin.com abyamaskor.com acelacien.com adsemirate.com adstarget.net agacelebir.com agavanilliteom.com ajevigie.com albronzoran.com alcroconawa.com algoodrar.com alovirs.com alspearowa.com amarceusan.com amexcadrillon.com amgardevoirtor.com ammankeyan.com amoddishor.com arrlnk.com arwartortleer.com astespurra.com astoecia.com atgenesecton.com auksizox.com bainushe.com baylnk.com bebreloomr.com bechatotan.com becuboneor.com bedrapiona.com beheatmorchan.com behoppipan.com bejolteonor.com beklefkiom.com belombrea.com beludicolor.com beonixom.com beseedotor.com betalonflamechan.com betimbur.com betotodileon.com billionstarads.com blacurlik.com blatwalm.com bludwan.com bokeden.com bouncebidder.com buylnk.com bycelebian.com byfoongusor.com byyanmaor.com cairalei.com clickurlik.com clofferap.com consoupow.com conumal.com dagnar.com darvorn.com dawmal.com delmarviato.com desabrator.com doflygonan.com dogolurkr.com done.witchcraftcash.com ederrassi.com efindertop.com eikegolehem.com ellcurvth.com eoweridus.com exodsp.com eyenider.com faestara.com fapmeth.com fbofferads.com fijekone.com firelnk.com fmstigat.online fmstitial.xyz forlumineontor.com fortaillowon.com frolnk.com frstlead.com gianwho.com gigabitadex.com gillynn.com go.ad1rtb.com go.chainwalladsery.com go.chainwalladsy.com go.compazenad.com go.costaquire.com go.deliverymod.com go.dfpnative.com go.dfpstitial.com go.dfpstitialtag.com go.domccktop.com go.doubleonclick.com go.flymob.com go.goingtopunder.com go.intnative.com go.mhadsd.com go.mhadst.com go.mobdel.com go.mobdel2.com go.mobidevdom.com go.mobidevmod.com go.mobiflyc.com go.mobiflyd.com go.mobiflyn.com go.mobiflys.com go.mobiprotg.com go.nvane.com go.onclickserver.com go.overthetopexad.com go.padsdel2.com go.plex4rtb.com go.rtb1bid.com go.setopsdata.com go.tadadamads.com go.tadamads.com go.tamdamads.com go.throughdfp.com go.tpbdir.com graizoah.com growebads.com higheurest.com hitlnk.com horeport.com imwinnerkur.com inabsolor.com indegroeh.com influencer2020.com inkornesto.com inservinea.com inspikon.com interdfp.com intersads.com itnuzleafan.com itpatratr.com itroggenrolaa.com ittorchicer.com itzekromom.com kantiwl.com kastafor.com kelopronto.com kenomal.com keraclya.com kerumal.com keyrolan.com kobeden.com koindut.com lahemal.com legerikath.com literpeore.com lndonclkds.com lnkfast.com lorageiros.com loralana.com louchees.net lowgraveleron.com lowtyroguer.com luxlnk.com maxprofitcontrol.com maylnk.com meagplin.com mekstolande.com mestreqa.com miamribud.com moakaumo.com mobiledevel.com my.audmrk.com mygpuid.com mygtmn.com myimagetracking.com naewynn.com nerdolac.com netpatas.com netstam.com newprofitcontrol.com news.ahaha.space news.bestloans.tips news.bigsport.today news.blooks.info news.businessenviron.com news.chargenews.com news.countriesnews.com news.cryptoapexes.com news.cryptolabpro.com news.currencyoffuture.com news.delight.news news.entertainmentflow.com news.fitthings.info news.funcats.info news.funnysack.com news.getfirst.news news.getnewsfirst.com news.gossipcase.com news.herdailylife.com news.joindetox.info news.kinopovod.tv news.mealplanningideas.com news.news-hi.tech news.sciencepoints.com news.show-review.com news.shownews.tv news.sportevents.news news.topbiz.news news.viralstrangers.com news.worldbusiness.life news.worldsportlife.com notcotal.com noucoush.net nozzorli.com ocardoniel.com ofdittor.com ofseedotom.com olatumal.com omanala.com omareeper.com omasatra.com omchanseyr.com omchimcharchan.com omclacrv.com onaugan.com onclarck.com onclklnd.com ondeerlingan.com onelivetra.com onemboaran.com onepstr.com onesocailse.com onshowit.com onsolrockon.com onvictinitor.com onwasrv.com opgolan.com osskanger.com otrwaram.com oufauthy.net ouftuthy.net outseylor.com outtimburrtor.com outyanmegaom.com overkirliaan.com overmewer.com overzoruaon.com parumal.com pasaltair.com pazzfun.com pipeschannels.com postlnk.com preonesetro.com propeller-tracking.com propvideo.net prutosom.com psizouns.com ptewarin.net pu5hk1n2020.com pub.trads.io putbid.net qarewien.com qinvaris.com quintag.com ravalamin.com ravaquinal.com ravaynore.com raylnk.com reagend.com realpopbid.com reelnk.com reenakun.com reluraun.com rhendam.com rmndme.com rndenteir.com rodirgix.com roduster.com roinduk.com roubergmiteom.com rowlnk.com savefromad.net saylnk.com seezfull.com serconmp.com shestrozo.com shorteh.com sinwebads.com slietap.com sonumal.com sorucall.com staygg.com stoaphalti.com storylnk.com streamtoclick.com stremanp.com superadbid.com takelnk.com teleproff.com teleprop.com testsite34.com timecrom.com togenron.com togranbulla.com toninjaska.com top.blooks.info top.breakingfeedz.com top.celebsreflect.com top.comicplanet.net top.cryptolabpro.com top.fitthings.info top.funcats.info top.herdailylife.com top.joindetox.info top.kinopovod.tv top.mealplanningideas.com top.viralstrangers.com topadbid.com tosuicunea.com totogetica.com trackurlik.com trafficportsrv.com trecurlik.com trisxisys.com trokemar.com udookrou.com ulathana.com unelekidan.com unreshiramor.com unrotomon.com up.piloteraser.com up.stickertable.com upgastlyr.com urechar.com urmavite.com uselnk.com vaebard.com valpeiros.com venkrana.com viatepigan.com viewlnk.com virleth.com volatintptr.com vuftouks.com vugnubier.com wilslide.com winnerkur.com wolqundera.com wopsedoaltuwipp.com wopsedoaltuwo.com wowhugoo.com wowlnk.com ww2.ceesty.com ww2.clkmein.com ww2.corneey.com ww2.cryptolabpro.com ww2.destyy.com ww2.swatchseries.to ww2.viid.me ww2.vuedsply.com www.imwinnerkur.com www.rtbpopd.com yaarlnk.com yacurlik.com yealnk.com yinhana.com yllanorin.com yonomastara.com yoyadsdom.com]

@StevenBlack Give me until the end of the day before adding. I have more coming. Will be posting the rest up.

Looking at the intersection,

intersection: [1phads.com abdurantom.com ad.propellerads.com adaranth.com adsvids.com agisdayra.com ascraftan.com bestadbid.com bodelen.com cobalten.com constintptr.com dolohen.com gid.wonderlandads.com go.ad1data.com go.ad2up.com go.ad2upapp.com go.data1rtb.com go.deliverymodo.com go.mobisla.com go.mobstitial.com go.mobstitialtag.com go.mobtrks.com go.oclaserver.com go.oclasrv.com go.onclasrv.com go.padsdel.com go.padstm.com go.pub2srv.com go.spaceshipads.com kurlichan.com mobpushup.com mt.rtmark.net my.rtmark.net newstarads.com onclkds.com prestoris.com redonetype.com rtbpop.com rtbpopd.com rtrgt2.com tharbadir.com vamsoupowoa.com vexacion.com wonderlandads.com ww2.sponsorflyr.com yarlnk.com]

... then AdAway, tiuxo,, and SomeoneWhoCares seem to have a fair share of those.

Asking @jaws101, @tiuxo, are you folks interested in adding these to your source?

Personally, I don't know how helpful an addition this would be. Propellerads has so many domains and undoubtely they are registering more all the time. (similar to Popads) If this list tried to add every domain registered and used by Propellerads and Popads it would be adding new domains all the time. Plus the domains rotate all the time.

Adding these domains would only make sense IMO if someone ran an automated job to get the newest domains and make a PR every week or something, similar to https://github.com/ameshkov/circumvention-monitor.

If you are going to a website that uses these shady networks, the best thing to do is use uBlock Origin, which can abort the inline scripts causing the network requests. A hosts file alone will not protect you.

Yeah, it makes sense. By adding these domains to the list, it would probably make a big mess. I might just create a separate list to block it, same with Admiral.

I'm just focused on blocking these domains in the hosts file only because I don't want to use any ad-blocking software.

That's a good take LE @llacb47.

For interest's sake, the TLD breakdown of the 418 domains. Seems a bit weird. Some of these, like .io, are relatively expensive. It's weird in the sense that, if I was registering many domains for this purpose, why would it have a spectrum such as this?

$ ./ghosts -tld -m https://github.com/StevenBlack/hosts/files/4969793/propellerads.domains.txt
----------------------------------------
Base hosts file summary:
----------------------------------------
Location: https://github.com/StevenBlack/hosts/files/4969793/propellerads.domains.txt
Domains: 418
Bytes: 6.4 kB
TLD tally:
   com: 381
   net: 12
   info: 8
   news: 4
   tv: 3
   life: 1
   tips: 1
   io: 1
   online: 1
   xyz: 1
   space: 1
   today: 1
   tech: 1
   to: 1
   me: 1
----------------------------------------

Well Jacky @mrjackyliang, hosts file are, already, a big mess anyway 😄

@StevenBlack The .io domain doesn't seem to be registered by PropellerAds. It's the subdomain pub.trads.io that's being blocked, because the A records point to an IP Address PropellerAds use.

And yeah, no doubt😅

Work is done. I tested it against the domains listed above and they seem to have caught all of it.

@StevenBlack And nice work on the .ghosts command-line tool! It's a nice utility to play around with.

3,604 Domains
382 IP Addresses

File download

propellerads.ip.txt
propellerads.domains.txt

3,606 domains, only 78 intersecting with what we have already. Highly improbable.

See on one hand we have really good people dedicated to watching and curating, and on the other hand, here's 3,604 domains, of which 3,526 would ne new, escaping everybody's notice. Just 2.1% overlap. I would expect 40 to 80% overlap.

This is just my gut-feeling, mind you. It just seems off.

$ ./ghosts -clip
----------------------------------------
Base hosts file summary:
----------------------------------------
Location: https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
Domains: 57,660
Bytes: 1.8 MB
----------------------------------------
----------------------------------------
Compared hosts from clipboard summary:
----------------------------------------
Location: clipboard
Domains: 3,596
Bytes: 61 kB
----------------------------------------
Intersection: 78 domains

I checked on some of the domains while I was adding them to the list. Those that seem to be a website/blog are a ploy. Especially websites like sciencepoints.com and apptechnewz.com (there are many more), which does look legitimate and then have an about page like this:

We are a small group of people with a passion to write. Our team consists of professional writers from all over the world, with a nose for good stories. To protect our journalistic integrity, we strive to keep all of our articles as neutral as possible by following the ethics and standards of international journalism. While we do understand that not everyone will agree with our articles, and conflicts of interests may occur, we do our very best to stick with factual reporting. We do not favor any political parties, countries, races, colour, ethnicity, national origin, religion, sexual orientation nor gender.

As far as I know, they're not actual websites that people would really go on, but might as well cover the bases in the meantime.

I came up with a small list of domains relating to Propeller Ads (based on the links and domains mentioned above). It's still good to keep the rest of the domains here just in case someone might want to reference it.

ascraftan.com
caglaikr.net
foowafoa.com
gloumsee.net
graizoah.com
greemeek.net
inpagepush.com
inspikon.com
kagrooxa.net
louchees.net
my.rtmark.net
ofhappinyer.com
omareeper.com
opsoomet.net
propeller-tracking.com
ptoushoa.com
pub.trads.io
pushsar.com
riluaneth.com
rtmark.net
seeptauw.net
totogetica.com
vashoaft.net
voapozol.com
vpicmou.net
whusebsu.com
www.onclkds.com