Modify

Opened 12 months ago

Closed 5 weeks ago

Last modified 5 weeks ago

#89 closed FalseNegative (fixed)

device-api.urbanairship.com

Reported by: anonymous Owned by:
Priority: major Milestone:
Component: RPZ Version: 0.1
Severity: savir Keywords: trackers
Cc:

Description

device-api.urbanairship.com is owned by Akamai Technologies.

API and official site tell alot like:

Measure, analyze and predict customer behavior.

Attachments (0)

Change History (3)

comment:1 by AnonymousPoster, 5 weeks ago

Milestone: Release Candidate 1
Resolution: fixed
Severity: mildsavir
Status: newclosed

This domain now redirects to airship.com which means there should be no trouble blocking these cyber criminals at wild-card level.

Previously RPZ history also ads a lot of distrust within this domain.

boca.urbanairship.com.rpz.mypdns.cloud
remote-data.urbanairship.com.rpz.mypdns.cloud
sgc.urbanairship.com.rpz.mypdns.cloud
sfmc.urbanairship.com.rpz.mypdns.cloud
boxoffice.urbanairship.com.rpz.mypdns.cloud
combine.urbanairship.com.rpz.mypdns.cloud
proserve.urbanairship.com.rpz.mypdns.cloud
analyze.urbanairship.com.rpz.mypdns.cloud
sfmc-stag.urbanairship.com.rpz.mypdns.cloud
proserve-stag.urbanairship.com.rpz.mypdns.cloud
connect-testing.urbanairship.com.rpz.mypdns.cloud
blog.urbanairship.com.rpz.mypdns.cloud
reach.urbanairship.com.rpz.mypdns.cloud
research.urbanairship.com.rpz.mypdns.cloud
web-ci.urbanairship.com.rpz.mypdns.cloud
api.urbanairship.com.rpz.mypdns.cloud
cac-api.urbanairship.com.rpz.mypdns.cloud
device-api.urbanairship.com.rpz.mypdns.cloud
reach-api.urbanairship.com.rpz.mypdns.cloud
staging-reach-api.urbanairship.com.rpz.mypdns.cloud
web-push-api.urbanairship.com.rpz.mypdns.cloud
wallet-api.urbanairship.com.rpz.mypdns.cloud
web-sdk.urbanairship.com.rpz.mypdns.cloud
dl.urbanairship.com.rpz.mypdns.cloud
c00030-dl.urbanairship.com.rpz.mypdns.cloud
c00040-dl.urbanairship.com.rpz.mypdns.cloud
c00050-dl.urbanairship.com.rpz.mypdns.cloud
c00101-dl.urbanairship.com.rpz.mypdns.cloud
c00011-dl.urbanairship.com.rpz.mypdns.cloud
c00131-dl.urbanairship.com.rpz.mypdns.cloud
c00061-dl.urbanairship.com.rpz.mypdns.cloud
c00112-dl.urbanairship.com.rpz.mypdns.cloud
c00132-dl.urbanairship.com.rpz.mypdns.cloud
c00062-dl.urbanairship.com.rpz.mypdns.cloud
c00003-dl.urbanairship.com.rpz.mypdns.cloud
c00103-dl.urbanairship.com.rpz.mypdns.cloud
c00013-dl.urbanairship.com.rpz.mypdns.cloud
c00033-dl.urbanairship.com.rpz.mypdns.cloud
c00094-dl.urbanairship.com.rpz.mypdns.cloud
c00025-dl.urbanairship.com.rpz.mypdns.cloud
c00075-dl.urbanairship.com.rpz.mypdns.cloud
c00006-dl.urbanairship.com.rpz.mypdns.cloud
c00036-dl.urbanairship.com.rpz.mypdns.cloud
c00086-dl.urbanairship.com.rpz.mypdns.cloud
c00107-dl.urbanairship.com.rpz.mypdns.cloud
c00047-dl.urbanairship.com.rpz.mypdns.cloud
c00008-dl.urbanairship.com.rpz.mypdns.cloud
c00058-dl.urbanairship.com.rpz.mypdns.cloud
c00068-dl.urbanairship.com.rpz.mypdns.cloud
c00098-dl.urbanairship.com.rpz.mypdns.cloud
c00029-dl.urbanairship.com.rpz.mypdns.cloud
c00049-dl.urbanairship.com.rpz.mypdns.cloud
sbux-dl.urbanairship.com.rpz.mypdns.cloud
em.urbanairship.com.rpz.mypdns.cloud
forum.urbanairship.com.rpz.mypdns.cloud
dl-origin.urbanairship.com.rpz.mypdns.cloud
docs-origin.urbanairship.com.rpz.mypdns.cloud
go.urbanairship.com.rpz.mypdns.cloud
voxhq.urbanairship.com.rpz.mypdns.cloud
docs.urbanairship.com.rpz.mypdns.cloud
userdocs.urbanairship.com.rpz.mypdns.cloud
glados.urbanairship.com.rpz.mypdns.cloud
webinars.urbanairship.com.rpz.mypdns.cloud
events.urbanairship.com.rpz.mypdns.cloud
status.urbanairship.com.rpz.mypdns.cloud
chat.urbanairship.com.rpz.mypdns.cloud
connect.urbanairship.com.rpz.mypdns.cloud
protect.urbanairship.com.rpz.mypdns.cloud
get.urbanairship.com.rpz.mypdns.cloud
wallet.urbanairship.com.rpz.mypdns.cloud
visit.urbanairship.com.rpz.mypdns.cloud
sfmc-dev.urbanairship.com.rpz.mypdns.cloud
grow.urbanairship.com.rpz.mypdns.cloud
www.urbanairship.com.rpz.mypdns.cloud
vox.urbanairship.com.rpz.mypdns.cloud
tofurkey.urbanairship.com.rpz.mypdns.cloud

From adaway.github.io we also finds a lot of records for this domain

data/adaway/domain.list:analyze.urbanairship.com
data/adaway/domain.list:boxoffice.urbanairship.com
data/adaway/domain.list:combine.urbanairship.com
data/adaway/domain.list:connect-testing.urbanairship.com
data/adaway/domain.list:connect.urbanairship.com
data/adaway/domain.list:device-api.urbanairship.com
data/adaway/domain.list:dl.urbanairship.com
data/adaway/domain.list:events.urbanairship.com
data/adaway/domain.list:grow.urbanairship.com
data/adaway/domain.list:proserve-stag.urbanairship.com
data/adaway/domain.list:proserve.urbanairship.com
data/adaway/domain.list:protect.urbanairship.com
data/adaway/domain.list:remote-data.urbanairship.com
data/adaway/domain.list:sbux-dl.urbanairship.com
data/adaway/domain.list:sfmc-dev.urbanairship.com
data/adaway/domain.list:sfmc-stag.urbanairship.com
data/adaway/domain.list:sfmc.urbanairship.com
data/adaway/domain.list:status.urbanairship.com
data/adaway/domain.list:tofurkey.urbanairship.com
data/adaway/domain.list:voxhq.urbanairship.com
data/adaway/domain.list:wallet-api.urbanairship.com
data/adaway/domain.list:web-ci.urbanairship.com
data/adaway/domain.list:web-push-api.urbanairship.com
data/adaway/domain.list:web-sdk.urbanairship.com

And notrack blocks it entirely on root level

data/notrack/blocklists/domain.list:urbanairship.com

This is fixed in:
SOA serial for zone rpz.mypdns.cloud set to 2020011602

To protect our self from several of these fucked up abusive domains, the criminals them self tells us to block

Select the domain (.com or .eu/asnapieu.com) associated with your Airshp project.

    https://go.urbanairship.com
    The base URL for Airship's North American cloud site.

See also

comment:2 by AnonymousPoster, 5 weeks ago

dig go.urbanairship.com @1.1.1.1

; <<>> DiG 9.14.9-Ubuntu <<>> +nocookie go.urbanairship.com @1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21955
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1452
;; QUESTION SECTION:
;go.urbanairship.com.           IN      A

;; ANSWER SECTION:
go.urbanairship.com.    2899    IN      CNAME   wildcard.urbanairship.com.edgekey.net.
wildcard.urbanairship.com.edgekey.net. 10299 IN CNAME e3645.b.akamaiedge.net.
e3645.b.akamaiedge.net. 20      IN      A       104.102.53.218

;; Query time: 121 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Thu Jan 16 03:02:45 CET 2020
;; MSG SIZE  rcvd: 148
pdnsutil add-record rpz.mypdns.cloud "*.urbanairship.com.edgekey.net" CNAME 86400 .
Last edited 5 weeks ago by AnonymousPoster (previous) (diff)

comment:3 by AnonymousPoster, 5 weeks ago

Committed with 4070b28

Modify Ticket

Action
as closed The ticket will remain with no owner.
The resolution will be deleted. Next status will be 'reopened'.

Add Comment


E-mail address and name can be saved in the Preferences .
 
Note: See TracTickets for help on using tickets.