ADBLK-13: Block

Issue Information

Issue Type: Improvement
Priority: Major
Status: Closed

Reported By:
Ben Tasker
Assigned To:
Ben Tasker
Project: Adblock Lists (ADBLK)
Resolution: Done (2019-09-09 16:19:51)

Created: 2019-06-21 12:40:40
Time Spent Working

Seen being referenced by

Grapeshot is an analytics/tracking/"customer engagement" system. They have a page at but the bare domain generates a warning from Ublock origin.

Their synopsis for themselves is
Grapeshot uses Advanced Keyword Technology to segment inventory and improve targeting, making advertising welcome.

Worth noting, they've been bought by Oracle at some point too, so are likely to become extremely consumer hostile if they are not already.

They use a subdomain per customer, so various upstream lists contain various subdomains, but some are always going to be missed.

Given the only non-tracking usage of the domain seems to be their WWW selling their wares, seems like should just block the zone entirely

Toggle State Changes


The way they handle the underlying routing varies by sub-domain as well.

The one seen being referenced from - is CNAME'd out
ben@thor:~$ host is an alias for has address has address

Whereas an existing entry on upstream blocklists appears to just return an A record
ben@thor:~$ dig @

; <<>> DiG 9.10.3-P4-Ubuntu <<>> @
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6152
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

; EDNS: version: 0, flags:; udp: 512
;	IN	A


;; Query time: 22 msec
;; WHEN: Fri Jun 21 12:36:36 BST 2019
;; MSG SIZE  rcvd: 68

Looking at the target of that CNAME the domain appears to be owned by Grapeshot too and has a similar history of being subdomain happy -

The IPs that CNAME resolve to are in a Grapeshot owned AS, so it's not like they're CNAMEing out to a hosting service. doesn't appear to be on any of the existing blocklists, but it looks like they are sometimes referred to directly. This article - - would suggest Reuters reference them directly, and it looks like Auntie does too -

I'm going to block their zone as being related. They have no documents on either the bare or www domains. It looks like they've made it into other people's lists too (just apparently not any of the ones I consume) -

Repo: adblocklists
Commit: ef7d1e890a1014ee45bb3ef197968b83f952ea9a
Author: B Tasker <github@<Domain Hidden>>

Date: Fri Jun 21 12:55:44 2019 +0100
Commit Message: ADBLK-13 Block Grapeshot related domains

Grapeshot is an analytics/tracking/"customer engagement" system

They appear to use a subdomain per customer, so block the entire zone - does mean their www goes inaccessible, but it's fairly minor as collateral damage goes

Modified (-)(+)

Webhook User-Agent


View Commit

btasker changed status from 'Open' to 'Resolved'
btasker added 'Done' to resolution
btasker changed status from 'Resolved' to 'Closed'