Add Ludashi Domains

Confirmation

• [x] I understand that issues lacking actionable details may be closed.
• [x] I confirm that this request targets a specific, related set of domains to ensure focused evaluation based on factors such as potential false positives, user impact, and supporting evidence.
• [ ] I have the reading comprehension of a startled octopus and just click things at random.

🧹 Lists

• [ ] Lite
• [ ] Xtra

🛡️ Client

Pi-hole

🌐 Domains

superlitetech.com
dualspace.com
ludashi.cn
monidashi.com.cn
taojike.cn
dualspacetech.com
monidashi.cn
ludashi.com
ludashisafe.com
easyclean.fun
apkevery.com
tjxra.com
mcsafebox.com
diskclean.cn
whalecpan.cn
bluewhalechat.com
birdpaper.cn
whaleprotect.cn
whalememory.cn
uyoungdiy.com
tjshanhu.cn
yintuprint.com
didapaper.com
shanhutech.cn
tianjinshanhu.com
winoptimize.cn
pcjiami.cn
ycerac.com
birdpaper.com.cn
whaleclean.cn
tangyuan-ai.cn
heheshield.com
tjsptech.com
joyfartech.com
fileshider.com
tjfytech.com
22bao.com

📝 Additional Details

Summary

Huorong Security Lab has published a comprehensive security report (2025-11-11) documenting a coordinated, large-scale traffic hijacking and malicious promotion scheme operated by multiple interconnected companies. This issue requests the blocklist add all identified domains and infrastructure associated with this network.

Security Report Reference

• Source: Huorong Security Lab (火绒安全) - Established Chinese cybersecurity vendor
• Date: November 11, 2025
• Link: http://www.huorong.cn/document/tech/vir_report/1839

Malicious Activities Documented

The network operates through cloud-controlled software modules to:

• Traffic hijacking: Intercepting and redirecting URLs (JD.com, Baidu) for affiliate commission theft
• Unauthorized software installation: Silent installation via deceptive popups with fake close buttons
• Browser manipulation: Injecting promotional parameters, installing malicious extensions
• Sophisticated evasion: Geographic targeting (reduced promotion in Beijing), detection of security tools, virtual machine detection, developer tool detection, VPN/proxy detection
• Coordinated shell companies: 20+ registered entities with hidden relationships to obscure ownership and liability

Primary Companies & Domains to Block

Core Entities:

• Chengdu Qilu Technology Co., Ltd. (成都奇鲁科技有限公司)
  • Product: "Ludashi" (鲁大师) - widely distributed hardware benchmarking software

superlitetech.com
dualspace.com
ludashi.cn
monidashi.com.cn
taojike.cn
dualspacetech.com
monidashi.cn
ludashi.com
ludashisafe.com
easyclean.fun

• Tianjin Xingren Technology Co., Ltd. (天津杏仁桉科技有限公司)
  • Operates "Promotion Settlement System" infrastructure

apkevery.com
tjxra.com
mcsafebox.com

Associated Infrastructure:

• shanhutech.cn (operated by 成都盈畅时代文化传播有限公司 Chengdu Yingchang Culture Media Co., Ltd.)
• bizhi.shanhutech.cn
• 118.190.130.219 (plugin distribution server)
• 114.116.10.0 (configuration/redirect server)
• dg.fireemulator.com (redirect infrastructure)

diskclean.cn
whalecpan.cn
bluewhalechat.com
birdpaper.cn
whaleprotect.cn
whalememory.cn
uyoungdiy.com
tjshanhu.cn
yintuprint.com
didapaper.com
shanhutech.cn
tianjinshanhu.com
winoptimize.cn
pcjiami.cn
ycerac.com
birdpaper.com.cn
whaleclean.cn
tangyuan-ai.cn

Related Entities (per business registration analysis):

• Chongqing Heheqiyou Technology Co., Ltd. (重庆赫赫有盾科技有限公司)

heheshield.com

• Tianjin Jiancheng Technology Co., Ltd. (天津简诚科技有限公司)

tjsptech.com

• Tianjin Xinyuan Technology Co., Ltd. (天津欣远科技有限公司)

joyfartech.com

• Tianjin Fuuyun Technology Co., Ltd. (天津拂云科技有限公司)

fileshider.com
tjfytech.com
22bao.com

Impact

• Users are unknowingly compromised as "traffic monetization tools"
• Browser extensions covertly installed to manipulate URLs and inject promotional parameters
• Affects Chinese users primarily, but infrastructure operates globally

Domains sourced from https://beian.miit.gov.cn/

Thank you for reporting this.

We've addressed it, with the fix scheduled for our next release (in approx. 2 hours). If problems persist or you have more details, feel free to reopen or reply.