Can anyone please help me? I have been scratching my head for a while now.
So here is the deal:
Assume there is a domain: example.com
When you check it up with normal DNS, you get a result: 220.127.116.11
Now there is an APP on Android, will visit example.com with a http request, using IP addresses 18.104.22.168, 22.214.171.124, 126.96.36.199, the APP will not perform any DNS request at all, the 3 IPs are somehow hardcoded into the APP. And these IPs change from time to time.
Is there a simple way that I can block this request? Obviously using any DNS related method does not work.
Thanks for the answer, but unfortunately any DNS based method simply does not work.
There is no way to match the DNS query result, like I said:
Public DNS resolve result would tell you, "example.com" is at 188.8.131.52
The APP, however has a secret list of IPs they hardcoded into the APP, like 184.108.40.206, 220.127.116.11, 18.104.22.168, and they rotate the list from time to time, adding new IPs that are not public-known.
The only thing in common is that the APP will initiate a http request with "example.com" domain name, but the APP does not do DNS query at all.What I want is to block this http request, preferably with a simple method.
Monitoring the APP constantly to find out which new IP they have come up is just a pain in the ass.
As vgaetera wrote, it will need a proxy. Which can run openwrt, to block all requests, containing example.com. squid proxy is best choice here. Not so trivial, especially when the app does a "GET https://example.com".
I assume, you carefully checked the requests, using wireshark, for example. As I suspect, the app might do "GET http://22.214.171.124" or "GET http://126.96.36.199" which is much easier to implement.