liamengland1 / mischosts Goto Github PK

This domain is GoDaddy image hosting, for sites using GoDaddy
I believe this to be a flase positive
Thanks,
@llacb47

This is MasterCard's online payment service
It is not malicious and it is not spyware/malware/adware

Thanks

Mediamonkey is a legitimate desktop media player application

Hello
Your tiktok fingerprint/tracking list is breaking "Friends only" videos
I think its either
video-va.tiktokv.com or videoarch-lb-maliva.byteoversea.net

Once you changed your username, the links broke. Might want to update the info on the blocklists to reflect it. cheers.

#0.0.0.0 ctldl.windowsupdate.com #Used to download certificates that are publicly known to be fraudulent
#0.0.0.0 crl.microsoft.com #certificate revocation lists
#0.0.0.0 dl.delivery.mp.microsoft.com #Enables connections to Windows Update.
#0.0.0.0 fe2cr.update.microsoft.com #necessary for windows updates
#0.0.0.0 fe3cr.delivery.mp.microsoft.com #necessary for windows updates
0.0.0.0 sls.update.microsoft.com.akadns.net #Enables connections to Windows Update. [fall back service for fe2cr.update.microsoft.com, generally recognized as unnecessary]
0.0.0.0 slscr.update.microsoft.com # Fallback for fe2cr.update.microsoft.com]

And for Microsoft store:

#0.0.0.0 storeedgefd.dsx.mp.microsoft.com #Windows Store, necessity 
#0.0.0.0 storecatalogrevocation.storequality.microsoft.com #security features to prevent malicious apps
#0.0.0.0 store-images.s-microsoft.com #windows store images
#0.0.0.0 displaycatalog.md.mp.microsoft.com # 	Used to communicate with Microsoft Store.
#0.0.0.0 displaycatalog.mp.microsoft.com # 	Used to communicate with Microsoft Store.
#0.0.0.0 tsfe.trafficshaping.dsp.mp.microsoft.com # [if displaycatalog.mp.microsoft.com connects, eventually this will try call home. Used for content regulation; content delivery optimization? Delivery Optimization Group Policy setting: Simple (99) Simple mode disables the use of Delivery Optimization cloud services completely (for offline environments). Delivery Optimization switches to this mode automatically when the Delivery Optimization cloud services are unavailable, unreachable or when the content file size is less than 10 MB. In this mode, Delivery Optimization provides a reliable download experience, with no peer-to-peer caching. Blocking this may result in 
#Cont: tsfe.trafficshaping.dsp.mp.microsoft.com endpoint is used for content regulation [geo-location/cloud services]. If you turn off traffic for this endpoint, the Windows Update Agent will be unable to contact the endpoint and fallback behavior will be used. This may result in content being either incorrectly downloaded or not downloaded at all.

Store components apps will be updated directly via windows update, over the domains tlu.dl.delivery.mp.microsoft.com and fe2cr.update.microsoft.com so long as "Storage Service" is enabled under services.msc; The store domains listed above are only necessary for connecting to the microsoft store and downloading new/thirdparty apps.

If using a third party dns service such as acrylic, and dnscache service is disabled, windows store will fail to connect altogether.

Inspired by cedws/apple-telemetry#33 I request to remove some apple ls domains from apple-telemetry because this breaks functionality of apple maps ("A route cannot be displayed"). I will add a PR.

0.0.0.0 uif.microsoft.com #Windows Feedback Hub APP Endpoint [uses trafficshaping GEO-IP] and missing from llacb47's list

These are valid Office domains and not malicious
@llacb47

microsoft marketing

statics-marketingsites-eus-ms-com.akamaized.net
statics-marketingsites-wcus-ms-com.akamaized.net

Saw this connecting via svchost.exe, windows 10 1903 Enterprise

you can connect to them directly in your browser and see

https://github.com/llacb47/mischosts/blob/41405499c9f62f562ed29dc29bac0e3289776f32/microsoft-telemetry#L665

false positive @liamengland1

tiktok "domains" API endpoint

https://dm16.musical.ly/get_domains/v4/?version_code=15.9.1&device_id=xxx&user_id=xxx&iid=xxx&aid=1233&ac=mobile&device_type=iPhone8,1&app_name=musical_ly&channel=App%20Store&city=US&os_version=13.4.1&device_platform=iphone&openudid=xxx&idfa=00000000-0000-0000-0000-000000000000&sys_region=US&carrier_region=US&tnc_src=1&cronet_version=xxx

https://pastebin.com/wGdHwek2

https://pastebin.com/p25DShBq
https://pastebin.com/kKRWnLQv
https://pastebin.com/famVpUFT
https://pastebin.com/W57tQ8NS

Seriously bytedance feels more like malware every day.... The amount of domains they use is insane.

Some of these domains may be redundant, I had to go on a bit of a blocking spree because some of them just kept working until I rebooted my phone. Sorry in advance for that.

ssl.cdn.tiktok.com.c.footprint.net  
log16-normal-c-useast1a.tiktokv.com
pull-rtmp-f1.tiktokcdn.com.wsdvs.com
pull-q5.tiktokcdn.com.c.worldfcdn.com
pull-flv-l11.tiktokcdn.com

pull-rtmp-f1-ab.tiktokcdn.com.wsdvs.com

(.|^)byteoversea.com$

(.|^)tiktokcdn.com$

(.|^)tiktokv.com$

p16-tiktok-va.ibyteimg.com

v19.tiktokcdn.com

a1964.mm2.akamai.net

video.h1.bytedance.map.fastly.net

pull-rtmp-f1-ab.tiktokcdn.com

To enable Apple Maps functionality for iphone (Searching and Route Calculation) we need to remove

gsp-ssl.ls-apple.com.akadns.net
gsp-ssl.ls.apple.com

from Apple Telemetry list

outlook-exo.trafficmanager.net is a CName for outlook.office365.com and autodiscover-s.outlook.com

This is breaking outlook

<yx<x

false positive
@liamengland1

i-am3p-cor001.api.p001.1drv.com
i-am3p-cor002.api.p001.1drv.com
i-am3p-cor003.api.p001.1drv.com
i-am3p-cor004.api.p001.1drv.com
i-am3p-cor005.api.p001.1drv.com
i-bl6p-cor001.api.p001.1drv.com
i-bl6p-cor002.api.p001.1drv.com
i-bn3p-cor001.api.p001.1drv.com
i-bn3p-cor090.api.p001.1drv.com
i-by3p-cor001.api.p001.1drv.com
i-by3p-cor002.api.p001.1drv.com
i-ch1-cor001.api.p001.1drv.com
i-ch1-cor002.api.p001.1drv.com
i-db3p-cor001.api.p001.1drv.com
i-db3p-cor002.api.p001.1drv.com
i-db3p-cor003.api.p001.1drv.com
i-db3p-cor004.api.p001.1drv.com
i-db3p-cor005.api.p001.1drv.com
i-sn2-cor001.api.p001.1drv.com
i-sn2-cor002.api.p001.1drv.com
i-sn3p-cor001.api.p001.1drv.com
i-sn3p-cor002.api.p001.1drv.com
ch1-cor001.api.p001.1drv.com
ch1-cor002.api.p001.1drv.com
bn2b-cor001.api.p001.1drv.com
bn2b-cor002.api.p001.1drv.com
bn2b-cor003.api.p001.1drv.com
bn2b-cor004.api.p001.1drv.com
bn2wns1.wns.windows.com
bn3p-cor001.api.p001.1drv.com
bn3sch020010558.wns.windows.com
bn3sch020010560.wns.windows.com
bn3sch020010618.wns.windows.com
bn3sch020010629.wns.windows.com
bn3sch020010631.wns.windows.com
bn3sch020010635.wns.windows.com
bn3sch020010636.wns.windows.com
bn3sch020010650.wns.windows.com
bn3sch020011727.wns.windows.com
bn3sch020012850.wns.windows.com
bn3sch020020322.wns.windows.com
bn3sch020020749.wns.windows.com
bn3sch020022328.wns.windows.com
bn3sch020022335.wns.windows.com
bn3sch020022361.wns.windows.com
bn4sch101120814.wns.windows.com
bn4sch101120818.wns.windows.com
bn4sch101120911.wns.windows.com
bn4sch101120913.wns.windows.com
bn4sch101121019.wns.windows.com
bn4sch101121109.wns.windows.com
bn4sch101121118.wns.windows.com
bn4sch101121223.wns.windows.com
bn4sch101121407.wns.windows.com
bn4sch101121618.wns.windows.com
bn4sch101121704.wns.windows.com
bn4sch101121709.wns.windows.com
bn4sch101121714.wns.windows.com
bn4sch101121908.wns.windows.com
bn4sch101122117.wns.windows.com
bn4sch101122310.wns.windows.com
bn4sch101122312.wns.windows.com
bn4sch101122421.wns.windows.com
bn4sch101123108.wns.windows.com
bn4sch101123110.wns.windows.com
bn4sch101123202.wns.windows.com
bn4sch102110124.wns.windows.com

Hi there,

Thank you for your work. Is there any chance you would consider keeping a single combined list of all the lists you create so a single pull is possible from your repo?

Kind regards
Peter

Because I no longer use Pi-hole on a daily basis, I am no longer maintaining the hosts lists in this repository. They are provided AS-IS with no representation or guarantee as to their suitability for any particular purpose.

With that being said, issue reports are still welcome.

• DMs broken
• Live streams broken

Hello,

narvar.com does have tracking, but it is shipment delivery tracking (like USPS, UPS, FedEx, etc). I know Bed Bath and Beyond use them. Also Walmart. If you place an order from either of those sites (along with many others), then go into your 'account' to view or order details, all the shipping information comes from Narvar. I used to block them too and eventually removed most of their hosts. From their website:

A platform designed from the ground up to drive long-term customer loyalty. Pre-purchase delivery prediction, branded package tracking, seamless returns and exchanges, in-store experiences, and beyond.

The tricky part is when they say branded package tracking, they are talking about shipment/delivery tracking. The do have analytics.narvar.com - which should be blocked.

Here is a related ticket: StevenBlack/hosts#724

From here you can see how I've had many commits removing more and more narvar hosts from being blocked: https://github.com/lightswitch05/hosts/search?q=narvar&type=Commits

anyways, just thought I would share my experience with blocking narvar.com.

This is needed for Google Pay
This is a valid domain that doesnt do ads or malware or spyware.

This is an API
We must be careful not to block an API, but rather the malicious sites or apps that use them
In this instance, this API was needed for me to log into my National Bank account.
I believe this is a false positive

This hosts cloud based resources such as images and thumbnails for cloud providers

Add these domains into the list:

taobao.com
taobao.net
tbsandbox.com
amap.com
189.cn
aliyuncs.com
21cn.com
cmbchina.com
ixigua.com

They aren't linked directly to TikTok but are owned/used by the same company that owns TikTok.

Hopefully this just gets banned from the USA soon........ pull-flv-f11-ab.tiktokcdn.com

This domain is required for opening Office documents from the web interface in the desktop app

After seeing some TikToc domains on my network, and no one having TicToc installed, I've become interested in taking a more active role to ensure TikToc is blocked. There are a lot of regex lists out there, but unfortunately you cannot subscribe to regex lists in PiHole. I believe my automatic subdomain discovery tools could be very effective with TicTok.

Issues:

• I'm not going to install TikToc to see what domains its using
• It looks like there are a LOT of different domains its using

Possible Solution:

@llacb47 your hosts list is excellent, but unfortunately subdomains are getting through. Your regex list is even better, but I cannot subscribe to it. How would you feel if I added your list to my tools so that it can auto-expand the subdomains? Like I said, I have no interest in actually installing TikToc, so my ability to actually curate the list would not be that great. I'd be happy to let you manage it - say what should be added or removed. Its your list, so I don't want to manage it. I'm unable to expose my management tools publicly since I didn't design it to work like that, but I would take action on whatever additions or removals you would like to make. I believe I can modify my tools where the list would remain in your project. After all, its your list. For it to work, I would need write access. Also, the nice way your have the domains grouped with comments breaking up each section - there is no way I could continue that since the list is automatically generated. If you have any interest, you could create a branch as a test run and decide if that is something you like or not.

Anyways, I really hate seeing TicTok domains getting though, but I'm also not interested in having it manage it myself.

Hi @llacb47
This domain seems to break thumbnails for items in certain parts of the Amazon app
ftpmorph/ftprivacy#7

Hi,
substrate.office.com is a CNAME for outlook.office.com
The Office substrate is a critical part of enabling services that run across different applications like Exchange Online, SharePoint Online, Teams, and so on.

This domain is not malicious and is not spyware or adaware.

Thank you for everything you do! Love it!

I have to whitelist the below domains in order to sign in.

starling-oversea.byteoversea.com
verification-va.byteoversea.com
mcs-va.tiktok.com
vcs-va.byteoversea.com

Hi
This domain is non malicious
Required for Google Photos Face Grouping

Breaks Spotify homepage on Windows app.

These domains breaking embedded videos on sites such as:
https://www.zerohedge.com/markets/pa-home-total-loss-after-charging-tesla-driveway-spontaneously-combusts
dcf.espn.com