liamengland1 / mischosts Goto Github PK
View Code? Open in Web Editor NEWhosts for pihole
License: MIT License
hosts for pihole
License: MIT License
This domain is GoDaddy image hosting, for sites using GoDaddy
I believe this to be a flase positive
Thanks,
@llacb47
This is MasterCard's online payment service
It is not malicious and it is not spyware/malware/adware
Thanks
Mediamonkey is a legitimate desktop media player application
Hello
Your tiktok fingerprint/tracking list is breaking "Friends only" videos
I think its either
video-va.tiktokv.com or videoarch-lb-maliva.byteoversea.net
Once you changed your username, the links broke. Might want to update the info on the blocklists to reflect it. cheers.
#0.0.0.0 ctldl.windowsupdate.com #Used to download certificates that are publicly known to be fraudulent
#0.0.0.0 crl.microsoft.com #certificate revocation lists
#0.0.0.0 dl.delivery.mp.microsoft.com #Enables connections to Windows Update.
#0.0.0.0 fe2cr.update.microsoft.com #necessary for windows updates
#0.0.0.0 fe3cr.delivery.mp.microsoft.com #necessary for windows updates
0.0.0.0 sls.update.microsoft.com.akadns.net #Enables connections to Windows Update. [fall back service for fe2cr.update.microsoft.com, generally recognized as unnecessary]
0.0.0.0 slscr.update.microsoft.com # Fallback for fe2cr.update.microsoft.com]
And for Microsoft store:
#0.0.0.0 storeedgefd.dsx.mp.microsoft.com #Windows Store, necessity
#0.0.0.0 storecatalogrevocation.storequality.microsoft.com #security features to prevent malicious apps
#0.0.0.0 store-images.s-microsoft.com #windows store images
#0.0.0.0 displaycatalog.md.mp.microsoft.com # Used to communicate with Microsoft Store.
#0.0.0.0 displaycatalog.mp.microsoft.com # Used to communicate with Microsoft Store.
#0.0.0.0 tsfe.trafficshaping.dsp.mp.microsoft.com # [if displaycatalog.mp.microsoft.com connects, eventually this will try call home. Used for content regulation; content delivery optimization? Delivery Optimization Group Policy setting: Simple (99) Simple mode disables the use of Delivery Optimization cloud services completely (for offline environments). Delivery Optimization switches to this mode automatically when the Delivery Optimization cloud services are unavailable, unreachable or when the content file size is less than 10 MB. In this mode, Delivery Optimization provides a reliable download experience, with no peer-to-peer caching. Blocking this may result in
#Cont: tsfe.trafficshaping.dsp.mp.microsoft.com endpoint is used for content regulation [geo-location/cloud services]. If you turn off traffic for this endpoint, the Windows Update Agent will be unable to contact the endpoint and fallback behavior will be used. This may result in content being either incorrectly downloaded or not downloaded at all.
Store components apps will be updated directly via windows update, over the domains tlu.dl.delivery.mp.microsoft.com
and fe2cr.update.microsoft.com
so long as "Storage Service" is enabled under services.msc; The store domains listed above are only necessary for connecting to the microsoft store and downloading new/thirdparty apps.
If using a third party dns service such as acrylic, and dnscache service is disabled, windows store will fail to connect altogether.
Inspired by cedws/apple-telemetry#33 I request to remove some apple ls domains from apple-telemetry because this breaks functionality of apple maps ("A route cannot be displayed"). I will add a PR.
0.0.0.0 uif.microsoft.com #Windows Feedback Hub APP Endpoint [uses trafficshaping GEO-IP] and missing from llacb47's list
These are valid Office domains and not malicious
@llacb47
microsoft marketing
statics-marketingsites-eus-ms-com.akamaized.net
statics-marketingsites-wcus-ms-com.akamaized.net
Saw this connecting via svchost.exe, windows 10 1903 Enterprise
you can connect to them directly in your browser and see
false positive @liamengland1
tiktok "domains" API endpoint
https://dm16.musical.ly/get_domains/v4/?version_code=15.9.1&device_id=xxx&user_id=xxx&iid=xxx&aid=1233&ac=mobile&device_type=iPhone8,1&app_name=musical_ly&channel=App%20Store&city=US&os_version=13.4.1&device_platform=iphone&openudid=xxx&idfa=00000000-0000-0000-0000-000000000000&sys_region=US&carrier_region=US&tnc_src=1&cronet_version=xxx
https://pastebin.com/p25DShBq
https://pastebin.com/kKRWnLQv
https://pastebin.com/famVpUFT
https://pastebin.com/W57tQ8NS
Seriously bytedance feels more like malware every day.... The amount of domains they use is insane.
Some of these domains may be redundant, I had to go on a bit of a blocking spree because some of them just kept working until I rebooted my phone. Sorry in advance for that.
ssl.cdn.tiktok.com.c.footprint.net ย
log16-normal-c-useast1a.tiktokv.com
pull-rtmp-f1.tiktokcdn.com.wsdvs.com
pull-q5.tiktokcdn.com.c.worldfcdn.com
pull-flv-l11.tiktokcdn.com
pull-rtmp-f1-ab.tiktokcdn.com.wsdvs.com
(.|^)byteoversea.com$
(.|^)tiktokcdn.com$
(.|^)tiktokv.com$
p16-tiktok-va.ibyteimg.com
v19.tiktokcdn.com
a1964.mm2.akamai.net
video.h1.bytedance.map.fastly.net
pull-rtmp-f1-ab.tiktokcdn.com
To enable Apple Maps functionality for iphone (Searching and Route Calculation) we need to remove
gsp-ssl.ls-apple.com.akadns.net
gsp-ssl.ls.apple.com
from Apple Telemetry list
outlook-exo.trafficmanager.net is a CName for outlook.office365.com and autodiscover-s.outlook.com
This is breaking outlook
<yx<x
false positive
@liamengland1
i-am3p-cor001.api.p001.1drv.com
i-am3p-cor002.api.p001.1drv.com
i-am3p-cor003.api.p001.1drv.com
i-am3p-cor004.api.p001.1drv.com
i-am3p-cor005.api.p001.1drv.com
i-bl6p-cor001.api.p001.1drv.com
i-bl6p-cor002.api.p001.1drv.com
i-bn3p-cor001.api.p001.1drv.com
i-bn3p-cor090.api.p001.1drv.com
i-by3p-cor001.api.p001.1drv.com
i-by3p-cor002.api.p001.1drv.com
i-ch1-cor001.api.p001.1drv.com
i-ch1-cor002.api.p001.1drv.com
i-db3p-cor001.api.p001.1drv.com
i-db3p-cor002.api.p001.1drv.com
i-db3p-cor003.api.p001.1drv.com
i-db3p-cor004.api.p001.1drv.com
i-db3p-cor005.api.p001.1drv.com
i-sn2-cor001.api.p001.1drv.com
i-sn2-cor002.api.p001.1drv.com
i-sn3p-cor001.api.p001.1drv.com
i-sn3p-cor002.api.p001.1drv.com
ch1-cor001.api.p001.1drv.com
ch1-cor002.api.p001.1drv.com
bn2b-cor001.api.p001.1drv.com
bn2b-cor002.api.p001.1drv.com
bn2b-cor003.api.p001.1drv.com
bn2b-cor004.api.p001.1drv.com
bn2wns1.wns.windows.com
bn3p-cor001.api.p001.1drv.com
bn3sch020010558.wns.windows.com
bn3sch020010560.wns.windows.com
bn3sch020010618.wns.windows.com
bn3sch020010629.wns.windows.com
bn3sch020010631.wns.windows.com
bn3sch020010635.wns.windows.com
bn3sch020010636.wns.windows.com
bn3sch020010650.wns.windows.com
bn3sch020011727.wns.windows.com
bn3sch020012850.wns.windows.com
bn3sch020020322.wns.windows.com
bn3sch020020749.wns.windows.com
bn3sch020022328.wns.windows.com
bn3sch020022335.wns.windows.com
bn3sch020022361.wns.windows.com
bn4sch101120814.wns.windows.com
bn4sch101120818.wns.windows.com
bn4sch101120911.wns.windows.com
bn4sch101120913.wns.windows.com
bn4sch101121019.wns.windows.com
bn4sch101121109.wns.windows.com
bn4sch101121118.wns.windows.com
bn4sch101121223.wns.windows.com
bn4sch101121407.wns.windows.com
bn4sch101121618.wns.windows.com
bn4sch101121704.wns.windows.com
bn4sch101121709.wns.windows.com
bn4sch101121714.wns.windows.com
bn4sch101121908.wns.windows.com
bn4sch101122117.wns.windows.com
bn4sch101122310.wns.windows.com
bn4sch101122312.wns.windows.com
bn4sch101122421.wns.windows.com
bn4sch101123108.wns.windows.com
bn4sch101123110.wns.windows.com
bn4sch101123202.wns.windows.com
bn4sch102110124.wns.windows.com
Hi there,
Thank you for your work. Is there any chance you would consider keeping a single combined list of all the lists you create so a single pull is possible from your repo?
Kind regards
Peter
Because I no longer use Pi-hole on a daily basis, I am no longer maintaining the hosts lists in this repository. They are provided AS-IS with no representation or guarantee as to their suitability for any particular purpose.
With that being said, issue reports are still welcome.
Hello,
narvar.com
does have tracking, but it is shipment delivery tracking (like USPS, UPS, FedEx, etc). I know Bed Bath and Beyond use them. Also Walmart. If you place an order from either of those sites (along with many others), then go into your 'account' to view or order details, all the shipping information comes from Narvar. I used to block them too and eventually removed most of their hosts. From their website:
A platform designed from the ground up to drive long-term customer loyalty. Pre-purchase delivery prediction, branded package tracking, seamless returns and exchanges, in-store experiences, and beyond.
The tricky part is when they say branded package tracking, they are talking about shipment/delivery tracking. The do have analytics.narvar.com
- which should be blocked.
Here is a related ticket: StevenBlack/hosts#724
From here you can see how I've had many commits removing more and more narvar hosts from being blocked: https://github.com/lightswitch05/hosts/search?q=narvar&type=Commits
anyways, just thought I would share my experience with blocking narvar.com
.
This is needed for Google Pay
This is a valid domain that doesnt do ads or malware or spyware.
This is an API
We must be careful not to block an API, but rather the malicious sites or apps that use them
In this instance, this API was needed for me to log into my National Bank account.
I believe this is a false positive
This hosts cloud based resources such as images and thumbnails for cloud providers
Add these domains into the list:
taobao.com
taobao.net
tbsandbox.com
amap.com
189.cn
aliyuncs.com
21cn.com
cmbchina.com
ixigua.com
They aren't linked directly to TikTok but are owned/used by the same company that owns TikTok.
Hopefully this just gets banned from the USA soon........ pull-flv-f11-ab.tiktokcdn.com
This domain is required for opening Office documents from the web interface in the desktop app
After seeing some TikToc domains on my network, and no one having TicToc installed, I've become interested in taking a more active role to ensure TikToc is blocked. There are a lot of regex lists out there, but unfortunately you cannot subscribe to regex lists in PiHole. I believe my automatic subdomain discovery tools could be very effective with TicTok.
Issues:
Possible Solution:
@llacb47 your hosts list is excellent, but unfortunately subdomains are getting through. Your regex list is even better, but I cannot subscribe to it. How would you feel if I added your list to my tools so that it can auto-expand the subdomains? Like I said, I have no interest in actually installing TikToc, so my ability to actually curate the list would not be that great. I'd be happy to let you manage it - say what should be added or removed. Its your list, so I don't want to manage it. I'm unable to expose my management tools publicly since I didn't design it to work like that, but I would take action on whatever additions or removals you would like to make. I believe I can modify my tools where the list would remain in your project. After all, its your list. For it to work, I would need write access. Also, the nice way your have the domains grouped with comments breaking up each section - there is no way I could continue that since the list is automatically generated. If you have any interest, you could create a branch as a test run and decide if that is something you like or not.
Anyways, I really hate seeing TicTok domains getting though, but I'm also not interested in having it manage it myself.
Hi @llacb47
This domain seems to break thumbnails for items in certain parts of the Amazon app
ftpmorph/ftprivacy#7
Hi,
substrate.office.com is a CNAME for outlook.office.com
The Office substrate is a critical part of enabling services that run across different applications like Exchange Online, SharePoint Online, Teams, and so on.
This domain is not malicious and is not spyware or adaware.
Thank you for everything you do! Love it!
I have to whitelist the below domains in order to sign in.
starling-oversea.byteoversea.com
verification-va.byteoversea.com
mcs-va.tiktok.com
vcs-va.byteoversea.com
Hi
This domain is non malicious
Required for Google Photos Face Grouping
These domains breaking embedded videos on sites such as:
https://www.zerohedge.com/markets/pa-home-total-loss-after-charging-tesla-driveway-spontaneously-combusts
dcf.espn.com
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.