shadowwhisperer / blocklists Goto Github PK

These domains breaking embedded videos on sites such as:
https://www.zerohedge.com/markets/pa-home-total-loss-after-charging-tesla-driveway-spontaneously-combusts
The CDNs are Content Delivery Networks and are responsible for serving up a variety of static content
cdn.abcotvs.net
dcf.espn.com

Hi,
This domain seems to be required to push notifications out using the Good Old games Galaxy client
I believe this is a FP

I found cprapid.com on the Malware list. It's not malware, it's a cpanel domain.

Hi,

I was wondering if you have an explanation of what each of the raw lists do? I am using the raw lists since I find them to better suit my needs.

Additionally, sites like marketo.com break the download form on FreePBX, plus many other blocks coming from Wild Ads.

Here are the blocklists I am using now, but hoping to add more that don't break sites. I wrote a PHP API Call to parse these files and always_nxdomain for Unbound DNS.

https://raw.githubusercontent.com/ShadowWhisperer/BlockLists/master/RAW/Ads
https://raw.githubusercontent.com/ShadowWhisperer/BlockLists/master/RAW/Cryptocurrency
https://raw.githubusercontent.com/ShadowWhisperer/BlockLists/master/RAW/Malware
https://raw.githubusercontent.com/ShadowWhisperer/BlockLists/master/RAW/Scam

Blocking this domain breaks the ability to check for Geforce Driver Updates in Nvidia Geforce Experience with the error "unable to connect to Nvidia"

This hosts static images and resources for Pocket, an article reader :)

This is an API for ecommerce. Blocking this breaks several online payment processors

https://ecosia.org and it's subdomains seem to be blocked. From what I know it's not a shady site.

Hi,
This domain is used for MSI Afterburner checking for updates. This breaks the update checks

This is a real-time API to build engaging remote experiences using in-app chat, push notifications, etc
pubsub-rc.pubnub.com is a CNAME for ringcentral.pubnubapi.com which is RingCentral, a teleconferencing system
I dont believe blocking an API is a good idea. Rather, we should block malicious apps that may leverage an API.

Pushbullet is a notification service that connects your PC + mobile devices
It is not malicious
I believe this is a FP

"Pushbullet is one of the fastest and easiest way to get links, notes, lists, files, and addresses both from your desktop computer to your mobile device and vice versa. All of this is done from the Pushbullet Android app, the service's Web site, or one of the browser extensions for Chrome or Firefox."

It seems a bit odd for me to find this entry as addition in your list, since it's not available as second-level domain.

Terni is a city in Italy, and .it geographical domain names are reserved for registration as third-level domains (similarly to co.uk), like for example www.comune.terni.it, www.provincia.terni.it, www.diocesi.terni.it, www.tuttamialacitta.terni.it, www.ordineavvocati.terni.it, and others.

To prove that, see also: https://www.nic.it/en/find-your-it/how-register

That said: I suggest removing the entry altogether.

Hey Shadow

do this domain humordog.xyz still have any relevance for the mal list?

https://0xacab.org/my-privacy-dns/matrix/-/issues/624419

You may want to add these to your tunnel list

Windscribe and ProtonVPN
https://github.com/az0/vpn_ip/blob/main/data/hostname.txt

Windscribe uses many *.totallyacdn.com hostnames

Opera VPN
api.sec-tunnel.com
api2.sec-tunnel.com

AirVPN uses many *vpn.airdns.org

Proxies/proxy lists
www.proxysite.com
www.proxfree.com
hide.me
whoer.net
hidester.com
www.hidemyass.com
www.croxyproxy.com
plainproxies.com

Hi!

vendorlist.dmcdn.net in the Ads lists breaks Dailymotion.com

https://www.dailymotion.com/

With the filter activated, the site won't load at all.

Hi
This is Wordpress's public API
This isnt malicious :)

Hi,
You are blocking uptimerobot.com
I just wanted to report this may be a false positive
This site is used for monitoring whether your server goes down or experiences an outage

@ShadowWhisperer simplemobile.com is an MVNO. Could you determine how it ended up blocked?

gue1-spclient.spotify.com breaks Spotify on Google Homes

The music just wont load

Thanks

Hi,
geo.clients.config.office.akadns.net is a CNAME for clients.config.office.net which is the client configuration for Office 365
I believe this one may be a false positive
Additionally, out of my 700+ blocklists, yours is the only one blocking this

Thanks,

Some lists have only your staple header alongside the designated content, and others include comments on the same lines.
The list content can change formats, which can interfere with how others process your lists.
Removing the comments and keeping a consistent format across the every list would help everyone.
Perhaps you could edit the header to include a line for notes or include a footer that becomes the notes section.

websitepolicies.io is tracking, not ads, https://0xacab.org/my-privacy-dns/matrix/-/issues/70828

data/shadowwhisperer/Ads/domain.list:websitepolicies.io

I dont understand why this is labeled as malware. This is an online fps game that many people play.

acs.aliexpress.com breaks AliExpress
Cant show orders

Hi there Sean @ShadowWhisperer 👋
Been using some of your lists for a while now and just today stumbled on one false-positive: s3.ap-northeast-2.amazonaws.com
Samsung's website is using the domain for driver/firmware downloads.
Test Page:
https://www.samsung.com/semiconductor/minisite/ssd/download/tools/
Test Link:
https://s3.ap-northeast-2.amazonaws.com/global.semi.static/SAMSUNG_SSD_970EVO_Plus_ISO_190513/7ES357322A6707A720E1A71EF11A3BE1EED819E011D317626415F0281A78151C/Samsung_SSD_970_EVO_Plus_2B2QEXM7.iso

Whitelisting would be appreciated and keep up the good work 👍

This false positive is a learning platform video player that hosts webinars for e-education

see: badmojr/1Hosts#325

This domain seems to be involved with logging in on Patreon
Without it, the login button does not appear
I think this could be possibly a login related domain and not a spyware domain

I have had to whitelist it on my end

Hello!
This domain was recently reported to me as breaking quite alot of sites.
After a quick internet search, I was able to find these sites as being affected through CNAME blocking.

blog.hellotds.com
www.siasat.com
blog.bendbroadband.com

Here's the report:

Hello. This is Cristian from Presslabs Support.
One of our customers notified us that our main geo1.presslabs.net CNAME is being blocked via your domains list block.
How can we remove it from that list?

see also: https://www.presslabs.com/about/

Hi,
This is a AWS Redirection domain
I believe this is a false positive
Thanks!

I've seen this domain on several lists,

data/shadowwhisperer/Ads/domain.list:thruport.com

But when I'm looking at the site they are Customs broker

– Monitor Customs and OGA releases in real-time
– View and print your Customs and FDA release messages
– View and print your CF7501, CF3461, delivery orders, and invoice
– Check on proof of delivery information
– Extract information quickly and easily with advanced filter options

Do you happen to know why this should be on your list?

The Mozilla Location Service is used to give you an estimated geographic location based on cell towers and wifi networks.
Personal Identifiable Information is not published. A privacy friendly approach to Googles version shouldn't be blocked.

This website simply lists your public IP address
It is not spyware or adware.
I believe this is a false positive
Thanks.

t-online.de is a Deutsche Telekom domain that is used for different services. Should be removed from malware list.

Hey Sean (@ShadowWhisperer ) I stumbled on this domain in our commit lists

The question is, as it appears like a ordinary dog site... is this a known front or is it a FP?

glendalebulldogs.com: https://0xacab.org/my-privacy-dns/matrix/-/issues/634974

This is a widget to display precious metals prices on a website
I dont believe this is malicious
Example: https://www.sprottmoney.com/blog/The-Upside-Down-Year-in-Gold-and-Silver-Erics-Yearly-Wrap-Up

Hi there,

Thank you for this list. i notice there is an invalid domain on the list:
[i] Target: https://raw.githubusercontent.com/ShadowWhisperer/BlockLists/master/Lists/Ads
[✓] Status: Retrieval successful
[✓] Parsed 19030 exact domains and 0 ABP-style domains (ignored 1 non-domain entries)
Sample of non-domain entries:
- "e-peddler.c"

Kind regards
Pete

"start.me" is being blocked, but it's a normal homepage/landing page alternative, been using it for years. Virus total results are all clean:

Hi,
This breaks ZenDesk login
This hosts ZenDesk static assets like images.

This is the SoundCloud widget
I dont believe this is malicious or related to spyware or adware
Example site where its blocked: https://www.sprottmoney.com/blog/The-Upside-Down-Year-in-Gold-and-Silver-Erics-Yearly-Wrap-Up

odc-web-geo.onedrive.akadns.net is a CNAME for onedrive.live.com
If you use CNAME Deep Inspection like I do, blocking this will break OneDrive

https://github.com/ShadowWhisperer/BlockLists/blob/master/Lists/Top_Level
.vi North America - Yemen

Something's not right here, haha

Hi I believe I found a false positive on the malware list
This domain is a sport/fitness website and not a malware website:

Thanks

see: badmojr/1Hosts#326

This is used for clicking a link to add an event to your calendar

new-fp-shed.wg1.b.yahoo.com is a CNAME for yahoo.com
If youre using CNAME deep inspection like through Pihole, this will end up blocking Yahoo

Hi,
Blocking this domain breaks ZenDesk (in app help/support)
I was trying to get help on calendar.com through their ZenDesk and blocking this domain broke the "?" button that is supposed to engage the ZenDesk helpdesk

Hi: These qualify for Free, I think?

fly.dev
deno.dev
workers.dev
pages.dev
web.app

Hi,
This domain breaks sites such as https://academic.oup.com/bjaed/article/4/5/164/291028
This is a Content Delivery Network (CDN)

This is a job board for finding work. I believe this may be a false positive.