ADD: ookangzheng-blacklist-cname

[FadeMind]

@StevenBlack please review and merge if you like.

CC @ookangzheng

Regards

[dnmTX]

Another highly controversial list solely based on personal(or should i say...paranoid) opinion and definitely not intended for use in much wider userbase like the one here. Just for example:
graph.instagram.com see #1206

v10.vortex-win.data.microsoft.com see #1197
v10.events.data.microsoft.com

redirector.gvt1.com
The domain is needed for Chrome/Chromium browsers to update it's components !
Anyone who thinks that they selling their souls to google by allowing the components to be updated they can run their
browsers with --disable-component-update and be done with it.

# Apple in-mail safebrowsing url check
token.safebrowsing.apple
safebrowsing.g.aaplimg.com
And what's wrong having this enabled?
See: https://www.macrumors.com/2021/02/11/ios-14-5-beta-safe-browsing-safari-apple-google/

sentry.deepl.com I think Steve @StevenBlack will disagree on this one 😃

ocsp.apple.com # Apple being evil, phone home
I much rather have this evil ON then OFF !!!! see #1460

So far i'm very much 👎 for adding this.

[FadeMind]

@dnmTX thank you for feedback. 💟

[StevenBlack]

Woah Dan @dnmTX go easy on my friend Tomasz @FadeMind here.

But you bring some good points.

Thanks for this Tomasz @FadeMind, a quick check:

$ ghosts -c https://raw.githubusercontent.com/ookangzheng/blahdns/master/hosts/blacklist.txt
----------------------------------------
Base hosts file summary:
----------------------------------------
Location: https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
Domains: 79,656
Bytes: 2.4 MB
----------------------------------------
----------------------------------------
Compared hosts file summary:
----------------------------------------
Location: https://raw.githubusercontent.com/ookangzheng/blahdns/master/hosts/blacklist.txt
Domains: 352
Bytes: 10 kB
----------------------------------------
Intersection: 127 domains

So we have about 36% of this suggested list already.

[StevenBlack]

Using a new beta feature of ghosts if I compare it to the fakenews-gambling-code-social list we have a total of 130 duplicates.

$ ./ghosts -m fgps -c https://raw.githubusercontent.com/ookangzheng/blahdns/master/hosts/blacklist.txt
----------------------------------------
Base hosts file summary:
----------------------------------------
Location: https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews-gambling-porn-social/hosts
Domains: 113,191
Bytes: 3.3 MB
----------------------------------------
----------------------------------------
Compared hosts file summary:
----------------------------------------
Location: https://raw.githubusercontent.com/ookangzheng/blahdns/master/hosts/blacklist.txt
Domains: 352
Bytes: 10 kB
----------------------------------------
Intersection: 130 domains

[StevenBlack]

Here are the unique domains, 222 domains total.

$ ./ghosts -unique -m fgps -c https://raw.githubusercontent.com/ookangzheng/blahdns/master/hosts/blacklist.txt

<snip>

2ip.ru
a9v8.cn
abs.ireaderm.net
activity.wps.com
ad.state.mi.us
ad2iction.com
adcl.pchome.com.tw
adsbb.depositfiles.com
adserver-prod-1937829349.us-east-2.elb.amazonaws.com
adserver.admost.com
adv.sec.miui.com
adver10.clickmon.co.kr
adver11.clickmon.co.kr
adver7.clickmon.co.kr
algovid.com
analytics.notifyvisitors.com
analytics.samsungknox.com
api-iam.intercom.io
api-lytics.macpaw.com
api.admost.com
api.appboy.eu
api.c1oudmobi.net
api.icolorfast.com
api.ireaderm.net
api.uparpu.com
aplay.wan.panda.tv
app-analytics-india.huami.com
app-analytics-us.huami.com
app-analytics.huami.com
appgiftwall.oss-us-west-1.aliyuncs.com
appinstall.click
appstatico.electronic.us
audacitydipping.com
bi.manhuaren.com
buildingdoodlesquare.com
bv4p.xgx3f3588.com
c.y.qq.com
caesar.wan.panda.tv
capture.trackjs.com
ccloud.sdkclickurl.com
cdn.awsbj0.fds.api.mi-img.com
cdn.awsbj0.fds.api.mi-img.com.mgslb.com
cdn.g.wan.douyu.com
cdn.notifyvisitors.com
cdn.samsungcloudsolution.com
cdn.shareitgames.com
cdngarenanow-a.akamaihd.net
click.dl-now.app
clk.cpi.leapmobs.com
config.unityads.unitychina.cn
control2.tvinteractive.tv
cooper.logs.roku.com
crashlyticsreports-pa.googleapis.com
ctobsnssdk.com
cu-cn-north00001.gala.convection.cn
cu-cn-north00002.gala.convection.cn
dartmotif.net
data.sec.miui.com
data.sharethis.com
daup.uparpu.com
default.exp-tas.com
derangemathsreply.com
discuz.gtimg.cn
domain-config-1259603563.file.myqcloud.com
doublemax.net
dr.sg.baidu.com
drrcns.cn
dt.beyla.site
duologinsupersdk.ewan.cn
dw-online.ksosoft.com
dz9qn8fh4jznm.cloudfront.net
e.oul78c.cn
e5019.e2.akamaiedge.net
emu.sharethis.com
engagethepower.org
engineering.sharethis.com
envyindebted.com
f.shopee.sg
feedback.miui.com
fstream.binance.com
g.wan.douyu.com
games.shopee.tw
glassbox.aircanada.ca
go.ero-advertising.com
goodusahost.cn
gozendata.com
graph.instagram.com
gz-data.com
gzads.com
hanqiweb.net
hao.360.cn
hcs084epsepa004.som.ad.state.mi.us
i10c.net
ichnaea.netflix.com
imdns.hpplay.cn
imp.appledaily.com
ip.ia22.com
jpush.binance.im
kenzz9.xyz
kinesis.us-east-1.amazonaws.com
kiwi.sharethis.com
kswj.unionapps.info
l.ad4.com.cn
launchpad.binance.com
littlefield.logs.roku.com
logger.c1oudmobi.net
logger.icolorfast.com
logger.suibyuming.com
logu.hpplay.cn
m-shes.ru
m.bchchk.cn
m.bihutg.com
m.drrcns.cn
m.henxg.cn
m.lsiwd.cn
m.sdfvk.cn
m.syxsa.cn
m.zhaibei112.top
mathtype.cn
mazu.sec.miui.com
meter.bostonglobe.com
mobile-http-intake.logs.datadoghq.com
mobile.admost.com
mobiledataplansharing.googleapis.com
movip.wps.com
mss.handmark.com
mx-gw.floraa.wales
nbstream.binance.com
nexus-websocket-a.intercom.io
norma-external-collect.meizu.com
notify.zhushou.sogou.com
ocsp.apple.com
onesignal.com
pbcde.com
people-pa.googleapis.com
photo.0234408.cn
photo.yingtaiboli.cn
picanalysis.vivo.com.cn
pl14960438.pvclouds.com
play.wan.panda.tv
popin.cc
predictionai.com
px.sharethis.com
pxcel.sharethis.com
r.search.yahoo.com
receiver-metis.infeng.site
redirector.gvt1.com
report-anf.glassboxcloud.com
report.binance.gg
report.binance.im
rest.sharethis.com
rlog_sem.vizio.com
rp.hpplay.cn
s.zimedia.com.tw
sa.tuisong.baidu.com
sa1.tuisong.baidu.com
safebrowsing.g.aaplimg.com
safeurl.maxthon.cn
scribe.logs.roku.com
sdk.api.appboy.eu
searchhtt.com
securegfm.com
self-repair.mozilla.org
sensors.binance.cloud
sentry.deepl.com
service-mopdf.wps.com
service.gz-data.com
settings-win.data.microsoft.com
sfcxv.xyz
sharethis.com
shuc-js.ksord.com
shyqxxy.com
sky.2ip.ru
sp2.baidu.com
spcdnresource-akcf.i-mobile.co.jp
ssdkauth.hpplay.cn
ssp.lkgd.net
ssv.admost.com
static-file-1259603563.file.myqcloud.com
system-update-new-2021.com
tastesk.net
tenmax.io
tkup.uparpu.com
toblog.ctobsnssdk.com
toblog.ctobsnssdk.com.w.cdngslb.com
token.safebrowsing.apple
torimochi.line-apps.com
track.adstack.co
tracker.hellay.net
uparpu.com
upgrade.gz-data.com
urlsec.qq.com
useg.nextdigital.com.hk
userdata.andrcool.com
userstats.shopee.tw
uts-front.line-apps.com
v.algovid.com
v10.events.data.microsoft.com
v10.vortex-win.data.microsoft.com
v3m.youzu.com
video-stats.l.google.com
video.manhuaren.com
wahaha.work
wan.panda.tv
web-analytics-us.huami.com
web-analytics.us-west-2.elasticbeanstalk.com
widget.intercom.io
widget.uservoice.com
wifi.ggsafe.com
win1710.ipv6.microsoft.com
wpad.example.com
wurfl.io
wwtsg.xyz
www.goodusahost.cn
www.hanqiweb.net
www.pullcf.com
www.pullcm.com
www.r1oman.com
www.shyqxxy.com
www.urlsec.qq.com
xgx3f3588.com
yingtaiboli.cn

[StevenBlack]

Looking at the TLD distribution of the 222 new domains -- from my system clipboard.

One very nice upside: 28 new .cn domains. We're weak on .cn domains; our main list only has 337 .cn domains.

$ ./ghosts --clip --tld

<snip>

----------------------------------------
Compared hosts from clipboard summary:
----------------------------------------
Location: clipboard
Domains: 222
Bytes: 4.4 kB
TLD tally:
   com: 130
   cn: 28
   net: 15
   tv: 5
   io: 5
   tw: 4
   us: 3
   ru: 3
   xyz: 3
   kr: 3
   org: 2
   im: 2
   eu: 2
   site: 2
   click: 1
   top: 1
   ca: 1
   gg: 1
   wales: 1
   info: 1
   jp: 1
   apple: 1
   hk: 1
   co: 1
   sg: 1
   cc: 1
   app: 1
   cloud: 1
   work: 1
----------------------------------------
Intersection: 0 domains

[StevenBlack]

Those 28 .cn domains:

a9v8.cn
config.unityads.unitychina.cn
cu-cn-north00001.gala.convection.cn
cu-cn-north00002.gala.convection.cn
discuz.gtimg.cn
drrcns.cn
duologinsupersdk.ewan.cn
e.oul78c.cn
goodusahost.cn
hao.360.cn
imdns.hpplay.cn
l.ad4.com.cn
logu.hpplay.cn
m.bchchk.cn
m.drrcns.cn
m.henxg.cn
m.lsiwd.cn
m.sdfvk.cn
m.syxsa.cn
mathtype.cn
photo.0234408.cn
photo.yingtaiboli.cn
picanalysis.vivo.com.cn
rp.hpplay.cn
safeurl.maxthon.cn
ssdkauth.hpplay.cn
www.goodusahost.cn
yingtaiboli.cn

[dnmTX]

Woah Dan @dnmTX go easy on my friend Tomasz @FadeMind here.

Steve @StevenBlack i wasn't attacking him or something. I was just expressing my frustration at another controversial list.

[StevenBlack]

All-good Dan @dnmTX

Tomasz @FadeMind this list has some nice features but I think Dan's @dnmTX concerns are valid.

So I think I'll pass. But thank you for the suggestion.

[FadeMind]

@StevenBlack no problem. I just found new source. Now we know whats goin on there.

[StevenBlack]

I'd love to become much, much stronger on Asian domains. Especially .cn and .ru TLD domains.

[FadeMind]

@StevenBlack can you just copy these to your list?

[StevenBlack]

I'm thinking about it Tomasz @FadeMind. I just don't know the Asian space at all, so I'm hesitant to judge.

[dnmTX]

@StevenBlack can you just copy these to your list?

Yeah,i second that. Everything Asia based just copy/paste and...life is good 😉

[StevenBlack]

Done! Thanks Tomasz @FadeMind and Dan @dnmTX.

Closing. Well, already closed 😄

[dnmTX]

I kind of went through the list owner's profile and it's obvious that he's very focused on privacy. He even ofering his own DoH Server. So i'm prety sure that he did the homework before adding any of those domains to his personal list,it's just.....some are...kind of overboard.

[jankytay]

May I ask why was cu-cn-north00002.gala.convection.cn and cu-cn-north00002.gala.convection.cn blacklisted?

These two domains seem to be used by Apple for CDN and other stuff. I've heard some complaints about Apple's operating systems downloading a considerable amount of data from those domains, presumably system updates. But so far, I've found no evidence showing those domains were used for tracking or hosting malware.

[dnmTX]

@jankytay i found them listed in another blocklist with some explanation as to why. Other then that,not much to go with.
Maybe @FadeMind could pitch in with more info?

[FadeMind]

@dnmTX you should ping @ookangzheng for knowledge. If these domains are false positive - delete them.

[dnmTX]

@FadeMind here,just FYI,it was random search on my end. Don't know anything about that list:
https://raw.githubusercontent.com/ookangzheng/blahdns/master/hosts/blacklist.txt

[jankytay]

@jankytay i found them listed in another blocklist with some explanation as to why. Other then that,not much to go with. Maybe @FadeMind could pitch in with more info?

@dnmTX Yep, that's from the author of the original blacklist file, with no explanation about how "bogus" that domain is.

@dnmTX you should ping @ookangzheng for knowledge. If these domains are false positive - delete them.

@FadeMind What do you mean by "you should ping"? Last time I checked, you're the one who opened this PR, not that user.

[dnmTX]

No need to argue about such a small thing guys.
PING @ookangzheng could you give us some more info on why those two were listed. Thanks 👍

Steve @StevenBlack if the curator doesn't respond soon,i'd say just remove them.

[zoonderkins]

If I remember correctly, those flagged as bogus domain, which I got from my home Firewall.

I monitored my iPhone activity, and I don't have any clue on this domain cu-cn-north00002.gala.convection.cn and cu-cn-north00002.gala.convection.cn what going behind the scene thus I add them into blacklist.

[jankytay]

I enabled the built-in App Privacy Report in iOS and found only the system apps that do iCloud syncing accessed one of the domains on my device. No activity for the other one.

@dnmTX @StevenBlack Since the original author isn't 100% sure about the behavior of the two domains in question, please reconsider the addition of those entries.

Also, I'd like to point out having no clue what it does is not a valid reason to add domains to a public blocklist. But I'm not coming after @FadeMind or @ookangzheng because no single person is responsible for both identifying the domain and creating the PR in this case.

[dnmTX]

@jankytay is anything broken/not working on your end when those two are blocked?
The thing is that everywhere i searched all points out to some Chinese Cloud service that presumably Apple is using(or more likely being forced to) for ICloud backup and at the same time not being transperant about it and not admitting when asked by many Chinese iPhone users.
It's all shady as heck if you ask me and if nothing is broken on your end,privacy wise,i'd say,better keep them listed.

[FadeMind]

@jankytay 👀

[zoonderkins]

@jankytay
I'd say Apple is not transparent enough so far, you know what I mean. They didn't mention or explain which domain they use in China.

Removed : zoonderkins/blahdns@b74041b

[dnmTX]

Steve @StevenBlack it's your call on this one.

[jankytay]

@.jankytay is anything broken/not working on your end when those two are blocked? The thing is that everywhere i searched all points out to some Chinese Cloud service that presumably Apple is using(or more likely being forced to) for ICloud backup and at the same time not being transperant about it and not admitting when asked by many Chinese iPhone users. It's all shady as heck if you ask me and if nothing is broken on your end,privacy wise,i'd say,better keep them listed.

@dnmTX I've kept having iCloud sync issues since May, including slow document downloads, duplicated Shortcuts, and unreliable auto backup. But I assumed it was something else, not a hosts list I trust suddenly blocked domains they are unsure about. "Presume" is not good enough for a public blocklist that does not have stable/release branches. Everything has to be moderately reasonable, backed up by evidence.

@.jankytay 👀

@FadeMind I'm going to reiterate this: you're the one who opened this PR, not ookangzhang or me. Also, I'm using SteveBlack's hosts, not ookangzhang's. So you are the one responsible for contacting the original author and submitting issues to the original repo, not me or dnmTX.

@.jankytay I'd say Apple is not transparent enough so far, you know what I mean. They didn't mention or explain which domain they use in China.

Removed : ookangzheng/blahdns@b74041b

@ookangzhang I am here for the "Unified hosts", which consists of adware + malware, not "The Evil Red + Prism". And feel free to leave out your rudeness in the draft before hitting the comment button.