Hello
The following have invalid/illegal characters in them and should be cleaned up

upload.zoined.com<
rubikloud.com<>www.rubikloud.com
my.ciradar.com<>www.my.ciradar.com
offers.ciradar.com<>www.offers.ciradar.com
learn.smartly.io<>www.learn.smartly.io
beta.narvar.com<>www.beta.narvar.com
storehippo.com<>www.storehippo.com

could you please fix the following two typos/non valid domain in your list?

[-] Total Unique Subdomains Found: 77
wealthfidelitylimited,cin

centinelapi.cardinalcommerce.com

This appears to be used for 3DS2 secure to verify card payments. Was unable to progress with a card payment on Asda's website due to this.

Unsure what else it may be used for but being able to verify 3DS2 payments seems fairly integral to being able to browse.

For some podcast apps appear to use traffic.megaphone.fm to provide content delivery. If this URL is blocked then some podcasts will fail to play or load.

There are two other URL's that are very similar but do not look to break any functionality those being www.traffic.megaphone.fm and u002ftraffic.megaphone.fm. So those do NOT need to be removed.

It can be replicated on the podcast app 'sodes on iOS and the podcast Darknet Diaries. There are other podcasts that use that URL and others that do not. That is just one I know uses it.

This is on the SNAFU.txt list.

sephora.narvar.com is on this list inherited from tracking.narvar.com.

Possible analytical tracking(?), Narvar is a shipping/delivery platform for business to consumer. Curious to see if this intended, or if there's tracking behind the scenes from this provider?

This is a graphic design software website blocked by the SNAFU list. I can understand the email subdomain being blocked but I'm not sure why their main website is.

A large fast-food store uses Adyen* as payment provider for use with iDeal, which sounds like a false positive.

It was added, along with a large bunch of other domains from Adyen*, in this commit:

dc33387#diff-a452d476c2e2bbc2a88a8c8823185bf2b2413ba4a7bc79611923ab1ee8e35fd2R55610

Hi

I noticed I had to selectively allow dhhs.carto.com and gusc.ep.carto.com which are similar to Google Maps.
Is it a false positive or is it expected ?

Thanks

I saw sockjs.pusher.com in my blocked query logs, and I was wondering whether this is a FP or not. It looks like a service used for push notifications, chat, etc. (see https://pusher.com), but I'm unsure whether it is blocked for being a tracking domain/some other reason.

Blocking this breaks the Target store's iOS app, none of the images will load.

Related to #22

Needed for https://www.webroot.com/us/en/business/resources/system-analyzer to work

This site is required for communityforums.rogers.com , a forum for Rogers ISP subscribers.
Thanks!

Sidenote: yours seems to be the only blocklist out of the 450 I am using blocking these lithium sites. Where did you get these domains from?

Hi,

Whilst trying to make bank payments today I was thwarted several times because the following domains are used by banks in the UK (possbily globally) to authenticate card payments online. I;ve whitelisted these domains in my PiHole setup, but for all theother out there it may be prudent to remove these domains from the SNAFU.txt block list:

• authentication.cardinalcommerce.com
• geoissuer.cardinalcommerce.com
• geo.cardinalcommerce.com
• writer.cardinalcommerce.com
• centinalapi.cardinalcommerce.com

Thanks,

Hi,
This domain is needed for Android's telephone spam protect feature
While this domain is blocked, I recieved SMS spam texts that I did not get while it wasn;t blocked

This domain is needed to unsubscribe from emails on mailerlite

Please check the line that holds
platform.twitter.com

This is what it looks like
api-glb-sjc.smoot.apple.comapi.acompli.netapi.mixpanel.comapi.segment.ioapi.twitch.tvapi.twitter.comapiservices.krxd.netapps.itunes.comas.jivox.com
as.jivox.comas.jivox.com
apple-finance.query.yahoo.comas.jivox.com
evs.jivox.comevs.jivox.com
playercdn.jivox.complayercdn.jivox.com
platform.twitter.complayercdn.jivox.com
pxl.jivox.compxl.jivox.com
creativescdn.jivox.com

There are several lines that have no breaks. And playercdn.jivox.com is listed multiple times.

Also I believe that platform.twitter.com should not be in this list. I had to whitelist it to avoid errors on mobile devices.

This looks like a minor bug:

Thanks for your work.

I've not had any issues buying games from the steam client before, but today when I tried, it errored out (claimed I had no internet connection) and when I checked my pihole logs the domain 'checkoutshopper-live.adyen.com' had been blocked.

Tried adding it to my whitelist, and then the purchase went through fine.

This domain prevents content on pages from displaying
EG Blocks text from loading
https://forbesrealestatecouncil.com/app/
and
https://www.purposeinvest.com/canadians

Chat bank inter use qs976j62-android.mobile-sdk-api.intercom.io

Thanks
Maison

Since the last few days I've been having issues watching Youtube videos on my phone.

I tracked it down to this blocklist, and the semanticlocation-pa.googleapis.com domaine.

Is that something that will get updated/fix, or that I need to disable from now on ?

similarly, with all variations of:
rX---sn-XXXXXXX.googlevideo.com , from a different blocklist.

Just trying to figure out what I should whitelist,
Thanks.

Used for intercom chat on Vilfo devices

Needed for https://fsdata.help/sv/ to work

Part of demisto.com

This is used for chat software on websites

Hello! If this domain is blocked then online chats based on Bitrix24 services don't work. Found out that while trying to consult in online shop website.

Can't access the login portal for my energy provider to pay and view my bills when cdn.ravenjs.com is blocked. Energy provider is https://www.reampedenergy.com.au/

db6777d introduced the spurious line 2 script.crazyegg.com. I assumed this was illegal but I’m not an expert. Is it meant this way?

prod-live-chat.sprinklr.com is used on sites such as samsung.com in order to open an online chat with product support. Suspect this service is used on the other sites too.

There are other sprinklr.com entries in the list, some of which may be non-tracking, however just the above needed allowing to enable the chat window to open.

This breaks pages created with Lithium such as https://www.paypal-community.com/t5/My-Money/Invalid-Card-Number-I-am-going-crazy/td-p/1544116

In use by

https://dynabook.com.my/

Blocking this results in broken images

Hi
This is parcel tracking, not spyware tracking :)

Hi there,

I believe the unpkg.com shouldn't be blocked, as it's a general-purpose CDN that serves npm packages.

unpkg.com
www.unpkg.com

Added in: 8132cf4#diff-782bcd5749cc4dfa54a652ad072dcf25R18964-R18965

I'm not sure why this was added to your list, so if it should not intentionally be blocked (as it does not classify under ads nor trackers), I'd like to ask to remove it from your list.

eventprd10b.on24.com is a CNAME for event.on24.com
On24 platform provides online educational webinars
Not malicious

Hi Rooney
Thanks for the great list
Just reporting kaymo75663.lithium.com as a false positive
It is needed for community.teamviewer.com
It is not in any other blocklists but yours

Thanks !

This is a real-time API to build engaging remote experiences using in-app chat, push notifications, etc
pubsub-rc.pubnub.com is a CNAME for ringcentral.pubnubapi.com which is RingCentral, a teleconferencing system
I dont believe blocking an API is a good idea. Rather, we should block malicious apps that may leverage an API.

Hi there,

thank you for your work!

api.usercentrics.eu is needed so that the Andoid App "Flaschenpost" is working. Please have a look at it. :)

Hi,
I believe this is a domain for Facebook's Portal smart hub.
Yours seems to be the only blocklist in my adlist that is blocking this!
Are you sure its malicious?
Thanks!

This is not tracking or ads.

dyjpb62732.i.lithium.com is required to view github.community threads correctly (with it blocked, formatting looks incorrect).

This site allows downloads for purchased content from small developers and creators

Part of a support solution

Hi there,

I'm not quite sure if this was intentionally blocked, but the dyncdn.me is a cdn exclusive to the RARBG website and is used to load images and other site content.

dyncdn.me
www.dyncdn.me

Added in: 8132cf4#diff-782bcd5749cc4dfa54a652ad072dcf25R18989-R18992

You can verify this by visiting any of the RARBG mirrors:

• rarbgproxy.org
• rarbg.to
• rarbgmirror.com

Note: RARBG is a popular and safe torrenting website.

If the dyncdn.me domain should not intentionally be blocked (as it does not classify under ads nor trackers), I'd like to ask to remove it from your list.

Hello, thank you for your SNAFU list. I have found a few invalid entries that you might not be aware of:

Space in domain name:

• profile- eu.exe.bid
• http win.staticstuff.net
• ipb0c .voluumtrk3.com
• wood. www.ispot.tv
• pearsonn rpush.cogocast.net
• m e.maillist-manage.com

Leading -

According to rfc3696

If the hyphen is used, it is not permitted to appear at
either the beginning or end of a label.

• -x3.vindicosuite.com

Leading .

You might have these entries in here on purpose. If so, please ignore.

• .yieldoptimizer.com
• .nemosys.ws.markmonitor.com
• .pagefair.net
• .qa2.la.razorfish.com

dns.msftncsi.com is used by Microsoft Windows as part of it's Network Connectivity Status Indicator tests.

It is also used by some router manufactures.

The domain static.cloud.coveo.com serves content to Hewlett Packard Enterprise Support Center pages. If the URL is blocked only a white page is shown. Once whitelisted the rest of the game loads.

This URL is on the SNAFU list.

DL380p Gen8 Server Page To Test.

First, I am a human not a bot. A bot will not have the interest to send such a pull request.

The duplicates are easy to spot. Please copy all content starting from the Line 17 of SNAFU.txt to any online tool or offline editor.

I use https://www.somacon.com/p568.php

The result is here

https://pastebin.com/a2APKWaS

I cannot just past it here because Github reminds me of the issue 'There was an error creating your Issue: body is too long (maximum is 65536 characters). '.

Used for legitimate chat software online.

Hi,
Regarding track*.channelsight.com
The above domain is invalid (assuming the SNAFU.txt file was not meant to use wildcards)