🌓 Reflection | 💿 Redundancy | ✅ Reliability
Automatically maintained malicious host blacklists and false-positive whitelists.
🛡️ Privacy Protectors
- Test your browser's tracking resilience with CoverYourTracks!
- Support LetsBlockIt to consolidate and simplify uBlock filters!
- Explore PrivacyGuides and Prism Break to discover services that respect your privacy!
- Use BypassPaywalls to access restricted and useful information, such as the WSJ's Facebook Files.
- Skip over URL shortener links by using FastForward, which is a better alternative to outright domain blocking.
🖋️ Manifesto
Defines the logic behind why a host is permitted or blocked. Please report any hosts that are wrongly blocked or sources that do not wholly align in an issue. Reference the contribution guidelines.
📋 Attributes
- Produced in domain-only, IPv4-only, IPv4-CIDR-only, and IPv6-only builds.
- Updates at 1:27 AM & PM UTC.
- No excess or trailing whitespace.
- No lingering webscraper garbage.
- Lines are terminated with
lf
. - No blank lines.
- No comments.
🚚 Deliverables
⚓ Hyperlinks
List Name | File Content | Unique Entries | File Size | Mirror 1 | Mirror 2 |
---|---|---|---|---|---|
black_domain | Domain entries | 7,074,008 | 159M | [ |
[ |
black_ipv4 | IPv4 addresses | 738,750 | 10M | [ |
[ |
black_ipv4_cidr | IPv4 CIDR blocks | 23,096 | 387K | [ |
[ |
black_ipv6 | IPv6 addresses | 9,963 | 302K | [ |
[ |
white_domain | Domain entries | 21,964 | 334K | [ |
[ |
white_ipv4 | IPv4 addresses | 11,776 | 163K | [ |
[ |
white_ipv4_cidr | IPv4 CIDR blocks | 1,523 | 24K | [ |
[ |
white_ipv6 | IPv6 addresses | 2,799 | 107K | [ |
[ |
🧮 Checksum Evaluation
cat black_domain.txt | sha256sum -c black_domain.checksums --status && echo $?
A return code of 0
means the check was successful. The specific checksum command can be any of the following:
md5sum
b2sum
sha1sum
sha224sum
sha256sum
sha384sum
sha512sum
🐙 Fetching GitHub Releases
Provided below are some examples to fetch release artifacts leveraging the GitHub API.
Get all build artifacts
curl --proto '=https' --tlsv1.3 -H 'Accept: application/vnd.github.v3+json' -sSf https://api.github.com/repos/T145/black-mirror/releases/latest | jq -r '.assets[].browser_download_url'
Get a build artifact & its checksum
curl --proto '=https' --tlsv1.3 -H 'Accept: application/vnd.github.v3+json' -sSf https://api.github.com/repos/T145/black-mirror/releases/latest | jq -r '.assets[] | select(.name | startswith("black_domain")).browser_download_url'
Get a single build artifact
curl --proto '=https' --tlsv1.3 -H 'Accept: application/vnd.github.v3+json' -sSf https://api.github.com/repos/T145/black-mirror/releases/latest | jq -r '.assets[] | select(.name | startswith("black_domain")) | select(.name | endswith(".txt")).browser_download_url'
🛠️ Usage
Desktop OS Hosts File
mawk '{print "0.0.0.0 " $0}' black_domain.txt >>hosts
# mawk '{print ":: " $0}' black_domain.txt >>hosts
mawk '{print "0.0.0.0 " $0}' black_ipv4.txt >>hosts
mawk '{print ":: " $0}' black_ipv6.txt >>hosts
dnsmasq
Many popular platforms such as OpenWRT, DDWRT, and Pihole use DNSmasq as their choice TCP powerhouse. After inspecting many domain blocklists you'll inevitably run across a list in the dnsmasq.conf
format. This list doesn't support it because you can use the addn-hosts
parameter to add hosts in the list.
Target a file that has the hosts in a format similar to the Desktop OS Hosts File format.
If you're using the RADVD
daemon, prepend any listed hosts with ::
. Otherwise, even if you have IPv6 support set up, prepend hosts with 0.0.0.0
.
This has been tested across all the mentioned platforms using dig{6}
on a small sample size and had each host null-routed successfully. DNSmasq's man page discusses configuration further, and DDWRT's ad blocking wiki page provides some examples.
Amazon EC2 DNS Resolver
Follow this guide to create a DNS server on a Amazon EC2 instance.
pihole
If you'd like to update when some sources do or not extract a production build, just use the single-line list sources.pihole
. Note that this list only contains Pihole-compatible sources, and not every handled source. Some manual configuration may also be required.
unbound
Similar to dnsmasq, but requires more manual configuration. Name any products as a *.conf file. Then follow Steffinstanly's instructions on how to apply blocklists.
personalDNSfilter
Use the domain list.
📚 Sources
Please report any redundant sources in an issue!
⬛ Blacklists
- Perflyst
- android-tracking
- AmazonFireTV
- SessionReplay
- SmartTV
- anti_ad
- kodopenguin
- Main-Template
- Gaming-Full-Template
- Android-Full-Template
- notracking
- oisd_full
- oisd_extra
- openphish
- phishing_army
- easylist_finnish
- easylist_indonesian
- List-KR
- KADhosts
- polish-ads-filter
- hole_cert_pl
- hostfile
- Frellwits-filter-lists
- wally3k
- Energized Xtreme Extension
- AnudeepND
- WindowsSpyBlocker
- Sinfonietta
- The Block List Project
- Blackbird for Windows
- FireHOL Level 4
- blocklist_de
- geoffrey_frogeye
- threatcrowd
- antisocialengineer
windscribe- not_on_my_shift
- lightswitch05|developerdan
- resecure_me
- kriskintel
- filtri_dns
- mailscanner
- binarydefense
- digitalside
- matomo_spam
- Abuse.ch
- feodotracker
- sslbl
- urlhaus
- threatfox (domains only)
- 360_netlab
- cybercrime
- taz_spam
- bruteforceblocker
- myip_full_blacklist
- myip_webcrawlers
- 4skinSkywalker Anti Porn
- ios-trackers
- apple-telemetry
- ISC Sans/DShield
- adscore
- alphastrike
- arbor
- blindferret
- censys
- ciarmy
- cybergreen
- erratasec
- internetcensus
- ipip
- netsystems
- onyphe
- rapid7sonar
- recyber
- scorecard
- shadowserver
- shodan
- stretchoid
- (Skipping tldns and tor since they're "other" lists and not especially malicious)
- Whitelist TLD Name Servers and Tor Exit Nodes from Tor Project?
- univmichigan
- univsydney
- cinsscore
- Rutgers University Attack Log
- threatsourcing
- maltrail
- darklist
- cryptolaemus
- alienvault
- turris
- spamhaus
- voipbl
- botvrij
- malsilo|raw-data
- The Quantum Ad-List
- Last updated nearly a year ago and may need to be deprecated, though most hosts seem to be up.
- Airelle's Hosts
- someonewhocares
- FutaFilter
- betterfyi
- ayashige
- yoyo
- winhelp2002
- ddgtrackerradar
- Exodus trackers
- npc hosts
- fanboy
- CoinBlockerLists
- ShadowWhisperer
- OpenDBL/talos
- azorult tracker
- Project Honey Pot
- viriback
- PhishStats
- dandelionsprout
- antimalware
- norwegian
- Certego Intel
- Mirai Tracker
- Cyber Cure
- IPsum
- Gets IPs from maltrail
- Benkow_
- malware-discoverer
- mobiletrackers
- Kaspersky TinyCheck
- stalkerware-indicators
- Additional (Undesired) Hosts
- UCEPROTECT
- Exodus Privacy
- DShield
- NoTrack
- NoTrack Tracker Radar
- 1Hosts Includes
- Disconnect.
- StevenBlack
- adblock-nocoin-list
- Adguard (more to come)
- durablenapkin
- Phishing Database
- Active domains & IPs only.
- GoodbyeAds
- xfiles
- RPiList
- Corona-Blacklist
- Fake-Science
- MS-Office-Telemetry
- Phishing-Angriffe
- Win10Telemetry
- child-protection
- notserious
- infinitytec
- shady-hosts
- DataPlane
- C2IntelFeeds
- joewein's custom list
- SecurityResearch
- Sunshine
- Webradio (Germans know how to party: be nice!)
- bjornstar
- CyberSaiyan
- d3ward
⬜ Whitelists
Applied to generated blacklists.
- Energized Unblock
- AnudeepND False Positives
- AnudeepND Whitelist
- hipo_universities
- public_dns
- tor_bulkexitlist
- dan_me_uk
- CoinBlockerWhiteList
ShadowWhisperer's Filter- 1Hosts Excludes
- Team Cymru
- C2Intel Nord VPN IPs
🥢 Duplicates
Sources that contain duplicate and potentially deprecated data.
- andryou
- adfree
- Save as "adfree.gz," and run "gunzip adfree.gz"
- canihazprivacy
- ftpmorph pastebin
- mypdns
- gnuzilla
- In
update.sh
:wget https://easylist-downloads.adblockplus.org/easyprivacy.txt -q wget https://easylist-downloads.adblockplus.org/easylist.txt -q #wget https://easylist-downloads.adblockplus.org/antiadblockfilters.txt -q #wget https://easylist-downloads.adblockplus.org/fanboy-annoyance.txt -q wget https://easylist-downloads.adblockplus.org/fanboy-social.txt -q
- In
- sebsauvage
- EmergingThreats
- Pulls from abuse.ch, spamhaus, and dshield, which are all in use.
- mobile-hosts
- potentialTrackers
- UsefulLinuxShellScripts
- Active but references sources from iBlocklist.
- hosts.extra
- blackbook
- mischosts
- Only TikTok list; WhiteOps is should be double-checked.
- ut-capitole
- Has a lot of deprecated data.
- joewein's base list
- Likely draws from other sources.
- shallalist
- Similar to
ut-capitole
.
- Similar to
- malware-filter
- AdlistTXTS
- socialblocklists
🧟 Zombies
Sources that are dead or deprecated and not included but may be worth mentioning.
- Squidguard Archive
- Found individually a while back
- Contains some obvious placeholder/garbage domains
- BarbBlock
- NSABlocklist
- Wael
- Sblam
- St. Dominic's Priory College Droplists
- URLVir
- unit42
- Select
Go to file
, then search using the term "domains"
- Select
- fireeye
- aptnotes
- malware-indicators
- da667
- malware-ioc
- malwaredomains
- multiproxy
- malwaredomainlist
- malware-traffic-analysis
- nothink
- targetedthreats
- policeman-rulesets
- malwaremustdie
- threatfeeds
- Some HTTP-200 sources updated a long time ago
- yourcmc
Last-Modified: Wed, 04 Jul 2012 21:04:35 GMT
- iblocklist
- malc0de
- MALC0DE'S RSS FEED CONTAINS SHADE RANSOMWARE! YOU HAVE BEEN WARNED.
- cameleon
- hexxium
- malfeed
- carl.net
last-modified: Sun, 01 Sep 2002 16:05:00 GMT
- BadHosts
- Last updated in 2018
- gjtech
- ethanr dns-blacklists
- keweonDNS up2date
- deathbybandaid
- Ransomware Overview
- fanboy
- ryanbr
- Princeton Webcensus
- UnrealSecurity
- Takes too long to respond; likely offline.
- ipspamlist
- Last updated in 2020.
- neohosts
- android-stalkerware
- stalkerware-urls
- Presently archived.
- h3x
- Feeds are empty.
- Minimal-Hosts-Blocker
- blacklist-named
- Does not update automatically.
- sophos-xg-block-lists
- piholeparser
- IsraelList
- niecko
- DontPushMe
- pfbng
- NanoFilters
- dnsbl-dfed
- nopelist
- DisconnectMe AWS
- simple_ad (Last-Modified: Fri, 31 Jul 2015 19:01:02 GMT)
- simple_tracking (Last-Modified: Sat, 01 Feb 2020 02:37:09 GMT)
- shavar-prod-lists
- ad-wars
- phishing_hosts
- antipopads
- romanian-media-propaganda-adblock-list
- cosmonotes
- Mediafire links are still good.
- Gift-Card-Killer
- crypto-scams-fr
- GetAdmiral
- nolovia
- Active but references many dead sources.
- spammerslapper
- Badd-Boyz-Hosts
- The-Big-List-of-Hacked-Malware-Web-Sites
- AdmiraList
- dns-zone-blacklist
- List-KR
- uBlock-Filters-Plus
- uBOPa
- iploggerfilter
- thai-ads-filter
- jaka's domains
- Cryptojacking-campaign-list
- Active but draws from inactive Google Sheets.
- https://dehakkelaar.nl/lists/
- yhosts
- easylistczechandslovak
- Andrew's Settings
- dupontjean
- jmdugan
- void-gr-filters
- pdns-recreator
- adblock.gardar
- TR-PhishingList
- Spam404
- bgpranking
- vxvault
- Offline since last check.
- anti-pr0n
- Evil Domains
- AdBlock Rules
- Clickbait Blocklist
- Hello, Goodbye
- 0131 blocklist
- international-list
- nothingblock
- Andromeda uBlock
- uBlock Filters Plus
- I don't care about cookies
- Netlab's Mirai Scanner
- cyberthreat
- Service has ended.
- Haruko
- Offline since last check.
- Charles B. Haley
- Offline since last check.
- Clefspeare13
- Zonefiles
- Offline since last check.
🕵🏻 Lamers Unwelcome
📦 Big Data Lists
Typically used by other blacklist projects as whitelists.
🌐 IP Block Providers
Simply provide IP blocks for entire geographic regions.
🎶 Notes
R Language
Docker installs
RUN apt-get -y install r-base
# install libarchive manually since libarchive-dev is at version 3.4.3
# https://github.com/libarchive/libarchive/wiki/BuildInstructions#using-configure-for-building-from-the-command-line-on-linux-freebsd-solaris-cygwin-aix-interix-mac-os-x-and-other-unix-like-systems
# https://www.zhouchun.net/blog/show/439 (run all commands together to prevent spawning subcontainers)
RUN aria2c https://github.com/libarchive/libarchive/releases/download/v3.5.2/libarchive-3.5.2.tar.gz \
&& tar xzf libarchive-3.5.2.tar.gz \
&& cd libarchive-3.5.2 \
&& ./configure \
&& make \
&& make check \
&& make install \
&& cd .. \
&& rm libarchive-3.5.2.tar.gz
# install R libarchive bindings
# https://github.com/r-lib/archive
RUN echo 'install.packages("archive", repos="https://cloud.r-project.org/")' | R --vanilla \
&& echo 'install.packages("data.table", repos="https://cloud.r-project.org/")' | R --vanilla
Boosting speeds
- http://adv-r.had.co.nz/Performance.html
- http://www.pqr-project.org/
- https://github.com/bedatadriven/renjin
- http://www.dartistics.com/fast-r-code.html
- https://datascienceplus.com/strategies-to-speedup-r-code/
Need for speed
References
- https://fossies.org/linux/parallel/src/parsort
- https://unix.stackexchange.com/questions/579251/how-to-use-parallel-to-speed-up-sort-for-big-files-fitting-in-ram#579252
- https://askubuntu.com/questions/1006377/check-the-max-allowed-threads-count-for-sure#1006384
- https://stackoverflow.com/questions/9066609/fastest-possible-grep