aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorCHEF-KOCH <Nvinsidemail.com>2015-10-08 15:58:11 +0200
committerCHEF-KOCH <Nvinsidemail.com>2015-10-08 15:58:11 +0200
commit9c47a675a3b77da34d7de9de55e32389f48a7a4c (patch)
tree90af70971f01696fe08b5d18e96801149bfebd91
parentIANA list completed (diff)
downloadnsablocklist-9c47a675a3b77da34d7de9de55e32389f48a7a4c.tar.xz
nsablocklist-9c47a675a3b77da34d7de9de55e32389f48a7a4c.zip
bigger update
Signed-off-by: CHEF-KOCH <Nvinsidemail.com>
Diffstat
-rw-r--r--README.md112
-rw-r--r--References.txt78
-rw-r--r--problematic.txt388
-rw-r--r--test/Search engines/Please read this.txt2
-rw-r--r--test/needs confirmation/needs confirmation.txt (renamed from test/needs confirmation.txt)0
-rw-r--r--test/other hosts sources/Other sources.txt62
6 files changed, 567 insertions, 75 deletions
diff --git a/README.md b/README.md
index 364feb8..7d3eb9c 100644
--- a/README.md
+++ b/README.md
@@ -4,10 +4,11 @@ NSABlocklist© file original created under the MIT license 2015 by [CHEF-KOCH](h
Description
------------
-This isn't yet another [hosts file](https://en.wikipedia.org/wiki/Hosts_(file)) or [DNSBL](https://en.wikipedia.org/wiki/DNSBL) that claims to secure the web, it's specially designed to _stop_ known NSA / GCHQ / C.I.A. or F.B.I. servers from beeing connecting to you without permission, of course the IP's also can be used for Bot Revolt or other tools. The list is not designed to block common malware, spyware or anything that is already avaible on the net via a proper designed hosts for such case. This hosts or the super ranges lists could block some of your sites/servers you may need, so you'll be warned!
+This isn't yet another [hosts file](https://en.wikipedia.org/wiki/Hosts_(file)) or [DNSBL](https://en.wikipedia.org/wiki/DNSBL) that claims to secure the web, it's specially designed to _stop_ known NSA / GCHQ / C.I.A. or F.B.I. servers from beeing connecting to you without permission, of course the IP's also can be used for Bot Revolt or other tools. The list is not designed to block common malware, spyware/ads or anything that is already avaible on the net via a proper designed hosts for such special case. This hosts or the super ranges lists could block some of your sites/servers you may need, so you'll be warned!
-My list is original based on 2007 published Wikileaks documents and includes my own modifications from 2015.
+My list is original based on 2007 published Wikileaks documents and includes my own modifications from 2008, 2012, 2014 and 2015.
+
This project includes
@@ -20,6 +21,14 @@ This project includes
* An '[problematic.txt](https://github.com/CHEF-KOCH/NSABlocklist/blob/master/problematic.txt)' file wich includes DNS/PTRs that are possible problematic for you.
* The 'Mail.txt' file in case you want to speak with me over encrypted email.
* An 'test' folder for IPv6 only domains. It also contains an 'html' folder for html formatted entries, an 'onion' folder for suspect or faked .onions and an 'Tor' folder for a quick guide how to run an non-exit relay in around 10 minutes.
+* The 'References.txt' which contains relevant information about spying or additional topics which may related to reveal surveillance.
+
+
+
+Any problems, questions or something wrong?
+------------
+
+* Feel free to open an issue ticket and I will look at it asap. - Pull Requests or ideas are always welcome!
Important Notice
@@ -27,46 +36,48 @@ Important Notice
* A true list of compromised IPs would list the entire Internet, then on to the fuller range open mouth blabbering of blogs, email, chat rooms, texting, aided and abetted by the world's telecoms, postal services, and, most reliably, bedroom murmurings.
* I do not accept donations, I'm not doing this because I want $$money or hype I'm doing this because I didn't found a proper list on the whole internet and of course I want to share my knowledge for free. I always think that such information should be available for everyone on the world.
-* Please keep in mind that updates/encryption/knowlage is our 'only' weapon against NSA and other agancies, since I not encrypt this list (for what?) the update argument is important so I always search for maintainer to complete the lists. It's not possible to update everything daily or every x hours.
+* Please keep in mind that updates/encryption/knowlage is our _only_ weapon against NSA and other agancies, since I not encrypt this list (for what?) the update argument is important so I always search for maintainer to complete the list(s). It's currently not possible to update everything daily or every x hours since there is no tool/software/script which detect such servers automatically - it needs to be checked against domain servers, trace-routes, documents - all by hand!
+
Do you hate the NSA or other agencies?
------------
-* I do not _hate_ the NSA or other agencies but I really don't like that everyone is automatically under the microscope and of course that there is no opt-out or transparency excpect lies and more lies (and some excuses ...yeah, we are doing this because terrorism, go f$ck yourself with such statements!)
+* I do not _hate_ the NSA or other agencies but I really don't like that everyone is automatically under the microscope (mass surveillance) and of course that there is no 'opt-out' or transparency excpect lies and more lies (and some excuses ...yeah, we are doing this because terrorism, go f$ck yourself with such statements!)
* Everyone have something to hide, passwords, privat data, accounts, other metadata, [...]
+
Known problems
------------
-* An hosts file is no guarantee, if NSA is already in your system it's just to late.
+* An HOSTS file is no guarantee that if the NSA is already 'in your system/network' - to protect you - it's just to late.
* HOSTS files are no guarantee that NSA or any other attacker/organization could simply bypass it via 0day or other vulnerabilitys on your system/router.
* HOSTS files can't protect against attacks directly in hardware, e.g. if the router is already compromised or comes with backdoors this list will be easily bypassed anyway.
-* Due the complex of the entire file I can't explain every single IP/Domain/PTR record.
-* The hosts file may present an attack vector for malicious software because the file could be modified to redirect the entire traffic e.g. adware or trojans can do this. Ensure that the file was marked as read-only and you're not logged in as adminstrator.
+* Due the complex of the entire file I can't explain every single IP/Domain/PTR record. If somethig was changed, feel free to open a pull request or send me an eMail.
+* The GOSTS file may present an attack vector for malicious software because the file could be modified to redirect the entire traffic e.g. adware/trojans can do this. Ensure that the file was marked as read-only and you're not logged in as adminstrator.
+* Trace-route analysis especially on IPv4 networks are sometimes outdated (due the mass of requests).
* Be careful when blocking IP addresses, as IP addresses change frequently and can block people you don't intend to block.
* **NSA and other agancies can spy on traffic directly from supercomputers like infamous Echelon connected directly to some backbone without revealing any IP. This is an common problem, only strong and proper implemented encryption helps.**
-Any problems, questions or something wrong?
-------------
-
-* Feel free to open an issue ticket and I will look at it asap. - Pull Requests or ideas are always welcome!
-
ToDo:
------------
- [ ] Fix Readme.md, typos, grammar,...
- [ ] Sort hosts entries alphabetically
- - [ ] Add an seperate hosts file for MS, Apple, Google (if someone needs it)
+ - [ ] Add an seperate hosts file for MS, Apple, Google (if someone really needs it)
- [ ] Monthly updates!?
- [ ] Find invalid entries or domains that aren't online anymore (high-prio)
- [ ] Fix/merge all reported [issues](https://github.com/CHEF-KOCH/NSABlocklist/issues)
- - [ ] Add explanation how to identify compromised domains/DNS or other bogus addresses
+ - [ ] Add explanation how to identify compromised domains/DNS or other bogus addresses (high-prio)
- [ ] Add solutions to e.g. secure DNS via DNSCrypt/DANE (low-prio)
- [x] Add IPv6 only hosts file (low-prio)
+ - [x] Add mirror(s) in case some papers/news are linked directly on blocked goverment pages (low-prio)
+- [ ] Use external file for sources, reference and researches
+- [x] Create an external References.txt for all nessary spying information so people can directly link into it
+
Utils
@@ -75,14 +86,21 @@ Utils
* [TCPIPUTILS](http://www.tcpiputils.com/)
* [Robtex](https://www.robtex.com)
* [ZMap - The Internet Scanner](https://zmap.io/)
+* [IP Address Details (ipinfo.io)](https://ipinfo.io/)
* tracert nsa.gov, see [how TRACERT command works](http://support.microsoft.com/?kbid=162326)
* ... [others](http://www.rationallyparanoid.com/resources/)
* [GlobalLeaks](https://globaleaks.org/) [Open-source anonymous whistleblowing software]
+* [Freedom Box](http://freedomboxfoundation.org/learn/)
+* [DenyHosts](http://denyhosts.sourceforge.net/)
+* [Decode Your HTTP Traffic with Open Source Sysdig (sysdig.com)](https://sysdig.com/decode-your-http-traffic-with-sysdig/)
+* [Courage Foundation](https://www.couragefound.org/)
+
Project History
------------
+- [x] 15.09.2015 Seperate the into his own References.txt file (list was also updated)
- [x] 04.09.2015 Added Ipv6 list, sort the test lists in his own cat.
- [x] 02.09.2015 Added 'Snowden documents compilations'
- [x] 19.08.2015 Added Backbone Providers and other involved services
@@ -92,40 +110,6 @@ Project History
- [x] 14.08.2015 Initial upload of the entire project and small Readme.md corrections
-References
-------------
-
-* [Patriot Act | Wikipedia](https://en.wikipedia.org/wiki/USA_PATRIOT_Act) + CALEA act
-* [Cryptome | cryptome.org](http://cryptome.info/0001/ip-tla.htm)
-* [NSA's Autonomous Systems (AS),](https://www.robtex.net/?_escaped_fragment_=dns%3Dnsa.gov#!dns=nsa.gov)
-* [33bits | 33bits.org](http://33bits.org/)
-* [What an IP Address Can Reveal About You | priv.gc.ca](https://www.priv.gc.ca/information/research-recherche/2013/ip_201305_e.asp)
-* [Randomtalker web-privacy](http://randomwalker.info/web-privacy/)
-* [https://bosnadev.com/2015/04/14/facebook-chats-are-being-scanned-by-a-cia-funded-company/](Chats Are Being Scanned By A CIA Funded Company)
-* [Mobile Security Wiki | mobilesecuritywiki.com](https://mobilesecuritywiki.com/)
-* [Researcher at Kaspersky Labs have discovered a list of domains used by the NSA to install malware on victim's PC around the world.](https://www.hackread.com/here-is-a-list-of-urls-used-by-the-nsa-to-install-malware-on-pcs-worldwide/)
-* [NSA PRISM Keywords For Domestic Spying | Business Insider](http://www.businessinsider.com/nsa-prism-keywords-for-domestic-spying-2013-6?IR=T)
-* [Windows and the backdoor question from 1999 | CNN](http://edition.cnn.com/TECH/computing/9909/03/windows.nsa.02/)
-* [Psssst: Wanna Buy a Used Spy Website? | Wired](http://www.wired.com/2015/03/nsa_domains/)
-* [Understanding NSA Malware | Schneier on Security](https://www.schneier.com/blog/archives/2015/02/understanding_n.html)
-* [Check if NSA warrantless surveillance is looking at your IP traffic | Lookingglassnews](http://www.lookingglassnews.org/viewstory.php?storyid=6861)
-* [Sensitive IP addresses | Wikipedia](https://en.wikipedia.org/wiki/Wikipedia:Sensitive_IP_addresses)
-* [Do Not Scan - Government IP list | PeerBlock Forums](http://forums.peerblock.com/read.php?8,14794,14794)
-* [Hardened user.js for Firefox to stop data leackage | GitHub](https://github.com/pyllyukko/user.js)
-* [Firefox Zero-Day Exploit used by FBI to shutdown Child porn on Tor Network hostin; Tor Mail Compromised](https://thehackernews.com/2013/08/Firefox-Exploit-Tor-Network-child-pornography-Freedom-Hosting.html)
-* [Entire set of 5,300+ .gov domains as .csv file | GitHub](https://gsa.github.io/data/dotgov-domains/2014-12-01-full.csv)
-* [SS7 hack shown demonstrated to track anyone | 60 Minutes](http://www.9jumpin.com.au/show/60minutes/stories/2015/august/phone-hacking/)
-* [SSL Blacklist](https://sslbl.abuse.ch/blacklist/)
-* [MITM-Proxy](https://mitmproxy.org/doc/howmitmproxy.html) + [Lagado proxy test](http://www.lagado.com/proxy-test) + [Lagado cache test](http://www.lagado.com/tools/cache-test)
-* [Detect Superfish, Komodia and Privdog | filippo](https://filippo.io/Badfish/)
-* [SSL eye prism protection | digi77](https://www.digi77.com/ssl-eye-prism-protection/)
-* [NSAPlaySet](http://www.nsaplayset.org/)
-* [Global surveillance disclosures (2013–present) | Wikipedia](https://en.wikipedia.org/wiki/Global_surveillance_disclosures_(2013%E2%80%93present))
-* [Attacking Tor: how the NSA targets users' online anonymity |TheGuardian](http://www.theguardian.com/world/2013/oct/04/tor-attacks-nsa-users-online-anonymity)
-* [Google PDF Search: “not for public release”](https://www.google.com/search?as_q=&as_epq=not+for+public+release&as_oq=&as_eq=&as_nlo=&as_nhi=&lr=&cr=&as_qdr=all&as_sitesearch=&as_occt=any&safe=images&as_filetype=pdf&as_rights=&gws_rd=ssl)
-* [Using a Power Law Distribution to describe Big Data | Arxiv.org](http://arxiv.org/abs/1509.00504)
-
-
Snowden documents compilations
------------
@@ -142,10 +126,13 @@ Snowden documents compilations
* https://www.eff.org/deeplinks/2013/11/nsa-spying-primary-sources
* https://www.aclu.org/nsa-documents-released-public-june-2013
* http://leaksource.wordpress.com/
-* https://nsa.gov1.info/dni/
* https://fveydocs.org/
-* https://nsa.imirhil.fr/
* https://www.aclu.org/nsa-documents-search
+* http://natsios-young.org/
+* https://nsa.imirhil.fr/
+* https://nsa.gov1.info/dni/
+* https://snowdenarchive.cjfe.org/
+
Providers
@@ -155,14 +142,25 @@ Providers
* Telecom / T-Mobile
* Vodafone
* E-Plus / O2
-* Alphabet
+* Alphabet (Goolgle) 'Project Fi alias T-Com' [Apr. 2015, needs a special Fi SIM for Nexus 6 XT1103 only (atm)]
* Digital Ocean, Inc.s
* TM Net, Internet Service Provider
* REN
* Verizon
+* TNG
+* Spint
+* easybell
+* L8NT
+* Charter
+* Suddenlink
+* Sprint
+* Unicom (GFW)
+* CERNET (GFW)
+* Embarq
* ....
+
Backbone Providers
------------
@@ -172,7 +170,7 @@ Backbone Providers
* Global Crossing
* Comcast
* Cox Communications
-* Sprint Nextel
+* Sprint Nextel
* Level 3 / Level 2 / Level 1
* NTT Communications
* SAVVIS Communications
@@ -183,6 +181,7 @@ Backbone Providers
* ...
+
Other services providers + social media platforms
------------
* Facebook
@@ -200,6 +199,7 @@ Other services providers + social media platforms
* ....
+
Spying systems
------------
@@ -219,6 +219,8 @@ Spying systems
* [PINWALE](https://en.wikipedia.org/wiki/PINWALE)
* [Stingray](https://en.wikipedia.org/wiki/Stingray_phone_tracker)
* [TURMOIL / Turbulence](https://en.wikipedia.org/wiki/Turbulence_(NSA))
+* Customer Proprietary Network Information / CPNI (metadata) - can be deactivated on Android 5.1+ and e.g. Fi networks
+
Spying programs
@@ -229,8 +231,10 @@ Spying programs
* WEALTHYCLUSTER
* APEX
* COMSAT
-* IRRITANT HORN
+* IRRITANT HORN (hijack's Google Play Store contained apps)
+* HACIENDA
* ....
-
+
+
**Thanks goes to everyone which are fighting for www. security! Give spying no chance!**
diff --git a/References.txt b/References.txt
new file mode 100644
index 0000000..9a86922
--- /dev/null
+++ b/References.txt
@@ -0,0 +1,78 @@
+References
+------------
+
+* [Right to privacy (wikipedia.org)](https://en.wikipedia.org/wiki/Right_to_privacy)
+* [Patriot Act | Wikipedia](https://en.wikipedia.org/wiki/USA_PATRIOT_Act) + CALEA act + [FISA](https://en.wikipedia.org/wiki/Foreign_Intelligence_Surveillance_Act)
+* [Cryptome | cryptome.org](http://cryptome.info/0001/ip-tla.htm)
+* [NSA's Autonomous Systems (AS),](https://www.robtex.net/?_escaped_fragment_=dns%3Dnsa.gov#!dns=nsa.gov)
+* [33bits | 33bits.org](http://33bits.org/)
+* [What an IP Address Can Reveal About You | priv.gc.ca](https://www.priv.gc.ca/information/research-recherche/2013/ip_201305_e.asp)
+* [Randomtalker web-privacy](http://randomwalker.info/web-privacy/)
+* [https://bosnadev.com/2015/04/14/facebook-chats-are-being-scanned-by-a-cia-funded-company/](Chats Are Being Scanned By A CIA Funded Company)
+* [Mobile Security Wiki | mobilesecuritywiki.com](https://mobilesecuritywiki.com/)
+* [Researcher at Kaspersky Labs have discovered a list of domains used by the NSA to install malware on victim's PC around the world.](https://www.hackread.com/here-is-a-list-of-urls-used-by-the-nsa-to-install-malware-on-pcs-worldwide/)
+* [NSA PRISM Keywords For Domestic Spying | Business Insider](http://www.businessinsider.com/nsa-prism-keywords-for-domestic-spying-2013-6?IR=T)
+* [Windows and the backdoor question from 1999 | CNN](http://edition.cnn.com/TECH/computing/9909/03/windows.nsa.02/)
+* [Psssst: Wanna Buy a Used Spy Website? | Wired](http://www.wired.com/2015/03/nsa_domains/)
+* [Understanding NSA Malware | Schneier on Security](https://www.schneier.com/blog/archives/2015/02/understanding_n.html)
+* [Check if NSA warrantless surveillance is looking at your IP traffic | Lookingglassnews](http://www.lookingglassnews.org/viewstory.php?storyid=6861)
+* [Sensitive IP addresses | Wikipedia](https://en.wikipedia.org/wiki/Wikipedia:Sensitive_IP_addresses)
+* [Do Not Scan - Government IP list | PeerBlock Forums](http://forums.peerblock.com/read.php?8,14794,14794)
+* [Hardened user.js for Firefox to stop data leackage | GitHub](https://github.com/pyllyukko/user.js)
+* [Firefox Zero-Day Exploit used by FBI to shutdown Child porn on Tor Network hostin; Tor Mail Compromised](https://thehackernews.com/2013/08/Firefox-Exploit-Tor-Network-child-pornography-Freedom-Hosting.html)
+* [Entire set of 5,300+ .gov domains as .csv file | GitHub](https://gsa.github.io/data/dotgov-domains/2014-12-01-full.csv)
+* [SS7 hack shown demonstrated to track anyone | 60 Minutes](http://www.9jumpin.com.au/show/60minutes/stories/2015/august/phone-hacking/)
+* [SSL Blacklist](https://sslbl.abuse.ch/blacklist/)
+* [MITM-Proxy](https://mitmproxy.org/doc/howmitmproxy.html) + [Lagado proxy test](http://www.lagado.com/proxy-test) + [Lagado cache test](http://www.lagado.com/tools/cache-test)
+* [Detect Superfish, Komodia and Privdog | filippo](https://filippo.io/Badfish/)
+* [SSL eye prism protection | digi77](https://www.digi77.com/ssl-eye-prism-protection/)
+* [NSAPlaySet](http://www.nsaplayset.org/)
+* [Global surveillance disclosures (2013�present) | Wikipedia](https://en.wikipedia.org/wiki/Global_surveillance_disclosures_(2013%E2%80%93present))
+* [Attacking Tor: how the NSA targets users' online anonymity |TheGuardian](http://www.theguardian.com/world/2013/oct/04/tor-attacks-nsa-users-online-anonymity)
+* [Using a Power Law Distribution to describe Big Data | Arxiv.org](http://arxiv.org/abs/1509.00504)
+* [5 reasons you need to be tracking Big Data security analytics (monitor.us)](http://blog.monitor.us/2015/09/5-reasons-you-need-to-be-tracking-big-data-security-analytics/)
+* [FBI, intel chiefs decry �deep cynicism� over cyber spying programs (arstechnica.com)](http://arstechnica.com/tech-policy/2015/09/fbi-intel-chiefs-decry-deep-cynicism-over-cyber-spying-programs/)
+* [Internet-Wide Scan Data Repository (scans.io)](https://scans.io/)
+* [.onion (ietf.org)](https://www.ietf.org/blog/2015/09/onion/)
+* [Mail tester to check you eMail security score](http://www.mail-tester.com/) + [eMail defense](https://emailselfdefense.fsf.org/en/)
+* [List of United States mobile virtual network oprators](https://en.m.wikipedia.org/wiki/List_of_United_States_mobile_virtual_network_operators)
+* If you are interested in switching away from Google, take a look at https://github.com/sovereign/sovereign
+* [Julian Assange: Debian Is Owned by the NSA (igurublog.wordpress.com)](https://igurublog.wordpress.com/2014/04/08/julian-assange-debian-is-owned-by-the-nsa/)
+* [Vodafone Australia admits hacking Fairfax journalist's phone (theguardian.com)](http://www.theguardian.com/business/2015/sep/13/vodafone-australia-admits-hacking-fairfax-journalists-phone)
+* [Hacking Team, Computer Vulnerabilities, and the NSA (schneier.com)](https://www.schneier.com/blog/archives/2015/09/hacking_team_co.html)
+* [Big Data and Environmental Sustainability: A Conversation Starter (in Brief) (medium.com)](https://medium.com/@AlanKeeso/big-data-and-environmental-sustainability-a-conversation-starter-in-brief-4052d0b2f0ae)
+* [ISPs don�t have First Amendment right to edit Internet, FCC tells court (arstechnica.com)](http://arstechnica.com/tech-policy/2015/09/isps-dont-have-1st-amendment-right-to-edit-internet-fcc-tells-court/)
+* [Homeland Security websites vulnerable to cyber attack: audit (reuters.com)](http://www.reuters.com/article/2015/09/15/us-usa-cybersecurity-idUSKCN0RF2DC20150915)
+* [Now you can find out if GCHQ illegally spied on you (privacyinternational.org)](https://www.privacyinternational.org/?q=illegalspying)
+* [Hacking Team, Computer Vulnerabilities, and the NSA (georgetown.edu)](http://journal.georgetown.edu/hacking-team-and-the-nsa/)
+* [New Federalist platform lets [government] agencies quickly launch websites (gsa.gov)](https://18f.gsa.gov/2015/09/15/federalist-platform-launch/)
+* [Government spying spooks French citizens (straitstimes.com)](http://www.straitstimes.com/world/europe/government-spying-spooks-french-citizens)
+* [NSA Plans to Develop Encryption That Could Stump Quantum Computers (wired.com)](http://www.wired.com/2015/09/tricky-encryption-stump-quantum-computers/)
+* [Japanese government orders closure of university social science/humanities depts (timeshighereducation.com)](https://www.timeshighereducation.com/news/social-sciences-and-humanities-faculties-close-japan-after-ministerial-decree)
+* [Tollow (reqrypt.org)](https://reqrypt.org/tallow.html)
+* [Chinese government firms sell products that subvert censorship (larrysalibra.com)](https://www.larrysalibra.com/hop-over-the-great-firewall-with-government-help/)
+* [The Tricky Encryption That Could Stump Quantum Computers (wired.com)](http://www.wired.com/2015/09/tricky-encryption-stump-quantum-computers/)
+* [GCHQ tried to track Web visits of �every visible user on Internet� (arstechnica.com)](http://arstechnica.com/security/2015/09/gchq-tried-to-track-web-visits-of-every-visible-user-on-internet/)
+* [A Q&A with NSA Whistleblower Edward Snowden (fusion.net)(http://fusion.net/story/201737/edward-snowden-interview/)
+* [Skype Alternatives, Part 2: Edward Snowden�s Recommendations (cointelegraph.com)](http://cointelegraph.com/news/114689/skype-alternatives-part-2-edward-snowdens-recommendations)
+* [The FBI has no trouble spying on encrypted communications (boingboing.net)](http://boingboing.net/2015/09/29/the-fbi-has-no-trouble-spying.html)
+* [Encryption doesn't stop the FBI (theintercept.com)](https://theintercept.com/2015/09/28/hacking/)
+
+
+
+Videos
+------------
+
+* [Greenwald Vs. NSA debate (youtube.com)](https://www.youtube.com/watch?t=12&v=sfPjgUgoLaQ)
+* [A Conversation with Edward Snowden (Part 1) [Podcast] (startalkradio.net)](http://www.startalkradio.net/show/a-conversation-with-edward-snowden-part-1/)
+
+
+
+Papers
+------------
+
+* [Google PDF Search: �not for public release�](https://www.google.com/search?as_q=&as_epq=not+for+public+release&as_oq=&as_eq=&as_nlo=&as_nhi=&lr=&cr=&as_qdr=all&as_sitesearch=&as_occt=any&safe=images&as_filetype=pdf&as_rights=&gws_rd=ssl)
+* [Password guidance - simplifying your approach (GCHQ) [pdf] (gov.uk)](https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/458857/Password_guidance_-_simplifying_your_approach.pdf)
+* [ISP wins 11-year battle to reveal warrantless FBI spying [pdf] (calyxinstitute.org)](https://www.calyxinstitute.org/sites/all/documents/08_28_2015_REDACTED_Decision_and_Order.pdf)
+* [TheIntercept Documents](https://theintercept.com/document/2015/09/25/legalities)
+* [Speicherfristen von Verkehrsdaten im Mobilfunk (spiegel.de)](http://www.spiegel.de/media/media-37689.pdf)
diff --git a/problematic.txt b/problematic.txt
index 8d1c2d8..17d6c86 100644
--- a/problematic.txt
+++ b/problematic.txt
@@ -1,5 +1,5 @@
-The following addresses may break some providers and are excluded from the HOSTS file:
---------------------------------------------------------------------------------------
+The following addresses may break some providers, pages or services and are excluded from the HOSTS file:
+---------------------------------------------------------------------------------------------------------
##############
#### IANA ####
@@ -73,6 +73,173 @@ SIEMENS GOVERNMENT SERVICES INC.United States [NSA-affiliated IP ranges]
12.166.211.0-12.166.211.255
12.166.211.0-12.166.211.255
+
+Sprint Telecom Service Ltd [NSA-affiliated IP ranges]
+194.41.10.0-194.41.10.255
+194.41.53.0-194.41.54.255
+194.41.121.0-194.41.127.255
+212.160.164.0-212.160.164.255
+213.25.77.0-213.25.77.255
+193.161.116.0-193.161.116.255
+193.231.116.0-193.231.116.255
+194.176.177.0-194.176.177.255
+217.57.126.32-217.57.126.39
+212.160.249.0-212.160.249.127
+81.22.0.0-81.22.15.255
+81.22.0.0-81.22.1.255
+193.193.255.0-193.193.255.255
+217.199.75.192-217.199.75.199
+80.77.67.56-80.77.67.63
+62.69.66.216-62.69.66.219
+62.69.107.28-62.69.107.31
+217.205.106.16-217.205.106.23
+82.209.21.64-82.209.21.71
+81.22.4.0-81.22.7.255
+213.17.177.136-213.17.177.143
+82.152.142.8-82.152.142.15
+87.234.195.168-87.234.195.171
+81.22.8.0-81.22.11.255
+212.202.229.238-212.202.229.238
+213.148.143.216-213.148.143.219
+194.123.5.8-194.123.5.15
+85.20.38.68-85.20.38.71
+89.200.176.0-89.200.183.255
+81.22.12.0-81.22.15.255
+87.234.31.248-87.234.31.251
+88.51.80.224-88.51.80.231
+77.242.0.0-77.242.15.255
+77.242.0.0-77.242.7.255
+86.53.71.144-86.53.71.159
+88.41.205.184-88.41.205.191
+195.11.206.0-195.11.206.127
+91.194.120.0-91.194.121.255
+78.41.32.0-78.41.39.255
+87.193.185.18-87.193.185.18
+213.207.73.0-213.207.73.255
+79.121.248.0-79.121.248.63
+78.26.105.216-78.26.105.223
+93.152.5.192-93.152.5.255
+91.204.228.0-91.204.231.255
+93.152.38.128-93.152.38.191
+193.195.239.20-193.195.239.23
+94.83.228.168-94.83.228.175
+93.152.109.128-93.152.109.191
+79.98.132.176-79.98.132.183
+93.152.78.128-93.152.78.191
+87.241.7.176-87.241.7.183
+213.215.176.192-213.215.176.255
+80.120.84.36-80.120.84.39
+95.177.45.64-95.177.45.95
+95.177.67.32-95.177.67.63
+93.63.251.176-93.63.251.183
+95.177.117.160-95.177.117.191
+93.62.200.88-93.62.200.91
+94.101.86.152-94.101.86.159
+94.93.7.56-94.93.7.63
+194.70.38.20-194.70.38.23
+213.235.9.24-213.235.9.31
+99.200.0.0-99.207.255.255
+8.240.0.0-68.247.255.255
+70.0.0.0-70.14.255.255
+68.24.0.0-68.31.255.255
+63.160.0.0-63.175.255.255
+207.12.0.0-207.15.255.255
+208.0.0.0-208.35.255.255
+66.1.0.0-66.1.255.255
+
+
+Suddenlink [NSA-affiliated IP ranges]
+74.192.0.0-74.197.255.255
+208.180.0.0-208.180.255.255
+
+
+Embarq [NSA-affiliated IP ranges] + needs investigaton + updates
+71.48.0.0-71.55.255.255
+168.251.0.0-168.251.255.255
+64.45.192.0-64.45.255.255
+65.40.0.0-65.41.255.255
+67.76.0.0-67.77.255.255
+67.232.0.0-67.239.255.255
+69.34.0.0-69.34.255.255
+69.68.0.0-69.69.255.255
+71.0.0.0-71.3.255.255
+74.4.0.0-74.5.255.255
+76.0.0.0-76.7.255.255
+138.210.0.0-138.210.255.255
+207.30.0.0-207.30.255.255
+209.26.0.0-209.26.255.255
+
+
+Charter Communications [NSA-affiliated IP ranges]
+24.217.29.0-24.217.29.255
+68.118.64.0-68.118.79.255
+68.186.192.0-68.186.207.255
+24.151.192.0-24.151.223.255
+71.80.0.0-71.80.15.255
+66.188.0.0-66.188.15.255
+97.80.0.0-97.80.31.255
+24.196.0.0-24.196.15.255
+24.213.0.0-24.213.7.255
+24.205.0.0-24.205.3.255
+66.188.16.0-66.188.31.255
+75.128.0.0-75.143.255.255
+24.205.0.0-24.205.255.255
+24.231.128.0-24.231.255.255
+24.207.128.0-24.207.255.255
+68.112.0.0-68.119.255.255
+71.8.0.0-71.15.255.255
+66.168.0.0-66.169.255.255
+66.188.32.0-66.191.255.255
+71.80.0.0-71.95.255.255
+24.158.0.0-24.158.255.255
+97.80.0.0-97.95.255.255
+24.176.0.0-24.183.255.255
+66.227.128.0-66.227.255.255
+96.32.0.0-96.42.255.255
+24.151.0.0-24.151.255.255
+
+
+AT&T [NSA-affiliated IP ranges] + needs investigaton + updates
+76.203.8.0-76.203.15.255
+76.204.192.0-76.204.195.255
+76.205.96.0-76.205.111.255
+76.192.0.0-76.255.255.255
+76.209.222.0-76.209.223.255
+4.160.129.200-64.160.129.207
+74.160.0.0-74.191.255.255
+74.224.0.0-74.255.255.255
+139.76.0.0-139.76.255.255
+205.152.0.0-205.152.255.255
+199.191.128.0-199.191.255.255
+12.0.0.0-12.255.255.255
+63.240.0.0-63.242.255.255
+207.252.0.0-207.252.255.255
+192.153.156.0-192.153.156.255
+216.173.224.0-216.173.255.255
+70.240.0.0-70.255.255.255
+151.164.0.0-151.164.255.255
+206.13.0.0-206.13.127.255
+70.128.0.0-70.143.255.255
+72.144.0.0-72.159.255.255
+69.208.0.0-69.223.255.255
+68.88.0.0-68.95.255.255
+71.128.0.0-71.159.255.255
+70.144.0.0-70.159.255.255
+75.0.0.0-75.63.255.255
+99.128.0.0-99.191.255.255
+68.248.0.0-68.255.255.255
+69.224.0.0-69.239.255.255
+69.104.0.0-69.111.255.255
+216.148.0.0-216.148.255.255
+204.127.0.0-204.127.255.255
+216.76.0.0-216.79.255.255
+65.80.0.0-65.83.255.255
+207.140.0.0-207.141.255.255
+69.148.0.0-69.155.255.255
+108.64.0.0-108.95.255.255
+99.0.0.0-99.127.255.255
+
+
# Deutsche Telekom AG [NSA-affiliated IP ranges]
79.192.0.0 - 79.244.191.255
80.128.0.0 - 80.146.159.255
@@ -92,6 +259,22 @@ dns04.btx.dtag.de [194.25.2.133]
dns01.btx.dtag.de [194.25.2.130]
+# Facebook [needs investigation, it's not complete]
+allfacebook.com
+www.allfacebook.com
+api.facebook.com
+connect.facebook.net
+facebook.com
+www.facebook.com
+graph.facebook.com
+profile-b.xx.fbcdn.net
+s-static.ak.facebook.com
+static.ak.connect.facebook.com
+static.ak.facebook.com
+static.ak.fbcdn.net
+.fbcdn.net / facebook
+
+
# Verizon [NSA-affiliated IP ranges]
68.236.0.0-68.239.255.255
70.16.0.0-70.23.255.255
@@ -127,7 +310,8 @@ autobinarysignals.com
aspmx3.googlemail.com
aspmx2.googlemail.com
walt.ns.cloudflare.com
-...... others for gmail/...
+...... others for gmail (mail.google.com)/...
+[needs nvestigation since I can't look behind ... ]
# AOL [NSA-affiliated IP ranges]
@@ -143,7 +327,7 @@ dns-01.ns.aol.com
64.128.0.0-64.129.255.255 # Time Warner
64.236.0.0-64.236.255.255
66.185.128.0-66.185.159.255
-66.192.0.0-66.195.255.255 # Time Warner t-com
+66.192.0.0-66.195.255.255 # Time Warner (T-Com)
149.174.0.0-149.174.255.255
152.163.0.0-152.163.255.255
172.128.0.0-172.216.255.255
@@ -153,13 +337,44 @@ dns-01.ns.aol.com
207.200.64.0-207.200.127.255 # Netscape Communications
-# YahhooooooooOooOo [NSA-affiliated IP ranges]
+# Yahoo [NSA-affiliated IP ranges]
+98.138.253.109
+98.139.183.24
+206.190.36.45
+YAHOO.COM.CO
+SIPHONLLC.COM
+JILLNICOLE.NET
+#YAHOOGROUPS.SG
+#YAHOO.IDV.TW
+#YAHOONEWS.COM.CN
+#Yahoo.com [clean]
ns4.yahoo.com [68.142.196.63]
ns2.yahoo.com [68.142.255.16]
ns5.yahoo.com [216.109.116.17]
ns1.yahoo.com [66.218.71.63]
ns3.yahoo.com [217.12.4.104]
+ns4.yahoo.com
+ns5.yahoo.com
+ns6.yahoo.com
ns2.yipes.com [66.7.155.198]
+#mta5.am0.yahoodns.net [clean]
+#mta6.am0.yahoodns.net [clean]
+#mta7.am0.yahoodns.net [clean]
+2001:4998:c:a06::2:4008
+2001:4998:44:204::a7
+2001:4998:58:c02::a9
+visit.webhosting.yahoo.com [clean]
+#DNS1.NAME-SERVICES.COM [clean]
+#DNS2.NAME-SERVICES.COM [clean]
+#DNS3.NAME-SERVICES.COM [clean]
+#DNS4.NAME-SERVICES.COM [clean]
+#DNS5.NAME-SERVICES.COM [clean]
+compose.mail.yahoo.com
+
+
+# Blocks CNet.com downloads [needs investigation, because dw.** seems in an NSA range]
+#dw.com.com
+#dw.cbsi.com
# Akamai Technologies, Inc. (AKAMAI) [Needs investigation!]
@@ -178,7 +393,16 @@ bundle-100.cor02.sjc01.ca.VOCUS.net [114.31.199.59]
ten-0-2-0-2.cor01.syd04.nsw.VOCUS.net.au [114.31.199.45]
bundle-101.bdr05.syd03.nsw.vocus.net.au [114.31.192.59]
asn20940.cust.bdr04.syd03.nsw.vocus.net.au [175.45.124.226]
-a104-72-70-88.deploy.static.akamaitechnologies.com [104.72.70.88]
+a104-72-70-88.deploy.static.akamaitechnologies.com [104.72.70.88]
+0.0.0.0 a23-218-212-69.deploy.static.akamaitechnologies.com
+0.0.0.0 a248.e.akamai.net
+0.0.0.0 a1961.g.akamai.net
+0.0.0.0 a1856.g2.akamai.net
+0.0.0.0 a1621.g.akamai.net
+0.0.0.0 e2835.dspb.akamaiedge.net
+0.0.0.0 e8218.ce.akamaiedge.net
+0.0.0.0 e7341.g.akamaiedge.net
+0.0.0.0 e7502.ce.akamaiedge.net
# Vodafone [NSA-affiliated IP ranges]
@@ -202,8 +426,6 @@ c.in-addr-servers.arpa [196.216.169.10]
d.in-addr-servers.arpa [200.10.60.53]
e.in-addr-servers.arpa [203.119.86.101]
f.in-addr-servers.arpa [193.0.9.1]
-11.0.0.0/8
-11.0.0.0 - 11.255.255.255
Bank of America [NSA-affiliated IP ranges]
@@ -283,23 +505,58 @@ dns1.hti.pl [217.168.128.121]
#########################
+#### Amazon stuff #####
+#########################
+# Official no NSA/Gov stuff!?
+
+amzn.com
+amazon.com
+dns-external-master.amazon.com
+72.21.206.6
+72.21.206.80
+72.21.210.29
+176.34.101.186
+176.32.98.166
+205.251.242.103
+207.171.166.22
+ns1.p31.dynect.net [name server]
+AMAZON-SMTP.AMAZON.COM [Mail]
+BLINDSIGHT.COM [Mail]
+LIQUAVISTA.COM, EVI.COM [Mail]
+ns1.p31.dynect.net
+ns2.p31.dynect.net
+ns3.p31.dynect.net
+ns4.p31.dynect.net
+pdns1.ultradns.net
+pdns6.ultradns.co.uk [empty NS]
+U1.AMAZONAWS.COM
+U2.AMAZONAWS.COM
+U3.AMAZONAWS.COM
+U4.AMAZONAWS.COM
+U5.AMAZONAWS.COM
+U6.AMAZONAWS.COM
+UltraDNS.org
+#s3-eu-central-1.amazonaws.com [clean but needs investigation to verify]
+
+
+#########################
##### M$ stuff ########
#########################
-# Microsoft tracking [Telemetry, metadata, ...]
+# Microsoft tracking [Telemetry, metadata, ads, ...]
0.0.0.0 adnxs.com
0.0.0.0 c.msn.com
0.0.0.0 g.msn.com
0.0.0.0 h1.msn.com
0.0.0.0 msedge.net
-0.0.0.0 ads.msn.com
+#0.0.0.0 ads.msn.com
0.0.0.0 adnexus.net
0.0.0.0 ac3.msn.com
0.0.0.0 c.atdmt.com
0.0.0.0 m.adnxs.com
0.0.0.0 rad.msn.com
0.0.0.0 so.2mdn.net
-0.0.0.0 ads1.msn.com
+#0.0.0.0 ads1.msn.com
0.0.0.0 ec.atdmt.com
0.0.0.0 flex.msn.com
0.0.0.0 rad.live.com
@@ -310,27 +567,28 @@ dns1.hti.pl [217.168.128.121]
0.0.0.0 b.rad.msn.com
0.0.0.0 cdn.atdmt.com
0.0.0.0 m.hotmail.com
-0.0.0.0 ads1.msads.net
-0.0.0.0 a.ads1.msn.com
-0.0.0.0 a.ads2.msn.com
-0.0.0.0 apps.skype.com
-0.0.0.0 b.ads1.msn.com
+#0.0.0.0 ads1.msads.net
+#0.0.0.0 a.ads1.msn.com
+#0.0.0.0 a.ads2.msn.com
+#0.0.0.0 apps.skype.com
+#0.0.0.0 b.ads1.msn.com
0.0.0.0 view.atdmt.com
0.0.0.0 watson.live.com
0.0.0.0 aidps.atdmt.com
0.0.0.0 preview.msn.com
0.0.0.0 static.2mdn.net
-0.0.0.0 a.ads2.msads.net
-0.0.0.0 b.ads2.msads.net
+#0.0.0.0 a.ads2.msads.net
+#0.0.0.0 b.ads2.msads.net
0.0.0.0 db3aqu.atdmt.com
0.0.0.0 secure.adnxs.com
0.0.0.0 www.msftncsi.com
0.0.0.0 cs1.wpc.v0cdn.net
-0.0.0.0 live.rads.msn.com
-0.0.0.0 ad.doubleclick.net
+#0.0.0.0 live.rads.msn.com
+#0.0.0.0 ad.doubleclick.net
0.0.0.0 bs.serving-sys.com
0.0.0.0 a-0001.a-msedge.net
0.0.0.0 pricelist.skype.com
+0.0.0.0 stats-microsoft.com
0.0.0.0 a-0002.a-msedge.net
0.0.0.0 a-0003.a-msedge.net
0.0.0.0 a-0004.a-msedge.net
@@ -357,12 +615,12 @@ dns1.hti.pl [217.168.128.121]
0.0.0.0 statsfe2.ws.microsoft.com
0.0.0.0 statsfe1.ws.microsoft.com
0.0.0.0 df.telemetry.microsoft.com
+0.0.0.0 feedback.microsoft-hohm.com
0.0.0.0 oca.telemetry.microsoft.com
0.0.0.0 sqm.telemetry.microsoft.com
0.0.0.0 telemetry.urs.microsoft.com
0.0.0.0 survey.watson.microsoft.com
0.0.0.0 compatexchange.cloudapp.net
-0.0.0.0 feedback.microsoft-hohm.com
0.0.0.0 s.gateway.messenger.live.com
0.0.0.0 vortex-win.data.microsoft.com
0.0.0.0 feedback.search.microsoft.com
@@ -394,11 +652,50 @@ dns1.hti.pl [217.168.128.121]
0.0.0.0 i1.services.social.microsoft.com.nsatc.net
0.0.0.0 telecommand.telemetry.microsoft.com.nsatc.net
0.0.0.0 telemetry.appex.bing.com
+# /end of tracking
+
+
+
+# Hardcoded into %WINDIR%\system32\dnsapi.dll which can't be blocked by HOSTS
+www.msdn.com
+msdn.com
+www.msn.com
+msn.com
+go.microsoft.com
+msdn.microsoft.com
+office.microsoft.com
+microsoftupdate.microsoft.com
+wustats.microsoft.com
+support.microsoft.com
+www.microsoft.com
+microsoft.com
+update.microsoft.com
+download.microsoft.com
+microsoftupdate.com
+windowsupdate.com
+windowsupdate.microsoft.com
# Microsoft [ALL - Skype, MSN, Live, XBox, License service, JP/CN/GER/DN/UK/GB/...]
4.42.190.0-4.42.190.7
8.6.176.0-8.6.176.255
+8.254.200.46
+8.254.200.78
+8.254.200.206
+23.0.47.111
+65.55.138.111
+66.119.144.190
+77.67.27.176
+77.67.27.177
+77.67.27.185
+95.100.248.90
+95.100.248.144
+134.170.51.190
+134.170.58.118
+134.170.58.121
+134.170.58.123
+134.170.58.189
+157.55.133.204
12.11.230.232-12.11.230.239
12.19.196.40-12.19.196.55
12.28.108.0-12.28.108.127
@@ -1255,3 +1552,52 @@ dns1.hti.pl [217.168.128.121]
222.151.212.8-222.151.212.15
222.190.113.168-222.190.113.175
+##################
+##### TOR #######
+##################
+
+# For Tor launcher, Button, etc.
+# These are all maybe monitored [needs investigation]
+
+# obfs3
+83.212.101.3:80
+169.229.59.74:31493
+169.229.59.75:46328
+109.105.109.163:38980
+obfs3 109.105.109.163:47779
+
+# obfs4
+178.209.52.110:443
+83.212.101.3:41213
+104.131.108.182:56880
+
+# meek
+0.0.2.0:1
+0.0.2.0:2
+0.0.2.0:3
+ajax.aspnetcdn.com
+a0.awsstatic.com
+meek-reflect.appspot.com
+d2zfqthxsdq309.cloudfront.net
+az786092.vo.msecnd.net
+
+#flashproxy
+#0.0.1.0:1
+#0.0.1.0:2
+#0.0.1.0:3
+#0.0.1.0:4
+#0.0.1.0:5
+
+# Bridges
+192.240.101.106:80
+50.7.176.114:80
+131.252.210.150:8080
+128.105.214.161:8080
+128.105.214.162:8080
+128.105.214.163:8080
+[2001:49f0:d002:1::2]:80
+[2001:49f0:d00a:1::c]:80
+
+# Scramblesuit
+188.226.213.208:54278
+83.212.101.3:443
diff --git a/test/Search engines/Please read this.txt b/test/Search engines/Please read this.txt
new file mode 100644
index 0000000..3339201
--- /dev/null
+++ b/test/Search engines/Please read this.txt
@@ -0,0 +1,2 @@
+Please Don't Block Everything but Googlebot in robots.txt:
+http://danluu.com/googlebot-monopoly/ \ No newline at end of file
diff --git a/test/needs confirmation.txt b/test/needs confirmation/needs confirmation.txt
index c6c7b20..c6c7b20 100644
--- a/test/needs confirmation.txt
+++ b/test/needs confirmation/needs confirmation.txt
diff --git a/test/other hosts sources/Other sources.txt b/test/other hosts sources/Other sources.txt
new file mode 100644
index 0000000..6040135
--- /dev/null
+++ b/test/other hosts sources/Other sources.txt
@@ -0,0 +1,62 @@
+Null lists
+-----------
+
+Explanation:
+DROP (Don't Route Or Peer) and EDROP are advisory "drop all traffic" lists, consisting of netblocks that are "hijacked" or leased by professional spam or cyber-crime operations (used for dissemination of malware, trojan downloaders, botnet controllers). The DROP and EDROP lists are a tiny subset of the SBL, designed for use by firewalls and routing equipment to filter out the malicious traffic from these netblocks.
+
+
+* http://www.spamhaus.org/drop/
+* http://ipdeny.com/
+* http://ciarmy.com/
+
+
+
+Spam
+-----------
+
+Explanation:
+Contains list that are designed to block forum, email or other spam.
+
+* http://www.projecthoneypot.org/?rf=87404
+
+
+
+Ads
+-----------
+
+Explanation:
+
+
+
+
+SSL
+-----------
+
+Explanation:
+Block bad SSL traffic related to malware or botnet activities (e.g. botnet C&C traffic).
+
+* https://sslbl.abuse.ch/blacklist/ (not in a hosts format)
+
+
+Various
+-----------
+
+Explanation:
+Sources that use various list (mostly outdated), for ads, proxy, forumspam, common spam, bogus, ....
+
+
+* https://www.iblocklist.com/lists (mostly outdated)
+* http://www.squidblacklist.org/ (always up2date)
+* http://dansguardian.org/
+* http://malc0de.com/dashboard/
+
+
+
+
+Command&Control servers (C&C)
+-----------
+
+Explanation:
+Block Zeus, or other crimeware.
+
+* https://zeustracker.abuse.ch/ \ No newline at end of file
generated by cgit v1.2.3 (git 2.25.1) at 2026-03-11 02:49:46 +0000