LG WebOS domains found on reddit and personally tested

devipasigner commented 1 year ago

Which domain(s) should be blocked?

aic.recommend.lgtvcommon.com
images.redbox.com
aic.sports.lgtviot.co
images.pluto.tv
discovery.meethue.com
aic.wiseconfig.lgtvcommon.com
aic.homeprv.lgtvcommon.comaic-gfts.lge.com
aic-op-lss.lgthinq.com
aic.api.lgtviot.com
aic.lgtviot.com
ngfts.lge.com
us.emp.lgsmartplatform.com
us.lgeapi.com
aic.nudge.lgtvcommon.com
us.lgtvsdp.com
www.ueiwsp.com
api.us-east-1.aiv-delivery.net
d184dfn36gombl.cloudfront.net
aic-gfts.lge.com
aic-op-lss.lgthinq.com
lss.lgthinq.com
aic.api.lgtviot.com
common.lgthinq.com
canvas.tubitv.com
qt2-ngfts.lge.com
img.nvidiagrid.net
cdn77.utomik.com
i.ibb.co
aic.wiseconfig.lgtvcommon.com
images.redbox.com
aic-ngfts.lge.com
ngfts.lge.com
cdpbeacon.lgtvcommon.com
cdpsvc.lgtvcommon.com
homeprv.lgtvcommon.com
nudge.lgtvcommon.com
rdl.lgtvcommon.com
recommend.lgtvcommon.com
lgsmartad.com
service.lgtvcommon.com
alphonso.tv

Why should the domain(s) be blocked?

They are samsung telemetry/sponsor domains.

Why are there so many?

Samsung switched their tv ad providers and it seems not many people took notice.

hagezi commented 1 year ago

Hi, thanks, my results so far after checking the domains:

On Pro++/Ultimate - not looked at the lists below:

api.us-east-1.aiv-delivery.net - blocked by CNAME global.telemetry.insights.video.a2z.com
aic-ngfts.lge.com
alphonso.tv
lgsmartad.com

Dead (NXDOMAIN) - SOA, possible that subdomains resolve (see https://github.com/hagezi/dns-blocklists/issues/309#issuecomment-1420513288), not checked against the whitelist:

aic.homeprv.lgtvcommon.comaic-gfts.lge.com - Copy & paste fault - two domains ...
aic.sports.lgtviot.co - Copy & paste fault? - aic.sports.lgtviot.com resolves ...
cdpbeacon.lgtvcommon.com
cdpsvc.lgtvcommon.com
homeprv.lgtvcommon.com
nudge.lgtvcommon.com
rdl.lgtvcommon.com
recommend.lgtvcommon.com
service.lgtvcommon.com

Whitelisted:

ngfts.lge.com - NPO Start app on lg webOS televisions / blocks thumbnails from loading in the LG Content Store
us.lgtvsdp.com - https://github.com/Perflyst/PiHoleBlocklist/issues/117

discovery.meethue.com - Hue bridge - https://github.com/hagezi/dns-blocklists/issues/208

canvas.tubitv.com - Tubi (Movie Covers) - https://github.com/ShadowWhisperer/BlockLists/blob/master/Whitelists/Whitelist

cdn77.utomik.com - CDN for utomik.com Gaming on various platforms

Image "hosting":
i.ibb.co - Images on upload site
images.pluto.tv
images.redbox.com - http://images.redbox.com/Images/EPC/boxartlarge/8421.jpg
img.nvidiagrid.net

Missing / to check - more data needed:

aic.sports.lgtviot.com
aic.homeprv.lgtvcommon.com
aic.api.lgtviot.com
aic-gfts.lge.com
aic.lgtviot.com
aic.nudge.lgtvcommon.com
aic-op-lss.lgthinq.com - https://www.lg.com/us/discover/thinq/app
aic.recommend.lgtvcommon.com
aic.wiseconfig.lgtvcommon.com
common.lgthinq.com - https://www.lg.com/us/discover/thinq/app
d184dfn36gombl.cloudfront.net
lss.lgthinq.com - https://www.lg.com/us/discover/thinq/app
qt2-ngfts.lge.com
us.emp.lgsmartplatform.com
us.lgeapi.com
www.ueiwsp.com

hagezi commented 1 year ago

Checked the "dead" SOA domains on resolving subdomains:

cdpbeacon.lgtvcommon.com
aic.cdpbeacon.lgtvcommon.com - on my lists
eic.cdpbeacon.lgtvcommon.com - will be added

cdpsvc.lgtvcommon.com - more data needed, what this is for?
aic.cdpsvc.lgtvcommon.com
eic.cdpsvc.lgtvcommon.com

homeprv.lgtvcommon.com - more data needed, what this is for?
aic.homeprv.lgtvcommon.com
eic.homeprv.lgtvcommon.com
kic.homeprv.lgtvcommon.com
ruc.homeprv.lgtvcommon.com

nudge.lgtvcommon.com - more data needed, what this is for?
aic.nudge.lgtvcommon.com
eic.nudge.lgtvcommon.com
kic.nudge.lgtvcommon.com
ruc.nudge.lgtvcommon.com

rdl.lgtvcommon.com - more data needed, what this is for?
aic.rdl.lgtvcommon.com
eic.rdl.lgtvcommon.com
kic.rdl.lgtvcommon.com
ruc.rdl.lgtvcommon.com

recommend.lgtvcommon.com - more data needed, what this is for?
aic.recommend.lgtvcommon.com
eic.recommend.lgtvcommon.com
kic.recommend.lgtvcommon.com
ruc.recommend.lgtvcommon.com

service.lgtvcommon.com  - more data needed, what this is for?
aic.service.lgtvcommon.com
eic.service.lgtvcommon.com
kic.service.lgtvcommon.com
ruc.service.lgtvcommon.com

hagezi commented 1 year ago

Finally ...

Could be that it makes LG ThinQ unusable? - https://www.lg.com/us/discover/thinq/app:

aic-op-lss.lgthinq.com 
common.lgthinq.com
lss.lgthinq.com

Missing / to check - more data needed:

aic-gfts.lge.com - Store: prevent some cover art from displaying properly
aic.api.lgtviot.com
aic.cdpsvc.lgtvcommon.com
aic.homeprv.lgtvcommon.com
aic.lgtviot.com
aic.nudge.lgtvcommon.com
aic.rdl.lgtvcommon.com
aic.recommend.lgtvcommon.com
aic.service.lgtvcommon.com
aic.sports.lgtviot.com
aic.wiseconfig.lgtvcommon.com
d184dfn36gombl.cloudfront.net
eic.cdpsvc.lgtvcommon.com
eic.homeprv.lgtvcommon.com
eic.nudge.lgtvcommon.com
eic.rdl.lgtvcommon.com
eic.recommend.lgtvcommon.com
eic.service.lgtvcommon.com
kic.homeprv.lgtvcommon.com
kic.nudge.lgtvcommon.com
kic.rdl.lgtvcommon.com
kic.recommend.lgtvcommon.com
kic.service.lgtvcommon.com
qt2-ngfts.lge.com
ruc.homeprv.lgtvcommon.com
ruc.nudge.lgtvcommon.com
ruc.rdl.lgtvcommon.com
ruc.recommend.lgtvcommon.com
ruc.service.lgtvcommon.com
us.emp.lgsmartplatform.com
us.lgeapi.com
www.ueiwsp.com

To re-check whitelisted:

ngfts.lge.com - NPO Start app on lg webOS televisions / blocks thumbnails from loading in the LG Content Store
us.lgtvsdp.com - latest date and time sync (resets to December 31st 2019) - https://github.com/Perflyst/PiHoleBlocklist/issues/117

Anyone reading along who can help with the analysis?

markangus2b commented 1 year ago

I have an older LG OLED55C7P-U Web OS TV. I have added all the domains in your last post to my NextDNS Denylist. I can confirm that `aic-ngfts.lge.com does prevent some cover art from displaying properly. I haven't found anything else broken in the LG content store on the TV.

UPDATE: @hagezi I had more time to play around with this list today. Here is what I found. Below is a list of domains that when blocked cause breakage. Some are already on your blocklists.

Current Required Domains for LG Web OS

us.lgeapi.com
us.emp.lgsmartplatform.com
us.rdx2.lgtvsdp.com
ngfts.lge.com
aic-ngfts.lge.com
us.lgtvsdp.com
aic.cdpsvc.lgtvcommon.com
us.info.lgsmartad.com

us.lgeapi.com - Breaks ThinQ App Sign in us.emp.lgsmartplatform.com - Breaks ThinQ App Sign in us.rdx2.lgtvsdp.com - Breaks LG Content App Cover Art ngfts.lge.com - Breaks LG Content App Cover Art aic-ngfts.lge.com - Breaks LG Content App Cover Art us.lgtvsdp.com - Doesn't Allow LG Content Store to load. aic.cdpsvc.lgtvcommon.com - Breaks Internet Channels Guide Data us.info.lgsmartad.com - Needed for TV Service Location Area

The domains below are ones already on your blocklist that maybe should be whitelisted.

us.rdx2.lgtvsdp.com - Pro++ and higher aic-ngfts.lge.com -All blocklists us.info.lgsmartad.com - Pro++ and higher)

Something is still blocking the guide data for my local channels only from loading. I will continue to try and figure out what the problematic domain is causing this issue.

hagezi commented 1 year ago

Many thanks for testing and your support.

markangus2b commented 1 year ago

Final LG Web OS TV Basic Operation Whitelist

What I specifically checked was:

Time and Date Synchronization.
LG Content Store, including downloading apps.
Setting TV location, presumably for guide data.
Functionality of Guide App, for both local channels and Internet channels.

I used NextDNS with the block page disabled when preforming these tests. Here are all the domains I found, that are required to operate my LG Web OS TV.

us.lgeapi.com
us.emp.lgsmartplatform.com
us.rdx2.lgtvsdp.com
ngfts.lge.com
aic-ngfts.lge.com
us.lgtvsdp.com
us.ibs.lgappstv.com
aic.cdpsvc.lgtvcommon.com
aic.service.lgtvcommon.com

us.lgeapi.com - Causes error message on LG ThinQ App us.emp.lgsmartplatform.com - Causes error message on LG ThinQ App us.rdx2.lgtvsdp.com - Required for LG Cover Art ngfts.lge.com - Required for LG Cover Art aic-ngfts.lge.com - Required for LG Cover Art us.lgtvsdp.com - Prevents LG Content Store from loading us.ibs.lgappstv.com - Needed for Service Location Area (Settings) aic.cdpsvc.lgtvcommon.com - Prevents Internet Channel guide data from downloading aic.service.lgtvcommon.com - Prevents local OTA Channel guide data from downloading

The rest of the potential blacklisted domains should be okay to add to the blocklist, as I did not encounter any breakage. At least for LG Web OS TVs.

hagezi commented 1 year ago

Thanks for the great work @markangus2b.

hagezi commented 1 year ago

This leaves, potentially false positives:

Breaks IoT things?

aic.lgtviot.com
aic.api.lgtviot.com
aic.sports.lgtviot.com

QuickSetAPI - https://rapidapi.com/blog/directory/quickset ueiwsp.com

Random Cloudflare, couldn't find anything on this: d184dfn36gombl.cloudfront.net

Because aic.service.lgtvcommon.com is whitelisted?

eic.service.lgtvcommon.com
kic.service.lgtvcommon.com
ruc.service.lgtvcommon.com

Because aic.cdpsvc.lgtvcommon.com is on the whitelist? eic.cdpsvc.lgtvcommon.com

To the blacklist I could add:

aic-gfts.lge.com
qt2-ngfts.lge.com
aic.homeprv.lgtvcommon.com
eic.homeprv.lgtvcommon.com
kic.homeprv.lgtvcommon.com
ruc.homeprv.lgtvcommon.com
aic.nudge.lgtvcommon.com
eic.nudge.lgtvcommon.com
kic.nudge.lgtvcommon.com
ruc.nudge.lgtvcommon.com
aic.rdl.lgtvcommon.com
eic.rdl.lgtvcommon.com
kic.rdl.lgtvcommon.com
ruc.rdl.lgtvcommon.com
aic.recommend.lgtvcommon.com
eic.recommend.lgtvcommon.com
kic.recommend.lgtvcommon.com
ruc.recommend.lgtvcommon.com
aic.wiseconfig.lgtvcommon.com

hagezi commented 1 year ago

I will add the following domains to the Pro++ and Ultimate, then we will see if there are any more false positives:

aic-gfts.lge.com
qt2-ngfts.lge.com
aic.homeprv.lgtvcommon.com
eic.homeprv.lgtvcommon.com
kic.homeprv.lgtvcommon.com
ruc.homeprv.lgtvcommon.com
aic.nudge.lgtvcommon.com
eic.nudge.lgtvcommon.com
kic.nudge.lgtvcommon.com
ruc.nudge.lgtvcommon.com
aic.rdl.lgtvcommon.com
eic.rdl.lgtvcommon.com
kic.rdl.lgtvcommon.com
ruc.rdl.lgtvcommon.com
aic.recommend.lgtvcommon.com
eic.recommend.lgtvcommon.com
kic.recommend.lgtvcommon.com
ruc.recommend.lgtvcommon.com
aic.wiseconfig.lgtvcommon.com
eic.service.lgtvcommon.com
kic.service.lgtvcommon.com
ruc.service.lgtvcommon.com

hagezi commented 1 year ago

The complete LG webOS Blacklist can be found here: https://github.com/hagezi/dns-data-collection/blob/main/data/native/lg-webos.txt

Let me know if I missed something.

hagezi commented 1 year ago

allow aic-gfts.lge.com - https://github.com/hagezi/dns-blocklists/issues/995

hagezi commented 1 year ago

https://github.com/hagezi/dns-blocklists/issues/1216

allow:

eic.cdpsvc.lgtvcommon.com
eic.recommend.lgtvcommon.com

Glassertje commented 1 year ago

The complete LG webOS Blacklist can be found here: https://github.com/hagezi/dns-data-collection/blob/main/data/native/lg-webos.txt

Let me know if I missed something.

I already use your: HaGeZi Multi PRO HaGeZi Threat Intelligence Feeds HaGeZi Most Abused TLDs HaGeZi (LG) Native Tracker

Link is not working?

hagezi commented 1 year ago

https://raw.githubusercontent.com/hagezi/dns-blocklists/main/domains/native.lgwebos.txt

Glassertje commented 1 year ago

@hagezi Thank you for your great work.

boospy commented 5 months ago

Very thanks, that helped me a lot too.

jimmielk commented 3 weeks ago

Anyone know which domains block LG webOS from checking to see if the firmware needs updating after powering TV on and popping up the annoying window telling me to update the firmware. I need my LG TV to allow installed streaming apps to work properly but do not wish to ever update the firmware, since it's working perfectly.

hagezi commented 3 weeks ago

Try blocking snu.lge.com

piratenpanda commented 3 weeks ago

Not updating firmware and leaving known vulnerabilities unpatched is also not a great idea tbh

hagezi / dns-blocklists