NSABlocklist© project original created under the ISC license 2015 - 2026 by CHEF-KOCH.

Project Overview

This isn't yet another hosts file or DNSBL that claims to secure the web, it's specially designed to stop known NSA / GCHQ / C.I.A. or F.B.I. servers from being connecting to you without permission, of course the IPs also can be used for Bot Revolt or other tools. The list is not designed to block common malware, spyware/ads or anything that is already available on the net via a proper designed hosts for such special case. This hosts or the super ranges lists could block some of your sites/servers you may need, so you'll be warned!

My list is original based on 2007 published Wikileaks + Cryptome documents and includes my own modifications from 2008, 2012, 2014, 2015, 2019, 2020 & 2026.

Current Status: 2,45 Mio files (not everything upload [yet]). I need to wait for GitHub approval in order to bulk upload bigger file set (100MB+ files). Last reviewed and updated for 2026.

Mass surveillance is official illegal

According to EGMR mass surveillance is now official against human rights.

You still can help keep the fight up against any surveillance programs!

This project includes

• A 'HOSTS' file that includes all Servers/DNS domains that are known to be involved in spying. The confirmation is given within the Research link(s) at the bottom and with my own tests.
• An 'Super Ranges.txt' file which includes a list of known IP ranges that are compromised (be careful with that!).
• An 'LICENSE' File to shows the MIT license.
• The 'README' (this) file that includes the latest news, updates and explanations,...
• An 'problematic.txt' file which includes DNS/PTRs that are possible problematic for you.
• The 'Mail.txt' file in case you want to speak with me over encrypted email.
• An 'test' folder for IPv6 only domains. It also contains an 'html' folder for html formatted entries, an 'onion' folder for suspect or faked .onions and an 'Tor' folder for a quick guide how to run an non-exit relay in around 10 minutes.
• The 'References.txt' which contains relevant information about spying or additional topics which may related to reveal surveillance.
• Under the release page you will find complete collections/dumps.
• Information on hardware based attacks.

Any problems, questions or something wrong?

• Feel free to open an issue ticket and I will look at it asap. I will reject all requests/discussions without any evidence.

Pull requests or ideas are in general always welcome!

Important Project Notice

• I do not accept donations in this project, I'm not doing this because I want money, I'm doing this because I didn't found a proper list on the entire Internet and of course I want to share my knowledge with everyone for free. I always think that such information should be available for everyone on the world.
• The project has no political orientation, there will be no political leaks/information since this is not the main mission here.
• Please keep in mind that updates/encryption/knowledge is our only real weapon against NSA and other agencies. The more you know the better you can build strategies and new systems to defeat mass surveillance.
• Please keep in mind that links to e.g. videos aren't valid because there (in most cases) doesn't include a source, date or author. Any information without proper research in it will automatically rejected and labeled as 'invalid' since it's impossible to verify if it's a legimate leak or not.

Do you hate the NSA or other agencies?

• I do not hate the NSA or other agencies but I really don't like that everyone is automatically under the microscope (mass surveillance) and of course that there is no 'opt-out' or transparency except lies and more lies (and some excuses ...yeah, we are doing this because terrorism, go f$ck yourself with such statements!)
• Everyone have something to hide, passwords, private data, accounts, other meta-data, [...]

Known Project / HOST problems

• An HOSTS file is no guarantee that if the NSA is already 'in your system/network' - to protect you - it's just too late.
• HOSTS files are no guarantee that NSA or any other attacker/organization could simply bypass it via 0day or other vulnerabilities on your system/router.
• HOSTS files can't protect against attacks directly in hardware, e.g. if the router is already compromised or comes with backdoors this list will be easily bypassed anyway.
• Due the complex of the entire file I can't explain every single IP/Domain/PTR record. If something was changed, feel free to open a pull request or send me an eMail.
• The HOSTS file may present an attack vector for malicious software because the file could be modified to redirect the entire traffic e.g. adware/trojans can do this. Ensure that the file was marked as read-only and you're not logged in as administrator.
• Trace-route analysis especially on IPv4 networks are sometimes outdated (due the mass of requests).
• Be careful when blocking IP addresses, as IP addresses change frequently and can block people you don't intend to block.
• NSA and other agencies can spy on traffic directly from supercomputers like infamous Echelon connected directly to some backbone without revealing any IP. This is an common problem, only strong and proper implemented encryption helps.

Programs + Websites to inspect monitoring & capture data traffic

• IPduh
• Robtex
• ZMap - The Internet Scanner
• IP Address Details (ipinfo.io)
• Tracert nsa.gov, see how TRACERT command works
• GlobalLeaks [Open-source anonymous whistleblowing software]
• Freedom Box
• DenyHosts
• Decode Your HTTP Traffic with Open Source Sysdig (sysdig.com)
• Courage Foundation
• shodan.io
• censys.io
• GreyNoise - Identifies internet scanners and background noise
• Wireshark - Network protocol analyzer
• Arkime (formerly Moloch) - Open source large scale packet capturing and indexing
• OONI Probe - Detect internet censorship and surveillance
• ... others

Anti-DPI (Deep packet inspection (DPI)) tools & projects

• GoodbyeDPI & GUI
• GreenTunnel
• zapret
• SpoofDPI - Simple and fast anti-censorship tool
• ByeDPI - Local DPI bypass proxy

NSA Resources and public program(s)

• National Security Agency (github.com)
• Ghidra reverse engineering (SRE) framework (nsa.gov) [story]
• NSA public source code repo (code.nsa.gov)
• NSA Cybersecurity Advisories & Guidance - Public cybersecurity recommendations
• CISA Known Exploited Vulnerabilities Catalog - Maintained jointly with NSA

Project History

• 07.02.2026 Major 2026 update: Added recent surveillance programs (2021-2025), updated VPN lists, added new compromised services, updated references and recommendations for current systems.
• 07.05.2020 IPfilter & VPN suggestion updated
• 01.07.2019 Added some Anti-DPI programs.
• 27.11.2018 NordVPN audit leaked.
• 04.06.2018 Add Anti-NSA project list.
• 03.06.2018 Ipfilter update, Amazon list finally fully merged.
• 06.05.2018 Readme updates, pdf section sorted, new PDF files updated. Project Status added, several other minor changes.
• 05.05.2018 Ipfilter update.
• 22.03.2018 Bitcoing (Blockchain) tracking documents (revealed by E.S.) added
• 21.01.2018 Intel, AMD, Trusted Computing papers added among Vault 8 (Hive) source and documentation
• 30.01.2016 Video section added, official guidance from nsa.gov added + an section for future tips
• 15.09.2015 Separate the into his own References.txt file (list was also updated)
• 04.09.2015 Added Ipv6 list, sort the test lists in his own cat.
• 02.09.2015 Added 'Snowden documents compilations'
• 19.08.2015 Added Backbone Providers and other involved services
• 18.08.2015 More domains added 7821 in total
• 16.08.2015 Removed some duplicates and added new domains, small Readme.md changes
• 15.08.2015 Created a new start page chef-koch.github.io/NSABlocklist
• 14.08.2015 Initial upload of the entire project and small Readme.md corrections

Edward Snowden documents compilations

Edward Snowden never leaked all documents! I demand that he release all of the files.

• The NSA files | The Guardian
• Unofficial page to search E. Snowden leaked documents
• https://edwardsnowden.com/revelations/
• Free Haven's Selected Papers in Anonymity
• GitHub: nsa-observer project
• ACLU NSA Documents Search 2013 Archive
• Free Snowden project
• NSA Spying | Electronic Frontier Foundation
• Introducing a Compendium of the Released NSA Spying Documents by EFF
• LeakSource
• DEBORAH NATSIOS AND JOHN YOUNG BIBLIOGRAPHY
• The NSA Toolbox
• Snowden Surveillance Archive
• Snowden Archive Searchable

Anti-NSA programs, resources & networks

• Hackers build a new Tor client designed to beat the NSA
• Contract for the Web
• DDoSecrets
• GrapheneOS - Privacy and security focused mobile OS
• CalyxOS - Privacy-focused Android alternative
• Tails OS - Portable operating system for privacy and anonymity
• Qubes OS - Security-oriented operating system using compartmentalization
• Briar - Peer-to-peer encrypted messenger designed for activists
• Cwtch - Decentralized, privacy-preserving multi-party messaging

NSA has (officially) stopped collecting location data from US cellphones without a warrant

Intelligence agencies stopped the practice last year.

Known compromised ISP Providers

• AT&T helped to spy on an array of Internet traffic | The New York Times & via ProPublica
• Telecom US / T-Mobile / Deutsche Telekom
• Vodafone (DNS Hijacking, DPI)
• E-Plus / O2
• Alphabet (Goolgle) 'Project Fi alias T-Com' [Apr. 2015, needs a special Fi SIM for Nexus 6 XT1103 only (atm)]
• Digital Ocean, Inc.s
• TM Net, Internet Service Provider
• REN
• Verizon
• TNG
• Spint
• Sprint
• Unicom (GFW)
• CERNET (GFW)
• Embarq
• Telecom Egypt
• Türk Telekom
• Belgacom
• Tor has a community based good/bad ISP list
• Wind Mobile (DNS Hijacking)
• Wind (DNS Hijacking)
• Ote (DNS Hijacking)
• Hol (DNS Hijacking)
• Forthnet (DNS Hijacking)
• Cyta (DNS Hijacking)
• Cosmote (DNS Hijacking)

Compromised ISP's (needs more research and evidence)

• Easybell
• L8NT
• Charter
• Suddenlink

ISP which are known to fight for privacy and a free internet

• Bahnhof (Swedish)
• Sonic (US)

Blockchain monitoring projects

• OAKSTAR (sub-project MONKEYROCKET)
• SHIFTINGSHADOW
• ORANGECRUSH
• YATCHSHOP
• ORANGEBLOSSOM
• SILVERZEPHYR
• BLUEZEPHYR
• COBALTFALCON

Video Resources

• USENIX Enigma 2016 - NSA TAO Chief on Disrupting Nation State Hackers

Tips directly provided by nsa.gov

• NSA IA Guidance incl. several PDF's.

Compromised Backbone Providers

• AT&T
• ATM S.A.
• Cable & Wireless
• Global Crossing
• Comcast
• Cox Communications
• Sprint Nextel
• Level 3 / Level 2 / Level 1
• NTT Communications
• SAVVIS Communications
• Net By Net Holding LLC
• Verizon Communications
• ATM-Telekom
• IBM

VPN providers which aren't secure, logging or selling your data to 3rd-parties

Known to be compromised or spying

• Hola (might sells data, according to their privacy policy)
• HotSpotShield
• Hide My Ass
• ProXPN
• PureVPN (proof)
• EarthVPN
• Betternet
• Slickvpn (keeps logs)
• IPVanish (keeps logs)
• Opera VPN (might sells data, according to their privacy policy)
• Psiphon (might sells data, according to their privacy policy)
• Onavo Protect (might sells data, according to their privacy policy)
• ZPN (might sells data, according to their privacy policy)
• HoxxVPN (might sells data, according to their privacy policy)
• FinchVPN (might sells data, according to their privacy policy)
• TouchVPN (might sells data, according to their privacy policy)
• TurboVPN
• VPN Proxy Master
• Snap VPN
• X-VPN 5M
• VPN 360 1M
• VPN – Super Unlimited Proxy
• Free VPN by FreeVPN.org
• Secure VPN
• VPN – Master Proxy
• HotspotVPN
• SkyVPN
• VPN Patron
• VPN for iPhone
• YogaVPN
• VPN Guru
• Hola
• Hotspot Shield
• Betternet
• TouchVPN
• Shield VPN
• VPN Wifi Proxy Security Master
• Victory VPN
• Storm VPN (unclear)
• SuperVPN Free VPN Client
• VPN Private
• Thunder VPN
• VPN Melon
• Super VPN
• #VPN
• Psiphon
• AnchorFree
• StackPath
• Avast (owns three brands: HideMyAss, Avast Secureline VPN, AVG Secure VPN, and Zen VPN)
• Kape and Gaditek (owns ExpressVPN, CyberGhost, Private Internet Access, ZenMate)
• NordVPN (compromised)

Controversial

Based on the following review these VPN services are marked as controversial.

• Opera VPN
• Hoxx VPN
• Betternet
• Hola VPN
• SecureVPN
• Ace VPN
• VPN Unlimited
• Ra4w VPN
• Speedify
• AzireVPN
• Ivacy
• BTGuard VPN
• Zenmate
• DotVPN
• VPN.ht
• F-Secure Freedome
• Kaspersky VPN
• Anonymizer VPN
• Norton Wifi Privacy
• SurfEasy
• Encrypt Me
• TigerVPN
• AVG VPN
• PureVPN
• HideMyAss!
• Browsec VPN
• BitDefender VPN
• Hide All IP
• ProxPN
• ZoogVPN
• VPN ac
• OneVPN
• Cactus VPN
• SaferVPN
• SpyOFF
• VPNTunnel
• SwitchVPN
• VyprVPN
• Buffered
• BolehVPN
• Avira Phantom
• PrivateTunnel
• HotSpot Shield
• LiquidVPN
• TunnelBear
• PrivateVPN
• StrongVPN
• SlickVPN
• Astrill VPN
• FrootVPN
• VPNArea
• Goose VPN
• Celo VPN
• PersonalVPN
• AirVPN
• AnonymousVPN.org
• Avast Secureline
• IVPN
• TorGuard
• FastestVPN
• BlackVPN
• VPNSecure Me
• WindScribe
• ibVPN (almost no servers)
• Trust Zone
• CyberGhost
• Betternet VPN

VPN providers who claim to keep no logs

The claim is made via Interviews & privacy policy inspection, more details are here.

• AirVPN
• Avira
• AzireVPN
• BolehVPN
• CactusVPN
• CyberGhost
• ExpressVPN
• HeadVPN
• Hide.me
• HideIPVPN
• ibVPN
• IVPN
• Mullvad
• NordVPN
• OVPN
• Perfect Privacy
• Private Internet Access
• PrivateVPN
• ProtonVPN
• SlickVPN
• Surfshark
• SwitchVPN
• TorGuard
• Trust.Zone
• VPN.ac
• VPNArea
• VPNhub
• WhatTheServer
• Windscribe

VPN Recommendation:

Worth to read, VPN Guide: Legality, Jurisdictions & Internet Censorship

• ProtonVPN, bypass censorship measures
• Mullvad VPN - No-account, privacy-first VPN (independently audited)
• IVPN - Transparent, independently audited VPN service
• OVPN, short story here

See here for a more detailed, community-maintained comparison of privacy-respecting VPN providers.

Other services providers + social media platforms

• Facebook / Meta
• PushTalk / PalTalk
• Google Inc. alias Alphabet
• Amazon / AWS
• MySpace
• Google+
• Microsoft
• Apple
• Wikipedia, well it's for all
• Automattic, Inc
• LLC
• Yahoo
• Twitter / X (FBI records)
• TikTok (ByteDance) - Chinese government access concerns, banned or restricted in multiple countries
• Telegram - Metadata collection concerns, cooperation with law enforcement
• Clearview AI - Facial recognition database built from social media, used by law enforcement
• Cookie based tracking - NSA uses advertisers’ cookies to track specific web browsers

Official Government mass surveillance projects & laws

Mass surveillance projects

• ECHELON
• XKeyscore
• PRISM
• Carnivore
• DISHFIRE
• STONEGHOST
• Tempora
• Frenchelon - Active-Passive-Exfilration (APEX)
• FAIRVIEW
• MYSTIC
• Boundless Informant
• BULLRUN
• PINWALE
• Stingray
• TURMOIL / Turbulence
• SIGINT Activity Designator (or SIGAD)
• MUSCULAR
• STORMBREW
• Pegasus (NSO Group) - Commercial spyware used by governments worldwide, exposed in 2021 Pegasus Project investigation
• Predator (Cytrox/Intellexa) - Commercial spyware targeting journalists and politicians
• Section 702 FISA Reauthorization - Reauthorized in 2024 with expanded warrantless surveillance powers

Surveillance by Law

• Government Must Have Reasonable Suspicion of Digital Contraband Before Searching Electronic Devices at the U.S. Border
• EU Chat Control Proposal - Proposed EU regulation for mass scanning of private messages (2022-present)
• UK Online Safety Act 2023 - UK law with provisions that could undermine end-to-end encryption
• EU AI Act 2024 - EU regulation on AI systems including biometric surveillance restrictions
• EARN IT Act - US bill threatening encryption by modifying Section 230 protections
• RESTRICT Act - US bill granting broad authority to ban foreign technology (2023)

Known compromised Hardware with Malware or/and Backdoors

• UMX U683CL (smartphone) [Assurance Wireless]
• Various TP-Link routers - CISA advisories on Chinese state-sponsored exploitation of SOHO routers (2023-2024)
• Intel ME (Management Engine) - Persistent concerns about hardware-level backdoor capabilities
• Cisco networking equipment - Multiple vulnerabilities exploited by state actors (Volt Typhoon campaign, 2023-2024)

(Official) Discontinued surveillance programs projects

• U.S. Terrorist Surveillance Program
• Multistate Anti-Terrorism Information Exchange (MATRIX)
• ThinThread
• Trailblazer Project
• Customer Proprietary Network Information / CPNI (metadata) - can be deactivated on Android 5.1+ and e.g. Wifi networks

European Union

• Data Retention Directive
• INDECT
• Schengen Information System
• Chat Control / CSAM scanning proposal - Proposed mass scanning of private messages (2022-present)
• EU-US Data Privacy Framework - Successor to Privacy Shield (2023), concerns about US surveillance access

Australia

• Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018 - Law requiring companies to provide backdoor access
• Australian Signals Directorate (ASD) - Signals intelligence agency, Five Eyes member

China

• Golden Shield Project
• Social Credit System - Mass behavioral surveillance and scoring
• Skynet / Sharp Eyes - Nationwide facial recognition surveillance camera network
• Monitoring Bureau -> Status: unclear, needs confirmation + evidence
• Public Information Network Security -> Status: unclear, needs confirmation + evidence

Korea

• Allmost all ISP's blocking /controlling HTTP/HTPS (DPI)

France

• Frenchelon

Germany

• Nachrichtendienstliches Informationssystem
• Project 6
• RAMPART-A with BND / NSA (needs more evidence)

India

• Central Monitoring System (CMS)
• DRDO NETRA
• NATGRID
• Pegasus spyware deployment - Confirmed use of NSO Group's Pegasus against journalists and activists

Russia

• SORM
• Yarovaya Law
• TSPU (Technical Measures for Countering Threats) - DPI-based internet filtering system deployed by Roskomnadzor (2021+)
• other systems rumored - Status: unclear, needs confirmation + evidence

Sweden

• Titan traffic database
• X-Keyscore

Switzerland

• Onyx

United Kingdom

• Impact Nominal Index
• Interception Modernisation Programme
• Mastering the Internet (MTI)
• UK National DNA Database (NDNAD)
• Tempora
• Royal Concierge
• Online Safety Act 2023 - Potential implications for end-to-end encryption
• Investigatory Powers Act 2016 (Snoopers' Charter) - Amended 2023 with expanded powers

United States

• Boundless Informant (needs confirmation)
• BULLRUN
• Carnivore
• Comprehensive National Cybersecurity Initiative
• DCSNet
• Fairview
• Financial Crimes Enforcement Network
• ICREACH
• Magic Lantern (needs confirmation)
• Main Core
• MAINWAY
• Media monitoring services
• MUSCULAR
• MYSTIC
• Nationwide Suspicious Activity Reporting Initiative
• NSA ANT catalog
• PRISM
• Room 641A via AT&T
• Sentry Eagle
• Special Collection Service
• Stellar Wind (code name)
• Tailored Access Operations
• Terrorist Finance Tracking Program
• Turbulence (NSA)
• US Intelligence Community (IC)
• Utah Data Center
• X-Keyscore
• Section 702 FISA - Reauthorized April 2024, expanded to cover more data providers
• Executive Order 12333 - Ongoing authority for foreign intelligence collection

Possible Iran (unconfirmed + needs more evidence)

• GhostNet
• Stuxnet

Spying programs

• Traceroute "Packaged Goods" / "Treasure Map"
• VOIP: Hammerchant
• WEALTHYCLUSTER
• APEX
• COMSAT
• IRRITANT HORN (hijacks Google Play Store contained apps)
• HACIENDA
• Volt Typhoon - Chinese state-sponsored threat actor targeting US critical infrastructure (2023-2024)
• Salt Typhoon - Chinese state-sponsored compromise of US telecom providers (2024-2025)
• Pegasus (NSO Group) - Commercial spyware deployed by multiple governments worldwide
• Predator (Intellexa) - Commercial spyware, Intellexa consortium sanctioned by US Treasury (2024)

Hardware Recommendations

• Phone: Pixel with GrapheneOS or Librem 5
• Laptop: Librem 14 with Pureboot and Librem Key OR NitroKey OR System76 with open firmware
• Hardware security keys: YubiKey or NitroKey for FIDO2/WebAuthn authentication
• Router: Turris Omnia or devices running OpenWrt for open-source firmware

Software Recommendations and defense steps Checklist

• A Defensive Computing Checklist by Michael Horowitz (defensivecomputingchecklist.com)
• A curated checklist of 300+ tips for protecting digital security and privacy (github.com)
• Privacy Guides - comprehensive privacy and security resource
• EFF Surveillance Self-Defense - Expert guide to protecting yourself from online spying
• Security in a Box - Digital security tools and tactics

THANK YOU!

A special thanks goes to everyone who fights for internet security & privacy!