Skip to content

Instantly share code, notes, and snippets.

@ozankiratli
Last active July 19, 2025 09:35
Show Gist options
  • Save ozankiratli/801ba17705e7f2a904d2e443af5a64f8 to your computer and use it in GitHub Desktop.
Save ozankiratli/801ba17705e7f2a904d2e443af5a64f8 to your computer and use it in GitHub Desktop.
PiHoleLists

Streaming Whitelists and Blacklists for PiHole

Last Updated On:           July 10, 2025
Last Updated Platform:     Peacock

Table of Contents

Roku

Do not block (or whitelist if blocked) for functionality (Only block these if you know what you're doing)

  • roku.com, rokutime.com, and therokuchannel.roku.com : for obvious reasons.
  • api.roku.com and api.rokutime.com : System functionality.
  • retail.rpay.roku.com and api.rpay.roku.com : Payment api.
  • image.roku.com : Checking internet connectivity by the app.

"The Roku Channel" related domains. (Block these only if you don't use "The Roku Channel")

  • configsvc.sc.roku.com and keysvc.sc.roku.com : Channel functionality.
  • content.sr.roku.com, content-detail.sr.roku.com, and playback-detail.sr.roku.com : Loading Content
  • images.sr.roku.com : Loading video images
  • api2.sr.roku.com : Channel api that delivers videos.
  • vod.delivery.roku.com, and vod-playlist.sr.roku.com : Loading the video content.
  • rights-manager.sr.roku.com and wv-license.sr.roku.com : Availability and access to content.
  • static-delivery.sr.roku.com : Subtitles.
  • bookmarks.sr.roku.com : Remembering the last location on a video.
  • navigation.sr.roku.com and images-svc.sr.roku.com : Unknown, still being tested.

IMPORTANT: If "The Roku Channel" is having issues loading content try whitelisting the following. Still needs testing.

tis.cti.roku.com
ls.cti.roku.com

If you don't use The Roku Channel app you're welcome to block all these with the following regex.

^[^.]+\.(sr|sc)\.roku.com$

Block list RegEx

The exact presence of logs,ads, web, cti, voice, or prod.mobile.

^(([^.]+\.)*(logs|ads|web|prod\.mobile|cti|voice)(\.[^.]+)*\.)roku\.com$

I found some names (sometimes with characters before or after them).

^(([^.]+\.)*[^.]*(amarillo|amoeba|austin|benjamin|bryan|camden|cooper|copper|digdug|external|giga|gilbert|griffin|hereford|lb|liberty|littlefield|longview|madison|marlin|midland|paolo|richmond|rollingwood|scribe|sugarland|tyler|victoria|windsor)[^.]*(\.[^.]+)*\.))roku\.com$

Next, I found some queries starting with some words and decided that I didn't want them.

^((captive|cloudservices|wwwimg)\.)roku\.com$

Some .sr.roku.com addresses combined together:

^((bif|microsites|traces|track|userdata)\.sr\.)roku\.com$

ravm.tv queries, I captured all with:

^([^.]+\.)*ravm\.tv$

Individual domains that don't fit a pattern, can be added as exact domains:

lat-services.api.data.roku.com
roku.admeasurement.com

Bonus: Overkill for admeasurement:

^([^.]+\.)*roku([^.]+\.)*\.admeasurement([^.]+\.)*\.com$

Peacock

Around Jan 7, 2025 Peacock started showing ads on Roku devices. The culprit in my server was f701e91aabed43fa8064e91da398bfbc.mediatailor.us-east-1.amazonaws.com . I assume different regions would have different strings, and the first random part can change.

July 4, 2025 Update: The current settings mostly work without ads, except the videos don't start where they're left off, but they start from the beginning of the content.

Whitelist

Type Domain Note
Exact mytv.clients.peacocktv.com Account access
Exact bff-ext.clients.peacocktv.com Account access
Exact imageservice.disco.peacocktv.com Content images
Exact play.ovp.peacocktv.com Content loading
RegEx g[^.]+-vod-us-cmaf-prd-mc.cdn.peacocktv.com Video loading
Exact atom.peacocktv.com Under consideration
Exact cybertron.id.peacocktv.com Under consideration
Exact meg.disco.peacocktv.com Under consideration
Exact ovp.peacocktv.com Under consideration
Exact pconfig-prd.cdn.peacocktv.com Under consideration

Blacklist

Type Domain Note
Exact mt.ssai.peacocktv.com Use this for now
RegEx g[^.]+-vod-us-cmaf-prd-[^.]+.cdn.peacocktv.com Ads load through various links

**Important:** Use this with caution, someone reported it blocked their Amazon Echo devices. Needs confirmation.

Paramount+

Paramount+ settings and how they deliver content and ads change often. This list has been stable in Roku for some time now. Browser hasn't been stable. Under a moderate to aggressive system, Paramount+ (even no ad version) tends to not work. If you're having issues with Paramount+, check your Query Logs and try whitelisting and blacklisting domains appear there.

Whitelist

These domains are needed for functinality of the service.

Type Domain Function
Exact saa.paramountplus.com Main
Exact saa.cbsi.com Main
Exact vod-gcs-cedexis.cbsaavideo.com Loads the video
Exact cbsinteractive.hb.omtrdc.net Loads the video
Exact cbsi.live.ott.irdeto.com Loads the video
Exact tags.tiqcdn.com Last location
Exact wwwimage-us.pplusstatic.com Image loading
Exact wwwimage-secure.cbsstatic.com Image loading
Exact thumbnails.cbsig.net Image loading
Exact bakery.pplus.paramount.tech Mobile App
RegEx ^[^.]+\.cws\.conviva\.com$ Video loading

Blacklist

Most other domains can be blocked. These might be missed by pihole, or might be whitelisted in the past for one reason or another. There are other domains that can be blocked. Here are some examples. (I'll be working on a combination of exact and regex blocking solution)

Type Domain Notes
Exact imasdk.googleapis.com Might be needed for loading on PC (needs testing)
Exact enduser.adsrvr.org
Exact cdn.privacy.paramount.com
Exact www.googletagmanager.com
Exact pagead2.googlesyndication.com
Exact www.googletagmanager.com
Exact availability-fastly.syncbak-mediastore-cedexis.cbsaavideo.com
Exact cbsi.demdex.net
Exact vod-gcs-qwilt.cbsaavideo.com
Exact vod-gcs-google.cbsaavideo.com

Note: If you use unbound for DNS resolution, enabling DNSSEC will block access to Paramount+ from the browser. Roku still works.

Disney+

Try adding this to regex list. (Not tested thoroughly, any input is welcome)

^([^.]+\.)*disneyadvertising\.com$ 
@junbug178
Copy link

It appears my last video watched is no longer being kept in Paramount Plus.

@ozankiratli
Copy link
Author

ozankiratli commented May 12, 2025

id like to help you with peacock. i too saw mediatailor on an app but blocking media tailor completely broke live tv. so here's a better solution its mt.ssai.peacocktv.com its mediatailor but peacocks version of it. that stopped ads for AdGuard users. see here; AdguardTeam/AdguardFilters#196118 (comment)

@jordansworld Thanks for this! Added and currently testing on my end. Will make the change permanent in a couple of days.

@ozankiratli
Copy link
Author

It appears my last video watched is no longer being kept in Paramount Plus.

@junbug178 I don't have this issue; I still have the last watched kept as long as Paramount+ works. However, Paramount+ is the most problematic platform on my end due to constant problems with Unbound. I can only make it work for a specific period of time before DNS resolution becomes impossible. I can only get it to work after restarting the Unbound service, DNS resolver on PiHole, and Roku. I also can't watch it on PC; any help on that end would be welcome.

@jordansworld
Copy link

id like to help you with peacock. i too saw mediatailor on an app but blocking media tailor completely broke live tv. so here's a better solution its mt.ssai.peacocktv.com its mediatailor but peacocks version of it. that stopped ads for AdGuard users. see here; AdguardTeam/AdguardFilters#196118 (comment)

@jordansworld Thanks for this! Added and currently testing on my end. Will make the change permanent in a couple of days.

no problem! glad it works

@aqthegreat
Copy link

It appears my last video watched is no longer being kept in Paramount Plus.

I had that problem a while ago. My fix was to whitelist tags.tiqcdn.com

@alechouse97
Copy link

alechouse97 commented Jul 11, 2025

For peacock, I discovered my ads were being served from a domain prefixed with g006 instead of g008. I updates the relevant rules to:

||g*-vod-us-cmaf-prd-*.cdn.peacocktv.com
@@||g*-vod-us-cmaf-prd-mc.cdn.peacocktv.com

@ozankiratli
Copy link
Author

@alechouse97 Made the edits! Thanks for the contribution.

@alechouse97
Copy link

Happy to help! I opened a feature request in the Adguardhome filters repo (which is what I use) and credited your list. Hope this fix keeps working!

@ECSmith88
Copy link

After several days of debugging I've been able to get a regex block in place to make it a little easier for everyone. This is what I'm using currently to capture the numerous servers in Peacocks CDN. It works off the above regex block using g008.
g\d{3}-vod-us-cmaf-prd-[a-zA-Z]{2}-[^.]+.cdn.peacocktv.com
g\d{3}-vod-us-cmaf-prd-[a-zA-Z]{2}.cdn.peacocktv.com I added this as a regex deny because if the content isn't coming from the mc prod server as stated above ads get through.
g\d{3}-sf-us-cmaf-prd-[a-zA-Z]{2}-[^.]+.cdn.peacocktv.com I also noticed this morning a new set of servers being served through Peacock. I hope this helps someone. When you figure out the other servers under consideration please update. Everyone once in awhile a set of ads will pop up and one of those domains is in the logs. I haven't narrowed anything down just yet but wanted to provide my insight. I've been banging my head on this for the better part of a week.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment