System updates and system app updates. The API URLs for that should be excluded. Example: update.intl.miui.com

these few showup in my logs quite often.... as of 20210914

tracking.india.miui.com
update.intl.miui.com
api.aurogon.intl.miui.com
jupiter.intl.sys.miui.com
idmb.register.xmpush.global.xiaomi.com
i2.api.io.mi.com

3rd.mishop.pandora.xiaomi.com
3rdupgrade.pandora.xiaomi.com
5-c3.bigdata.ctc.neo.xiaomi.com
9-alisgp.bigdata.pub.neo.xiaomi.com
10-awsind.bigdata.pub.neo.xiaomi.com
11-c3.bigdata.ctc.neo.xiaomi.com
a.union.xiaomi.com
ad.cdn.pandora.xiaomi.com
ad.quickapp.hybrid.xiaomi.com
admin.xmpush.xiaomi.com
api.ads.xiaomi.com
api.xmpush.global.xiaomi.com
api-bks.ad.intl.xiaomi.com
bgp.tv.pandora.xiaomi.com
bigdata-lbs-pri-c3.alb.xiaomi.com
bossadmin.pandora.xiaomi.com
box.pandora.xiaomi.com
broker.mqtt.pandora.xiaomi.com
bsp.sasdc.pandora.xiaomi.com
bugreport.pt.xiaomi.com
c3.api.xmpush.xiaomi.com
c3-bgp.pandora.xiaomi.com
c3mini.pandora.xiaomi.com
c4.pandora.xiaomi.com
callback.xmpush.xiaomi.com
cc.ad.intl.xiaomi.com
cn.register.xmpush.xiaomi.com
cn-register.xmpush.xiaomi.com
comc4l7.pandora.xiaomi.com
coml7.pandora.xiaomi.com
console.admin.xmpush.xiaomi.com
cupid.ad.xiaomi.com
databi.ad.xiaomi.com
default.data.mistat.xiaomi.com
default.sdkconfig.ad.xiaomi.com
diagnosis.ad.xiaomi.com
dvb.pre.pandora.xiaomi.com
emi-cube.ad.xiaomi.com
emq.xmpush.xiaomi.com
extranet.ap-south-1.miui-l7-feedback.gualne84bg.elb.xiaomi.com
extranet.ap-south-1.miui-l7-feedback.y5qvxdjy6g.elb.xiaomi.com
extranet.ap-southeast-1.miui-l7-feedback.d6ocem01vo.elb.xiaomi.com
extranet.ap-southeast-1.miui-l7-feedback.qkou0akepj.elb.xiaomi.com
extranet.ap-southeast-1.miui-l7-feedback.s3hawgekth.elb.xiaomi.com
extranet.c3.bigdata-l7-dp-lan.x0x8wmy6im.elb.xiaomi.com
extranet.c3.bigdata-l7-trackservice.nbnpzmfyom.elb.xiaomi.com
extranet.c3.feedback.2ddfrkx42q.elb.xiaomi.com
extranet.c3.miui-l7-feedback.1irknwwveg.elb.xiaomi.com
extranet.c4.miui-l7-feedback.izsagsovue.elb.xiaomi.com
extranet.c4.miui-l7-feedback.q2fo3bs76f.elb.xiaomi.com
extranet.eu-east-1.miui-l7-feedback.c7qiwffdmn.elb.xiaomi.com
extranet.eu-east-1.miui-l7-feedback.fvlyh0lisv.elb.xiaomi.com
feedback.d.xiaomi.com
feedback.pt.intl.xiaomi.com
feedback.pt.rus.xiaomi.com
feedback.pt.xiaomi.com
feedback.xmpush.global.xiaomi.com
feedback.xmpush.xiaomi.com
fr.api.xmpush.global.xiaomi.com
fr.feedback.xmpush.global.xiaomi.com
fr.register.xmpush.global.xiaomi.com
fr-api.xmpush.global.xiaomi.com
fr-register.xmpush.global.xiaomi.com
galleryc4l7.pandora.xiaomi.com
game.ad.xiaomi.com
globalreport.ad.intl.xiaomi.com
gstat.pandora.xiaomi.com
hook.gitv.pandora.xiaomi.com
i.api.xmpush.xiaomi.com
ident.mistat.xiaomi.com
idmb.api.xmpush.global.xiaomi.com
idmb.feedback.xmpush.global.xiaomi.com
idmb-api.xmpush.global.xiaomi.com
imp.xmpush.xiaomi.com
intranet.c3.bigdata-l7-trackservice.eup4xvxeqr.elb.xiaomi.com
lab.h4myc4mlzwna31cp.informatik.ad.xiaomi.com
lbs.n.xiaomi.com
lg.api.xmpush.xiaomi.com
lg-bgp-misc.pandora.xiaomi.com
live.miphone.pandora.xiaomi.com
log.pandora.xiaomi.com
log.pt.xiaomi.com
logs.n.xiaomi.com
m.track.ad.xiaomi.com
maizhenapi.ad.xiaomi.com
mantual.pandora.xiaomi.com
marketing.ad.xiaomi.com
marketing.ai.xiaomi.com
matrix.api.ad.xiaomi.com
max.ad.xiaomi.com
mbapi.ad.intl.xiaomi.com
media.pre.pandora.xiaomi.com
mi4crawler.pandora.xiaomi.com
mibi.stat.pt.xiaomi.com
micloudevents.preview.n.xiaomi.com
milink.ad.intl.xiaomi.com
mina.xmpush.xiaomi.com
misc.pandora.xiaomi.com
mktg.chain.ad.xiaomi.com
mob.api.xmpush.xiaomi.com
mob.pandora.xiaomi.com
mob.tv.pandora.xiaomi.com
mobile.mishop.pandora.xiaomi.com
mon.be.xiaomi.com
mon.n.xiaomi.com
monitor.pandora.xiaomi.com
monitor.pt.ai.xiaomi.com
monitor.scf.pt.xiaomi.com
mosapi.ad.intl.xiaomi.com
netcheck.pandora.xiaomi.com
o.bigdata.xiaomi.com
o.data.mistat.xiaomi.com
offline.ad.intl.xiaomi.com
omad.ad.intl.xiaomi.com
omserver.ad.intl.xiaomi.com
onebox.xmpush.xiaomi.com
ottl7-l2.pandora.xiaomi.com
physeter-pdad.pt.xiaomi.com
preview.bossadmin.pandora.xiaomi.com
preview.tvboss.pandora.xiaomi.com
profile.pandora.xiaomi.com
pull.mitv.pandora.xiaomi.com
redirect.pandora.xiaomi.com
report.n.xiaomi.com
report.pt.xiaomi.com
rtmpott.pandora.xiaomi.com
ru.api.xmpush.global.xiaomi.com
ru.feedback.xmpush.global.xiaomi.com
ru.register.xmpush.global.xiaomi.com
ru-api.xmpush.global.xiaomi.com
ru-feedback.xmpush.global.xiaomi.com
ru-register.xmpush.global.xiaomi.com
sdkconfig.ad.eu.xiaomi.com
sdkconfig.ad.rus.xiaomi.com
secure.report.iss.xiaomi.com
sentry.be.xiaomi.com
sentry.pay.xiaomi.com
sentry.pt.xiaomi.com
sgpapi.ad.intl.xiaomi.com
sgp-api.xmpush.global.xiaomi.com
shop.pandora.xiaomi.com
sjs.ptmi.gitv.pandora.xiaomi.com
smart.bigdata.xiaomi.com
smarthome.pandora.xiaomi.com
soundbar.pandora.xiaomi.com
stag.bssmini.pandora.xiaomi.com
staging.cname.ad.xiaomi.com
staging.max.ad.xiaomi.com
staging.stat.pt.xiaomi.com
staging-analyze.pt.xiaomi.com
staging-bks.ad.xiaomi.com
staging-diagnosis.ad.xiaomi.com
staging-global-ssp.ad.xiaomi.com
stat.www.xiaomi.com
stats.mixin.pt.xiaomi.com
stats-fm.music.xiaomi.com
storeconfig.mistat.xiaomi.com
t.app.xiaomi.com
t.track.ad.xiaomi.com
test.ad.intl.xiaomi.com
test.admin.xmpush.xiaomi.com
test.api.xmpush.xiaomi.com
test.lbs.n.xiaomi.com
test.track.ad.xiaomi.com
test-api.xmpush.xiaomi.com
tj1.master.pt.xiaomi.com
tj1.payment.pt.xiaomi.com
tj1.scf.pt.xiaomi.com
tj1.staging.fintech.pt.xiaomi.com
tj1.staging.fund.pt.xiaomi.com
tj1.staging.ins.pt.xiaomi.com
tj1.staging.mibi.xiaomi.com
tj1.staging.mifi.pt.xiaomi.com
tj1.staging.nfcpay.xiaomi.com
tj1.staging.pay.xiaomi.com
tj1.staging-in.globalfi.pt.xiaomi.com
tj1.stagingouter.pay.xiaomi.com
tj1.test.pay.xiaomi.com
tj1-new.scf.pt.xiaomi.com
track.ad.xiaomi.com
tracker.ai.xiaomi.com
tracker-preview.ai.xiaomi.com
tvboss.pandora.xiaomi.com
tvepg.pandora.xiaomi.com
tvmanager.pandora.xiaomi.com
tvstat.pandora.xiaomi.com
upgrade.pandora.xiaomi.com
user.pandora.xiaomi.com
vip.api.xmpush.global.xiaomi.com
vip.api.xmpush.xiaomi.com
vip-api.xmpush.global.xiaomi.com
vip-api.xmpush.xiaomi.com
w.pandora.xiaomi.com
xadx.file.market.xiaomi.com
xtrace.pt.xiaomi.com
zhaopin.ad.xiaomi.com

I recommend whitelisting 'market.xiaomi.com' and its subdomains, e.g

app.market.xiaomi.com
f2.market.xiaomi.com
f1.market.xiaomi.com

they have many subdomains like this.

These domains host valuable themes, plugins, and widgets for MIUI 13 and 14. Their current blocked status limits access to these resources.

OISD, for example, has only blocked 'wtradv.market.xiaomi.com', allowing the rest to remain functional.

In my Mi 9, MIUI 11, if I block xiaomi with this list, the phone starts to use much much more battery. Analysing with BBS I come to the conclusion that if some xiaomi services, like find my device can't call home, it starts to try reapeately to connect and turns itself in a battery killer.
And we don't have anymore ways to kill those apps or it's wakelocks or alarms, then...

This is jus an alert to people, watch out your battery. Maybe someone can come with a solution.

Hi,

I have recently noticed that I am not receiving any push notification from Xiaomi home, i.e. if the camera sensed a movement. On a different network it was working but not on mine. After some trails I have found out that blocking this: fr.app.chat.global.xiaomi.net is causing the issue. Moving it to the whitelist solved the problem for me.

Not sure if it was blocked from the beginning but noticed only now.

Tomas

you have:

fr.app.chat.global.xiaomi.net 
  fr-app-chat-global-xiaomi-net-1516654448.eu-central-1.elb.amazonaws.com
  fr-app-chat-global-xiaomi-net1-1667981913.eu-central-1.elb.amazonaws.com
  fr-app-chat-global-xiaomi-net2-2117517874.eu-central-1.elb.amazonaws.com

but i observed:

fr-app-chat-global-xiaomi-net-6-2041664722.eu-central-1.elb.amazonaws.com

There might be more cnames depending on your location and load balancing , likely net3 , net4 and net5

Description

During the import of 'xiaomi.com.txt' via gravity update PiHole gives a info about invalid domains.
Please see example

PiHole version

Pi-hole v5.1.2
Web Interface v5.1.1
FTL v5.2

Example

[i] Target: https://raw.githubusercontent.com/unknownFalleN/xiaomi-dns-blocklist/master/xiaomi.com.txt
[✓] Status: Retrieval successful
[i] Received 651 domains, 59 domains invalid!
Sample of invalid domains:
- *.a.market.xiaomi.com
- *.account.xiaomi.com
- *.ad.intl.xiaomi.com
- *.ad.xiaomi.com
- *.ai.xiaomi.com

idmb.app.chat.global.xiaomi.net
d.g.mi.com
in.find.api.micloud.xiaomi.net

these domains are making frequent requests. I think these should be added to the list.

Remove connect.rom.miui.com

Hi there!

Is it possible to import the Xiaomi dns records from https://github.com/unknownFalleN/xiaomi-dns-blocklist/blob/master/xiaomi_dns_block.lst dynamically as a txt (e.g. in sublert folder) or is it really neccessary to copy and import the raw list periodically by hand?

Thanks in advance!

api.miwifi.com and eu.api.miwifi.com are in the list, but sg.api.miwifi.com is not.
Appears to be used for update checking, but supposedly also telemetry.

So using NextDNS, I was able to find these domains that MIUI likes to connect frequently. IDK their purpose as I had removed most of the MIUI apps.

idmb-app-chat-global-xiaomi09-1256654958.ap-south-1.elb.amazonaws.com
idmb-app-chat-global-xiaomi10-407281533.ap-south-1.elb.amazonaws.com
idmb-app-chat-global-xiaomi07-1818086890.ap-south-1.elb.amazonaws.com
idmb-app-chat-global-proxy-proto-1114919025.ap-south-1.elb.amazonaws.com
idmb-app-chat-global-xiaomi08-2123402879.ap-south-1.elb.amazonaws.com
idmb-app-chat-global-xiaomi06-2047145834.ap-south-1.elb.amazonaws.com
idmb-app-chat-global-xiaomi05-1961044139.ap-south-1.elb.amazonaws.com
idmb-app-chat-global-xiaomi04-1301562198.ap-south-1.elb.amazonaws.com
idmb-app-chat-global-xiaomi03new-426797692.ap-south-1.elb.amazonaws.com
idmb-app-chat-global-xiaomi-1108233833.ap-south-1.elb.amazonaws.com
idmb-app-chat-global-xiaomi06-2047145834.ap-south-1.elb.amazonaws.com
resolver-msg-xiaomi-net-665721575.ap-south-1.elb.amazonaws.com

I made my phone go through Pihole for one night. Here are some additional ones I found:

find.api.micloud.xiaomi.net
g-galleryapi.micloud.xiaomi.net
global.market.xiaomi.com
matrix-pri-alisgp.alb.xiaomi.com
resolver.msg.global.xiaomi.net
us.galleryapi.micloud.xiaomi.net
jupiter.intl.sys.miui.com
i.mi.com
sg.api.io.mi.com

I don't know what it does. Saw it in tcpdump. Trying to keep the phone clean, have not connected it to internet, just to xiaomi account to unlock to root the phone, then to a private hotspot wifi.
Also referenced in this gist. https://gist.github.com/random-robbie-research/5a43b8a6e2774a0afdd8af3010532b43

Needed for updating system apps:
global.market.xiaomi.com

Needed for MIUI Rom updates:
update.intl.miui.com

Please consider removing these from the blocklist.

eu.api.miwifi.com

• fr.resolver.msg.global.xiaomi.net
• fr-resolver-msg-global-xiaomi-n-916220403.eu-central-1.elb.amazonaws.com

Please add:
us.api.micloud.xiaomi.net
us-api-micloud-xiaomi-net-5630734.us-west-2.elb.amazonaws.com

Thank you.

Blocking api.io.mi.com will disable firmware updates for IoT or at least prohibit the verification of new firmware.
at least adding a note about this would appreciated :)

I would as well add, see below. These ones are frequently called by Xiaomi cameras for example.

• ||baidu.com
• ||www.baidu.com

br, Tomas

As the title

connect.intl.rom.miui.com
brs.api.intl.miui.com
sa-api.api.intl.miui.com
cdn.awsde0-fusion.fds.api.mi-img.com

idm.iot.mi.com
de-idm.api.io.mi.com
gtglobal.intl.miui.com
pi.ias.xiaomi.com

When the following domains are blocked, the security center cannot send SMS.

api.sec.miui.com

the System apps updater on xiaomi phones fails to connect due to global.market.xiaomi.com being blocked

ultimateota.d.miui.com is needed for Xiaomi HyperOS OTA (over-the-air) updates.

Not really an issue, but good to know:

There is a little trick xiaomi can use to bypass this type of filtering, by using dns.io.mi.com (110.43.0.83 & 110.43.0.85) with a plain 'ol http GET request:

Req:
  http://110.43.0.83/gslb?tver=2&id=1234567&dm=ots.io.mi.com&timestamp=13&sign=KmUuqqSuZiFCBY9hNLUr%2BewmH0RtVz6rvzwwrzFZjfk%3D
Resp:
  {
   "info":{
      "enable":1,
      "host_list":[
         {
            "ip":"120.92.96.155",
            "port":443
         },
         {
            "ip":"58.83.177.143",
            "port":443
         },
         {
            "ip":"183.84.5.209",
            "port":443
         }
      ]
   },
   "sign":"mR61hy8D05mEV6Owsawd9zV7Is49TXznwNkd4nqDjkU=",
   "timestamp":1624870689
   

From what I can tell Xiaomi hardcodes these IPs into some firmware in order to be complettly independent on local DNS settings.

Found these two domains while auditing my device log

mcc.intl.inf.miui.com

api.g.micloud.xiaomi.net

auth.ff.avast.sec.miui.com		20.47.97.231
streamback.ff.avast.sec.miui.com	20.47.97.231
ip-info.ff.avast.sec.miui.com		20.47.97.231
apkrep.ff.avast.sec.miui.com		20.47.97.231
analytics.ff.avast.sec.miui.com	20.47.97.231
au.ff.avast.sec.miui.com		47.241.6.185 

for the installed security app that once was vulnerable

found this via my pi-hole logs.

fr-app-chat-global-xiaomi-net1-1667981913.eu-central-1.elb.amazonaws.com

today i found this. What do you think? Is it a candidate for the block list?
fr-app-chat-global-xiaomi-net2-2117517874.eu-central-1.elb.amazonaws.com

the find device no longer works and will fail to find the device when connected to the network

The integrated news feed on the launcher connects there For MIUI 12 Android 10.

Hi, I found this subdomains making hits on my pi-hole, can you add then to the list?
domain | hits
dlg.io.mi.com | 7733
ots.io.mi.com | 7698 
ot.io.mi.com | 6866
ott.io.mi.com | 1287