Stuborn imqq.com wont get blocked

Please follow the below template, it will help us to help you!

Expected Behaviour:

I would have expected that imqq.com site would not work at all anymore,

Actual Behaviour:

but it does (and it is also ironic they use google-analytics on their page, which is successfully blocked). Also through ping command I get the IP of imqq instead of localhost. Here is my blocklist:

qq.com
wechat.appshost.co
wechat.com
pc.weixin.qq.com
google-analytics.com
connect.facebook.net
web.wechat.com
login.web.wechat.com
res.wx.qq.com
js.aq.qq.com
pc.weixin.qq.com
mac.weixin.qq.com
wx.qq.com
weixin.qq.com
baidu.com
mp.weixin.qq.com
open.weixin.qq.com 
pay.weixin.qq.com
wx2.qq.com
*.qq.*
*.wechat.*
*.*.qq.*
*.wx.qq.*
*.wx.*
*.wx.*.*
*.*.wechat.*
imqq.*
*.imqq.*
imqq.com
www.imqq.com

This behavior is unexpected to me, as other sites I have in my blocklist do not work. I disabled IPV6 but it still loads the site happily. What kind of zombie site is this? How does it do this? How can I stop it?

EDIT: output “pihole -q -adlist -all imqq”

Match found in Blacklist
   imqq.*
   *.imqq.*
   imqq.com
   www.imqq.com

output pihole -d

*** [ INITIALIZING ]
[i] 2019-12-02:16:23:42 debug log has been initialized.

*** [ INITIALIZING ] Sourcing setup variables
[i] Sourcing /etc/pihole/setupVars.conf...

*** [ DIAGNOSING ]: Core version
[i] Core: v4.3.2 (https://discourse.pi-hole.net/t/how-do-i-update-pi-hole/249)
[i] Branch: master
[i] Commit: v4.3.2-0-ge41c4b5

*** [ DIAGNOSING ]: Web version

*** [ DIAGNOSING ]: FTL version
[✓] FTL: v4.3.1

*** [ DIAGNOSING ]: lighttpd version
[i] opt

*** [ DIAGNOSING ]: php version
[i] 7.3.11

*** [ DIAGNOSING ]: Operating system
[✓] Raspbian GNU/Linux 10 (buster)

*** [ DIAGNOSING ]: SELinux
[i] SELinux not detected

*** [ DIAGNOSING ]: Processor
[✓] armv7l

*** [ DIAGNOSING ]: Networking
[✓] IPv4 address(es) bound to the wlan0 interface:
   192.168.0.41/24 does not match the IP found in /etc/pihole/setupVars.conf (https://discourse.pi-hole.net/t/use-ipv6-ula-addresses-for-pi-hole/2127)

[✓] IPv6 address(es) bound to the wlan0 interface:
   fe80::ba27:ebff:fed4:89e4 does not match the IP found in /etc/pihole/setupVars.conf (https://discourse.pi-hole.net/t/use-ipv6-ula-addresses-for-pi-hole/2127)

   ^ Please note that you may have more than one IP address listed.
   As long as one of them is green, and it matches what is in /etc/pihole/setupVars.conf, there is no need for concern.

   The link to the FAQ is for an issue that sometimes occurs when the IPv6 address changes, which is why we check for it.

[i] Default IPv4 gateway: 192.168.0.1
   * Pinging 192.168.0.1...
[✓] Gateway responded.

*** [ DIAGNOSING ]: Ports in use
*:22 sshd (IPv4)
*:22 sshd (IPv6)
127.0.0.1:9050 tor (IPv4)
127.0.0.1:3306 mysqld (IPv4)
[*:80] is in use by lighttpd
*:81 apache2 (IPv6)
*:82 apache2 (IPv6)
*:443 apache2 (IPv6)
*:44301 apache2 (IPv6)
[*:53] is in use by pihole-FTL
[*:53] is in use by pihole-FTL
[127.0.0.1:4711] is in use by pihole-FTL
[[::1]:4711] is in use by pihole-FTL
[*:80] is in use by lighttpd
*:81 apache2 (IPv6)
*:82 apache2 (IPv6)
*:443 apache2 (IPv6)
*:44301 apache2 (IPv6)
[*:80] is in use by lighttpd
*:81 apache2 (IPv6)
*:82 apache2 (IPv6)
*:443 apache2 (IPv6)
*:44301 apache2 (IPv6)
[*:80] is in use by lighttpd
*:81 apache2 (IPv6)
*:82 apache2 (IPv6)
*:443 apache2 (IPv6)
*:44301 apache2 (IPv6)
[*:80] is in use by lighttpd
*:81 apache2 (IPv6)
*:82 apache2 (IPv6)
*:443 apache2 (IPv6)
*:44301 apache2 (IPv6)
[*:80] is in use by lighttpd
*:81 apache2 (IPv6)
*:82 apache2 (IPv6)
*:443 apache2 (IPv6)
*:44301 apache2 (IPv6)

*** [ DIAGNOSING ]: Name resolution (IPv4) using a random blocked domain and a known ad-serving domain
[✓] submissive-rp-lover.tumblr.com is 0.0.0.0 via localhost (127.0.0.1)
[✓] submissive-rp-lover.tumblr.com is 0.0.0.0 via Pi-hole (0.0.0.0)
[✗] Failed to resolve doubleclick.com via a remote, public DNS server (8.8.8.8)

*** [ DIAGNOSING ]: Pi-hole processes
[✗] lighttpd daemon is inactive
[✓] pihole-FTL daemon is active

*** [ DIAGNOSING ]: Setup variables
    BLOCKING_ENABLED=true
    PIHOLE_INTERFACE=wlan0
    IPV4_ADDRESS=0.0.0.0
    IPV6_ADDRESS=
    PIHOLE_DNS_1=8.8.8.8
    PIHOLE_DNS_2=8.8.4.4
    QUERY_LOGGING=true
    INSTALL_WEB_SERVER=false
    INSTALL_WEB_INTERFACE=false
    LIGHTTPD_ENABLED=false
    HOSTRECORD=wordpressexperiment.lan,192.168.0.41:82

*** [ DIAGNOSING ]: Dashboard and block page
[✗] Block page X-Header: X-Header does not match or could not be retrieved.
HTTP/1.1 200 OK
Date: Mon, 02 Dec 2019 16:23:52 GMT
Server: Apache/2.4.38 (Raspbian)
Last-Modified: Thu, 10 Oct 2019 14:44:09 GMT
ETag: "29cd-5948f6f24bfb4"
Accept-Ranges: bytes
Content-Length: 10701
Vary: Accept-Encoding
Content-Type: text/html

[✗] Web interface X-Header: X-Header does not match or could not be retrieved.
HTTP/1.1 404 Not Found
Date: Mon, 02 Dec 2019 16:23:52 GMT
Server: Apache/2.4.38 (Raspbian)
Content-Type: text/html; charset=iso-8859-1


*** [ DIAGNOSING ]: Gravity list
-rw-r--r-- 1 root root 80153015 Dec  2 15:34 /etc/pihole/gravity.list
   -----head of gravity.list------
   (^|\.)muscdn\.com$
   (^|\.)musical\.ly$
   *.facebook.com
   *.fbcdn.net

   -----tail of gravity.list------
   zzzzz4.52896368.com
   zzzzzqp.com
   zzzzzz.com
   ɢoogle.com

*** [ DIAGNOSING ]: contents of /etc/pihole

-rw-r--r-- 1 root root 8083 Dec  2 15:32 /etc/pihole/adlists.list
   https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
   https://mirror1.malwaredomains.com/files/justdomains
   http://sysctl.org/cameleon/hosts
   https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt
   https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt
   https://hosts-file.net/ad_servers.txt
   https://github.com/crazy-max/WindowsSpyBlocker/blob/master/data/dnscrypt/spy.txt
   https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-blocklist.txt
   https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-malware.txt
   https://raw.githubusercontent.com/RPiList/specials/master/notserious
   https://raw.githubusercontent.com/chadmayfield/my-pihole-blocklists/master/lists/pi_blocklist_porn_all.list
   https://raw.githubusercontent.com/chadmayfield/my-pihole-blocklists/master/lists/pi_blocklist_porn_top1m.list
   https://raw.githubusercontent.com/RPiList/specials/master/easylist
   https://raw.githubusercontent.com/RPiList/specials/master/Win10Telemetry
   https://raw.githubusercontent.com/chadmayfield/pihole-blocklists/master/lists/pi_blocklist_porn_top1m.list
   https://hosts-file.net/grm.txt
   https://adblock.mahakala.is
   https://www.dshield.org/feeds/suspiciousdomains_High.txt
   https://www.dshield.org/feeds/suspiciousdomains_Medium.txt
   https://www.dshield.org/feeds/suspiciousdomains_Low.txt
   https://v.firebog.net/hosts/Easyprivacy.txt
   https://v.firebog.net/hosts/Prigent-Ads.txt
   https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-blocklist.txt
   https://raw.githubusercontent.com/StevenBlack/hosts/master/data/add.2o7Net/hosts
   https://raw.githubusercontent.com/Perflyst/PiHoleBlocklist/master/android-tracking.txt
   https://raw.githubusercontent.com/Perflyst/PiHoleBlocklist/master/AmazonFireTV.txt
   https://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt
   https://mirror1.malwaredomains.com/files/justdomains
   https://ransomwaretracker.abuse.ch/downloads/TL_C2_DOMBL.txt
   https://ransomwaretracker.abuse.ch/downloads/TC_C2_DOMBL.txt
   https://ransomwaretracker.abuse.ch/downloads/LY_C2_DOMBL.txt
   https://ransomwaretracker.abuse.ch/downloads/CW_C2_DOMBL.txt
   https://ransomwaretracker.abuse.ch/downloads/RW_DOMBL.txt
   https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-malware.txt
   https://phishing.army/download/phishing_army_blocklist_extended.txt
   https://v.firebog.net/hosts/Prigent-Phishing.txt
   https://v.firebog.net/hosts/Prigent-Malware.txt
   https://bitbucket.org/ethanr/dns-blacklists/raw/8575c9f96e5b4a1308f2f12394abd86d0927a4a0/bad_lists/Mandiant_APT1_Report_Appendix_D.txt
   https://www.malwaredomainlist.com/hostslist/hosts.txt
   https://mirror.cedia.org.ec/malwaredomains/immortal_domains.txt
   https://hosts-file.net/psh.txt
   https://hosts-file.net/emd.txt
   https://hosts-file.net/exp.txt
   https://v.firebog.net/hosts/Shalla-mal.txt
   https://raw.githubusercontent.com/StevenBlack/hosts/master/data/add.Risk/hosts
   https://www.squidblacklist.org/downloads/dg-malicious.acl
   https://gitlab.com/curben/urlhaus-filter/raw/master/urlhaus-filter-hosts.txt
   https://raw.githubusercontent.com/DandelionSprout/adfilt/master/Alternate%20versions%20Anti-Malware%20List/AntiMalwareHosts.txt
   https://raw.githubusercontent.com/HorusTeknoloji/TR-PhishingList/master/url-lists.txt
   https://v.firebog.net/hosts/Airelle-hrsk.txt
   https://zerodot1.gitlab.io/CoinBlockerLists/hosts_browser
   https://raw.githubusercontent.com/anudeepND/blacklist/master/facebook.txt
   https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-blocklist.txt
   https://raw.githubusercontent.com/Kees1958/WS3_annual_most_used_survey_blocklist/master/w3tech_hostfile.txt
   https://www.github.developerdan.com/hosts/lists/ads-and-tracking-extended.txt
   https://v.firebog.net/hosts/AdguardDNS.txt
   https://adaway.org/hosts.txt
   https://raw.githubusercontent.com/anudeepND/blacklist/master/adservers.txt
   https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt
   https://hosts-file.net/ad_servers.txt
   https://v.firebog.net/hosts/Easylist.txt
   https://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&showintro=0&mimetype=plaintext
   https://raw.githubusercontent.com/StevenBlack/hosts/master/data/UncheckyAds/hosts
   https://www.squidblacklist.org/downloads/dg-ads.acl
   https://raw.githubusercontent.com/bigdargon/hostsVN/master/hosts
   https://raw.githubusercontent.com/jdlingyu/ad-wars/master/hosts
   https://reddestdream.github.io/Projects/MinimalHosts/etc/MinimalHostsBlocker/minimalhosts
   https://hosts-file.net/grm.txt
   https://v.firebog.net/hosts/static/w3kbl.txt
   https://v.firebog.net/hosts/BillStearns.txt
   http://sysctl.org/cameleon/hosts
   https://www.joewein.net/dl/bl/dom-bl-base.txt
   https://raw.githubusercontent.com/matomo-org/referrer-spam-blacklist/master/spammers.txt
   https://hostsfile.org/Downloads/hosts.txt
   https://someonewhocares.org/hosts/zero/hosts
   https://raw.githubusercontent.com/Dawsey21/Lists/master/main-blacklist.txt
   https://raw.githubusercontent.com/vokins/yhosts/master/hosts
   http://winhelp2002.mvps.org/hosts.txt
   https://hosts.nfz.moe/basic/hosts
   https://raw.githubusercontent.com/RooneyMcNibNug/pihole-stuff/master/SNAFU.txt
   https://ssl.bblck.me/blacklists/hosts-file.txt
   https://hostsfile.mine.nu/hosts0.txt
   https://v.firebog.net/hosts/Kowabit.txt
   https://gist.githubusercontent.com/unknownFalleN/3f38e2daa8a98caff1b0d965c2b89b25/raw/53035c634a699817f3ab0800102b267253912114/xiaomi_dns_block.lst
   https://gist.githubusercontent.com/eboye/ef2f8c3e9e3b32c0980ff1a226770b1c/raw/b48907ecb3e33be50a27540c5186c5548d2db89f/adaway-miui-blocklist
   https://raw.githubusercontent.com/imkarthikk/pihole-facebook/master/pihole-facebook.txt
   https://raw.githubusercontent.com/chadmayfield/my-pihole-blocklists/master/lists/pi_blocklist_porn_top1m.list
   https://raw.githubusercontent.com/nickspaargaren/pihole-google/master/categories/analyticsparsed
   https://raw.githubusercontent.com/nickspaargaren/pihole-google/master/categories/androidparsed
   https://raw.githubusercontent.com/nickspaargaren/pihole-google/master/categories/doubleclickparsed
   https://raw.githubusercontent.com/nickspaargaren/pihole-google/master/categories/firebaseparsed
   https://raw.githubusercontent.com/nickspaargaren/pihole-google/master/categories/fontsparsed
   https://raw.githubusercontent.com/nickspaargaren/pihole-google/master/categories/proxiesparsed
   https://raw.githubusercontent.com/adversarialtools/apple-telemetry/master/blacklist
   https://raw.githubusercontent.com/d43m0nhLInt3r/tiktokblocklist/master/tiktokblocklist.txt
   https://raw.githubusercontent.com/d43m0nhLInt3r/Blocklists/master/Downloads/updates.vsc.txt
   https://raw.githubusercontent.com/d43m0nhLInt3r/Blocklists/master/Drugs/vaping.txt
   https://raw.githubusercontent.com/d43m0nhLInt3r/Blocklists/master/MDM/lightspeed.txt
   https://raw.githubusercontent.com/d43m0nhLInt3r/Blocklists/master/MDM/jamf.txt
   https://raw.githubusercontent.com/d43m0nhLInt3r/Blocklists/master/Malicious/apple.txt
   https://raw.githubusercontent.com/d43m0nhLInt3r/Blocklists/master/Phishing/deals.txt
   https://raw.githubusercontent.com/d43m0nhLInt3r/Blocklists/master/Porn/porn.txt
   https://raw.githubusercontent.com/d43m0nhLInt3r/Blocklists/master/Proxy/lightspeed.txt
   https://raw.githubusercontent.com/d43m0nhLInt3r/Blocklists/master/Scanners/scanners.txt
   https://raw.githubusercontent.com/d43m0nhLInt3r/Blocklists/master/Social/facebook.txt
   https://raw.githubusercontent.com/d43m0nhLInt3r/Blocklists/master/Social/groupme.txt
   https://raw.githubusercontent.com/d43m0nhLInt3r/Blocklists/master/Social/houseparty.txt
   https://raw.githubusercontent.com/d43m0nhLInt3r/Blocklists/master/Social/snapchat.txt
   https://raw.githubusercontent.com/d43m0nhLInt3r/Blocklists/master/Social/tiktok.txt
   https://raw.githubusercontent.com/d43m0nhLInt3r/Blocklists/master/TV/sling.txt
   https://raw.githubusercontent.com/d43m0nhLInt3r/Blocklists/master/TV/hulu.txt
   https://raw.githubusercontent.com/jaykepeters/Blocklists/master/Proxy/1.1.1.1.txt
   https://raw.githubusercontent.com/jaykepeters/Blocklists/master/Proxy/lightspeed.txt
   https://raw.githubusercontent.com/x0uid/SpotifyAdBlock/master/hosts

-rw-r--r-- 1 root root 398 Dec  2 13:10 /etc/pihole/blacklist.txt
   qq.com
   wechat.appshost.co
   wechat.com
   pc.weixin.qq.com
   google-analytics.com
   connect.facebook.net
   web.wechat.com
   login.web.wechat.com
   res.wx.qq.com
   js.aq.qq.com
   pc.weixin.qq.com
   mac.weixin.qq.com
   wx.qq.com
   weixin.qq.com
   baidu.com
   mp.weixin.qq.com
   open.weixin.qq.com 
   pay.weixin.qq.com
   wx2.qq.com
   *.qq.*
   *.wechat.*
   *.*.qq.*
   *.wx.qq.*
   *.wx.*
   *.wx.*.*
   *.*.wechat.*
   imqq.*
   *.imqq.*
   imqq.com
   www.imqq.com

-rw-r--r-- 1 root root 36 Dec  2 15:34 /etc/pihole/local.list
   0.0.0.0 raspberrypi
   0.0.0.0 pi.hole

-rw-r--r-- 1 root root 234 Oct 10 15:58 /etc/pihole/logrotate
   /var/log/pihole.log {
   	su root root
   	daily
   	copytruncate
   	rotate 5
   	compress
   	delaycompress
   	notifempty
   	nomail
   }
   /var/log/pihole-FTL.log {
   	su root root
   	weekly
   	copytruncate
   	rotate 3
   	compress
   	delaycompress
   	notifempty
   	nomail
   }

-rw-r--r-- 1 root root 33 Dec  2 14:43 /etc/pihole/whitelist.txt
   urbandictionary.com
   bugmenot.com

*** [ DIAGNOSING ]: contents of /etc/dnsmasq.d

-rw-r--r-- 1 root root 1574 Oct 22 16:36 /etc/dnsmasq.d/01-pihole.conf
   addn-hosts=/etc/pihole/gravity.list
   addn-hosts=/etc/pihole/black.list
   addn-hosts=/etc/pihole/local.list
   localise-queries
   no-resolv
   cache-size=10000
   log-queries
   log-facility=/var/log/pihole.log
   local-ttl=2
   log-async
   server=8.8.8.8
   server=8.8.4.4
   host-record=wordpressexperiment.lan,192.168.0.41:82
   interface=wlan0

*** [ DIAGNOSING ]: contents of /etc/lighttpd

*** [ DIAGNOSING ]: contents of /etc/cron.d

-rw-r--r-- 1 root root 1703 Oct 10 15:58 /etc/cron.d/pihole
   1 3   * * 7   root    PATH="$PATH:/usr/local/bin/" pihole updateGravity >/var/log/pihole_updateGravity.log || cat /var/log/pihole_updateGravity.log
   00 00   * * *   root    PATH="$PATH:/usr/local/bin/" pihole flush once quiet
   @reboot root /usr/sbin/logrotate /etc/pihole/logrotate
   */10 *  * * *   root    PATH="$PATH:/usr/local/bin/" pihole updatechecker local
   14 14  * * *   root    PATH="$PATH:/usr/local/bin/" pihole updatechecker remote
   @reboot root    PATH="$PATH:/usr/local/bin/" pihole updatechecker remote reboot

*** [ DIAGNOSING ]: contents of /var/log/lighttpd
/var/log/lighttpd does not exist.
ls: cannot access '/var/log/lighttpd': No such file or directory

*** [ DIAGNOSING ]: contents of /var/log

-rw-r--r-- 1 pihole pihole 7092 Dec  2 15:54 /var/log/pihole-FTL.log
   -----head of pihole-FTL.log------
   [2019-12-02 10:09:12.779 721] Resizing "/FTL-strings" from 16384 to 20480
   [2019-12-02 12:44:48.775 721] Resizing "/FTL-queries" from 393216 to 589824
   [2019-12-02 12:51:49.457 721] Resizing "/FTL-strings" from 20480 to 24576
   [2019-12-02 13:07:21.832 721] Received SIGHUP, reloading cache
   [2019-12-02 13:07:21.832 721] Blocking status is enabled
   [2019-12-02 13:07:21.833 721] Compiled 0 Regex filters and 1 whitelisted domains in 0.2 msec (0 errors)
   [2019-12-02 13:07:25.734 721] /etc/pihole/black.list: parsed 29 domains (took 0.1 ms)
   [2019-12-02 13:07:40.088 721] /etc/pihole/gravity.list: parsed 3328086 domains (took 14352.2 ms)
   [2019-12-02 13:10:58.482 721] Received SIGHUP, reloading cache
   [2019-12-02 13:10:58.482 721] Blocking status is enabled
   [2019-12-02 13:10:58.482 721] Compiled 0 Regex filters and 1 whitelisted domains in 0.2 msec (0 errors)
   [2019-12-02 13:11:02.314 721] /etc/pihole/black.list: parsed 29 domains (took 0.1 ms)
   [2019-12-02 13:11:16.623 721] /etc/pihole/gravity.list: parsed 3328086 domains (took 14309.0 ms)
   [2019-12-02 14:37:05.329 721] Received SIGHUP, reloading cache
   [2019-12-02 14:37:05.339 721] Blocking status is enabled
   [2019-12-02 14:37:05.339 721] Compiled 0 Regex filters and 1 whitelisted domains in 0.1 msec (0 errors)
   [2019-12-02 14:37:09.147 721] /etc/pihole/black.list: parsed 30 domains (took 0.1 ms)
   [2019-12-02 14:37:23.382 721] /etc/pihole/gravity.list: parsed 3329766 domains (took 14234.8 ms)
   [2019-12-02 14:43:51.933 721] Received SIGHUP, reloading cache
   [2019-12-02 14:43:51.933 721] Blocking status is enabled
   [2019-12-02 14:43:51.934 721] Compiled 0 Regex filters and 2 whitelisted domains in 0.2 msec (0 errors)
   [2019-12-02 14:43:55.867 721] /etc/pihole/black.list: parsed 30 domains (took 0.1 ms)
   [2019-12-02 14:44:10.287 721] /etc/pihole/gravity.list: parsed 3329766 domains (took 14419.8 ms)
   [2019-12-02 15:11:45.741 721] Resizing "/FTL-strings" from 24576 to 28672
   [2019-12-02 15:27:30.381 721] Received SIGHUP, reloading cache
   [2019-12-02 15:27:30.384 721] Blocking status is enabled
   [2019-12-02 15:27:30.385 721] Compiled 0 Regex filters and 2 whitelisted domains in 0.1 msec (0 errors)
   [2019-12-02 15:27:34.238 721] /etc/pihole/black.list: parsed 30 domains (took 0.1 ms)
   [2019-12-02 15:27:48.555 721] /etc/pihole/gravity.list: parsed 3329760 domains (took 14317.5 ms)
   [2019-12-02 15:35:00.220 721] Received SIGHUP, reloading cache
   [2019-12-02 15:35:00.221 721] Blocking status is enabled
   [2019-12-02 15:35:00.221 721] Compiled 0 Regex filters and 2 whitelisted domains in 0.2 msec (0 errors)
   [2019-12-02 15:35:04.687 721] /etc/pihole/black.list: parsed 30 domains (took 0.3 ms)
   [2019-12-02 15:35:19.049 721] /etc/pihole/gravity.list: parsed 3330645 domains (took 14361.5 ms)
   [2019-12-02 15:39:48.721 740] Using log file /var/log/pihole-FTL.log

   -----tail of pihole-FTL.log------
   [2019-12-02 15:39:48.736 740]    REGEXLISTFILE: Using /etc/pihole/regex.list
   [2019-12-02 15:39:48.736 740]    SETUPVARSFILE: Using /etc/pihole/setupVars.conf
   [2019-12-02 15:39:48.736 740]    AUDITLISTFILE: Using /etc/pihole/auditlog.list
   [2019-12-02 15:39:48.736 740]    MACVENDORDB: Using /etc/pihole/macvendor.db
   [2019-12-02 15:39:48.736 740]    PARSE_ARP_CACHE: Active
   [2019-12-02 15:39:48.737 740] Finished config file parsing
   [2019-12-02 15:39:48.906 740] Database version is 3
   [2019-12-02 15:39:48.907 740] Database successfully initialized
   [2019-12-02 15:39:49.051 740] New forward server: 8.8.4.4 (0/512)
   [2019-12-02 15:39:49.051 740] New forward server: 8.8.8.8 (1/512)
   [2019-12-02 15:39:49.224 740] Resizing "/FTL-queries" from 196608 to 393216
   [2019-12-02 15:39:49.231 740] Resizing "/FTL-strings" from 4096 to 8192
   [2019-12-02 15:39:49.266 740] Resizing "/FTL-strings" from 8192 to 12288
   [2019-12-02 15:39:49.309 740] Resizing "/FTL-queries" from 393216 to 589824
   [2019-12-02 15:39:49.330 740] Resizing "/FTL-strings" from 12288 to 16384
   [2019-12-02 15:39:49.364 740] Imported 12106 queries from the long-term database
   [2019-12-02 15:39:49.365 740]  -> Total DNS queries: 12106
   [2019-12-02 15:39:49.365 740]  -> Cached DNS queries: 4241
   [2019-12-02 15:39:49.365 740]  -> Forwarded DNS queries: 5617
   [2019-12-02 15:39:49.365 740]  -> Exactly blocked DNS queries: 2248
   [2019-12-02 15:39:49.365 740]  -> Unknown DNS queries: 0
   [2019-12-02 15:39:49.365 740]  -> Unique domains: 686
   [2019-12-02 15:39:49.365 740]  -> Unique clients: 3
   [2019-12-02 15:39:49.365 740]  -> Known forward destinations: 2
   [2019-12-02 15:39:49.365 740] Successfully accessed setupVars.conf
   [2019-12-02 15:39:49.516 745] PID of FTL process: 745
   [2019-12-02 15:39:49.516 745] Listening on port 4711 for incoming IPv4 telnet connections
   [2019-12-02 15:39:49.517 745] Listening on port 4711 for incoming IPv6 telnet connections
   [2019-12-02 15:39:49.517 745] Listening on Unix socket
   [2019-12-02 15:39:49.536 745] Received SIGHUP, reloading cache
   [2019-12-02 15:39:49.536 745] Blocking status is enabled
   [2019-12-02 15:39:49.559 745] Compiled 0 Regex filters and 2 whitelisted domains in 22.8 msec (0 errors)
   [2019-12-02 15:39:49.644 745] /etc/pihole/black.list: parsed 30 domains (took 0.2 ms)
   [2019-12-02 15:40:13.669 745] /etc/pihole/gravity.list: parsed 3330645 domains (took 24006.8 ms)
   [2019-12-02 15:54:21.082 745] Resizing "/FTL-queries" from 589824 to 786432

*** [ DIAGNOSING ]: contents of /dev/shm
-rw------- 1 pihole pihole 323584 Dec  2 15:39 /dev/shm/FTL-clients
-rw------- 1 pihole pihole 108 Dec  2 15:39 /dev/shm/FTL-counters
-rw------- 1 pihole pihole 65536 Dec  2 15:39 /dev/shm/FTL-domains
-rw------- 1 pihole pihole 12288 Dec  2 15:39 /dev/shm/FTL-forwarded
-rw------- 1 pihole pihole 28 Dec  2 15:40 /dev/shm/FTL-lock
-rw------- 1 pihole pihole 53248 Dec  2 15:39 /dev/shm/FTL-overTime
-rw------- 1 pihole pihole 786432 Dec  2 15:59 /dev/shm/FTL-queries
-rw------- 1 pihole pihole 12 Dec  2 15:39 /dev/shm/FTL-settings
-rw------- 1 pihole pihole 16384 Dec  2 15:39 /dev/shm/FTL-strings

*** [ DIAGNOSING ]: Locale
locale: Cannot set LC_ALL to default locale: No such file or directory
    LANG=en_GB.UTF-8

*** [ DIAGNOSING ]: Pi-hole log
-rw-r--r-- 1 pihole pihole 3548860 Dec  2 16:23 /var/log/pihole.log
   -----head of pihole.log------
   Dec  2 00:00:53 dnsmasq[721]: query[A] api.steemit.com from 127.0.0.1
   Dec  2 00:00:53 dnsmasq[721]: cached api.steemit.com is <CNAME>
   Dec  2 00:00:53 dnsmasq[721]: forwarded api.steemit.com to 8.8.4.4
   Dec  2 00:00:53 dnsmasq[721]: reply api.steemit.com is <CNAME>
   Dec  2 00:00:53 dnsmasq[721]: reply dualstack.awseb-awseb-6ln5hm1c8ate-440776466.us-east-1.elb.amazonaws.com is 18.211.160.8
   Dec  2 00:00:53 dnsmasq[721]: reply dualstack.awseb-awseb-6ln5hm1c8ate-440776466.us-east-1.elb.amazonaws.com is 35.171.1.210
   Dec  2 00:00:53 dnsmasq[721]: reply dualstack.awseb-awseb-6ln5hm1c8ate-440776466.us-east-1.elb.amazonaws.com is 34.198.78.135
   Dec  2 00:00:53 dnsmasq[721]: query[AAAA] api.steemit.com from 127.0.0.1
   Dec  2 00:00:53 dnsmasq[721]: cached api.steemit.com is <CNAME>
   Dec  2 00:00:53 dnsmasq[721]: forwarded api.steemit.com to 8.8.4.4
   Dec  2 00:00:53 dnsmasq[721]: reply api.steemit.com is <CNAME>
   Dec  2 00:00:53 dnsmasq[721]: reply dualstack.awseb-awseb-6ln5hm1c8ate-440776466.us-east-1.elb.amazonaws.com is NODATA-IPv6
   Dec  2 00:01:55 dnsmasq[721]: query[A] api.steemit.com from 127.0.0.1
   Dec  2 00:01:55 dnsmasq[721]: cached api.steemit.com is <CNAME>
   Dec  2 00:01:55 dnsmasq[721]: forwarded api.steemit.com to 8.8.4.4
   Dec  2 00:01:55 dnsmasq[721]: reply api.steemit.com is <CNAME>
   Dec  2 00:01:55 dnsmasq[721]: reply dualstack.awseb-awseb-6ln5hm1c8ate-440776466.us-east-1.elb.amazonaws.com is 34.198.78.135
   Dec  2 00:01:55 dnsmasq[721]: reply dualstack.awseb-awseb-6ln5hm1c8ate-440776466.us-east-1.elb.amazonaws.com is 18.211.160.8
   Dec  2 00:01:55 dnsmasq[721]: reply dualstack.awseb-awseb-6ln5hm1c8ate-440776466.us-east-1.elb.amazonaws.com is 35.171.1.210
   Dec  2 00:01:55 dnsmasq[721]: query[AAAA] api.steemit.com from 127.0.0.1


********************************************
********************************************
[✓] ** FINISHED DEBUGGING! **

    * The debug log can be uploaded to tricorder.pi-hole.net for sharing with developers only.
    * For more information, see: https://pi-hole.net/2016/11/07/crack-our-medical-tricorder-win-a-raspberry-pi-3/
    * If available, we'll use openssl to upload the log, otherwise it will fall back to netcat.

[?] Would you like to upload the log? [y/N] 

I also did try to block it with and without wildcard.

when I load the site this appears in my log:

Dec  2 16:34:13 dnsmasq[745]: query[AAAA] dualstack.awseb-awseb-6ln5hm1c8ate-440776466.us-east-1.elb.amazonaws.com from 192.168.0.17
Dec  2 16:34:13 dnsmasq[745]: cached dualstack.awseb-awseb-6ln5hm1c8ate-440776466.us-east-1.elb.amazonaws.com is NODATA-IPv6
Dec  2 16:34:14 dnsmasq[745]: query[A] www.google-analytics.com from 192.168.0.17
Dec  2 16:34:14 dnsmasq[745]: /etc/pihole/gravity.list www.google-analytics.com is 0.0.0.0
Dec  2 16:34:14 dnsmasq[745]: query[AAAA] www.google-analytics.com from 192.168.0.17
Dec  2 16:34:14 dnsmasq[745]: /etc/pihole/gravity.list www.google-analytics.com is 0.0.0.0
Dec  2 16:34:14 dnsmasq[745]: query[A] www.imqq.com from 192.168.0.17
Dec  2 16:34:14 dnsmasq[745]: /etc/pihole/black.list www.imqq.com is 0.0.0.0
Dec  2 16:34:14 dnsmasq[745]: query[AAAA] www.imqq.com from 192.168.0.17
Dec  2 16:34:14 dnsmasq[745]: /etc/pihole/black.list www.imqq.com is 0.0.0.0
Dec  2 16:34:14 dnsmasq[745]: query[A] tiles.services.mozilla.com from 192.168.0.17
Dec  2 16:34:14 dnsmasq[745]: /etc/pihole/gravity.list tiles.services.mozilla.com is 0.0.0.0
Dec  2 16:34:14 dnsmasq[745]: query[AAAA] tiles.services.mozilla.com from 192.168.0.17
Dec  2 16:34:14 dnsmasq[745]: /etc/pihole/gravity.list tiles.services.mozilla.com is 0.0.0.0
Dec  2 16:34:18 dnsmasq[745]: query[AAAA] dualstack.awseb-awseb-6ln5hm1c8ate-440776466.us-east-1.elb.amazonaws.com from 192.168.0.17
Dec  2 16:34:18 dnsmasq[745]: cached dualstack.awseb-awseb-6ln5hm1c8ate-440776466.us-east-1.elb.amazonaws.com is NODATA-IPv6


Please send us the token generated by

pihole -d

or do it through the Web interface:

Also, what is the output of pihole -q -adlist -all imqq

You could replace many with:

qq.com / imqq.com / wechat.com as wildcard in a blacklist.

“*” has no place in a blocklist with Pi-hole. It could be used in Regex but that is a other story.

This only applies to the list and a debug token will make possible that support looks at other problem.

yes I posted the output

qq.com and wechat.com are blocked. its just imqq.com that resists blocking. I have the URLs of those 3 without wildcard aswell in the block list.

Your log shows that www.imqq.com is being blocked by Pi-Hole, as you intended. Both queries were answered with the NULL reply. There are no queries shown for imqq.com.

Dec  2 16:34:14 dnsmasq[745]: query[A] www.imqq.com from 192.168.0.17
Dec  2 16:34:14 dnsmasq[745]: /etc/pihole/black.list www.imqq.com is 0.0.0.0
Dec  2 16:34:14 dnsmasq[745]: query[AAAA] www.imqq.com from 192.168.0.17
Dec  2 16:34:14 dnsmasq[745]: /etc/pihole/black.list www.imqq.com is 0.0.0.0

From the Pi terminal, what is the output of dig imqq.com

The asterisk character is not allowed in the blacklist.

And, from your debug log, your gravity list has a number of improperly formatted entries. The first two appear to be regex, and the next two have wildcard characters.

-----head of gravity.list------
   (^|\.)muscdn\.com$
   (^|\.)musical\.ly$
   *.facebook.com
   *.fbcdn.net

Lastly, the mapping of the Pi address in /etc/pihole/local.list appears unusual:

w-r--r-- 1 root root 36 Dec  2 15:34 /etc/pihole/local.list
   0.0.0.0 raspberrypi
   0.0.0.0 pi.hole

The mapping would normally be to the IP address of the Pi-Hole host, not the NULL IP.

cat /etc/pihole/local.list
192.168.0.100 Pi-3B
192.168.0.100 pi.hole
1 Like

Thankyou!
I cleared my browser cache and suddenly my browser does not load it anymore. For some strange reason it suddenly made me ping localhost when looking up imqq.com, which was not the case before. Also thankyou for pointing out my poorly configured local.list. I will look up some regex manuals to get all qq imqq facebook and wechat sites and chats completely off my internet.

res.wx.qq.com
js.aq.qq.com
pc.weixin.qq.com
mac.weixin.qq.com
wx.qq.com
weixin.qq.com
mp.weixin.qq.com
open.weixin.qq.com 
pay.weixin.qq.com

You can replace those by tapping/typing qq.com and press/click the wildcard button.

You don’t have read any regex manuals to use that.

wildcard like this?

^[A-Za-z0-9]{1,20}\.qq\.[A-Za-z0-9]{1,9}$
^[A-Za-z0-9]{1,20}\.wechat\.[A-Za-z0-9]{1,9}$
^[A-Za-z0-9]{1,20}\.[A-Za-z0-9]{1,9}\.qq\.[A-Za-z0-9]{1,9}$
^[A-Za-z0-9]{1,20}\.wx\.qq\.[A-Za-z0-9]{1,9}$
^[A-Za-z0-9]{1,20}\.wx\.[A-Za-z0-9]{1,9}$
^wx\.[A-Za-z0-9]{1,10}\.[A-Za-z0-9]{1,9}$
^[A-Za-z0-9]{1,20}\.[A-Za-z0-9]{1,20}\.wechat\.[A-Za-z0-9]{1,9}$
^imqq\.[A-Za-z0-9]{1,10}$
^wechat\.[A-Za-z0-9]{1,10}$
^qq.[A-Za-z0-9]{1,10}$
^[A-Za-z0-9]{1,9}\.imqq\.[A-Za-z0-9]{1,9}$

Those are all regex expressions.

type in qq.com into the blacklist page and then select “Add (wildcard)”

Pi-Hole will conver this to the following regex:

Regex underneath and wildcard you see above in the posting jbf. If possible use wildcard.

Yours:
^[A-Za-z0-9]{1,20}\.[A-Za-z0-9]{1,20}\.wechat\.[A-Za-z0-9]{1,9}$
Mine:
[a-z0-9.-]+\.wechat\.[a-z]+$

Domainnames are always lower case. Only anchor to one side ($).

1 Like