3 tracking domains missing from unified hosts #3094
Description
Suggested additions
Three tracking/fingerprinting domains found during a site audit that are not currently in the unified hosts list (including the fakenews-gambling-porn-social variant):
1. fd.cleantalk.org
- Category: Tracking / Fingerprinting
- What it does: CleanTalk "bot detector" — a JavaScript fingerprinting library (
ct-bot-detector.min.js) injected on every page via the WordPress plugincleantalk-spam-protect. Profiles browser characteristics for visitor identification. - How it loads: WordPress plugin injects a wrapper script from
fd.cleantalk.orgwhich then loads the full detector from the same domain.
2. lex.33across.com
- Category: Tracking / Ad Tech / Identity Resolution
- What it does: 33Across Lexicon identity resolution platform. Probabilistic browser fingerprinting to build cross-site visitor identity graphs for programmatic ad bidding. Does not require cookies.
- How it loads: Pulled in as a third-party demand partner via AdRoll or Google Tag Manager ad stacks. Site operators may not even know it's loading.
3. secure.gravatar.com
- Category: Tracking
- What it does: Gravatar avatar service owned by Automattic. Leaks MD5 hashes of user email addresses to Automattic servers on every page load that includes comments or author bios. Enables cross-site user tracking via email hash correlation.
- How it loads: WordPress core and Jetpack plugin load avatar images from this domain automatically.
Discovery context
Found during a security audit of a WordPress site running Elementor, Jetpack, CleanTalk, AdRoll, and Google Tag Manager. All three domains load on every page of the site. Verified not present in the current alternates/fakenews-gambling-porn-social/hosts list (174,280 entries as of March 2026).