You are correct; the problematic API requests are actually going to the same destination server as the xhttp calls for loading the tiles on the default dashboard from the manifest xml. Unlike the cover art, these are hosted with Akamai and Level3 (both cdn hosts). I'm currently blocking the hostip, which differ based on country of origin (hence the issues outside of the US) which is effectively accomplishing the same thing as liveblock, but on a per-connection basis. A better approach would be to block the connection based on the nameserver used to fetch the IP, but I haven't had a chance to look into that yet. When I get a chance to look into it again ill update the patch with that method, assuming an official update hasn't been released yet.