# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

localhost
127.0.0.1
::1
lan
local
localdomain
corp

# triggering suspicious (sub)domain names

1e100.net
2o7.net
acer-euro.com
adcash.com
adinf.com
adsk2.co
akadns.net
akamaiedge.net
akamaihd.net
akamai.net
akamaitechnologies.com
alibaba.com
aligfwaf.com
amazon.com
amazonaws.com
amazonses.com
a-msedge.net
angsrvr.com
anycastb.com
anti-virus.by
azure.com
b4b.hr
baidu.com
bdnsrt.org
benkow.cc
bitdefender.net
blogspot.com
bstatic.com
cbox.ws
cdxall.com
cdxgoog.com
cdxultra.com
cedexis-radar.net
cezih.hr
chip.de
clickbank.net
clipconverter.cc
cloudapp.net
cloudfront.net
colocrossing.com
comping.hr
coppersurfer.tk
councilforeuropeanstudies.org
cyfral.net.ua
da3e3.net
dataprotection.com.ua
demdex.net
disqus.com
drweb.cn
drweb.com
drweb.fr
drweb.ru
drweb.ua
dynamics.com
e5.sk
edgecastcdn.net
edgekey.net
edgesuite.net
elasticbeanstalk.com
eset.com
eset.ua
esetnod32.ru
example.com
ext-twitch.tv
f-secure.com
fap.to
fastly.net
fbcdn.net
fortiddns.com
fslcdn.net
footprintdns.com
footprintpredict.com
garmin.com
gcontent.eu
gexperiments1.com
gexperiments2.com
gexperiments3.com
gigaset.net
googleapis.com
googlecode.com
google.com
google.com.ua
google.com.vn
google.co.za
google.kz
googledrive.com
googlegroups.com
googleusercontent.com
googlevideo.com
gstatic.com
h-cdn.com
herokuapp.com
hitwh.edu.cn
hotmail.com
ibm.com
ibm.hr
ibmuc.com
ibmmodules.com
igsonar.com
imageshack.host
infernotions.com
internationalmonetaryfund.org
ipv6test.com
ipv6test.net
iteam.net.ru
kaspersky.com
kaspersky.de
kaspersky.fr
kaspersky.ru
kaspersky.ua
king-ict.corp
kvt.su
kvt.tools
kvt-shop.ru
laola1.tv
linux.org.ru
live.com
lotus.com
lswcdn.net
mail-abuse.com
mailchimp.com
mailprotector.net
mailshell.net
mcafee.com
microsoft.com
msv1.invalid
multicom.hr
netdna-cdn.com
nowvideo.sx
nsatc.net
officeshoes.ws
onmicrosoft.com
opendns.com
oraclecloud.com
outlook.com
pandasecurity.com
postimg.cc
proofpoint.com
protext.su
pubnub.com
qualtrics.com
rackcdn.com
rarbg.to
rncdn1.com
rncdn2.com
rncdn3.com
rncdn4.com
rncdn5.com
rncdn6.com
rncdn7.com
rncdn8.com
rncdn.com
s81c.com
senderbase.org
sferakon.org
siemens.net
siteforce.com
sophosxl.com
sophosxl.net
sophoslive.net
spiegel.de
spotify.com
shtok.ru
shtok.su
street-directory.com.au
sucuri.net
takprosto.cc
tawk.to
testanalytics.net
testflightapp.com
torrent.eu.org
trendmicro.com
tumblr.com
twitter.com
ubuntu.com
w3schools.com
v-mate.mobi
vba.com.by
verisign.com
verisign.net
weborama.fr
weebly.com
windows.com
windows.net
wordpress.com
wsusoffline.net
yahoo.com
yahoodns.net
yimg.com
yvimg.kz
zextras.com
zillya.com
zillya.ua
zillyaoem.com

# triggering potential DNS exhaustion

barracuda.com
barracudabrts.com
dynamic-ip.hinet.net
kasserver.com
sl-reverse.com
t-com.hr
tedata.net
vkcache.com
habeas.com
bondedsender.org
support-intelligence.net
webex.com
skole.hr

# to ignore in direct .exe/.bin downloads

360safe.com
7-zip.org
acer.com
acropdf.com
adinf.com
adobe.com
akeo.ie
apple.com
avantbrowser.com
avast.com
avg.com
anti-virus.by
bitdefender.com
bleepingcomputer.com
cnet.com
comodo.com
corel.com
cwfservice.net
dell.com
devbuilds.kaspersky-labs.com
digitalrivercontent.net
divx.com
download.eset.com
download.esetnod32.ru
download.geo.drweb.com
download.zillya.com
easeus.com
filehippo.com
foxitsoftware.com
fraps.com
garr.it
gigabyte.com
gimp.org
googleapis.com
google.com
googlesyndication.com
gpsonextra.net
grandstream.com
gvt1.com
here.com
hitmanpro.com
hp.com
htc.com
intel.com
izatcloud.net
justbasic.com
jutarnji.hr
kmplayer.com
layers.isu.pub
lenovo.com
lexmark.com
logitech.com
macromedia.com
majorgeeks.com
mcafee.com
microsoft.com
mozilla.net
msi.com
nai.com
notepad-plus-plus.org
nvidia.com
on.net
oracle.com
p4dragon.com
pandasoftware.com
pdfwordconverter.net
portableapps.com
pysoft.com
rarlab.com
rarsoft.com
real.com
ricoh.com
samsung.com
samsungdp.com
samsungimaging.com
skype.com
softpedia.com
sonymobile.com
sourceforge.net
sun.com
surfright.nl
symantecliveupdate.com
teamviewer.com
toshiba.com
tucows.com
vba.com.by
videolan.org
wgt.com
windowsupdate.com
win-rar.com
winzip.com
wsusoffline.net
xboxlive.com
yahoodns.net
yandex.net
zdnet.com

# push notifications provider

os.tc

# have script tags in ad links

emediate.dk

# appeared on malwareurls.joxeankoret.com

pinterest.com
tinypic.com
s3.amazonaws.com

# appeared on dshield.org

microsoftonline.com
rlcdn.com
quantserve.com
krxd.net
taobao.com
contextweb.com
addthisedge.com
optimizely.com
segment.io
criteo.com
crwdcntrl.net
adobedtm.com
paypal.com
qq.com
exelator.com
avocet.io
tapad.com
crazyegg.com
ytimg.com
pubmatic.com
dailymail.co.uk
chartbeat.com
twimg.com
amung.us
jwpcdn.com
a-ads.com
go-mpulse.net
youtu.be
mandrillapp.com
staticimgfarm.com
adsafeprotected.com
onclickads.net
mochiads.com
sharethis.com
bankofamerica.com
usbank.com
media.net
wp.com

# appeared on malwaremustdie.org

rea.co.ke

# appeared on malwaredomains.com

atw.hu
gandi.net
tz-tribunj.hr
josip-stadler.org

# appeared on malwaredomainlist.com

hausnet.ru
triangleservicesltd.com
outlinearray.com

# Reference: https://answers.microsoft.com/en-us/msoffice/forum/msoffice_outlook-mso_winother-mso_o365b/sync-euexebid/a2f18771-d49a-44dc-8c2a-0dac6a8eb0b2

sync-eu.exe.bid

# appeared on malc0de.com

msecnd.net
lang-8.com
popads.net
c1.popads.net
githubusercontent.com

# appeared on malwarepatrol.net

hdwallpapers.in
alicdn.com
pr-link.at
esc.net.au
starlan.com
pastebin.com
imgur.com
alicdn.com
wordpress.org
iobit.com
static.xvideos.com
hanstrackr.com
bitly.com
silvergames.com
easydriverpro.com
sc01.alicdn.com
sc02.alicdn.com
any-video-converter.com
adriaticsailor.com
setitagila.ru
imganuncios.mitula.net
napravi-sam.com

# web (JS) miners appearing as "malware" on malwarepatrol.net

coin-hive.com
jsecoin.com
cryptoloot.pro
webassembly.stream
ppoi.org
xmrstudio
webmine.pro
miner.start
allfontshere.press
freecontent.bid
freecontent.date
freecontent.faith
freecontent.party
freecontent.science
freecontent.stream
freecontent.trade
hostingcloud.accountant
hostingcloud.bid
hostingcloud.date
hostingcloud.download
hostingcloud.faith
hostingcloud.loan
jshosting.bid
jshosting.date
jshosting.download
jshosting.loan
jshosting.party
jshosting.racing
jshosting.review
jshosting.stream
jshosting.trade
jshosting.win

# triggering suspicious http request

216.58.214.76
api.geograph.org.uk
api.facebook.com
codepen.io
graph.facebook.com
google-analytics.com
htccode.com
imei.info
imeipro.info
quackit.com
query.yahooapis.com
sanasecurity.com
sim-unlock.net
sqlzoo.net
symcb.com
symcd.com
victronenergy.com

# old compromised sites on cybercrime-tracker.net

powiat-lancut.com.pl
megaplast.co.rs
istrayachting.hr
alnassar.com.sa
mspp.gouv.ht
gripa.hr
czk-cakovec.hr
nk-slaven-belupo.hr
fongyeh.com.tw
ee.ncu.edu.tw
hupt.hr
heartjohn.com
cima.hr
cm-lagoa.pt
databridgemarketresearch.com
iutoic-dhaka.edu
africanspicesafaris.com
sample.com
saol.com
putvjernika.com
affordableunixhost.net
steroidportal.com
medicosdelmundo.org
giraffe360.com
destilacija.net
fetihturizm.com
antemarkic.com
lotusgraf.hr

# found as false positive on cybercrime-tracker.net

geocities.ws
crotour.com
condomchoice.co.uk
92.222.150.60   # nameserver for sci-hub.tw

# found as false positive on urlvir.com

pdf-archive.com
discordapp.com
cl.ly
cubeupload.com
emlfiles4.com

# found as false positive on cybercrime-tracker.net

defensacentral.com

# found as false positive on bambenekconsulting.com

parkingcrew.net
caseking.net

# triggering parked site events

svijet7.com
artbetting.de
budi.in
svgroup.net
neodrive.co
gofaka.com

# found as false positive on abuse.ch

citibank.com
naver.com

# found as false positive in otx.alienvault.com

digicert.com
globalsign.net
creativecommons.org
arstechnica.co.uk
hpe.com
doubleclick.net
sify.com
publicdomainregistry.com

# DNSBL/RBL/MHR

abuse.ch
abuseat.org
ahbl.org
anticaptcha.net
apews.org
aupads.org
backscatterer.org
barracudacentral.org
berkeley.edu
bit.nl
blocklist.de
blocklist.messaging.microsoft.com
blogspambl.com
brightmail.com
burnt-tech.com
choon.net
cyberlogic.net
cymru.com
digibase.ca
dns-servicios.com
dronebl.org
efnetrbl.org
emailbasura.org
fabel.dk
fast.net
five-ten-sg.com
fusionzero.com
gbudb.net
gremlin.ru
gweep.ca
iip.lu
imp.ch
inps.de
interserver.net
jippg.org
justspam.org
kempt.net
kundenserver.de
lashback.com
leadmon.net
mailblacklist.com
mailspike.org
manitu.net
mcafee.com
me.uk
megarbl.net
nether.net
njabl.org
orbitrbl.com
org.cn
pedantic.org
polarcomm.net
pte.hu
rbl.jp
redhawk.org
rothen.com
rv-soft.info
s5h.net
sectoor.de
senderscore.com
services.net
solid.net
sorbs.net
spamcannibal.org
spamcop.net
spameatingmonkey.net
spamfilter.cc
spamgrouper.com
spamhaus.org
spamhaus.net
spamrats.com
surbl.org
surriel.com
swinog.ch
technovision.dk
tornevall.org
trblspam.com
triumf.ca
uceprotect.net
unsubscore.com
v4bl.org
webequipped.com
woody.ch
wpbl.info

# SonicWall

webcfs07.com

# Reference: http://www.blalert.com/dnsbls

0spam.fusionzero.com
88.blacklist.zap
all.rbl.jp
all.s5h.net
all.spam-rbl.fr
aspews.ext.sorbs.net
b.barracudacentral.org
backscatter.spameatingmonkey.net
bad.psky.me
badconf.rhsbl.sorbs.net
badhost.stopspam.org
badnets.spameatingmonkey.net
bl.blocklist.de
bl.deadbeef.com
bl.drmx.org
bl.emailbasura.org
bl.konstant.no
bl.mailspike.net
bl.mav.com.br
bl.scientificspam.net
bl.spamcannibal.org
bl.spamcop.net
bl.spameatingmonkey.net
bl.spamstinks.com
bl.suomispam.net
blackholes.five-ten-sg.com
blacklist.sci.kun.nl
blacklist.woody.ch
block.dnsbl.sorbs.net
block.stopspam.org
bogon.spam-rbl.fr
bogons.cymru.com
bsb.empty.us
cbl.abuseat.org
cbl.anti-spam.org.cn
cblplus.anti-spam.org.cn
cdl.anti-spam.org.cn
cidr.bl.mcafee.com
combined.abuse.ch
combined.rbl.msrbl.net
db.wpbl.info
dnsbl-1.uceprotect.net
dnsbl-2.uceprotect.net
dnsbl-3.uceprotect.net
dnsbl.ahbl.org
dnsbl.anticaptcha.net
dnsbl.aspnet.hu
dnsbl.burnt-tech.com
dnsbl.cobion.com
dnsbl.cyberlogic.net
dnsbl.dronebl.org
dnsbl.inps.de
dnsbl.ipocalypse.net
dnsbl.justspam.org
dnsbl.kempt.net
dnsbl.madavi.de
dnsbl.njabl.org
dnsbl.openresolvers.org
dnsbl.proxybl.org
dnsbl.rv-soft.info
dnsbl.rymsho.ru
dnsbl.sorbs.net
dnsbl.tornevall.org
dnsbl.zapbl.net
dnsblchile.org
dnsrbl.org
dnsrbl.swinog.ch
drone.abuse.ch
dsl.spam-rbl.fr
duinv.aupads.org
dul.dnsbl.sorbs.net
dul.pacifier.net
dul.ru
dyna.spamrats.com
dynip.rothen.com
escalations.dnsbl.sorbs.net
exitnodes.tor.dnsbl.sectoor.de
free.v4bl.org
gl.suomispam.net
hartkore.dnsbl.tuxad.de
hostkarma.junkemailfilter.com
http.dnsbl.sorbs.net
images.rbl.msrbl.net
ipbl.mailhosts.org
ipbl.zeustracker.abuse.ch
ips.backscatterer.org
ix.dnsbl.manitu.net
korea.services.net
l2.apews.org
list.blogspambl.com
lookup.dnsbl.iip.lu
mail-abuse.blacklist.jippg.org
mail-abuse.com
misc.dnsbl.sorbs.net
netbl.spameatingmonkey.net
netblock.pedantic.org
netscan.rbl.blockedservers.com
new.spam.dnsbl.sorbs.net
nomail.rhsbl.sorbs.net
noptr.spamrats.com
ohps.dnsbl.net.au
old.spam.dnsbl.sorbs.net
omrs.dnsbl.net.au
orvedb.aupads.org
osps.dnsbl.net.au
osrs.dnsbl.net.au
owfs.dnsbl.net.au
owps.dnsbl.net.au
pbl.spamhaus.org
phishing.rbl.msrbl.net
pofon.foobar.hu
probes.dnsbl.net.au
problems.dnsbl.sorbs.net
proxies.dnsbl.sorbs.net
proxy.bl.gweep.ca
proxy.block.transip.nl
psbl.surriel.com
rbl.abuse.ro
rbl.blakjak.net
rbl.blockedservers.com
rbl.choon.net
rbl.dns-servicios.com
rbl.efnetrbl.org
rbl.fasthosts.co.uk
rbl.interserver.net
rbl.iprange.net
rbl.lugh.ch
rbl.megarbl.net
rbl.orbitrbl.com
rbl.polarcomm.net
rbl.schulte.org
rbl.talkactive.net
rbl.tdk.net
rbl.zenon.net
rdts.dnsbl.net.au
recent.spam.dnsbl.sorbs.net
relays.bl.gweep.ca
relays.bl.kundenserver.de
relays.dnsbl.sorbs.net
relays.nether.net
residential.block.transip.nl
rhsbl.sorbs.net
ricn.dnsbl.net.au
rmst.dnsbl.net.au
safe.dnsbl.sorbs.net
sbl.spamhaus.org
service.mailblacklist.com
short.rbl.jp
shortlist.mailhosts.org
singular.ttk.pte.hu
smtp.dnsbl.sorbs.net
socks.dnsbl.sorbs.net
spam.abuse.ch
spam.dnsbl.anonmails.de
spam.dnsbl.sorbs.net
spam.pedantic.org
spam.rbl.blockedservers.com
spam.rbl.msrbl.net
spam.spam-rbl.fr
spam.spamrats.com
spamguard.leadmon.net
spamlist.or.kr
spamrbl.imp.ch
spamsources.fabel.dk
srnblack.surgate.net
st.technovision.dk
t3direct.dnsbl.net.au
tor.ahbl.org
tor.dnsbl.sectoor.de
tor.efnet.org
truncate.gbudb.net
ubl.lashback.com
ubl.unsubscore.com
v4.fullbogons.cymru.com
virbl.dnsbl.bit.nl
virus.rbl.jp
virus.rbl.msrbl.net
web.dnsbl.sorbs.net
wormrbl.imp.ch
xbl.spamhaus.org
xpews.mailhosts.org
z.mailspike.net
zen.spamhaus.org
zombie.dnsbl.sorbs.net

# Reference: https://discuss.newrelic.com/t/what-is-bam-nr-data-net/13848

bam.nr-data.net
50.31.164.166
50.31.164.175
50.31.164.174
50.31.164.165
50.31.164.173

# Spam checking service

ctmail.com

# Reference: https://github.com/hanzhang0116/BotDigger/blob/dff7f5f367932eb91e807d5beac7316c35e27a7f/OverloadDNSWebsites

uribl.com
spamhaus.org
ahbl.org
senderscore.com
dnswl.org
sorbs.net
surbl.org
dob.sibl.support-intelligence.net
spamcop.net
cbl.abuseat.org
list.dsbl.org
psbl.surriel.com
ubl.unsubscore.com
dnsbl-1.uceprotect.net
dnsbl-2.uceprotect.net
dnsbl-3.uceprotect.net
ips.backscatterer.org
ips.whitelisted.org
db.wpbl.info
dnsbl.sorbs.net
spam.abuse.ch
dnsbl.abuse.ch
dnsbl.bit.nl
dnsbl.inps.de
dnsbl.manitu.net
bl.spamcannibal.org
all.s5h.net
dnsbl.anonmails.de
aupads.org
ips.backscatterer.org
b.barracudacentral.org
bl.blocklist.de
list.blogspambl.com
bsb.empty.us
mcafee.com
dan.me.uk
rbl.dns-servicios.com
dnsbl.rv-soft.info
dul.ru
dnsbl.dronebl.org
rbl.efnetrbl.org
efnet.org
blackholes.five-ten-sg.com
dnsbl.iip.lu
spamrbl.imp.ch
dnsbl.justspam.org
dnsbl.kempt.net
mailspike.net
rbl.megarbl.net
nszones.com
dnsbl.openresolvers.org
spam.pedantic.org
rbl.jp
rbl.schulte.org
dnsbl.sectoor.de
bl.spamcannibal.org
backscatter.spameatingmonkey.net
spamgrouper.com
spamsources.fabel.dk
stopspam.org
ubl.unsubscore.com
dnsbl.zapbl.net
resl.emailreg.org
ips.whitelisted.org
sophosxl.net

# Generic

transmissionbt.com
btloader.com
huorong.cn
lencr.org
tttttt.me
yoursite.com
worldofwarcraft.com
zope.com
paul.is-a-geek.org
btzoo.eu
bootcss.com
snapchat.com
opera.com
pentacloud.dyndns.org
pentasoft.dyndns.org
inagldv.ath.cx
inavrhm.ath.cx
inaiinz.ath.cx
inapavk.ath.cx
inarmet.ath.cx
inakrsc.ath.cx
holobit.homelinux.com
tribalfusion.com
topdns.com
report-uri.io
comodoca.com
geo1.easydns.com
geo2.easydns.net
geo3.easydns.org
geo4.easydns.info
google.pn
google.com.onion
upscore.com
huaweicloud.com
tbcache.com
bittrex.com
mundo3.zapto.org
thomsonreuters.com
dnspod.com
dynupdate.noip.com
mkomarac.duckdns.org
dh5ym.hopto.org
oath.cloud
koprivnica.biz
hamachi.cc
binance.com
gemius.pl
coinbase.com
exdynsrv.com
vkcdnservice.com
thepiratebay.org
area.51.linkpc.net
apcats.ddns.net
partizan-cctv.com
petarkigabit.dyndns.org
111osz7giux5phu7uz4yc3fe247fxn8hys17mge8.ddns.net
remote1.easydns.com
remote2.easydns.com
mzmwireless.ddns.net
nf420d.ddns.net
tinovator.duckdns.org
thd8000.duckdns.org
norefs.com
app-measurement.com
radio101.hr
lexico.com
ericsson.net
ericsson.se
radiocp.from-dc.com
shadowshq.yi.org
chogoon.com
seagull.ddns.net
tracker.empire-js.us
rufus.ie
sci-hub.tw
fe.core.pw
gns1.core.pw
gns2.core.pw
mail4.itu.ch
mail5.itu.ch
mail8.itu.ch
mail9.itu.ch
l850.home
bluecoat.com
beautifultokio.ddns.net
cigla.dyndns-work.com
tracker.kicks-ass.net
vsnl.net.in
multilanguage.xyz
accorhotels.ws
pixhost.icu
sharepoint.com
sk1.selfip.org
promotools.cc
admin.ch
adns1.easydns.com
adns2.easydns.com
litocam.myftp.org
krapanj.dyndns.info
dynamic.tstt.net.tt
aviation-is.better-than.tv
bravohr.dynu.net
oyvine.dyndns.org
croportal.net
elektrokrk.com
pohrani.com
ns-08.webnode.com
ns-09.webnode.com
swisscom.com
tecajevi.freeservers.com
mail.webnode.com
mail1.webnode.com
mail2.webnode.com
accesstutor.tripod.com
a.jimdo.com
tstt.net.tt
static.wix.com
services-geo.wix.com
shoutout.wix.com
huaweicloudwaf.com
bswireless.ddns.net
boxcdn.net
diogen.duckdns.org
mifux.duckdns.org
psiloveyou.xyz
elektrokem.dyndns.org
animiranifilmovi.com
bing.com
cardsgames.club
cratis.cc
defaultmailserver.com
dict.cc
dropboxusercontent.com
security-research.dyndns.org
dropbox.com
nirsoft.net
comcast.net
gmail.cm
gmail.cf
db.tt
api.zanox.ws
www.nirsoft.net/utils
glotorrents.pw
gplus.to
t.domdex.com
forestapp.cc
frog.wix.com
8.26.56.26
8.8.4.4
8.8.8.8
1.0.0.1
1.0.0.2
1.0.0.3
1.1.1.1
1.1.1.2
1.1.1.3
9.9.9.9
185.228.168.168
185.228.168.169
199.85.126.20
208.67.220.123
208.67.222.123
208.67.222.222
64.6.64.6
84.200.69.80
89.233.43.71
94.130.110.185
94.247.43.254
0.0.0.0
255.255.255.255
opendsp.com
pool.ntp.org
tru.am
put.re
2606:4700:4700::1001
2606:4700:4700::1111
2606:4700:4700::1002
2606:4700:4700::1112
2606:4700:4700::1003
2606:4700:4700::1113
msn.com
azureedge.net
rubrkik.ga
microsoftstream.com
azurewebsites.net
office.com
keep2share.cc
dropboxusercontent.com
facebook.com
es.pn
wywx.xyz
kaloo.ga
msgamestudios.com
worldssl.net
vanuatu.com.vu
sotelma.ml
robtex.com
check.googlezip.net
ingress-guard.tk
mshome.net
playx.fun
knjige.club
etcd.socket
philaorch.org
mozilla.org
discord.gg
ebay.com
xbox.com
uservoice.com
gitcdn.xyz
pushpad.xyz
163.com
printfleet.com
medtronic.com
fina.hr
ina.hr
in2.hr
pbz.hr
ht.hr
.rba
.rh
nirvana.easydns.net
tor-exit-node-x1.mooo.com
super59.ddns.net
pacer.cc
rvpn-api.ws
nic.xyz
tor-proxy-readme.tcp4.me
filmativa.ws
fmovies.wtf
epizode.ws
adult-movies.cc
verticals.wix.com
www.wix.com
96.wix.com
.centar
.corp
gca.sh
genotypeinczgrxr.onion
imgtube.net
imgchili.net
sport7.ws
stream2watch.ws
imgdew.pw
www.freebookspot.es
popin.cc
nigembassyrabat.org
super59.ddns.net
2000me.dd-dns.de
kinoteka.biz
parkingcrew.net
username.wix.com
gledaj-online.com
kinoteka.biz
fut.mine.nu
global.quickconnect.to
dec.quickconnect.to
gestyy.com
livetv.sx
members.tripod.com
cdn.000webhost.com
bypassed.ooo
a.ns.tk
b.ns.tk
c.ns.tk
d.ns.tk
a.ns.ga
d.ns.ga
adis.ws
joins.com
adop.cc
culturalvistas.org
cdn.000webhost.com
files.000webhost.com
hr.000webhost.com
rest.000webhost.com
kuntv.pw
road.cc
mwbsys.com
lxdns.com
jwplatform.com
issuu.com
advertising.com
unpkg.com
onesignal.com
zohocorp.com
ironport.com
checkpoint.com
fortiguard.net
eset.com
fireeye.com
windows.net
jsdelivr.net
twilio.com
wixapps.net
necan.gov.np
jsdelivr.com
bitbucket.org
github.com
milftube.su
gate.cc
streamapi.xyz
artplanet.su
bishkek.su
evolife.su
gigalink.su
viptelecom.su
infoline.su
infosys.su
ipserver.su
kgts.su
krasnoyarsk.su
masterbit.su
nsk.su
redhost.su
soes.su
spb.su
strizhak.su
persky.su
tomsk.su
transfer.su
vernet.su
viptelecom.su
yaroslavl.su
adult.xyz
best-journal.xyz
ytmp3.cc
balancers.42.wix.com
ding.wix.com
progallery.wix.com
apps.wix.com
ecom.wix.com
social-blog.wix.com
dc11.wix.com
sslstatic.wix.com
stores-counters.wix.com
wwworigin.wix.com
edu.cn
edu.sg
edu.ph
ibb.co
imgbb.com
uvnc.com
glotorrents.pw
mandiant.com
pgz505.servehttp.com
prszg.ddns.net
dynupdate.noip.com
dynupdate.no-ip.com
davor.dyndns-server.com
hardjura.selfip.info
japa88.ddns.net
notar-jakic.dyndns.biz
pozega.dyndns.org
prszg.dyndns.org
kastela.dyndns.info
members.dyndns.org
bolnica-vt.no-ip.org
ncore.cc
news-host.pw
mozilla.com
office365.com
.goog
members.webs.com
mp3viper.me
emp3world.so
btorrent.xyz
justproxy.io
histats.com
systemcontrolvpn.ddns.net
xplanet.dyndns.org
perfekta.dynalias.org
zulcselce.dyndns.org

# long-domain names (e.g. 03020749dotbjdot89dot249dot108dot53q1w2e3rty)

waseda.jp
u-paris.fr
london.ac.uk

# NS of afraid.org

evergreen.v6.afraid.org

# NS of no-ip.com

nf1.no-ip.com
nf2.no-ip.com
nf3.no-ip.com
nf4.no-ip.com
nf5.no-ip.com

# Sh.ty ad / tracker networks introducing noise (e.g. long subdomain names)

hyperhost.icu
bxczchdxynw.com
lunrac.com
51.la
tradeaccess.ltd
yldbt.com
trackidea.xyz
marketingcloudapis.com
online-metrix.net
adbrn.com
adsco.re
adshostnet.com
mucocutaneousmyrmecophaga.com
scorecardresearch.com
dsp.io
postaffiliatepro.com
askmediagroup.com
litix.io
ubembed.com
conviva.com
hrins.net
imrworldwide.com
casalemedia.com
advertising.com
agentanalytics.com
rs6.net
moatpixel.com
adjust.com
appsee.com
found.io
trafficmanager.net
report-uri.com
omtrdc.net
playground.xyz
app.link
lkqd.net
yoox.com
adnxs.com
ads.playground.xyz
btrll.com
mmstat.com
sdad.guru
markedup.com
yottaa.net
advertserv.net
ixhash.net
spotxchange.com
thebrighttag.com
outbrain.com
acidityfoamy.com
strongexplain.com
activehosted.com
sensic.net
zinphyra.com
adscale.de
pacloudflare.com
mybestdc.com
ads.cc
laus.cc
ankiety.ml
apnanalytics.com
dartsearch.net
ift.tt
alephd.com
jumptap.com
advrcsr.xyz
list-manage.com
oath.cloud
imgfarm.com
qadservice.com
airliquide.com
lupus-bra.com
rotumal.com
red-gate.com
clicksor.com
as2pawnib8ib.com
srvng.xyz
rbi.cloud
comm100.com
adcolony.xyz
newss.pw
inputstreamreader.link
dll-host.cf
ms-dev.cf
networkhost.ga
network-host.cf
ioexception.in
service-host.cf
dll-server.ga
svc-host.net

# Google crawlers

35.184.0.0/13

# Google (appeared on VoipBL)
# Reference: https://emailstuff.org/spf/check/_netblocks.google.com

35.190.247.0/24
64.233.160.0/19
66.102.0.0/20
66.249.80.0/20
72.14.192.0/18
74.125.0.0/16
108.177.8.0/21
173.194.0.0/16
209.85.128.0/17
216.58.192.0/19
216.239.32.0/19

# Google

216.58.192.0/19
172.253.0.0/16
172.217.0.0/16

# Apple

17.0.0.0/8

# Microsoft

204.79.196.0/23
204.79.195.0/24

# crl.comodoca.com, crl.comodoca4.com, crl.sectigo.com, crl.trust-provider.com, crl.usertrust.com, ocsp.comodoca.com, ocsp.comodoca4.com, ocsp.intel.com, ocsp.netsolssl.com, ocsp.sectigo.com, ocsp.securecore-ca.com, ocsp.ssl.com, ocsp.trust-provider.com, ocsp.usertrust.com

151.139.128.14

# Teamviewer

37.252.227.51

# SupRemo

supremodesk.com
nanosystems.it

# Microsoft's network connectivity check domain

msftncsi.com

# Microsoft's SmartScreen

ucsuri.tcs

# Reference: https://github.com/Bigjoos/U-232-V4

forum-u-232.servebeer.com

# Reference: https://apkscan.nviso.be/report/show/e2646fe8fd76bf2c2d413b056b76f7d9
# Reference: https://www.virustotal.com/#/file/71487fc3f0b75d5e75bf9ae849ee5cd80f0688428fd06103becb80432036a16e/detection
# Note: Android's Battery Doctor (FP on abuse.ch)

cfg.cml.ksmobile.com

# Reference: https://docs.fortinet.com/vm/xen/fortigate/6.2/xen-cookbook/6.2.0/615472/configuring-port-1
# Reference: https://www.virustotal.com/gui/ip-address/208.91.112.52/details (# DNS address of Fortinet)
# Reference: https://www.virustotal.com/gui/ip-address/208.91.112.53/details (# DNS address of Fortinet)

208.91.112.52
208.91.112.53

# AppleID resource

appleid.apple.com

# Reference: https://github.com/stamparm/maltrail/commit/37f7a4be0da57a5639549388db567948cd7cbba4
# Reference: https://twitter.com/ItsReallyNick/status/928155800123658241

fbsbx.com

# Sh.ty (mail) spammers introducing noise

remedypub.ga
victoryms.fun
roysong666.vicp.cc
biblemission.jkub.com
sun.itsaol.com
abx.publicvm.com
loginrecovery.org

# Reference: https://419scam.org/419-by-domain.htm  # Note: only .tn as most seen as noise

bmwpromoxx.kr.tn
vinohrady.ee.tn
greenxwaav.jp.tn
nk11.jp.tn
greenincxx2.ph.tn
mrbillv.hk.tn
barclays.hk.tn
hgregr.jp.tn
bnhjkee.sa.tn
greenxxc.cn.tn
departmentpayma.cn.tn
hiyleed.jp.tn
uni12.jp.tn
dalolo.jp.tn
domaininxx.sa.tn
fdh7.gr.tn
fgrert.jp.tn
hteyrs.cn.tn
lee3.bd.tn
mrbillk.hk.tn
clpayofficedepat.jp.tn
hjdtell.pl.tn
hjdtewe.pl.tn
puahyle.cn.tn
unhdevp.uk.tn
ups21.jp.tn
aadmin.jp.tn
gigs21.ma.tn
green1xx.jp.tn
greenqqa.cn.tn
hfhfhgg.jp.tn
hgdfhd.ro.tn
jhudwe.tr.tn
jime3.jp.tn
makmoor.cn.tn
pmon12.jp.tn
predos.uk.tn
ubal.ma.tn
weer4e22.jp.tn
westerl.jp.tn
winnerdona.uk.tn
adsdss.jp.tn
cadese.hk.tn
cbnmailofficer.ro.tn
eftu.uk.tn
egamel111.ae.tn
egumama.cn.tn
ejeli.jp.tn
gdhdu.cn.tn
gig1.tr.tn
greenxqazz.jp.tn
gvgfhgf.th.tn
hjdgte.cn.tn
jime1.sg.tn
kgmn.jp.tn
likawes.ph.tn
metroroad.hk.tn
modele.jp.tn
mrfreemanrichary.jp.tn
msjm.jp.tn
olendk.jp.tn
philliphubert.ma.tn
sau3.jp.tn
thythouthe.jp.tn
ueo89.sg.tn
viewspec.ph.tn
wali1.jp.tn
westernunion.ph.tn
wumm.ee.tn
wwwww.uk.tn
ahem0.vn.tn
bank.bd.tn
bhbjjjbjbj.jp.tn
bhdm.jp.tn
bigates08.hk.tn
businesspress.bd.tn
cbnmailonline2.sa.tn
ccncncc.jp.tn
chimgo.vn.tn
chisom.vn.tn
citibnk.za.tn
cliffpordubaka.ro.tn
data01b.th.tn
desssws.ae.tn
dffuuytr.jp.tn
dhl9.ir.tn
donate11003.jp.tn
donate4o21.jp.tn
donate99.jp.tn
drjurgemoore.sa.tn
e976543.ro.tn
ecolxx1234.jp.tn
efcc20109.ae.tn
eldmain.th.tn
fayemi.tr.tn
fdt1.jp.tn
ferroliveira.jp.tn
fhhhjed.ro.tn
flakin.jp.tn
gbege.ph.tn
gdrtyf.jp.tn
ggfgdfdd.kr.tn
ggghb.ee.tn
gghy1.jp.tn
government-nig.ee.tn
greenxxeea.cn.tn
greet3.bd.tn
gsgdggf.th.tn
hggg.sg.tn
hgstgd.pk.tn
infor03.jp.tn
iweem.jp.tn
jjfifif.ae.tn
jkfjdew.cn.tn
jkml.ma.tn
juuksuriari.ee.tn
llaaaa.ph.tn
motoharax.cn.tn
mrbill1dg.hk.tn
mrbrigstephen.uk.tn
ni223.jp.tn
nik212.jp.tn
odogwu.vn.tn
offdeptgrant.cn.tn
officediplomat.gr.tn
oksjhugsf.jp.tn
park.pk.tn
plesscxbbb.jp.tn
qqqq.ro.tn
revthom.th.tn
revthomas.uk.tn
rftghjuk.ph.tn
rmkfkkg.ma.tn
sghbf65.kr.tn
shatsui.hk.tn
shichirou.cn.tn
ssdee.th.tn
sututu.cn.tn
tanudja.cn.tn
thghghghj.jp.tn
thurson.th.tn
titi.jp.tn
try4.jp.tn
uniyed.bd.tn
ursget.jp.tn
uutg.jp.tn
vcette3121.hk.tn
westernuu.uk.tn
wholesale.jp.tn
11sihuan22.cn.tn
90655.kr.tn
aaaaavvbbb.th.tn
access.ng.tn
adam.ma.tn
addmin.jp.tn
affjkk55.pl.tn
airport12.sa.tn
alex.sa.tn
anntgoder.ng.tn
arylisa.ae.tn
aseend.jp.tn
ati.tn
auwi.jp.tn
bankpl.bd.tn
bankplc.bd.tn
bankplcs.bd.tn
barristerjose.ph.tn
bcvcc.jp.tn
bellomik.jp.tn
benson.sg.tn
bfvghh.jp.tn
bht1.jp.tn
bmwpromoza.hk.tn
bnbn.jp.tn
bother123456.jp.tn
bures666.ee.tn
businesspress.ee.tn
bvfgg.ro.tn
cbnmailonline201.kr.tn
centralbnkint.sg.tn
ceo.ir.tn
charity1home6.tr.tn
chizu.cn.tn
cititecinc.jp.tn
cliffubaka.ro.tn
contractors.ng.tn
customs.pk.tn
cxvxfcxfxf.jp.tn
daba.th.tn
dav9.pk.tn
davisis.cn.tn
dcxzz.jp.tn
delivery.bd.tn
demighty.jp.tn
dfrhhts.jp.tn
dfxfggffdfd.sg.tn
dhjrfe.cn.tn
dhl2.ee.tn
dipjohnag88.jp.tn
donate1103.jp.tn
donate11543.jp.tn
donate128d.jp.tn
donate303.gr.tn
donate47.hk.tn
donsgs.cn.tn
double.vn.tn
dsdf.jp.tn
dssddsdssds.jp.tn
effah1111.cn.tn
egoes.pk.tn
ezege.ph.tn
fattty.jp.tn
fatty.jp.tn
fbioffice45.sg.tn
fdh44.jp.tn
ffgdfddf.sa.tn
ffgdggfgf.ro.tn
fgdgdf.ro.tn
fgfgfhg.ro.tn
fgggghhg.sg.tn
flymsy.hk.tn
flymsy.kr.tn
flymsy.th.tn
food2.jp.tn
fsgsfsrs.jp.tn
garri1.jp.tn
garry.jp.tn
gbftwq.ma.tn
gbvcx.jp.tn
gfergerggggggg.ro.tn
gffdsfghhhh.bd.tn
gfgfgfgfgf.ma.tn
gfnbahjk367.pk.tn
ggs24.jp.tn
gigs13.tr.tn
gile4.ma.tn
gonn.ir.tn
greenxxeeg.jp.tn
greenxxeet.jp.tn
gtdgdjdkjh.jp.tn
gugo.sa.tn
hakimotoxx.jp.tn
hfbh.uk.tn
hghghgf.sa.tn
hghghggh.jp.tn
hghgjgjg.jp.tn
hhddg.kr.tn
hhgbhvh.hk.tn
hhhgyttgf.jp.tn
hhhty1.jp.tn
hilr.jp.tn
hjdtel.jp.tn
hjdteyu.hk.tn
hjdtsbe.cn.tn
hjnm.kr.tn
hjytg.jp.tn
hope.ro.tn
hsa1.jp.tn
hunghoule.hk.tn
ibukota.jp.tn
info.vn.tn
info42.ph.tn
irottt1011ty.ph.tn
iyt7t.pl.tn
james56.sg.tn
jan09.ng.tn
jarvexxx.ee.tn
jashhss.sg.tn
jhgfderty.jp.tn
jkhjk.jp.tn
jkn1.jp.tn
jockpot.sg.tn
johnhhhh.ee.tn
juinz.kr.tn
kfgkfg.vn.tn
kkkkkkxxxx.ir.tn
kkl1.jp.tn
kpuya.sg.tn
krkx.kr.tn
lant.ph.tn
lauretta.ir.tn
lesmono.cn.tn
linkit.bd.tn
liny.jp.tn
lkmj.jp.tn
loloko.sg.tn
lottofile.hk.tn
lucasxx1.uk.tn
m7gd.jp.tn
mall.ir.tn
massiveemail.gr.tn
mike0123.ng.tn
mko999.bd.tn
monicasmith01.th.tn
myhs.jp.tn
nbyvc.jp.tn
nkechyyy.kr.tn
nwachi101.ir.tn
oblin.tr.tn
offic-government.bd.tn
office31.jp.tn
officemailssmail.kr.tn
officer366.jp.tn
officer367.jp.tn
officialmail04.jp.tn
officials.ir.tn
ofun.jp.tn
oka34.sg.tn
okoloei.jp.tn
okwa.vn.tn
onlineaccess.cn.tn
onyezem.cn.tn
oplin.sg.tn
paymentunit.bd.tn
peterson.cn.tn
planet.pl.tn
postm1.sg.tn
qqaq.jp.tn
qza1.jp.tn
rev21.ae.tn
rob1.ph.tn
roycen.pk.tn
rtsxfy.jp.tn
rtyyuytois.jp.tn
ryouta.jp.tn
sdamdwa.jp.tn
secretary1.gr.tn
seof.jp.tn
shichiro.vn.tn
slentt.ma.tn
spurny417.ee.tn
tang.cn.tn
textile.sg.tn
tghdty.cn.tn
ti1n.jp.tn
tiawan.cn.tn
tity.jp.tn
todayiknowsisgoo.jp.tn
tosokchon.kr.tn
trvtrtr.jp.tn
tsydu.sa.tn
ttbrtb.sa.tn
twwerr.bd.tn
tyfguhjk.cn.tn
ubaj.ng.tn
ubak.ro.tn
uee46.sg.tn
uin1.jp.tn
un2.cn.tn
un6.cn.tn
unco.jp.tn
unphdev.uk.tn
uss25.sg.tn
uudfjhfk.jp.tn
vfgunited0.th.tn
voite.sg.tn
webdek.vn.tn
wert922.uk.tn
wertyruyo.th.tn
westernunionmoneytransferoffice19.ph.tn
westley.jp.tn
wethe.hk.tn
wewew.jp.tn
willi34.gr.tn
wnhtpx.kr.tn
wqqa.jp.tn
yfyuffyuuyfuh.jp.tn
yklj.uk.tn
yokwong.jp.tn
100card000office.jp.tn
2334rgg.bd.tn
23frinkfile1.sg.tn
3585.kr.tn
6543werewwtyre.kr.tn
73okhghinc.jp.tn
7456.kr.tn
7545.kr.tn
78965.kr.tn
8539.kr.tn
857jsgdinc.jp.tn
9089vhvbbv.jp.tn
a543454gr.pk.tn
aaaaaaasdf.hk.tn
abnszgsk.gr.tn
academia.bd.tn
account.tr.tn
adamk.sg.tn
adbank.za.tn
adminn01.jp.tn
ads.cn.tn
afagsd.jp.tn
african222.ma.tn
africanunion.ae.tn
agadazee.sg.tn
ajajabuuxx.jp.tn
akpantuaguleri.jp.tn
akunakaoffice.jp.tn
alecso.org.tn
americanfther.sa.tn
aminu1.jp.tn
amira.jp.tn
asdf.uk.tn
aszxplok.jp.tn
atm1.bd.tn
atmcarddelivery.jp.tn
atmond.uk.tn
aviomahdavid.kr.tn
awsedghyf.ph.tn
ayumu.cn.tn
baclavcz.ee.tn
bankatmcard.jp.tn
bankia.tr.tn
bankinformations.gr.tn
bankofamerica1.jp.tn
bankplcn.bd.tn
basedomainoff.cn.tn
bbhvcvfggcv.jp.tn
bbn1.jp.tn
bboothy12.ae.tn
bbvc.jp.tn
beebee312.cn.tn
benobi.hk.tn
bgdt.jp.tn
bgf6.jp.tn
bggf.jp.tn
bigates07.hk.tn
bigg.sa.tn
bj-government.th.tn
bjbw.sa.tn
blarckifr234.jp.tn
blessed1.cn.tn
bmnbmbnm.jp.tn
bmwlottery212.jp.tn
bmwpromoxx.hk.tn
bnnol.jp.tn
bnzcaew.jp.tn
boxegbff.jp.tn
breez.bd.tn
briggstephen.pl.tn
brixxy771.ph.tn
bryan.ma.tn
bssx.jp.tn
businessmogs.bd.tn
businessmogs.cn.tn
businessmogs.gr.tn
businesspress.ae.tn
bvcxzs.jp.tn
bvcxzy.jp.tn
bvdad.jp.tn
bvfhdn.jp.tn
bxxng.jp.tn
card.th.tn
cardo.jp.tn
cashbeachs.hk.tn
cass.sg.tn
cbnmailonline.sa.tn
cccdg.uk.tn
ccjcjccvvv.jp.tn
ccvnf.jp.tn
cenbank.ng.tn
cenbanknig.ng.tn
centralbankng.ng.tn
centralbanknig.ng.tn
cfdscs.kr.tn
cffiici.sg.tn
cfr1.jp.tn
charles01.ng.tn
charles03.ng.tn
charleskban.cn.tn
chiomam.cn.tn
cmbk-cn.jp.tn
cnbservice.tr.tn
consultant2si.ma.tn
csds.jp.tn
cwkwt.ro.tn
cy7865a.ma.tn
dagogo123.sg.tn
daisyworld.kr.tn
daj8.gr.tn
data7.th.tn
datapost.ro.tn
dav09.gr.tn
davecamp.gr.tn
davi.vn.tn
daviis.cn.tn
daviis.jp.tn
davis.pk.tn
davis.ro.tn
dawsunsusan.ae.tn
dcxzxz.ir.tn
ddffdddfdf.sa.tn
delightedzone.pk.tn
delivery.ma.tn
deliveryofatmca1.jp.tn
deliveryofatmcar.jp.tn
demariaa.tr.tn
department.gr.tn
department.sa.tn
depaymentoff.cn.tn
deptofficesstp.cn.tn
dfdfddfdf.sg.tn
dfdfdfdfdfd.pl.tn
dfdfs.tr.tn
dfdvdd.jp.tn
dfffggddf.th.tn
dffggh.pl.tn
dfgdtyr.jp.tn
dfgffgff.ph.tn
dfgfhdhdh.jp.tn
dfghghfg.th.tn
dfghjkl.jp.tn
dfhskjf.jp.tn
dgfdfgfds.ro.tn
dgfghhte.vn.tn
dgrffrdtrdcnjytr.pk.tn
dhfhfh.bd.tn
dhjdg.ph.tn
dhje.sa.tn
dhl28.jp.tn
dhll1.bd.tn
dibiamaka.jp.tn
die1.jp.tn
diplomat.jp.tn
djdgdnm.vn.tn
dnorris.ma.tn
dobesova.ee.tn
domoersty.ph.tn
donate00.jp.tn
donate013.jp.tn
donate11029.jp.tn
donate1106.jp.tn
donate11111.jp.tn
donate1150.jp.tn
donate1193.jp.tn
donate12231.jp.tn
donate1432.jp.tn
donate17.jp.tn
donate190.jp.tn
donate312.gr.tn
donate4000.jp.tn
donate44029.jp.tn
donate4o4.jp.tn
donate96.jp.tn
donation124.jp.tn
donationuk.uk.tn
doungua.cn.tn
douped.uk.tn
drobi.jp.tn
dsafjfjsjfjfjsdj.tr.tn
dsdffdfsd.kr.tn
dsdssdsdsdsd.jp.tn
dsstv.kr.tn
dumex10.ro.tn
earthlink.jp.tn
ed8811.ee.tn
edrewwe.ma.tn
edrfdx.cn.tn
edwardaa.jp.tn
eexxs.jp.tn
ekeoffk.uk.tn
embassyfilereccord.sg.tn
enockl.jp.tn
ere.cn.tn
erews.jp.tn
ertrtr.jp.tn
esternfundingi.ee.tn
ewku.jp.tn
ewrqwe.kr.tn
fagra.cn.tn
fahmisameh5.ro.tn
farida.ng.tn
faybassu.sg.tn
fbbnn.jp.tn
fbi-gov.ee.tn
fbi-govt.ee.tn
fbigov.ee.tn
fbigov.uk.tn
fbigovn.kr.tn
fbyi.vn.tn
fccns.uk.tn
fdeert.kr.tn
fdfdfgdf.kr.tn
fdffffdfdf.ir.tn
fdgfteuyr.sg.tn
fdggfff.pl.tn
fdh4.jp.tn
fdreshhjygg.jp.tn
fdrsa.sg.tn
fdsfsrsrsr.ir.tn
fdsii.vn.tn
fdss3.bd.tn
fdssd.jp.tn
fdsst.bd.tn
fdssti.bd.tn
fdssu2.bd.tn
fedex-ng.ng.tn
fedfed.bd.tn
fedreseverbn.pk.tn
femi.cn.tn
ffddddf.sg.tn
ffdffdgf.ro.tn
ffdghdtye.jp.tn
ffdw09897867fdfs.ae.tn
ffffw334e.jp.tn
fffggfgfhfh.sa.tn
fffj.jp.tn
ffgggfgfd.kr.tn
ffr1.jp.tn
ffun.jp.tn
fgct.ph.tn
fgdsw.ro.tn
fgffffdff.tr.tn
fgffgfg.ph.tn
fgggggg.bd.tn
fghf.jp.tn
fghgjnb.ro.tn
fgtyu.sg.tn
fhgfhgh.kr.tn
fhry.jp.tn
fianlapproval.sg.tn
fingo.hk.tn
finish6.jp.tn
firee.za.tn
fjwg.sa.tn
fkie.jp.tn
flymsy.cn.tn
flymsy.ma.tn
flymsya.sa.tn
fmfinance.ng.tn
fongvictor.cn.tn
foretyrt.kr.tn
foundationinc.ph.tn
fqqe.sa.tn
frank.uk.tn
frisss.pk.tn
fsa.jp.tn
fsde.jp.tn
fsfggfdf.kr.tn
fshfa.ro.tn
fshsssw.vn.tn
fssf.th.tn
ft5.cn.tn
fue1.jp.tn
fujhytg.jp.tn
fundcompleted.bd.tn
fundremit.za.tn
funds.ee.tn
fundsfunds.gr.tn
fxdffdffd.ro.tn
fyuut.jp.tn
gaert.ma.tn
gayryrdjhfyol.ir.tn
gdddd.tr.tn
gdddddd.jp.tn
gdewrs.cn.tn
gdfdfhfdgffg.jp.tn
gdffd.pl.tn
gdhxxx.ro.tn
gdya.jp.tn
gendo.ee.tn
gentility.sg.tn
george9.jp.tn
gfhfhffhf.jp.tn
gfhfyf.jp.tn
gfhgfh.jp.tn
gfshjshdg.jp.tn
gftyumoustred.jp.tn
ggbi.hk.tn
ggf9.jp.tn
ggfffd.ma.tn
ggffgf.sg.tn
ggffhfg21.jp.tn
gghsvcsdgbf.jp.tn
ggt147.jp.tn
ggt82.jp.tn
ghbvn.jp.tn
ghfds.jp.tn
ghfh3.jp.tn
ghfhf.kr.tn
ghjkjf.jp.tn
gjdgtd.vn.tn
gkj1.jp.tn
glowith.uk.tn
goergemwhite.sa.tn
gones2.jp.tn
gooder.ae.tn
googpape.uk.tn
governments.pk.tn
governmenttx.ng.tn
governmenty.ae.tn
graces.za.tn
grandkopings.jp.tn
grandkopingss.jp.tn
grantwin.ae.tn
grateahnsj.za.tn
grede.vn.tn
greeenn.tr.tn
greenvilecc.jp.tn
greenxxeen.jp.tn
greenxxeex.jp.tn
greenxxeex12.cn.tn
greenxxewq.jp.tn
gtfrdee.jp.tn
gtrsrstra.pl.tn
gudhdhlsiks.sg.tn
gvvdfrty.cn.tn
hagsbdy.ir.tn
hagsgs.ph.tn
hagswerw.kr.tn
hakiraxx.jp.tn
hakofujita.gr.tn
hannah05.cn.tn
hannah7.cn.tn
harry.pl.tn
harry01.ma.tn
havense.jp.tn
haxta.ma.tn
hbhhh.sg.tn
hbnmd.gr.tn
hddn.sa.tn
hdffj.jp.tn
hdhddjff.jp.tn
hdjdd.jp.tn
hdjhjdjfj1122.ph.tn
headoffice.ph.tn
hesa.jp.tn
hfgin.sa.tn
hfguhghjb.jp.tn
hgf2.jp.tn
hgftft.bd.tn
hggddss.jp.tn
hghhghgh.jp.tn
hgkjgffd.ma.tn
hgkmt.jp.tn
hgtre.pl.tn
hgtyu7.ph.tn
hhffffh.bd.tn
hhgi.hk.tn
hhhh.bd.tn
hhj667.pl.tn
hhthtt.jp.tn
hhyyhyy.sg.tn
himogambo.cn.tn
hire.jp.tn
hiwiky.kr.tn
hjff.jp.tn
hjgfd.vn.tn
hjhjghg.bd.tn
hjkf.jp.tn
hkuytin.th.tn
hngt.bd.tn
hnkt.jp.tn
hoatmirrvo.ir.tn
homeand.jp.tn
honorable1.jp.tn
hruhrigkrng.jp.tn
hsaqxbn.jp.tn
hsget.jp.tn
hsgot.jp.tn
htjkhg.jp.tn
htrhrh.jp.tn
huang.cn.tn
hune.jp.tn
hunt.jp.tn
hutrel.pl.tn
huyiyo.ro.tn
hwmk.jp.tn
hxxt.jp.tn
hyfrudio.jp.tn
hygf.jp.tn
hytgfghkj.jp.tn
ibrahim.vn.tn
icp7.jp.tn
idima.jp.tn
ifechiaman.hk.tn
ifirstbank.tr.tn
ijeoma.hk.tn
ikejames.sa.tn
ikeorrina.jp.tn
ikfgf.za.tn
imf1.cn.tn
imff1.jp.tn
imfoffice014.jp.tn
inboxsender.jp.tn
infirstbanka.tr.tn
infoincc.jp.tn
infomail2.kr.tn
infomation0.hk.tn
infor.jp.tn
infor01.jp.tn
infor02.jp.tn
infor05.jp.tn
infor1.jp.tn
infor8.jp.tn
iuba.ng.tn
iya.th.tn
jacctlxk.cn.tn
jamesdd.ma.tn
jar01.cn.tn
jattke.ph.tn
javcnmsg.pk.tn
jbvdgdj.jp.tn
jdhdh.jp.tn
jdjmn.jp.tn
jeewbf.ro.tn
jemok.sa.tn
jerryjames.jp.tn
jerryjerr.uk.tn
jfhgvijdf.jp.tn
jgguuftuujihgyh.ee.tn
jgjwk.sa.tn
jhdk.jp.tn
jherse.ro.tn
jhgsrd.pl.tn
jhjjhjhj.jp.tn
jhjnm.jp.tn
jhtyhj.sg.tn
jhyrts.cn.tn
jilings.ee.tn
jirwnse.vn.tn
jjfsfsaa.bd.tn
jjgjgjgggg.jp.tn
jjjhhjjg.jp.tn
jjjj01.pl.tn
jjjjj.jp.tn
jjjjjjs.pl.tn
jjkhgfds.jp.tn
jjnjn.cn.tn
jkde.jp.tn
jkdsjjsdis.jp.tn
jkdssssssssss.jp.tn
jkfhjfl.jp.tn
jkfhyr.sg.tn
jkk22.pl.tn
jkm1.jp.tn
jkt1.ee.tn
jnnnhu4.jp.tn
johnbbvgffv.jp.tn
johnj.za.tn
johnmike00.uk.tn
johnsss.ro.tn
johnury7yh.za.tn
joiu.ir.tn
jons.hk.tn
jooe.gr.tn
joonh.jp.tn
joyce.uk.tn
joyfav1.ph.tn
jpaa.gr.tn
jpgp.jp.tn
jshhd.ir.tn
juan.ph.tn
jude99.jp.tn
judepkk.jp.tn
juiod.ir.tn
julius.jp.tn
junas.ph.tn
junkboxes56.jp.tn
juster.ae.tn
kachukwu9.jp.tn
kal4567.bd.tn
kamik.uk.tn
karachi01.ro.tn
karetd.ma.tn
kasper.kr.tn
kdrty.kr.tn
keeyceey.uk.tn
kelem32.sg.tn
kfjfj.kr.tn
kfkfk.th.tn
kiay.jp.tn
kijack05.ro.tn
kikikiojo.th.tn
kiklas76.jp.tn
kins.jp.tn
kkjdhjdh.jp.tn
kksjsjnhsdb.jp.tn
kkttr.kr.tn
kkuy.jp.tn
kljuyy.uk.tn
klliouyt.ph.tn
kmnh.jp.tn
kojo.uk.tn
kojus.jp.tn
koneh.pl.tn
kongod.sg.tn
kqwa.jp.tn
kqwz.jp.tn
kumarxxy.ir.tn
kuot.sa.tn
kuotr.bd.tn
kwakashi.hk.tn
kwokwah.hk.tn
larry.za.tn
lausisosk.sg.tn
law1.jp.tn
lawyers551.ir.tn
layiiiio.za.tn
ldkfd.hk.tn
leemakers.jp.tn
lfel.jp.tn
lhkhihosras.th.tn
lighthousejr123.uk.tn
likawa.ph.tn
lilberth.jp.tn
liman2.cn.tn
ling-hsien.tn
live.vn.tn
livictor.ma.tn
lkj1.jp.tn
lllllhshshhss.jp.tn
lonodex.tr.tn
lopezp.ro.tn
lucifer.jp.tn
lucky1116.ee.tn
luke.ro.tn
maduzari1xx.jp.tn
magi.jp.tn
mags.jp.tn
makedss.jp.tn
malcolm.vn.tn
management.bd.tn
management11.bd.tn
manyways.ro.tn
marelottins4.jp.tn
martins12.uk.tn
martins122.kr.tn
martins16.uk.tn
martinsmillery.kr.tn
mary1.pl.tn
mastersteven.sg.tn
maza1.jp.tn
mclesqe.vn.tn
me774.kr.tn
mediapub4.jp.tn
melu1.jp.tn
mhtwfv.kr.tn
mikel.jp.tn
missloreittabab.bd.tn
mkhsj.jp.tn
mmaaa.tr.tn
mnbnbnmbn.jp.tn
mnon.uk.tn
mobi.sg.tn
mohamdd.vn.tn
moit567.pl.tn
moke.cn.tn
monday.za.tn
mone.ir.tn
moneygram.ir.tn
monicasmith.uk.tn
mover.cn.tn
mqwp.jp.tn
mrbill1g.hk.tn
mrbill22.hk.tn
msms.jp.tn
mtom.jp.tn
muel5.jp.tn
myhm.jp.tn
myprivate.bd.tn
n87965.ae.tn
nameju.kr.tn
naruwa.jp.tn
national-lottery.uk.tn
nationallottery.uk.tn
nationalulottery.uk.tn
natwest1.jp.tn
nbhbnhty.jp.tn
nbxccccbb.bd.tn
nhbgtfv.ir.tn
nhdhdg.uk.tn
nk112.kr.tn
nnnosis.cn.tn
nolk.tr.tn
nsde.jp.tn
nvcvcv.jp.tn
nxjxjxjxjxds.jp.tn
obagomasterr.za.tn
obii.ma.tn
odedeb1.hk.tn
offic-government.ae.tn
office-lino.ae.tn
office1.jp.tn
office170.jp.tn
officecare002.uk.tn
officee.jp.tn
officee361.jp.tn
officefile2.uk.tn
officefile988.bd.tn
officefilenow.ph.tn
officemail334021.jp.tn
officer361.jp.tn
officer364.jp.tn
officexx.hk.tn
officexx1245.cn.tn
officialmail05.jp.tn
offive.jp.tn
oficeserver.bd.tn
ogada.jp.tn
oilnn.pk.tn
oiuw.jp.tn
oka1234.ir.tn
okart.pk.tn
okep.jp.tn
olomolo.jp.tn
olsjsus.hk.tn
online.jp.tn
onyenkem.jp.tn
oosis.jp.tn
organization1ofa.ng.tn
osalim.cn.tn
otywgh7676.jp.tn
ougedr.jp.tn
ouieuw.jp.tn
owolobe.uk.tn
owololo.uk.tn
owosni.vn.tn
park.gr.tn
park.ir.tn
pastor.sg.tn
paulben.jp.tn
pdgoinc.ee.tn
pellon.sg.tn
peterjames.sg.tn
piiy.jp.tn
plmbvc.cn.tn
pmdw.uk.tn
poon.jp.tn
posit.jp.tn
postmail.ir.tn
pranaa.cn.tn
precious.ro.tn
primespecxx.ph.tn
profmatarrese.jp.tn
pullengyt.jp.tn
qqqqqq.vn.tn
qqssww.ro.tn
qrr7.jp.tn
rajioba.hk.tn
rbnk.za.tn
rdpkjh.th.tn
reser02.vn.tn
rev7.ae.tn
revthom.ma.tn
revthomas.ee.tn
rf083.th.tn
rghrgrtgtrg.kr.tn
rherh.jp.tn
rjyehhh.uk.tn
rooty.jp.tn
roppmikk.jp.tn
royalmail.uk.tn
rozianbs.jp.tn
rreererer.sg.tn
rtrsaeeweeww.jp.tn
rttrtr.ro.tn
rtttrrrr.sa.tn
rvzp.jp.tn
saluso.bd.tn
sasmita.cn.tn
sddsdsdfds.th.tn
sdexsw.bd.tn
sdfs.pk.tn
sdgfrtyujh.jp.tn
sdhsjbb.bd.tn
sdsfds.sa.tn
sdwedd.th.tn
seeer.jp.tn
sendfiling2.sa.tn
setiabudi.jp.tn
seue1.tr.tn
sfoairport.kr.tn
sfoairport.tr.tn
sgfgfgdfdf.jp.tn
sgfssd.sa.tn
sgtelizabethsweitze.cn.tn
shihonk.jp.tn
shinobu.cn.tn
shirley.hk.tn
sideworldoffice.jp.tn
solutionoffice.th.tn
sqwq.jp.tn
sssaadd.vn.tn
ssssssww.ro.tn
stls.kr.tn
stndrdbnksa.za.tn
suiwu.jp.tn
suleiman.vn.tn
sun1.ro.tn
suss1.sg.tn
taaaky1.jp.tn
tain.jp.tn
takkkky.jp.tn
tanuwid.cn.tn
tayara.tn
tejh.jp.tn
teltext.tr.tn
tgddessaa.ro.tn
tgfrtghf.pl.tn
tghdty.vn.tn
tgtt.vn.tn
thailandoffice.jp.tn
thomasfr.ir.tn
thomspon333.za.tn
threcv.jp.tn
titem.jp.tn
tjrbr.sa.tn
tochirokk.jp.tn
tone66.jp.tn
topnet.tn
transcoltd1.uk.tn
transf.cn.tn
tregtrf.kr.tn
trgdu.jp.tn
trjhrrhjrtj.kr.tn
trytuyu.jp.tn
tryxx11vb.jp.tn
tsgsw.ae.tn
ttggdsa.jp.tn
ttransfer.jp.tn
ttttytryrt.ir.tn
tty1.jp.tn
tyjdhyehd.jp.tn
tyty.ro.tn
tyzx.cn.tn
uagsfs.pk.tn
uba8.ph.tn
ubad.ma.tn
ubam.sg.tn
ubax.sa.tn
udem.cn.tn
uee4.jp.tn
uees1.sg.tn
uess38.jp.tn
ugo14.ng.tn
ugsdrewg.pk.tn
uhyghhj.ae.tn
uien10.ng.tn
uioam.jp.tn
ujl1.jp.tn
ukss.uk.tn
uktr.jp.tn
un7.cn.tn
un8.cn.tn
unashss.ro.tn
undhp.jp.tn
undp.uk.tn
undph.cn.tn
uni11.jp.tn
uni3.ng.tn
uninin.ee.tn
unit11.sg.tn
unitedbankfa.jp.tn
unittelex1.uk.tn
unnh.jp.tn
unoin44.ng.tn
unst.jp.tn
urderp.jp.tn
uud.jp.tn
uyht.jp.tn
uyoo.jp.tn
uyttrr.sg.tn
vade.jp.tn
vbbbedccc.jp.tn
vbmzaq.jp.tn
vcbdgd.jp.tn
vcfdeerrrrrr.jp.tn
vcfg.jp.tn
vcxx.pl.tn
verify.ng.tn
verti.sa.tn
verty5.ma.tn
vf7j.jp.tn
vfgtfrr.hk.tn
vgr7.jp.tn
victor.th.tn
vmgfmcnfjf.jp.tn
vorn.cn.tn
vrtg.cn.tn
vrvtvtvthjk.pl.tn
vsxhbsdjs.jp.tn
vvbbwqaszzx.jp.tn
vxvx.jp.tn
w9966734e.ir.tn
wadc.sg.tn
wadddbbm.jp.tn
wade.jp.tn
waston.cn.tn
wbdmt.ro.tn
wbefundsrpprovelstr.sg.tn
webcarduba.sg.tn
weewrw.cn.tn
wellsfargobank.jp.tn
wende12.jp.tn
weri.jp.tn
western.ma.tn
westeruth.ma.tn
william666.cn.tn
winin.uk.tn
wlconsult.tr.tn
wlleeds.vn.tn
wofac.ro.tn
wono.jp.tn
wow.bd.tn
wqa.cn.tn
wqaq.jp.tn
wumtbs.uk.tn
wumts.cn.tn
wumts.ng.tn
wumtsb.ng.tn
wungxiu.cn.tn
wuofficalfile1.sg.tn
wwweew982.kr.tn
wxqo.jp.tn
wxxavr213.hk.tn
xbbx.jp.tn
xcvbn.tr.tn
xddessde.ae.tn
xelyctrkl.cn.tn
xghd.cn.tn
xxdocum0111.uk.tn
xxyarabs2.jp.tn
xxzs.jp.tn
xzkt.jp.tn
yahnima.cn.tn
yaushs.ph.tn
ydfdcfgo.pk.tn
yernds.ir.tn
ygtfrd.jp.tn
yhgl.jp.tn
yinkopings1.jp.tn
yinkopingsss.jp.tn
yjghnm.ro.tn
yongbu.kr.tn
yooha.kr.tn
yrud.th.tn
ytttrggffddd.jp.tn
yuchaokk.jp.tn
yuhjkllm.jp.tn
yusudakx.jp.tn
yuyyuu.jp.tn
zenithbankwealth-management.uk.tn
zinza.jp.tn
zxad.ma.tn
zxcsv.jp.tn
zzzaa.jp.tn

# Reference: https://help.dropbox.com/accounts-billing/security/official-domains

db.tt
dropbox.com
dropboxapi.com
dropboxbusiness.com
dropboxcaptcha.com
dropboxforums.com
dropboxforum.com
dropboxinsiders.com
dropboxmail.com
dropboxpartners.com
dropboxstatic.com
getdropbox.com
dropboxbusiness.com
dropbox-dns.com

# Virut DGA 2019-10-16

arcgis.com

# Reference: https://forum.adguard.com/index.php?threads/resolved-ad-sponsor-domains.30310/

arthydate.com
arthygeo.info
abtr4all.com
abtrcker.com
adsb4track.com
adsbtrack.com
arthydate.com
etryi.pro
go-bang-pussy.com
gorillatrk.com
localgirlsearch.com
mobilust.com
mobitubegirl.com
sexznakimstwa.online
track4ref.com
trackthis1337.com

# Reference: https://forum.adguard.com/index.php?threads/resolved-ad-sponsor-domains-2.30311/

1ccbt.com
acidityfoamy.com
amadagasca.com
babyboomboomads.com
broomboxmain.com
cashinme.com
challengedeprave.com
comegarage.com
completeexecutor.com
curriculture.com
decademical.com
downloadgot.com
evenexcite.com
fairnessels.com
fencemiracle.com
forexplmdb.com
g1341551423.com
g2247755016.com
g3369554495.com
g344530742.com
helpclause.com
injuredcandy.com
intangibleconcordant.com
jackettrain.com
lyoniaancony.com
mediadisclose.com
mixturehopeful.com
mobdisc.net
mobdisc.org
mutualvehemence.com
naganoadigei.com
nererut.com
noblemagnition.com
ortonch.com
outlookabsorb.com
pndelfast.com
producebreed.com
pushmenews.com
pushmobilenews.com
renaissanto.com
retiremely.com
ridingintractable.com
safelyawake.com
septembership.com
smashseek.com
strainemergency.com
strawdense.com
stringroadway.com
strongexplain.com
tailorcave.com
textreason.com
theirsvendor.com
uncyane.com
windowmentaria.com
wynsys.club
zinidge.com

# Reference: https://ec.europa.eu/energy/sites/ener/files/documents/tech_report_croatia_2013_en.pdf

cucews.dyndns.org

# Reference: http://www.dynip.com/docs/DynIPClientV4.2UserGuide.pdf

discovery.dynip.com

# Reference: https://app.any.run/tasks/bfce10dc-720e-44f6-aa70-60e6037802cc/

is.gd

# Reference: https://twitter.com/JCyberSec_/status/1201850082775224323
# Reference: https://twitter.com/JCyberSec_/status/1201850090153005056

images-amazon.com

# WPS Office

ksosoft.com
ksord.com
dahuap2p.com
wps.com
wps.cn

# Reference: https://www.virustotal.com/gui/domain/security-research.dyndns.org/relations

security-research.dyndns.org

# Reference: https://raw.githubusercontent.com/ACINQ/electrum-lib/master/src/main/resources/electrum/servers_mainnet.json
# Note: Electrum servers

3smoooajg7qqac2y.onion
81-7-10-251.blue.kundencontroller.de
bauerjda5hnedjam.onion
bauerjhejlv6di7s.onion
bitcoin3nqy3db7c.onion
bitcoin.corgi.party
bitcoins.sk
b.ooze.cc
btc.cihar.com
btc.smsys.me
btc.xskyx.net
cashyes.zapto.org
currentlane.lovebitco.in
daedalus.bauerj.eu
dedi.jochen-hoenicke.de
dragon085.startdedicated.de
e-1.claudioboxx.com
e.keff.org
elec.luggs.co
electrum2.eff.ro
electrum2.villocq.com
electrum3.hachre.de
electrum.eff.ro
electrum.festivaldelhumor.org
electrum.hsmiths.com
electrum.leblancnet.us
electrum.mindspot.org
electrum.qtornado.com
electrum-server.ninja
electrum.taborsky.cz
electrum-unlimited.criptolayer.net
electrum.villocq.com
electrumx.bot.nu
electrumx.ddns.net
electrumx.ftp.sh
electrumxhqdsmlu.onion
electrumx.ml
electrumx.nmdps.net
electrumx.soon.it
elx01.knas.systems
enode.duckdns.org
erbium1.sytes.net
E-X.not.fyi
fedaykin.goip.de
fn.48.org
helicarrier.bauerj.eu
hsmiths4fyqlw5xw.onion
hsmiths5mjk6uijs.onion
icarus.tetradrachm.net
kirsche.emzy.de
luggscoqbymhvnkp.onion
MEADS.hopto.org
ndnd.selfhost.eu
ndndword5lpb7eex.onion
oneweek.duckdns.org
orannis.com
ozahtqwp25chjdjd.onion
qtornadoklbgdyww.onion
rbx.curalle.ovh
s7clinmo4cazmhul.onion
tardis.bauerj.eu
technetium.network
tomscryptos.com
ulrichard.ch
us.electrum.be
vmd27610.contaboserver.net
vmd30612.contaboserver.net
VPS.hsmiths.com
wsw6tua3xl24gsmi264zaep6seppjyrkyucpsmuxnjzyt3f3j6swshad.onion
xray587.startdedicated.de
yuio.top

# Reference: https://raw.githubusercontent.com/spesmilo/electrum/master/electrum/servers.json

3smoooajg7qqac2y.onion
81-7-10-251.blue.kundencontroller.de
bitcoin3nqy3db7c.onion
bitcoin.aranguren.org
bitcoin.corgi.party
bitcoin.dragon.zone
bitcoin.lukechilds.co
bitcoins.sk
blockstream.info
b.ooze.cc
btc.cihar.com
btc.usebsv.com
btc.xskyx.net
currentlane.lovebitco.in
dragon085.startdedicated.de
e-1.claudioboxx.com
e2.keff.org
ecdsa.net
e.keff.org
electrum2.eff.ro
electrum2.villocq.com
electrum3.hodlister.co
electrum5.hodlister.co
electrum.aantonop.com
electrum.bitkoins.nl
electrum.blockstream.info
electrum.eff.ro
electrum.emzy.de
electrum.festivaldelhumor.org
electrum.hodlister.co
electrum.hsmiths.com
electrum.jochen-hoenicke.de
electrum.leblancnet.us
electrum.mindspot.org
electrum.qtornado.com
electrum-server.ninja
electrum.taborsky.cz
electrum-unlimited.criptolayer.net
electrum.villocq.com
electrumx.bot.nu
electrumx-core.1209k.com
electrumx.ddns.net
electrumx.electricnewyear.net
electrumx.erbium.eu
electrumx.ftp.sh
electrumxhqdsmlu.onion
electrumx.soon.it
elx01.knas.systems
E-X.not.fyi
fedaykin.goip.de
fn.48.org
fortress.qtornado.com
green-gold.westeurope.cloudapp.azure.com
hsmiths4fyqlw5xw.onion
hsmiths5mjk6uijs.onion
ndnd.selfhost.eu
ndndword5lpb7eex.onion
orannis.com
ozahtqwp25chjdjd.onion
qtornadoklbgdyww.onion
rbx.curalle.ovh
s7clinmo4cazmhul.onion
tardis.bauerj.eu
technetium.network
tomscryptos.com
ulrichard.ch
vmd27610.contaboserver.net
vmd30612.contaboserver.net
VPS.hsmiths.com
wsw6tua3xl24gsmi264zaep6seppjyrkyucpsmuxnjzyt3f3j6swshad.onion
xray587.startdedicated.de
yuio.top

# Exceptions for android_roamingmantis detection regex

hf-hd.top
nn-mod.top
reseau-js.com
coloros.com
sagawa-exp.co.jp
au-e.com
big-post.com
voyance-au-top.com
cat-cnc.com
cat-nip.com
post-punk.com
cat-uxo.com
u-cdn.top
mk-yw.top
tr-dl.top

# Exceptions for abuse.ch (dirty patch for addresses used by outside scanners introducing noise being recognized as 'malware')

scan.casualaffinity.net
jhasdjahsdjasfkdaskdfasbot.niggacumyafacenet.xyz

# Reference: https://twitter.com/0xBanana/status/1234141822345191425

rpi.bnon.xyz

# Reference: https://kb.easydns.com/knowledge/transferring-a-domain-to-easydns/

rush.easydns.com
nirvana.easydns.net
motorhead.easydns.org
dns1.easydns.com
dns2.easydns.net
dns3.easydns.ca
dns3.easydns.org
dns4.easydns.info

# Reference: https://twitter.com/xyz/status/1235984620237123584

gen.xyz

# Reference: https://github.com/stamparm/maltrail/pull/7271#issuecomment-596401544

namebright.com

# Reference: https://b-ok.cc/  # "Part of Z-Library project. The world's largest ebook library."

b-ok.cc

# Reference: https://www.virustotal.com/gui/file/b7e3795dfe43361b5b1bcfcc5f5f440261b9f79f8953fe94b6e87e8fc3c19a63/behavior/Dr.Web%20vxCube
# Note: AutoPico/KMSPico/AutoKMS

110.noip.me
skms.ddns.net
3rss.vicp.net
kms.digiboy.ir

# Reference: https://www.virustotal.com/gui/domain/eventory.cc/relations

eventory.cc

# Reference: https://pastecode.xyz/

pastecode.xyz

# Reference: https://exchange.xforce.ibmcloud.com (# Otherwise MT will mistakenly trigger on links like https://exchange.xforce.ibmcloud.com/url/hfgfr56745fg.com/admin/gate.php)

ibmcloud.com
exchange.xforce.ibmcloud.com

# Reference: https://github.com/stamparm/maltrail/pull/8701/commits/9ecad095a48f774e32f4069113f195a7bf883662
# Reference: https://www.virustotal.com/gui/domain/nvpn.so/relations

nvpn.so

# Reference: https://www.malwaredomainlist.com/mdl2.php?inactive=&sort=Date&search=&colsearch=All&ascordesc=DESC&quantity=100&page=22
# Note: rupor.info is legit news site, which was compromised in 2009 due to MDL database. On 2020-06-03 rupor.info is clean.

rupor.info

# Reference: https://www.virustotal.com/gui/domain/rusvesna.su/detection

rusvesna.su

# Reference: https://www.virustotal.com/gui/domain/tilda.cc/relations

tilda.cc
tilda.wc

# Reference: https://www.virustotal.com/gui/domain/gogol-mogol.su/relations

gogol-mogol.su

# Reference: https://www.virustotal.com/gui/domain/lissyara.su/detection

lissyara.su

# Reference: https://www.virustotal.com/gui/domain/warhead.su/relations

warhead.su

# Reference: https://www.virustotal.com/gui/domain/routers.wtf/detection

routers.wtf

# Reference: https://www.virustotal.com/gui/domain/teenslang.su/detection

teenslang.su

# Reference: https://www.virustotal.com/gui/domain/jouin.xyz/relations

jouin.xyz

# Reference: https://servers.opennicproject.org/

134.195.4.2
5.132.191.104
172.105.162.206
142.4.204.111
142.4.205.47
198.100.148.224
66.70.228.164
176.9.37.132
51.38.99.35
45.9.63.233
116.203.147.31
78.47.243.3
195.10.195.195
185.120.22.15
94.247.43.254
62.210.177.189
62.210.180.71
94.23.60.104
151.80.222.79
87.98.175.85
195.154.106.113
51.255.211.146
172.105.49.243
172.105.220.183
104.244.79.186
142.4.204.111
112.109.84.76
91.217.137.37
185.52.0.55
176.126.70.119
198.98.49.91
45.79.57.113
46.21.150.56
45.79.193.205
35.211.96.150
172.98.193.42
162.248.241.94
45.77.153.179
155.130.14.5
162.243.19.47
69.164.196.21
66.18.1.46
147.135.113.37
147.135.115.88

# Reference: https://twitter.com/malwrhunterteam/status/1329746585891315713/photo/2
# Reference: https://www.virustotal.com/gui/domain/esentry.xyz/relations

esentry.xyz

# Reference: https://www.crowdstrike.com/blog/farewell-to-kelihos-and-zombie-spider/
# Reference: https://www.virustotal.com/gui/domain/utbs.ws/relations

utbs.ws

# Reference: https://securelist.com/what-did-deathstalker-hide-between-two-ferns/99616/

1drv.ws

# Reference: https://gameanalytics.com/product-updates/reduce-costs-https-api-aws/

ss2.us

# Reference: https://itinfinity.ru/servisy/minercheck/ (Russian)
# Note: Whitelisting for itinfinity.ru Bitrixcore (https://github.com/stamparm/maltrail/blob/master/trails/static/malicious/bitrixcore.txt) attacks scanner service

itinfinity.ru

# Reference: https://www.virustotal.com/gui/domain/zerkalo.cc/relations

zerkalo.cc

# Reference: https://github.com/nextdns/metadata/issues/508
# Reference: https://github.com/stamparm/maltrail/commit/733a4d2029755ad71c84caf07fc8dfb0e8332e60

netguard.me
netguard.pw
netguard.re

# Reference: http://ipnoise.undo.it/blacklist.txt
# Reference: http://ipnoise.now.im/blacklist.txt

ipnoise.undo.it
ipnoise.now.im

# Reference: https://github.com/stamparm/maltrail/issues/13674

wordbot.xyz

# Reference: https://www.virustotal.com/gui/domain/siem.su/relations

siem.su

# Reference: https://www.virustotal.com/gui/domain/iptools.su/relations

iptools.su
