# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

localhost
127.0.0.1
::1
lan
local
localdomain
corp

# triggering suspicious (sub)domain names

1e100.net
22pixx.xyz
2o7.net
acer-euro.com
adcash.com
adinf.com
adsk2.co
akadns.net
akamaiedge.net
akamaihd.net
akamai.net
akamaitechnologies.com
alibaba.com
aligfwaf.com
amazon.com
amazonaws.com
amazonses.com
a-msedge.net
angsrvr.com
anycastb.com
anti-virus.by
azure.com
b4b.hr
baidu.com
bdnsrt.org
benkow.cc
bitdefender.net
blogspot.com
bstatic.com
cbox.ws
cdxall.com
cdxgoog.com
cdxultra.com
cedexis-radar.net
cezih.hr
chip.de
clickbank.net
clipconverter.cc
cloudapp.net
cloudfront.net
colocrossing.com
comping.hr
coppersurfer.tk
councilforeuropeanstudies.org
cyfral.net.ua
da3e3.net
dataprotection.com.ua
demdex.net
disqus.com
drweb.cn
drweb.com
drweb.fr
drweb.ru
drweb.ua
dynamics.com
e5.sk
edgecastcdn.net
edgekey.net
edgesuite.net
elasticbeanstalk.com
eset.com
eset.ua
esetnod32.ru
example.com
ext-twitch.tv
exploit-db.com
f-secure.com
fap.to
fastly.net
fbcdn.net
fortiddns.com
fslcdn.net
footprintdns.com
footprintpredict.com
garmin.com
gcontent.eu
gexperiments1.com
gexperiments2.com
gexperiments3.com
gigaset.net
googleapis.com
googlecode.com
google.com
google.com.ua
google.com.vn
google.co.za
google.kz
googledrive.com
googlegroups.com
googleusercontent.com
googlevideo.com
gstatic.com
h-cdn.com
herokuapp.com
hitwh.edu.cn
hotmail.com
ibm.com
ibm.hr
ibmuc.com
ibmmodules.com
igsonar.com
imageshack.host
infernotions.com
internationalmonetaryfund.org
ipv6test.com
ipv6test.net
iteam.net.ru
kaspersky.com
kaspersky.de
kaspersky.fr
kaspersky.ru
kaspersky.ua
king-ict.corp
kvt.su
kvt.tools
kvt-shop.ru
laola1.tv
linux.org.ru
live.com
lotus.com
lswcdn.net
mail-abuse.com
mailchimp.com
mailprotector.net
mailshell.net
mcafee.com
mediafire.com
microsoft.com
msv1.invalid
multicom.hr
netdna-cdn.com
nowvideo.sx
nsatc.net
officeshoes.ws
onmicrosoft.com
opendns.com
oraclecloud.com
outlook.com
pandasecurity.com
postimg.cc
proofpoint.com
protext.su
pubnub.com
qualtrics.com
rackcdn.com
rarbg.to
rncdn1.com
rncdn2.com
rncdn3.com
rncdn4.com
rncdn5.com
rncdn6.com
rncdn7.com
rncdn8.com
rncdn.com
s81c.com
senderbase.org
sferakon.org
siemens.net
siteforce.com
sophosxl.com
sophosxl.net
sophoslive.net
spiegel.de
spotify.com
shtok.ru
shtok.su
street-directory.com.au
sucuri.net
takprosto.cc
tawk.to
testanalytics.net
testflightapp.com
tmpfiles.org
torrent.eu.org
trendmicro.com
tumblr.com
twitter.com
ubuntu.com
w3schools.com
v-mate.mobi
vba.com.by
verisign.com
verisign.net
weborama.fr
weebly.com
windows.com
windows.net
wordpress.com
wsusoffline.net
yahoo.com
yahoodns.net
yimg.com
yvimg.kz
zextras.com
zillya.com
zillya.ua
zillyaoem.com
ben.kerbertools.xyz
public.publictracker.xyz
torrentcore.xyz
tr.fuckbitcoin.xyz
vibe.sleepyinternetfun.xyz
zecircle.xyz
limetorrents.lol
yahor.ftp.sh
mail.zasaonsk.ga
open.free-tracker.ga
tr.abir.ga
leefafa.tk
open.4ever.tk
li1406-230.members.linode.com
cutscloud.duckdns.org
laze.cc
tracker.lilithraws.cf
rules2.clearurls.xyz
torrents-csv.ml
visitor-badge.laobi.icu
free.publictracker.xyz
run-2.publictracker.xyz
run.publictracker.xyz
tracker.publictracker.xyz
public-tracker.ml
tracker.imgoingto.icu
searx.fmac.xyz
eximage.cyou
camhub.cc
0xxx.ws
lingva.ml
insecam.org
justdeleteme.xyz
cyberpunk.xyz
book.hacktricks.xyz

# triggering potential DNS exhaustion

barracuda.com
barracudabrts.com
dynamic-ip.hinet.net
kasserver.com
sl-reverse.com
t-com.hr
tedata.net
vkcache.com
habeas.com
bondedsender.org
support-intelligence.net
webex.com
skole.hr

# to ignore in direct .exe/.bin downloads

360safe.com
7-zip.org
acer.com
acropdf.com
adinf.com
adobe.com
akeo.ie
apple.com
avantbrowser.com
avast.com
avg.com
anti-virus.by
bitdefender.com
bleepingcomputer.com
cnet.com
comodo.com
corel.com
cwfservice.net
dell.com
devbuilds.kaspersky-labs.com
digitalrivercontent.net
divx.com
download.eset.com
download.esetnod32.ru
download.geo.drweb.com
download.zillya.com
easeus.com
filehippo.com
foxitsoftware.com
fraps.com
garr.it
gigabyte.com
gimp.org
googleapis.com
play.googleapis.com
google.com
googlesyndication.com
gpsonextra.net
grandstream.com
gvt1.com
here.com
hitmanpro.com
hp.com
htc.com
intel.com
izatcloud.net
justbasic.com
jutarnji.hr
kmplayer.com
layers.isu.pub
lenovo.com
lexmark.com
logitech.com
macromedia.com
majorgeeks.com
mcafee.com
microsoft.com
mozilla.net
msi.com
nai.com
notepad-plus-plus.org
nvidia.com
on.net
oracle.com
p4dragon.com
pandasoftware.com
pdfwordconverter.net
portableapps.com
pysoft.com
rarlab.com
rarsoft.com
real.com
ricoh.com
samsung.com
samsungdp.com
samsungimaging.com
skype.com
softpedia.com
sonymobile.com
sourceforge.net
sun.com
surfright.nl
symantecliveupdate.com
teamviewer.com
toshiba.com
tucows.com
vba.com.by
videolan.org
wgt.com
windowsupdate.com
win-rar.com
winzip.com
wsusoffline.net
xboxlive.com
yahoodns.net
yandex.net
zdnet.com

# push notifications provider

os.tc

# have script tags in ad links

emediate.dk

# appeared on malwareurls.joxeankoret.com

pinterest.com
tinypic.com
s3.amazonaws.com

# appeared on dshield.org

microsoftonline.com
rlcdn.com
quantserve.com
krxd.net
taobao.com
contextweb.com
addthisedge.com
optimizely.com
segment.io
criteo.com
crwdcntrl.net
adobedtm.com
paypal.com
qq.com
exelator.com
avocet.io
tapad.com
crazyegg.com
ytimg.com
pubmatic.com
dailymail.co.uk
chartbeat.com
twimg.com
amung.us
jwpcdn.com
a-ads.com
go-mpulse.net
youtu.be
mandrillapp.com
staticimgfarm.com
adsafeprotected.com
onclickads.net
mochiads.com
sharethis.com
bankofamerica.com
usbank.com
media.net
wp.com

# appeared on malwaremustdie.org

rea.co.ke

# appeared on malwaredomains.com

atw.hu
gandi.net
tz-tribunj.hr
josip-stadler.org

# appeared on malwaredomainlist.com

hausnet.ru
triangleservicesltd.com
outlinearray.com

# Reference: https://answers.microsoft.com/en-us/msoffice/forum/msoffice_outlook-mso_winother-mso_o365b/sync-euexebid/a2f18771-d49a-44dc-8c2a-0dac6a8eb0b2

sync-eu.exe.bid

# appeared on malc0de.com

msecnd.net
lang-8.com
popads.net
c1.popads.net
githubusercontent.com
raw.githubusercontent.com

# appeared on malwarepatrol.net

hdwallpapers.in
alicdn.com
pr-link.at
esc.net.au
starlan.com
pastebin.com
imgur.com
alicdn.com
wordpress.org
iobit.com
static.xvideos.com
hanstrackr.com
bitly.com
silvergames.com
easydriverpro.com
sc01.alicdn.com
sc02.alicdn.com
any-video-converter.com
adriaticsailor.com
setitagila.ru
imganuncios.mitula.net
napravi-sam.com

# web (JS) miners appearing as "malware" on malwarepatrol.net

coin-hive.com
jsecoin.com
cryptoloot.pro
webassembly.stream
ppoi.org
xmrstudio
webmine.pro
miner.start
allfontshere.press
freecontent.bid
freecontent.date
freecontent.faith
freecontent.party
freecontent.science
freecontent.stream
freecontent.trade
hostingcloud.accountant
hostingcloud.bid
hostingcloud.date
hostingcloud.download
hostingcloud.faith
hostingcloud.loan
jshosting.bid
jshosting.date
jshosting.download
jshosting.loan
jshosting.party
jshosting.racing
jshosting.review
jshosting.stream
jshosting.trade
jshosting.win

# triggering suspicious http request

216.58.214.76
api.geograph.org.uk
api.facebook.com
codepen.io
graph.facebook.com
google-analytics.com
htccode.com
imei.info
imeipro.info
quackit.com
query.yahooapis.com
sanasecurity.com
sim-unlock.net
sqlzoo.net
symcb.com
symcd.com
victronenergy.com

# old compromised sites on cybercrime-tracker.net

powiat-lancut.com.pl
megaplast.co.rs
istrayachting.hr
alnassar.com.sa
mspp.gouv.ht
gripa.hr
czk-cakovec.hr
nk-slaven-belupo.hr
fongyeh.com.tw
ee.ncu.edu.tw
hupt.hr
heartjohn.com
cima.hr
cm-lagoa.pt
databridgemarketresearch.com
iutoic-dhaka.edu
africanspicesafaris.com
sample.com
saol.com
putvjernika.com
affordableunixhost.net
steroidportal.com
medicosdelmundo.org
giraffe360.com
destilacija.net
fetihturizm.com
antemarkic.com
lotusgraf.hr

# found as false positive on cybercrime-tracker.net

geocities.ws
crotour.com
condomchoice.co.uk
92.222.150.60   # nameserver for sci-hub.tw

# found as false positive on urlvir.com

pdf-archive.com
discordapp.com
cl.ly
cubeupload.com
emlfiles4.com

# found as false positive on cybercrime-tracker.net

defensacentral.com

# found as false positive on bambenekconsulting.com

parkingcrew.net
caseking.net

# triggering parked site events

svijet7.com
artbetting.de
budi.in
svgroup.net
neodrive.co
gofaka.com

# found as false positive on abuse.ch

citibank.com
naver.com

# found as false positive in otx.alienvault.com

digicert.com
globalsign.net
creativecommons.org
arstechnica.co.uk
hpe.com
doubleclick.net
sify.com
publicdomainregistry.com

# DNSBL/RBL/MHR

abuse.ch
abuseat.org
ahbl.org
anticaptcha.net
apews.org
aupads.org
backscatterer.org
barracudacentral.org
berkeley.edu
bit.nl
blocklist.de
blocklist.messaging.microsoft.com
blogspambl.com
brightmail.com
burnt-tech.com
choon.net
cyberlogic.net
cymru.com
digibase.ca
dns-servicios.com
dronebl.org
efnetrbl.org
emailbasura.org
fabel.dk
fast.net
five-ten-sg.com
fusionzero.com
gbudb.net
gremlin.ru
gweep.ca
iip.lu
imp.ch
inps.de
interserver.net
jippg.org
justspam.org
kempt.net
kundenserver.de
lashback.com
leadmon.net
mailblacklist.com
mailspike.org
manitu.net
mcafee.com
me.uk
megarbl.net
nether.net
njabl.org
orbitrbl.com
org.cn
pedantic.org
polarcomm.net
pte.hu
rbl.jp
redhawk.org
rothen.com
rv-soft.info
s5h.net
sectoor.de
senderscore.com
services.net
solid.net
sorbs.net
spamcannibal.org
spamcop.net
spameatingmonkey.net
spamfilter.cc
spamgrouper.com
spamhaus.org
spamhaus.net
spamrats.com
surbl.org
surriel.com
swinog.ch
technovision.dk
tornevall.org
trblspam.com
triumf.ca
uceprotect.net
unsubscore.com
v4bl.org
webequipped.com
woody.ch
wpbl.info

# SonicWall

webcfs07.com

# Reference: http://www.blalert.com/dnsbls

0spam.fusionzero.com
88.blacklist.zap
all.rbl.jp
all.s5h.net
all.spam-rbl.fr
aspews.ext.sorbs.net
b.barracudacentral.org
backscatter.spameatingmonkey.net
bad.psky.me
badconf.rhsbl.sorbs.net
badhost.stopspam.org
badnets.spameatingmonkey.net
bl.blocklist.de
bl.deadbeef.com
bl.drmx.org
bl.emailbasura.org
bl.konstant.no
bl.mailspike.net
bl.mav.com.br
bl.scientificspam.net
bl.spamcannibal.org
bl.spamcop.net
bl.spameatingmonkey.net
bl.spamstinks.com
bl.suomispam.net
blackholes.five-ten-sg.com
blacklist.sci.kun.nl
blacklist.woody.ch
block.dnsbl.sorbs.net
block.stopspam.org
bogon.spam-rbl.fr
bogons.cymru.com
bsb.empty.us
cbl.abuseat.org
cbl.anti-spam.org.cn
cblplus.anti-spam.org.cn
cdl.anti-spam.org.cn
cidr.bl.mcafee.com
combined.abuse.ch
combined.rbl.msrbl.net
db.wpbl.info
dnsbl-1.uceprotect.net
dnsbl-2.uceprotect.net
dnsbl-3.uceprotect.net
dnsbl.ahbl.org
dnsbl.anticaptcha.net
dnsbl.aspnet.hu
dnsbl.burnt-tech.com
dnsbl.cobion.com
dnsbl.cyberlogic.net
dnsbl.dronebl.org
dnsbl.inps.de
dnsbl.ipocalypse.net
dnsbl.justspam.org
dnsbl.kempt.net
dnsbl.madavi.de
dnsbl.njabl.org
dnsbl.openresolvers.org
dnsbl.proxybl.org
dnsbl.rv-soft.info
dnsbl.rymsho.ru
dnsbl.sorbs.net
dnsbl.tornevall.org
dnsbl.zapbl.net
dnsblchile.org
dnsrbl.org
dnsrbl.swinog.ch
drone.abuse.ch
dsl.spam-rbl.fr
duinv.aupads.org
dul.dnsbl.sorbs.net
dul.pacifier.net
dul.ru
dyna.spamrats.com
dynip.rothen.com
escalations.dnsbl.sorbs.net
exitnodes.tor.dnsbl.sectoor.de
free.v4bl.org
gl.suomispam.net
hartkore.dnsbl.tuxad.de
hostkarma.junkemailfilter.com
http.dnsbl.sorbs.net
images.rbl.msrbl.net
ipbl.mailhosts.org
ipbl.zeustracker.abuse.ch
ips.backscatterer.org
ix.dnsbl.manitu.net
korea.services.net
l2.apews.org
list.blogspambl.com
lookup.dnsbl.iip.lu
mail-abuse.blacklist.jippg.org
mail-abuse.com
misc.dnsbl.sorbs.net
netbl.spameatingmonkey.net
netblock.pedantic.org
netscan.rbl.blockedservers.com
new.spam.dnsbl.sorbs.net
nomail.rhsbl.sorbs.net
noptr.spamrats.com
ohps.dnsbl.net.au
old.spam.dnsbl.sorbs.net
omrs.dnsbl.net.au
orvedb.aupads.org
osps.dnsbl.net.au
osrs.dnsbl.net.au
owfs.dnsbl.net.au
owps.dnsbl.net.au
pbl.spamhaus.org
phishing.rbl.msrbl.net
pofon.foobar.hu
probes.dnsbl.net.au
problems.dnsbl.sorbs.net
proxies.dnsbl.sorbs.net
proxy.bl.gweep.ca
proxy.block.transip.nl
psbl.surriel.com
rbl.abuse.ro
rbl.blakjak.net
rbl.blockedservers.com
rbl.choon.net
rbl.dns-servicios.com
rbl.efnetrbl.org
rbl.fasthosts.co.uk
rbl.interserver.net
rbl.iprange.net
rbl.megarbl.net
rbl.orbitrbl.com
rbl.polarcomm.net
rbl.schulte.org
rbl.talkactive.net
rbl.tdk.net
rbl.zenon.net
rdts.dnsbl.net.au
recent.spam.dnsbl.sorbs.net
relays.bl.gweep.ca
relays.bl.kundenserver.de
relays.dnsbl.sorbs.net
relays.nether.net
residential.block.transip.nl
rhsbl.sorbs.net
ricn.dnsbl.net.au
rmst.dnsbl.net.au
safe.dnsbl.sorbs.net
sbl.spamhaus.org
service.mailblacklist.com
short.rbl.jp
shortlist.mailhosts.org
singular.ttk.pte.hu
smtp.dnsbl.sorbs.net
socks.dnsbl.sorbs.net
spam.abuse.ch
spam.dnsbl.anonmails.de
spam.dnsbl.sorbs.net
spam.pedantic.org
spam.rbl.blockedservers.com
spam.rbl.msrbl.net
spam.spam-rbl.fr
spam.spamrats.com
spamguard.leadmon.net
spamlist.or.kr
spamrbl.imp.ch
spamsources.fabel.dk
srnblack.surgate.net
st.technovision.dk
t3direct.dnsbl.net.au
tor.ahbl.org
tor.dnsbl.sectoor.de
tor.efnet.org
truncate.gbudb.net
ubl.lashback.com
ubl.unsubscore.com
v4.fullbogons.cymru.com
virbl.dnsbl.bit.nl
virus.rbl.jp
virus.rbl.msrbl.net
web.dnsbl.sorbs.net
wormrbl.imp.ch
xbl.spamhaus.org
xpews.mailhosts.org
z.mailspike.net
zen.spamhaus.org
zombie.dnsbl.sorbs.net

# Reference: https://discuss.newrelic.com/t/what-is-bam-nr-data-net/13848

bam.nr-data.net
50.31.164.166
50.31.164.175
50.31.164.174
50.31.164.165
50.31.164.173

# Spam checking service

ctmail.com

# Reference: https://github.com/hanzhang0116/BotDigger/blob/dff7f5f367932eb91e807d5beac7316c35e27a7f/OverloadDNSWebsites

uribl.com
spamhaus.org
ahbl.org
senderscore.com
dnswl.org
sorbs.net
surbl.org
dob.sibl.support-intelligence.net
spamcop.net
cbl.abuseat.org
list.dsbl.org
psbl.surriel.com
ubl.unsubscore.com
dnsbl-1.uceprotect.net
dnsbl-2.uceprotect.net
dnsbl-3.uceprotect.net
ips.backscatterer.org
ips.whitelisted.org
db.wpbl.info
dnsbl.sorbs.net
spam.abuse.ch
dnsbl.abuse.ch
dnsbl.bit.nl
dnsbl.inps.de
dnsbl.manitu.net
bl.spamcannibal.org
all.s5h.net
dnsbl.anonmails.de
aupads.org
ips.backscatterer.org
b.barracudacentral.org
bl.blocklist.de
list.blogspambl.com
bsb.empty.us
mcafee.com
dan.me.uk
rbl.dns-servicios.com
dnsbl.rv-soft.info
dul.ru
dnsbl.dronebl.org
rbl.efnetrbl.org
efnet.org
blackholes.five-ten-sg.com
dnsbl.iip.lu
spamrbl.imp.ch
dnsbl.justspam.org
dnsbl.kempt.net
mailspike.net
rbl.megarbl.net
nszones.com
dnsbl.openresolvers.org
spam.pedantic.org
rbl.jp
rbl.schulte.org
dnsbl.sectoor.de
bl.spamcannibal.org
backscatter.spameatingmonkey.net
spamgrouper.com
spamsources.fabel.dk
stopspam.org
ubl.unsubscore.com
dnsbl.zapbl.net
resl.emailreg.org
ips.whitelisted.org
sophosxl.net

# Generic

jobseeker.com
ahrtv.cn
asiainfo-sec.com
blockchain.info
szhk.com
qulishi.com
cdn.discordapp.com
mr.un1k0d3r.com
qingting.fm
s1.ax1x.com
postnord.se
token.im
cainiao.com
qingting.fm
bbg.az
bitlaunch.io
mirrors.aliyun.com
discordapp.com
trackingmore.com
qhimg.com
dingtalk.com
msauth.net
playncs.com
winjit.com
cloudflare-dns.com
transmissionbt.com
btloader.com
huorong.cn
lencr.org
tttttt.me
yoursite.com
worldofwarcraft.com
zope.com
paul.is-a-geek.org
btzoo.eu
bootcss.com
snapchat.com
opera.com
pentacloud.dyndns.org
pentasoft.dyndns.org
inagldv.ath.cx
inavrhm.ath.cx
inaiinz.ath.cx
inapavk.ath.cx
inarmet.ath.cx
inakrsc.ath.cx
holobit.homelinux.com
tribalfusion.com
topdns.com
report-uri.io
comodoca.com
geo1.easydns.com
geo2.easydns.net
geo3.easydns.org
geo4.easydns.info
google.pn
google.com.onion
upscore.com
huaweicloud.com
tbcache.com
bittrex.com
mundo3.zapto.org
thomsonreuters.com
dnspod.com
dynupdate.noip.com
mkomarac.duckdns.org
dh5ym.hopto.org
oath.cloud
koprivnica.biz
hamachi.cc
binance.com
gemius.pl
coinbase.com
exdynsrv.com
vkcdnservice.com
thepiratebay.org
area.51.linkpc.net
apcats.ddns.net
partizan-cctv.com
petarkigabit.dyndns.org
111osz7giux5phu7uz4yc3fe247fxn8hys17mge8.ddns.net
remote1.easydns.com
remote2.easydns.com
mzmwireless.ddns.net
nf420d.ddns.net
tinovator.duckdns.org
thd8000.duckdns.org
norefs.com
app-measurement.com
radio101.hr
lexico.com
ericsson.net
ericsson.se
radiocp.from-dc.com
shadowshq.yi.org
chogoon.com
seagull.ddns.net
tracker.empire-js.us
rufus.ie
sci-hub.tw
fe.core.pw
gns1.core.pw
gns2.core.pw
mail4.itu.ch
mail5.itu.ch
mail8.itu.ch
mail9.itu.ch
l850.home
bluecoat.com
beautifultokio.ddns.net
cigla.dyndns-work.com
tracker.kicks-ass.net
vsnl.net.in
multilanguage.xyz
accorhotels.ws
pixhost.icu
sharepoint.com
sk1.selfip.org
promotools.cc
admin.ch
adns1.easydns.com
adns2.easydns.com
litocam.myftp.org
krapanj.dyndns.info
dynamic.tstt.net.tt
aviation-is.better-than.tv
bravohr.dynu.net
oyvine.dyndns.org
croportal.net
elektrokrk.com
pohrani.com
ns-08.webnode.com
ns-09.webnode.com
swisscom.com
tecajevi.freeservers.com
mail.webnode.com
mail1.webnode.com
mail2.webnode.com
accesstutor.tripod.com
a.jimdo.com
tstt.net.tt
static.wix.com
services-geo.wix.com
shoutout.wix.com
huaweicloudwaf.com
bswireless.ddns.net
boxcdn.net
diogen.duckdns.org
mifux.duckdns.org
psiloveyou.xyz
elektrokem.dyndns.org
animiranifilmovi.com
bing.com
cardsgames.club
cratis.cc
defaultmailserver.com
dict.cc
dropboxusercontent.com
security-research.dyndns.org
dropbox.com
nirsoft.net
comcast.net
gmail.cm
gmail.cf
db.tt
api.zanox.ws
www.nirsoft.net/utils
glotorrents.pw
gplus.to
t.domdex.com
forestapp.cc
frog.wix.com
8.26.56.26
8.8.4.4
8.8.8.8
1.0.0.1
1.0.0.2
1.0.0.3
1.1.1.1
1.1.1.2
1.1.1.3
9.9.9.9
185.228.168.168
185.228.168.169
199.85.126.20
208.67.220.123
208.67.222.123
208.67.222.222
64.6.64.6
84.200.69.80
89.233.43.71
94.130.110.185
94.247.43.254
0.0.0.0
255.255.255.255
opendsp.com
pool.ntp.org
tru.am
put.re
2606:4700:4700::1001
2606:4700:4700::1111
2606:4700:4700::1002
2606:4700:4700::1112
2606:4700:4700::1003
2606:4700:4700::1113
msn.com
azureedge.net
rubrkik.ga
microsoftstream.com
azurewebsites.net
office.com
keep2share.cc
dropboxusercontent.com
facebook.com
es.pn
wywx.xyz
kaloo.ga
msgamestudios.com
worldssl.net
vanuatu.com.vu
sotelma.ml
robtex.com
check.googlezip.net
ingress-guard.tk
mshome.net
playx.fun
knjige.club
etcd.socket
philaorch.org
mozilla.org
discord.gg
ebay.com
xbox.com
uservoice.com
gitcdn.xyz
pushpad.xyz
163.com
printfleet.com
medtronic.com
fina.hr
ina.hr
in2.hr
pbz.hr
ht.hr
.rba
.rh
nirvana.easydns.net
tor-exit-node-x1.mooo.com
super59.ddns.net
pacer.cc
rvpn-api.ws
nic.xyz
tor-proxy-readme.tcp4.me
filmativa.ws
fmovies.wtf
epizode.ws
adult-movies.cc
verticals.wix.com
www.wix.com
96.wix.com
.centar
.corp
gca.sh
genotypeinczgrxr.onion
imgtube.net
imgchili.net
sport7.ws
stream2watch.ws
imgdew.pw
www.freebookspot.es
popin.cc
nigembassyrabat.org
super59.ddns.net
2000me.dd-dns.de
kinoteka.biz
parkingcrew.net
username.wix.com
gledaj-online.com
kinoteka.biz
fut.mine.nu
global.quickconnect.to
dec.quickconnect.to
gestyy.com
livetv.sx
members.tripod.com
cdn.000webhost.com
bypassed.ooo
a.ns.tk
b.ns.tk
c.ns.tk
d.ns.tk
a.ns.ga
d.ns.ga
adis.ws
joins.com
adop.cc
culturalvistas.org
cdn.000webhost.com
files.000webhost.com
hr.000webhost.com
rest.000webhost.com
kuntv.pw
road.cc
mwbsys.com
lxdns.com
jwplatform.com
issuu.com
advertising.com
unpkg.com
onesignal.com
zohocorp.com
ironport.com
checkpoint.com
fortiguard.net
eset.com
fireeye.com
windows.net
jsdelivr.net
twilio.com
wixapps.net
necan.gov.np
jsdelivr.com
bitbucket.org
github.com
milftube.su
gate.cc
streamapi.xyz
artplanet.su
bishkek.su
evolife.su
gigalink.su
viptelecom.su
infoline.su
infosys.su
ipserver.su
kgts.su
krasnoyarsk.su
masterbit.su
nsk.su
redhost.su
soes.su
spb.su
strizhak.su
persky.su
tomsk.su
transfer.su
vernet.su
viptelecom.su
yaroslavl.su
adult.xyz
best-journal.xyz
ytmp3.cc
balancers.42.wix.com
ding.wix.com
progallery.wix.com
apps.wix.com
ecom.wix.com
social-blog.wix.com
dc11.wix.com
sslstatic.wix.com
stores-counters.wix.com
wwworigin.wix.com
edu.cn
edu.sg
edu.ph
ibb.co
imgbb.com
uvnc.com
glotorrents.pw
mandiant.com
pgz505.servehttp.com
prszg.ddns.net
dynupdate.noip.com
dynupdate.no-ip.com
davor.dyndns-server.com
hardjura.selfip.info
japa88.ddns.net
notar-jakic.dyndns.biz
pozega.dyndns.org
prszg.dyndns.org
kastela.dyndns.info
members.dyndns.org
bolnica-vt.no-ip.org
ncore.cc
news-host.pw
mozilla.com
office365.com
.goog
members.webs.com
mp3viper.me
emp3world.so
btorrent.xyz
justproxy.io
histats.com
systemcontrolvpn.ddns.net
xplanet.dyndns.org
perfekta.dynalias.org
zulcselce.dyndns.org

# long-domain names (e.g. 03020749dotbjdot89dot249dot108dot53q1w2e3rty)

waseda.jp
u-paris.fr
london.ac.uk

# NS of afraid.org

evergreen.v6.afraid.org

# NS of no-ip.com

nf1.no-ip.com
nf2.no-ip.com
nf3.no-ip.com
nf4.no-ip.com
nf5.no-ip.com

# Sh.ty ad / tracker networks introducing noise (e.g. long subdomain names)

ir3.xyz
hyperhost.icu
bxczchdxynw.com
lunrac.com
51.la
tradeaccess.ltd
yldbt.com
trackidea.xyz
marketingcloudapis.com
online-metrix.net
adbrn.com
adsco.re
adshostnet.com
mucocutaneousmyrmecophaga.com
scorecardresearch.com
dsp.io
postaffiliatepro.com
askmediagroup.com
litix.io
ubembed.com
conviva.com
hrins.net
imrworldwide.com
casalemedia.com
advertising.com
agentanalytics.com
rs6.net
moatpixel.com
adjust.com
appsee.com
found.io
trafficmanager.net
report-uri.com
omtrdc.net
playground.xyz
app.link
lkqd.net
yoox.com
adnxs.com
ads.playground.xyz
btrll.com
mmstat.com
sdad.guru
markedup.com
yottaa.net
advertserv.net
ixhash.net
spotxchange.com
thebrighttag.com
outbrain.com
acidityfoamy.com
strongexplain.com
activehosted.com
sensic.net
zinphyra.com
adscale.de
pacloudflare.com
mybestdc.com
ads.cc
laus.cc
ankiety.ml
apnanalytics.com
dartsearch.net
ift.tt
alephd.com
jumptap.com
advrcsr.xyz
list-manage.com
oath.cloud
imgfarm.com
qadservice.com
airliquide.com
lupus-bra.com
rotumal.com
red-gate.com
clicksor.com
as2pawnib8ib.com
srvng.xyz
rbi.cloud
comm100.com
adcolony.xyz
newss.pw
inputstreamreader.link
dll-host.cf
ms-dev.cf
networkhost.ga
network-host.cf
ioexception.in
service-host.cf
dll-server.ga
svc-host.net

# Google crawlers

35.184.0.0/13

# Google (appeared on VoipBL)
# Reference: https://emailstuff.org/spf/check/_netblocks.google.com

35.190.247.0/24
64.233.160.0/19
66.102.0.0/20
66.249.80.0/20
72.14.192.0/18
74.125.0.0/16
108.177.8.0/21
173.194.0.0/16
209.85.128.0/17
216.58.192.0/19
216.239.32.0/19

# Google

216.58.192.0/19
172.253.0.0/16
172.217.0.0/16

# Apple

17.0.0.0/8

# Microsoft

204.79.196.0/23
204.79.195.0/24

# crl.comodoca.com, crl.comodoca4.com, crl.sectigo.com, crl.trust-provider.com, crl.usertrust.com, ocsp.comodoca.com, ocsp.comodoca4.com, ocsp.intel.com, ocsp.netsolssl.com, ocsp.sectigo.com, ocsp.securecore-ca.com, ocsp.ssl.com, ocsp.trust-provider.com, ocsp.usertrust.com

151.139.128.14

# Teamviewer

37.252.227.51

# SupRemo

supremodesk.com
nanosystems.it

# Microsoft's network connectivity check domain

msftncsi.com

# Microsoft's SmartScreen

ucsuri.tcs

# Reference: https://github.com/Bigjoos/U-232-V4

forum-u-232.servebeer.com

# Reference: https://apkscan.nviso.be/report/show/e2646fe8fd76bf2c2d413b056b76f7d9
# Reference: https://www.virustotal.com/#/file/71487fc3f0b75d5e75bf9ae849ee5cd80f0688428fd06103becb80432036a16e/detection
# Note: Android's Battery Doctor (FP on abuse.ch)

cfg.cml.ksmobile.com

# Reference: https://docs.fortinet.com/vm/xen/fortigate/6.2/xen-cookbook/6.2.0/615472/configuring-port-1
# Reference: https://www.virustotal.com/gui/ip-address/208.91.112.52/details (# DNS address of Fortinet)
# Reference: https://www.virustotal.com/gui/ip-address/208.91.112.53/details (# DNS address of Fortinet)

208.91.112.52
208.91.112.53
208.91.112.55

# AppleID resource

appleid.apple.com

# Reference: https://github.com/stamparm/maltrail/commit/37f7a4be0da57a5639549388db567948cd7cbba4
# Reference: https://twitter.com/ItsReallyNick/status/928155800123658241

fbsbx.com

# Sh.ty (mail) spammers introducing noise

remedypub.ga
victoryms.fun
roysong666.vicp.cc
biblemission.jkub.com
sun.itsaol.com
abx.publicvm.com
loginrecovery.org

# Reference: https://419scam.org/419-by-domain.htm  # Note: only .tn as most seen as noise

bmwpromoxx.kr.tn
vinohrady.ee.tn
greenxwaav.jp.tn
nk11.jp.tn
greenincxx2.ph.tn
mrbillv.hk.tn
barclays.hk.tn
hgregr.jp.tn
bnhjkee.sa.tn
greenxxc.cn.tn
departmentpayma.cn.tn
hiyleed.jp.tn
uni12.jp.tn
dalolo.jp.tn
domaininxx.sa.tn
fdh7.gr.tn
fgrert.jp.tn
hteyrs.cn.tn
lee3.bd.tn
mrbillk.hk.tn
clpayofficedepat.jp.tn
hjdtell.pl.tn
hjdtewe.pl.tn
puahyle.cn.tn
unhdevp.uk.tn
ups21.jp.tn
aadmin.jp.tn
gigs21.ma.tn
green1xx.jp.tn
greenqqa.cn.tn
hfhfhgg.jp.tn
hgdfhd.ro.tn
jhudwe.tr.tn
jime3.jp.tn
makmoor.cn.tn
pmon12.jp.tn
predos.uk.tn
ubal.ma.tn
weer4e22.jp.tn
westerl.jp.tn
winnerdona.uk.tn
adsdss.jp.tn
cadese.hk.tn
cbnmailofficer.ro.tn
eftu.uk.tn
egamel111.ae.tn
egumama.cn.tn
ejeli.jp.tn
gdhdu.cn.tn
gig1.tr.tn
greenxqazz.jp.tn
gvgfhgf.th.tn
hjdgte.cn.tn
jime1.sg.tn
kgmn.jp.tn
likawes.ph.tn
metroroad.hk.tn
modele.jp.tn
mrfreemanrichary.jp.tn
msjm.jp.tn
olendk.jp.tn
philliphubert.ma.tn
sau3.jp.tn
thythouthe.jp.tn
ueo89.sg.tn
viewspec.ph.tn
wali1.jp.tn
westernunion.ph.tn
wumm.ee.tn
wwwww.uk.tn
ahem0.vn.tn
bank.bd.tn
bhbjjjbjbj.jp.tn
bhdm.jp.tn
bigates08.hk.tn
businesspress.bd.tn
cbnmailonline2.sa.tn
ccncncc.jp.tn
chimgo.vn.tn
chisom.vn.tn
citibnk.za.tn
cliffpordubaka.ro.tn
data01b.th.tn
desssws.ae.tn
dffuuytr.jp.tn
dhl9.ir.tn
donate11003.jp.tn
donate4o21.jp.tn
donate99.jp.tn
drjurgemoore.sa.tn
e976543.ro.tn
ecolxx1234.jp.tn
efcc20109.ae.tn
eldmain.th.tn
fayemi.tr.tn
fdt1.jp.tn
ferroliveira.jp.tn
fhhhjed.ro.tn
flakin.jp.tn
gbege.ph.tn
gdrtyf.jp.tn
ggfgdfdd.kr.tn
ggghb.ee.tn
gghy1.jp.tn
government-nig.ee.tn
greenxxeea.cn.tn
greet3.bd.tn
gsgdggf.th.tn
hggg.sg.tn
hgstgd.pk.tn
infor03.jp.tn
iweem.jp.tn
jjfifif.ae.tn
jkfjdew.cn.tn
jkml.ma.tn
juuksuriari.ee.tn
llaaaa.ph.tn
motoharax.cn.tn
mrbill1dg.hk.tn
mrbrigstephen.uk.tn
ni223.jp.tn
nik212.jp.tn
odogwu.vn.tn
offdeptgrant.cn.tn
officediplomat.gr.tn
oksjhugsf.jp.tn
park.pk.tn
plesscxbbb.jp.tn
qqqq.ro.tn
revthom.th.tn
revthomas.uk.tn
rftghjuk.ph.tn
rmkfkkg.ma.tn
sghbf65.kr.tn
shatsui.hk.tn
shichirou.cn.tn
ssdee.th.tn
sututu.cn.tn
tanudja.cn.tn
thghghghj.jp.tn
thurson.th.tn
titi.jp.tn
try4.jp.tn
uniyed.bd.tn
ursget.jp.tn
uutg.jp.tn
vcette3121.hk.tn
westernuu.uk.tn
wholesale.jp.tn
11sihuan22.cn.tn
90655.kr.tn
aaaaavvbbb.th.tn
access.ng.tn
adam.ma.tn
addmin.jp.tn
affjkk55.pl.tn
airport12.sa.tn
alex.sa.tn
anntgoder.ng.tn
arylisa.ae.tn
aseend.jp.tn
ati.tn
auwi.jp.tn
bankpl.bd.tn
bankplc.bd.tn
bankplcs.bd.tn
barristerjose.ph.tn
bcvcc.jp.tn
bellomik.jp.tn
benson.sg.tn
bfvghh.jp.tn
bht1.jp.tn
bmwpromoza.hk.tn
bnbn.jp.tn
bother123456.jp.tn
bures666.ee.tn
businesspress.ee.tn
bvfgg.ro.tn
cbnmailonline201.kr.tn
centralbnkint.sg.tn
ceo.ir.tn
charity1home6.tr.tn
chizu.cn.tn
cititecinc.jp.tn
cliffubaka.ro.tn
contractors.ng.tn
customs.pk.tn
cxvxfcxfxf.jp.tn
daba.th.tn
dav9.pk.tn
davisis.cn.tn
dcxzz.jp.tn
delivery.bd.tn
demighty.jp.tn
dfrhhts.jp.tn
dfxfggffdfd.sg.tn
dhjrfe.cn.tn
dhl2.ee.tn
dipjohnag88.jp.tn
donate1103.jp.tn
donate11543.jp.tn
donate128d.jp.tn
donate303.gr.tn
donate47.hk.tn
donsgs.cn.tn
double.vn.tn
dsdf.jp.tn
dssddsdssds.jp.tn
effah1111.cn.tn
egoes.pk.tn
ezege.ph.tn
fattty.jp.tn
fatty.jp.tn
fbioffice45.sg.tn
fdh44.jp.tn
ffgdfddf.sa.tn
ffgdggfgf.ro.tn
fgdgdf.ro.tn
fgfgfhg.ro.tn
fgggghhg.sg.tn
flymsy.hk.tn
flymsy.kr.tn
flymsy.th.tn
food2.jp.tn
fsgsfsrs.jp.tn
garri1.jp.tn
garry.jp.tn
gbftwq.ma.tn
gbvcx.jp.tn
gfergerggggggg.ro.tn
gffdsfghhhh.bd.tn
gfgfgfgfgf.ma.tn
gfnbahjk367.pk.tn
ggs24.jp.tn
gigs13.tr.tn
gile4.ma.tn
gonn.ir.tn
greenxxeeg.jp.tn
greenxxeet.jp.tn
gtdgdjdkjh.jp.tn
gugo.sa.tn
hakimotoxx.jp.tn
hfbh.uk.tn
hghghgf.sa.tn
hghghggh.jp.tn
hghgjgjg.jp.tn
hhddg.kr.tn
hhgbhvh.hk.tn
hhhgyttgf.jp.tn
hhhty1.jp.tn
hilr.jp.tn
hjdtel.jp.tn
hjdteyu.hk.tn
hjdtsbe.cn.tn
hjnm.kr.tn
hjytg.jp.tn
hope.ro.tn
hsa1.jp.tn
hunghoule.hk.tn
ibukota.jp.tn
info.vn.tn
info42.ph.tn
irottt1011ty.ph.tn
iyt7t.pl.tn
james56.sg.tn
jan09.ng.tn
jarvexxx.ee.tn
jashhss.sg.tn
jhgfderty.jp.tn
jkhjk.jp.tn
jkn1.jp.tn
jockpot.sg.tn
johnhhhh.ee.tn
juinz.kr.tn
kfgkfg.vn.tn
kkkkkkxxxx.ir.tn
kkl1.jp.tn
kpuya.sg.tn
krkx.kr.tn
lant.ph.tn
lauretta.ir.tn
lesmono.cn.tn
linkit.bd.tn
liny.jp.tn
lkmj.jp.tn
loloko.sg.tn
lottofile.hk.tn
lucasxx1.uk.tn
m7gd.jp.tn
mall.ir.tn
massiveemail.gr.tn
mike0123.ng.tn
mko999.bd.tn
monicasmith01.th.tn
myhs.jp.tn
nbyvc.jp.tn
nkechyyy.kr.tn
nwachi101.ir.tn
oblin.tr.tn
offic-government.bd.tn
office31.jp.tn
officemailssmail.kr.tn
officer366.jp.tn
officer367.jp.tn
officialmail04.jp.tn
officials.ir.tn
ofun.jp.tn
oka34.sg.tn
okoloei.jp.tn
okwa.vn.tn
onlineaccess.cn.tn
onyezem.cn.tn
oplin.sg.tn
paymentunit.bd.tn
peterson.cn.tn
planet.pl.tn
postm1.sg.tn
qqaq.jp.tn
qza1.jp.tn
rev21.ae.tn
rob1.ph.tn
roycen.pk.tn
rtsxfy.jp.tn
rtyyuytois.jp.tn
ryouta.jp.tn
sdamdwa.jp.tn
secretary1.gr.tn
seof.jp.tn
shichiro.vn.tn
slentt.ma.tn
spurny417.ee.tn
tang.cn.tn
textile.sg.tn
tghdty.cn.tn
ti1n.jp.tn
tiawan.cn.tn
tity.jp.tn
todayiknowsisgoo.jp.tn
tosokchon.kr.tn
trvtrtr.jp.tn
tsydu.sa.tn
ttbrtb.sa.tn
twwerr.bd.tn
tyfguhjk.cn.tn
ubaj.ng.tn
ubak.ro.tn
uee46.sg.tn
uin1.jp.tn
un2.cn.tn
un6.cn.tn
unco.jp.tn
unphdev.uk.tn
uss25.sg.tn
uudfjhfk.jp.tn
vfgunited0.th.tn
voite.sg.tn
webdek.vn.tn
wert922.uk.tn
wertyruyo.th.tn
westernunionmoneytransferoffice19.ph.tn
westley.jp.tn
wethe.hk.tn
wewew.jp.tn
willi34.gr.tn
wnhtpx.kr.tn
wqqa.jp.tn
yfyuffyuuyfuh.jp.tn
yklj.uk.tn
yokwong.jp.tn
100card000office.jp.tn
2334rgg.bd.tn
23frinkfile1.sg.tn
3585.kr.tn
6543werewwtyre.kr.tn
73okhghinc.jp.tn
7456.kr.tn
7545.kr.tn
78965.kr.tn
8539.kr.tn
857jsgdinc.jp.tn
9089vhvbbv.jp.tn
a543454gr.pk.tn
aaaaaaasdf.hk.tn
abnszgsk.gr.tn
academia.bd.tn
account.tr.tn
adamk.sg.tn
adbank.za.tn
adminn01.jp.tn
ads.cn.tn
afagsd.jp.tn
african222.ma.tn
africanunion.ae.tn
agadazee.sg.tn
ajajabuuxx.jp.tn
akpantuaguleri.jp.tn
akunakaoffice.jp.tn
alecso.org.tn
americanfther.sa.tn
aminu1.jp.tn
amira.jp.tn
asdf.uk.tn
aszxplok.jp.tn
atm1.bd.tn
atmcarddelivery.jp.tn
atmond.uk.tn
aviomahdavid.kr.tn
awsedghyf.ph.tn
ayumu.cn.tn
baclavcz.ee.tn
bankatmcard.jp.tn
bankia.tr.tn
bankinformations.gr.tn
bankofamerica1.jp.tn
bankplcn.bd.tn
basedomainoff.cn.tn
bbhvcvfggcv.jp.tn
bbn1.jp.tn
bboothy12.ae.tn
bbvc.jp.tn
beebee312.cn.tn
benobi.hk.tn
bgdt.jp.tn
bgf6.jp.tn
bggf.jp.tn
bigates07.hk.tn
bigg.sa.tn
bj-government.th.tn
bjbw.sa.tn
blarckifr234.jp.tn
blessed1.cn.tn
bmnbmbnm.jp.tn
bmwlottery212.jp.tn
bmwpromoxx.hk.tn
bnnol.jp.tn
bnzcaew.jp.tn
boxegbff.jp.tn
breez.bd.tn
briggstephen.pl.tn
brixxy771.ph.tn
bryan.ma.tn
bssx.jp.tn
businessmogs.bd.tn
businessmogs.cn.tn
businessmogs.gr.tn
businesspress.ae.tn
bvcxzs.jp.tn
bvcxzy.jp.tn
bvdad.jp.tn
bvfhdn.jp.tn
bxxng.jp.tn
card.th.tn
cardo.jp.tn
cashbeachs.hk.tn
cass.sg.tn
cbnmailonline.sa.tn
cccdg.uk.tn
ccjcjccvvv.jp.tn
ccvnf.jp.tn
cenbank.ng.tn
cenbanknig.ng.tn
centralbankng.ng.tn
centralbanknig.ng.tn
cfdscs.kr.tn
cffiici.sg.tn
cfr1.jp.tn
charles01.ng.tn
charles03.ng.tn
charleskban.cn.tn
chiomam.cn.tn
cmbk-cn.jp.tn
cnbservice.tr.tn
consultant2si.ma.tn
csds.jp.tn
cwkwt.ro.tn
cy7865a.ma.tn
dagogo123.sg.tn
daisyworld.kr.tn
daj8.gr.tn
data7.th.tn
datapost.ro.tn
dav09.gr.tn
davecamp.gr.tn
davi.vn.tn
daviis.cn.tn
daviis.jp.tn
davis.pk.tn
davis.ro.tn
dawsunsusan.ae.tn
dcxzxz.ir.tn
ddffdddfdf.sa.tn
delightedzone.pk.tn
delivery.ma.tn
deliveryofatmca1.jp.tn
deliveryofatmcar.jp.tn
demariaa.tr.tn
department.gr.tn
department.sa.tn
depaymentoff.cn.tn
deptofficesstp.cn.tn
dfdfddfdf.sg.tn
dfdfdfdfdfd.pl.tn
dfdfs.tr.tn
dfdvdd.jp.tn
dfffggddf.th.tn
dffggh.pl.tn
dfgdtyr.jp.tn
dfgffgff.ph.tn
dfgfhdhdh.jp.tn
dfghghfg.th.tn
dfghjkl.jp.tn
dfhskjf.jp.tn
dgfdfgfds.ro.tn
dgfghhte.vn.tn
dgrffrdtrdcnjytr.pk.tn
dhfhfh.bd.tn
dhjdg.ph.tn
dhje.sa.tn
dhl28.jp.tn
dhll1.bd.tn
dibiamaka.jp.tn
die1.jp.tn
diplomat.jp.tn
djdgdnm.vn.tn
dnorris.ma.tn
dobesova.ee.tn
domoersty.ph.tn
donate00.jp.tn
donate013.jp.tn
donate11029.jp.tn
donate1106.jp.tn
donate11111.jp.tn
donate1150.jp.tn
donate1193.jp.tn
donate12231.jp.tn
donate1432.jp.tn
donate17.jp.tn
donate190.jp.tn
donate312.gr.tn
donate4000.jp.tn
donate44029.jp.tn
donate4o4.jp.tn
donate96.jp.tn
donation124.jp.tn
donationuk.uk.tn
doungua.cn.tn
douped.uk.tn
drobi.jp.tn
dsafjfjsjfjfjsdj.tr.tn
dsdffdfsd.kr.tn
dsdssdsdsdsd.jp.tn
dsstv.kr.tn
dumex10.ro.tn
earthlink.jp.tn
ed8811.ee.tn
edrewwe.ma.tn
edrfdx.cn.tn
edwardaa.jp.tn
eexxs.jp.tn
ekeoffk.uk.tn
embassyfilereccord.sg.tn
enockl.jp.tn
ere.cn.tn
erews.jp.tn
ertrtr.jp.tn
esternfundingi.ee.tn
ewku.jp.tn
ewrqwe.kr.tn
fagra.cn.tn
fahmisameh5.ro.tn
farida.ng.tn
faybassu.sg.tn
fbbnn.jp.tn
fbi-gov.ee.tn
fbi-govt.ee.tn
fbigov.ee.tn
fbigov.uk.tn
fbigovn.kr.tn
fbyi.vn.tn
fccns.uk.tn
fdeert.kr.tn
fdfdfgdf.kr.tn
fdffffdfdf.ir.tn
fdgfteuyr.sg.tn
fdggfff.pl.tn
fdh4.jp.tn
fdreshhjygg.jp.tn
fdrsa.sg.tn
fdsfsrsrsr.ir.tn
fdsii.vn.tn
fdss3.bd.tn
fdssd.jp.tn
fdsst.bd.tn
fdssti.bd.tn
fdssu2.bd.tn
fedex-ng.ng.tn
fedfed.bd.tn
fedreseverbn.pk.tn
femi.cn.tn
ffddddf.sg.tn
ffdffdgf.ro.tn
ffdghdtye.jp.tn
ffdw09897867fdfs.ae.tn
ffffw334e.jp.tn
fffggfgfhfh.sa.tn
fffj.jp.tn
ffgggfgfd.kr.tn
ffr1.jp.tn
ffun.jp.tn
fgct.ph.tn
fgdsw.ro.tn
fgffffdff.tr.tn
fgffgfg.ph.tn
fgggggg.bd.tn
fghf.jp.tn
fghgjnb.ro.tn
fgtyu.sg.tn
fhgfhgh.kr.tn
fhry.jp.tn
fianlapproval.sg.tn
fingo.hk.tn
finish6.jp.tn
firee.za.tn
fjwg.sa.tn
fkie.jp.tn
flymsy.cn.tn
flymsy.ma.tn
flymsya.sa.tn
fmfinance.ng.tn
fongvictor.cn.tn
foretyrt.kr.tn
foundationinc.ph.tn
fqqe.sa.tn
frank.uk.tn
frisss.pk.tn
fsa.jp.tn
fsde.jp.tn
fsfggfdf.kr.tn
fshfa.ro.tn
fshsssw.vn.tn
fssf.th.tn
ft5.cn.tn
fue1.jp.tn
fujhytg.jp.tn
fundcompleted.bd.tn
fundremit.za.tn
funds.ee.tn
fundsfunds.gr.tn
fxdffdffd.ro.tn
fyuut.jp.tn
gaert.ma.tn
gayryrdjhfyol.ir.tn
gdddd.tr.tn
gdddddd.jp.tn
gdewrs.cn.tn
gdfdfhfdgffg.jp.tn
gdffd.pl.tn
gdhxxx.ro.tn
gdya.jp.tn
gendo.ee.tn
gentility.sg.tn
george9.jp.tn
gfhfhffhf.jp.tn
gfhfyf.jp.tn
gfhgfh.jp.tn
gfshjshdg.jp.tn
gftyumoustred.jp.tn
ggbi.hk.tn
ggf9.jp.tn
ggfffd.ma.tn
ggffgf.sg.tn
ggffhfg21.jp.tn
gghsvcsdgbf.jp.tn
ggt147.jp.tn
ggt82.jp.tn
ghbvn.jp.tn
ghfds.jp.tn
ghfh3.jp.tn
ghfhf.kr.tn
ghjkjf.jp.tn
gjdgtd.vn.tn
gkj1.jp.tn
glowith.uk.tn
goergemwhite.sa.tn
gones2.jp.tn
gooder.ae.tn
googpape.uk.tn
governments.pk.tn
governmenttx.ng.tn
governmenty.ae.tn
graces.za.tn
grandkopings.jp.tn
grandkopingss.jp.tn
grantwin.ae.tn
grateahnsj.za.tn
grede.vn.tn
greeenn.tr.tn
greenvilecc.jp.tn
greenxxeen.jp.tn
greenxxeex.jp.tn
greenxxeex12.cn.tn
greenxxewq.jp.tn
gtfrdee.jp.tn
gtrsrstra.pl.tn
gudhdhlsiks.sg.tn
gvvdfrty.cn.tn
hagsbdy.ir.tn
hagsgs.ph.tn
hagswerw.kr.tn
hakiraxx.jp.tn
hakofujita.gr.tn
hannah05.cn.tn
hannah7.cn.tn
harry.pl.tn
harry01.ma.tn
havense.jp.tn
haxta.ma.tn
hbhhh.sg.tn
hbnmd.gr.tn
hddn.sa.tn
hdffj.jp.tn
hdhddjff.jp.tn
hdjdd.jp.tn
hdjhjdjfj1122.ph.tn
headoffice.ph.tn
hesa.jp.tn
hfgin.sa.tn
hfguhghjb.jp.tn
hgf2.jp.tn
hgftft.bd.tn
hggddss.jp.tn
hghhghgh.jp.tn
hgkjgffd.ma.tn
hgkmt.jp.tn
hgtre.pl.tn
hgtyu7.ph.tn
hhffffh.bd.tn
hhgi.hk.tn
hhhh.bd.tn
hhj667.pl.tn
hhthtt.jp.tn
hhyyhyy.sg.tn
himogambo.cn.tn
hire.jp.tn
hiwiky.kr.tn
hjff.jp.tn
hjgfd.vn.tn
hjhjghg.bd.tn
hjkf.jp.tn
hkuytin.th.tn
hngt.bd.tn
hnkt.jp.tn
hoatmirrvo.ir.tn
homeand.jp.tn
honorable1.jp.tn
hruhrigkrng.jp.tn
hsaqxbn.jp.tn
hsget.jp.tn
hsgot.jp.tn
htjkhg.jp.tn
htrhrh.jp.tn
huang.cn.tn
hune.jp.tn
hunt.jp.tn
hutrel.pl.tn
huyiyo.ro.tn
hwmk.jp.tn
hxxt.jp.tn
hyfrudio.jp.tn
hygf.jp.tn
hytgfghkj.jp.tn
ibrahim.vn.tn
icp7.jp.tn
idima.jp.tn
ifechiaman.hk.tn
ifirstbank.tr.tn
ijeoma.hk.tn
ikejames.sa.tn
ikeorrina.jp.tn
ikfgf.za.tn
imf1.cn.tn
imff1.jp.tn
imfoffice014.jp.tn
inboxsender.jp.tn
infirstbanka.tr.tn
infoincc.jp.tn
infomail2.kr.tn
infomation0.hk.tn
infor.jp.tn
infor01.jp.tn
infor02.jp.tn
infor05.jp.tn
infor1.jp.tn
infor8.jp.tn
iuba.ng.tn
iya.th.tn
jacctlxk.cn.tn
jamesdd.ma.tn
jar01.cn.tn
jattke.ph.tn
javcnmsg.pk.tn
jbvdgdj.jp.tn
jdhdh.jp.tn
jdjmn.jp.tn
jeewbf.ro.tn
jemok.sa.tn
jerryjames.jp.tn
jerryjerr.uk.tn
jfhgvijdf.jp.tn
jgguuftuujihgyh.ee.tn
jgjwk.sa.tn
jhdk.jp.tn
jherse.ro.tn
jhgsrd.pl.tn
jhjjhjhj.jp.tn
jhjnm.jp.tn
jhtyhj.sg.tn
jhyrts.cn.tn
jilings.ee.tn
jirwnse.vn.tn
jjfsfsaa.bd.tn
jjgjgjgggg.jp.tn
jjjhhjjg.jp.tn
jjjj01.pl.tn
jjjjj.jp.tn
jjjjjjs.pl.tn
jjkhgfds.jp.tn
jjnjn.cn.tn
jkde.jp.tn
jkdsjjsdis.jp.tn
jkdssssssssss.jp.tn
jkfhjfl.jp.tn
jkfhyr.sg.tn
jkk22.pl.tn
jkm1.jp.tn
jkt1.ee.tn
jnnnhu4.jp.tn
johnbbvgffv.jp.tn
johnj.za.tn
johnmike00.uk.tn
johnsss.ro.tn
johnury7yh.za.tn
joiu.ir.tn
jons.hk.tn
jooe.gr.tn
joonh.jp.tn
joyce.uk.tn
joyfav1.ph.tn
jpaa.gr.tn
jpgp.jp.tn
jshhd.ir.tn
juan.ph.tn
jude99.jp.tn
judepkk.jp.tn
juiod.ir.tn
julius.jp.tn
junas.ph.tn
junkboxes56.jp.tn
juster.ae.tn
kachukwu9.jp.tn
kal4567.bd.tn
kamik.uk.tn
karachi01.ro.tn
karetd.ma.tn
kasper.kr.tn
kdrty.kr.tn
keeyceey.uk.tn
kelem32.sg.tn
kfjfj.kr.tn
kfkfk.th.tn
kiay.jp.tn
kijack05.ro.tn
kikikiojo.th.tn
kiklas76.jp.tn
kins.jp.tn
kkjdhjdh.jp.tn
kksjsjnhsdb.jp.tn
kkttr.kr.tn
kkuy.jp.tn
kljuyy.uk.tn
klliouyt.ph.tn
kmnh.jp.tn
kojo.uk.tn
kojus.jp.tn
koneh.pl.tn
kongod.sg.tn
kqwa.jp.tn
kqwz.jp.tn
kumarxxy.ir.tn
kuot.sa.tn
kuotr.bd.tn
kwakashi.hk.tn
kwokwah.hk.tn
larry.za.tn
lausisosk.sg.tn
law1.jp.tn
lawyers551.ir.tn
layiiiio.za.tn
ldkfd.hk.tn
leemakers.jp.tn
lfel.jp.tn
lhkhihosras.th.tn
lighthousejr123.uk.tn
likawa.ph.tn
lilberth.jp.tn
liman2.cn.tn
ling-hsien.tn
live.vn.tn
livictor.ma.tn
lkj1.jp.tn
lllllhshshhss.jp.tn
lonodex.tr.tn
lopezp.ro.tn
lucifer.jp.tn
lucky1116.ee.tn
luke.ro.tn
maduzari1xx.jp.tn
magi.jp.tn
mags.jp.tn
makedss.jp.tn
malcolm.vn.tn
management.bd.tn
management11.bd.tn
manyways.ro.tn
marelottins4.jp.tn
martins12.uk.tn
martins122.kr.tn
martins16.uk.tn
martinsmillery.kr.tn
mary1.pl.tn
mastersteven.sg.tn
maza1.jp.tn
mclesqe.vn.tn
me774.kr.tn
mediapub4.jp.tn
melu1.jp.tn
mhtwfv.kr.tn
mikel.jp.tn
missloreittabab.bd.tn
mkhsj.jp.tn
mmaaa.tr.tn
mnbnbnmbn.jp.tn
mnon.uk.tn
mobi.sg.tn
mohamdd.vn.tn
moit567.pl.tn
moke.cn.tn
monday.za.tn
mone.ir.tn
moneygram.ir.tn
monicasmith.uk.tn
mover.cn.tn
mqwp.jp.tn
mrbill1g.hk.tn
mrbill22.hk.tn
msms.jp.tn
mtom.jp.tn
muel5.jp.tn
myhm.jp.tn
myprivate.bd.tn
n87965.ae.tn
nameju.kr.tn
naruwa.jp.tn
national-lottery.uk.tn
nationallottery.uk.tn
nationalulottery.uk.tn
natwest1.jp.tn
nbhbnhty.jp.tn
nbxccccbb.bd.tn
nhbgtfv.ir.tn
nhdhdg.uk.tn
nk112.kr.tn
nnnosis.cn.tn
nolk.tr.tn
nsde.jp.tn
nvcvcv.jp.tn
nxjxjxjxjxds.jp.tn
obagomasterr.za.tn
obii.ma.tn
odedeb1.hk.tn
offic-government.ae.tn
office-lino.ae.tn
office1.jp.tn
office170.jp.tn
officecare002.uk.tn
officee.jp.tn
officee361.jp.tn
officefile2.uk.tn
officefile988.bd.tn
officefilenow.ph.tn
officemail334021.jp.tn
officer361.jp.tn
officer364.jp.tn
officexx.hk.tn
officexx1245.cn.tn
officialmail05.jp.tn
offive.jp.tn
oficeserver.bd.tn
ogada.jp.tn
oilnn.pk.tn
oiuw.jp.tn
oka1234.ir.tn
okart.pk.tn
okep.jp.tn
olomolo.jp.tn
olsjsus.hk.tn
online.jp.tn
onyenkem.jp.tn
oosis.jp.tn
organization1ofa.ng.tn
osalim.cn.tn
otywgh7676.jp.tn
ougedr.jp.tn
ouieuw.jp.tn
owolobe.uk.tn
owololo.uk.tn
owosni.vn.tn
park.gr.tn
park.ir.tn
pastor.sg.tn
paulben.jp.tn
pdgoinc.ee.tn
pellon.sg.tn
peterjames.sg.tn
piiy.jp.tn
plmbvc.cn.tn
pmdw.uk.tn
poon.jp.tn
posit.jp.tn
postmail.ir.tn
pranaa.cn.tn
precious.ro.tn
primespecxx.ph.tn
profmatarrese.jp.tn
pullengyt.jp.tn
qqqqqq.vn.tn
qqssww.ro.tn
qrr7.jp.tn
rajioba.hk.tn
rbnk.za.tn
rdpkjh.th.tn
reser02.vn.tn
rev7.ae.tn
revthom.ma.tn
revthomas.ee.tn
rf083.th.tn
rghrgrtgtrg.kr.tn
rherh.jp.tn
rjyehhh.uk.tn
rooty.jp.tn
roppmikk.jp.tn
royalmail.uk.tn
rozianbs.jp.tn
rreererer.sg.tn
rtrsaeeweeww.jp.tn
rttrtr.ro.tn
rtttrrrr.sa.tn
rvzp.jp.tn
saluso.bd.tn
sasmita.cn.tn
sddsdsdfds.th.tn
sdexsw.bd.tn
sdfs.pk.tn
sdgfrtyujh.jp.tn
sdhsjbb.bd.tn
sdsfds.sa.tn
sdwedd.th.tn
seeer.jp.tn
sendfiling2.sa.tn
setiabudi.jp.tn
seue1.tr.tn
sfoairport.kr.tn
sfoairport.tr.tn
sgfgfgdfdf.jp.tn
sgfssd.sa.tn
sgtelizabethsweitze.cn.tn
shihonk.jp.tn
shinobu.cn.tn
shirley.hk.tn
sideworldoffice.jp.tn
solutionoffice.th.tn
sqwq.jp.tn
sssaadd.vn.tn
ssssssww.ro.tn
stls.kr.tn
stndrdbnksa.za.tn
suiwu.jp.tn
suleiman.vn.tn
sun1.ro.tn
suss1.sg.tn
taaaky1.jp.tn
tain.jp.tn
takkkky.jp.tn
tanuwid.cn.tn
tayara.tn
tejh.jp.tn
teltext.tr.tn
tgddessaa.ro.tn
tgfrtghf.pl.tn
tghdty.vn.tn
tgtt.vn.tn
thailandoffice.jp.tn
thomasfr.ir.tn
thomspon333.za.tn
threcv.jp.tn
titem.jp.tn
tjrbr.sa.tn
tochirokk.jp.tn
tone66.jp.tn
topnet.tn
transcoltd1.uk.tn
transf.cn.tn
tregtrf.kr.tn
trgdu.jp.tn
trjhrrhjrtj.kr.tn
trytuyu.jp.tn
tryxx11vb.jp.tn
tsgsw.ae.tn
ttggdsa.jp.tn
ttransfer.jp.tn
ttttytryrt.ir.tn
tty1.jp.tn
tyjdhyehd.jp.tn
tyty.ro.tn
tyzx.cn.tn
uagsfs.pk.tn
uba8.ph.tn
ubad.ma.tn
ubam.sg.tn
ubax.sa.tn
udem.cn.tn
uee4.jp.tn
uees1.sg.tn
uess38.jp.tn
ugo14.ng.tn
ugsdrewg.pk.tn
uhyghhj.ae.tn
uien10.ng.tn
uioam.jp.tn
ujl1.jp.tn
ukss.uk.tn
uktr.jp.tn
un7.cn.tn
un8.cn.tn
unashss.ro.tn
undhp.jp.tn
undp.uk.tn
undph.cn.tn
uni11.jp.tn
uni3.ng.tn
uninin.ee.tn
unit11.sg.tn
unitedbankfa.jp.tn
unittelex1.uk.tn
unnh.jp.tn
unoin44.ng.tn
unst.jp.tn
urderp.jp.tn
uud.jp.tn
uyht.jp.tn
uyoo.jp.tn
uyttrr.sg.tn
vade.jp.tn
vbbbedccc.jp.tn
vbmzaq.jp.tn
vcbdgd.jp.tn
vcfdeerrrrrr.jp.tn
vcfg.jp.tn
vcxx.pl.tn
verify.ng.tn
verti.sa.tn
verty5.ma.tn
vf7j.jp.tn
vfgtfrr.hk.tn
vgr7.jp.tn
victor.th.tn
vmgfmcnfjf.jp.tn
vorn.cn.tn
vrtg.cn.tn
vrvtvtvthjk.pl.tn
vsxhbsdjs.jp.tn
vvbbwqaszzx.jp.tn
vxvx.jp.tn
w9966734e.ir.tn
wadc.sg.tn
wadddbbm.jp.tn
wade.jp.tn
waston.cn.tn
wbdmt.ro.tn
wbefundsrpprovelstr.sg.tn
webcarduba.sg.tn
weewrw.cn.tn
wellsfargobank.jp.tn
wende12.jp.tn
weri.jp.tn
western.ma.tn
westeruth.ma.tn
william666.cn.tn
winin.uk.tn
wlconsult.tr.tn
wlleeds.vn.tn
wofac.ro.tn
wono.jp.tn
wow.bd.tn
wqa.cn.tn
wqaq.jp.tn
wumtbs.uk.tn
wumts.cn.tn
wumts.ng.tn
wumtsb.ng.tn
wungxiu.cn.tn
wuofficalfile1.sg.tn
wwweew982.kr.tn
wxqo.jp.tn
wxxavr213.hk.tn
xbbx.jp.tn
xcvbn.tr.tn
xddessde.ae.tn
xelyctrkl.cn.tn
xghd.cn.tn
xxdocum0111.uk.tn
xxyarabs2.jp.tn
xxzs.jp.tn
xzkt.jp.tn
yahnima.cn.tn
yaushs.ph.tn
ydfdcfgo.pk.tn
yernds.ir.tn
ygtfrd.jp.tn
yhgl.jp.tn
yinkopings1.jp.tn
yinkopingsss.jp.tn
yjghnm.ro.tn
yongbu.kr.tn
yooha.kr.tn
yrud.th.tn
ytttrggffddd.jp.tn
yuchaokk.jp.tn
yuhjkllm.jp.tn
yusudakx.jp.tn
yuyyuu.jp.tn
zenithbankwealth-management.uk.tn
zinza.jp.tn
zxad.ma.tn
zxcsv.jp.tn
zzzaa.jp.tn

# Reference: https://help.dropbox.com/accounts-billing/security/official-domains

db.tt
dropbox.com
dropboxapi.com
dropboxbusiness.com
dropboxcaptcha.com
dropboxforums.com
dropboxforum.com
dropboxinsiders.com
dropboxmail.com
dropboxpartners.com
dropboxstatic.com
getdropbox.com
dropboxbusiness.com
dropbox-dns.com

# Virut DGA 2019-10-16

arcgis.com

# Reference: https://forum.adguard.com/index.php?threads/resolved-ad-sponsor-domains.30310/

arthydate.com
arthygeo.info
abtr4all.com
abtrcker.com
adsb4track.com
adsbtrack.com
arthydate.com
etryi.pro
go-bang-pussy.com
gorillatrk.com
localgirlsearch.com
mobilust.com
mobitubegirl.com
sexznakimstwa.online
track4ref.com
trackthis1337.com

# Reference: https://forum.adguard.com/index.php?threads/resolved-ad-sponsor-domains-2.30311/

1ccbt.com
acidityfoamy.com
amadagasca.com
babyboomboomads.com
broomboxmain.com
cashinme.com
challengedeprave.com
comegarage.com
completeexecutor.com
curriculture.com
decademical.com
downloadgot.com
evenexcite.com
fairnessels.com
fencemiracle.com
forexplmdb.com
g1341551423.com
g2247755016.com
g3369554495.com
g344530742.com
helpclause.com
injuredcandy.com
intangibleconcordant.com
jackettrain.com
lyoniaancony.com
mediadisclose.com
mixturehopeful.com
mobdisc.net
mobdisc.org
mutualvehemence.com
naganoadigei.com
nererut.com
noblemagnition.com
ortonch.com
outlookabsorb.com
pndelfast.com
producebreed.com
pushmenews.com
pushmobilenews.com
renaissanto.com
retiremely.com
ridingintractable.com
safelyawake.com
septembership.com
smashseek.com
strainemergency.com
strawdense.com
stringroadway.com
strongexplain.com
tailorcave.com
textreason.com
theirsvendor.com
uncyane.com
windowmentaria.com
wynsys.club
zinidge.com

# Reference: https://ec.europa.eu/energy/sites/ener/files/documents/tech_report_croatia_2013_en.pdf

cucews.dyndns.org

# Reference: http://www.dynip.com/docs/DynIPClientV4.2UserGuide.pdf

discovery.dynip.com

# Reference: https://app.any.run/tasks/bfce10dc-720e-44f6-aa70-60e6037802cc/

is.gd

# Reference: https://twitter.com/JCyberSec_/status/1201850082775224323
# Reference: https://twitter.com/JCyberSec_/status/1201850090153005056

images-amazon.com

# WPS Office

ksosoft.com
ksord.com
dahuap2p.com
wps.com
wps.cn

# Reference: https://www.virustotal.com/gui/domain/security-research.dyndns.org/relations

security-research.dyndns.org

# Reference: https://raw.githubusercontent.com/ACINQ/electrum-lib/master/src/main/resources/electrum/servers_mainnet.json
# Note: Electrum servers

3smoooajg7qqac2y.onion
81-7-10-251.blue.kundencontroller.de
bauerjda5hnedjam.onion
bauerjhejlv6di7s.onion
bitcoin3nqy3db7c.onion
bitcoin.corgi.party
bitcoins.sk
b.ooze.cc
btc.cihar.com
btc.smsys.me
btc.xskyx.net
cashyes.zapto.org
currentlane.lovebitco.in
daedalus.bauerj.eu
dedi.jochen-hoenicke.de
dragon085.startdedicated.de
e-1.claudioboxx.com
e.keff.org
elec.luggs.co
electrum2.eff.ro
electrum2.villocq.com
electrum3.hachre.de
electrum.eff.ro
electrum.festivaldelhumor.org
electrum.hsmiths.com
electrum.leblancnet.us
electrum.mindspot.org
electrum.qtornado.com
electrum-server.ninja
electrum.taborsky.cz
electrum-unlimited.criptolayer.net
electrum.villocq.com
electrumx.bot.nu
electrumx.ddns.net
electrumx.ftp.sh
electrumxhqdsmlu.onion
electrumx.ml
electrumx.nmdps.net
electrumx.soon.it
elx01.knas.systems
enode.duckdns.org
erbium1.sytes.net
E-X.not.fyi
fedaykin.goip.de
fn.48.org
helicarrier.bauerj.eu
hsmiths4fyqlw5xw.onion
hsmiths5mjk6uijs.onion
icarus.tetradrachm.net
kirsche.emzy.de
luggscoqbymhvnkp.onion
MEADS.hopto.org
ndnd.selfhost.eu
ndndword5lpb7eex.onion
oneweek.duckdns.org
orannis.com
ozahtqwp25chjdjd.onion
qtornadoklbgdyww.onion
rbx.curalle.ovh
s7clinmo4cazmhul.onion
tardis.bauerj.eu
technetium.network
tomscryptos.com
ulrichard.ch
us.electrum.be
vmd27610.contaboserver.net
vmd30612.contaboserver.net
VPS.hsmiths.com
wsw6tua3xl24gsmi264zaep6seppjyrkyucpsmuxnjzyt3f3j6swshad.onion
xray587.startdedicated.de
yuio.top

# Reference: https://raw.githubusercontent.com/spesmilo/electrum/master/electrum/servers.json

3smoooajg7qqac2y.onion
81-7-10-251.blue.kundencontroller.de
bitcoin3nqy3db7c.onion
bitcoin.aranguren.org
bitcoin.corgi.party
bitcoin.dragon.zone
bitcoin.lukechilds.co
bitcoins.sk
blockstream.info
b.ooze.cc
btc.cihar.com
btc.usebsv.com
btc.xskyx.net
currentlane.lovebitco.in
dragon085.startdedicated.de
e-1.claudioboxx.com
e2.keff.org
ecdsa.net
e.keff.org
electrum2.eff.ro
electrum2.villocq.com
electrum3.hodlister.co
electrum5.hodlister.co
electrum.aantonop.com
electrum.bitkoins.nl
electrum.blockstream.info
electrum.eff.ro
electrum.emzy.de
electrum.festivaldelhumor.org
electrum.hodlister.co
electrum.hsmiths.com
electrum.jochen-hoenicke.de
electrum.leblancnet.us
electrum.mindspot.org
electrum.qtornado.com
electrum-server.ninja
electrum.taborsky.cz
electrum-unlimited.criptolayer.net
electrum.villocq.com
electrumx.bot.nu
electrumx-core.1209k.com
electrumx.ddns.net
electrumx.electricnewyear.net
electrumx.erbium.eu
electrumx.ftp.sh
electrumxhqdsmlu.onion
electrumx.soon.it
elx01.knas.systems
E-X.not.fyi
fedaykin.goip.de
fn.48.org
fortress.qtornado.com
green-gold.westeurope.cloudapp.azure.com
hsmiths4fyqlw5xw.onion
hsmiths5mjk6uijs.onion
ndnd.selfhost.eu
ndndword5lpb7eex.onion
orannis.com
ozahtqwp25chjdjd.onion
qtornadoklbgdyww.onion
rbx.curalle.ovh
s7clinmo4cazmhul.onion
tardis.bauerj.eu
technetium.network
tomscryptos.com
ulrichard.ch
vmd27610.contaboserver.net
vmd30612.contaboserver.net
VPS.hsmiths.com
wsw6tua3xl24gsmi264zaep6seppjyrkyucpsmuxnjzyt3f3j6swshad.onion
xray587.startdedicated.de
yuio.top

# Exceptions for android_roamingmantis detection regex

hf-hd.top
nn-mod.top
reseau-js.com
coloros.com
sagawa-exp.co.jp
au-e.com
big-post.com
voyance-au-top.com
cat-cnc.com
cat-nip.com
post-punk.com
cat-uxo.com
u-cdn.top
mk-yw.top
tr-dl.top

# Exceptions for abuse.ch (dirty patch for addresses used by outside scanners introducing noise being recognized as 'malware')

scan.casualaffinity.net
jhasdjahsdjasfkdaskdfasbot.niggacumyafacenet.xyz

# Reference: https://twitter.com/0xBanana/status/1234141822345191425

rpi.bnon.xyz

# Reference: https://kb.easydns.com/knowledge/transferring-a-domain-to-easydns/

rush.easydns.com
nirvana.easydns.net
motorhead.easydns.org
dns1.easydns.com
dns2.easydns.net
dns3.easydns.ca
dns3.easydns.org
dns4.easydns.info

# Reference: https://twitter.com/xyz/status/1235984620237123584

gen.xyz

# Reference: https://github.com/stamparm/maltrail/pull/7271#issuecomment-596401544

namebright.com

# Reference: https://b-ok.cc/  # "Part of Z-Library project. The world's largest ebook library."

b-ok.cc

# Reference: https://www.virustotal.com/gui/file/b7e3795dfe43361b5b1bcfcc5f5f440261b9f79f8953fe94b6e87e8fc3c19a63/behavior/Dr.Web%20vxCube
# Note: AutoPico/KMSPico/AutoKMS

110.noip.me
skms.ddns.net
3rss.vicp.net
kms.digiboy.ir

# Reference: https://www.virustotal.com/gui/domain/eventory.cc/relations

eventory.cc

# Reference: https://pastecode.xyz/

pastecode.xyz

# Reference: https://exchange.xforce.ibmcloud.com (# Otherwise MT will mistakenly trigger on links like https://exchange.xforce.ibmcloud.com/url/hfgfr56745fg.com/admin/gate.php)

ibmcloud.com
exchange.xforce.ibmcloud.com

# Reference: https://github.com/stamparm/maltrail/pull/8701/commits/9ecad095a48f774e32f4069113f195a7bf883662
# Reference: https://www.virustotal.com/gui/domain/nvpn.so/relations

nvpn.so

# Reference: https://www.malwaredomainlist.com/mdl2.php?inactive=&sort=Date&search=&colsearch=All&ascordesc=DESC&quantity=100&page=22
# Note: rupor.info is legit news site, which was compromised in 2009 due to MDL database. On 2020-06-03 rupor.info is clean.

rupor.info

# Reference: https://www.virustotal.com/gui/domain/rusvesna.su/detection

rusvesna.su

# Reference: https://www.virustotal.com/gui/domain/tilda.cc/relations

tilda.cc
tilda.wc

# Reference: https://www.virustotal.com/gui/domain/gogol-mogol.su/relations

gogol-mogol.su

# Reference: https://www.virustotal.com/gui/domain/lissyara.su/detection

lissyara.su

# Reference: https://www.virustotal.com/gui/domain/warhead.su/relations

warhead.su

# Reference: https://www.virustotal.com/gui/domain/routers.wtf/detection

routers.wtf

# Reference: https://www.virustotal.com/gui/domain/teenslang.su/detection

teenslang.su

# Reference: https://www.virustotal.com/gui/domain/jouin.xyz/relations

jouin.xyz

# Reference: https://servers.opennicproject.org/

103.1.206.179
103.87.68.194
103.87.68.195
103.87.68.24
104.244.79.186
104.248.14.193
104.51.96.45
112.109.84.76
116.203.147.31
128.76.152.2
130.61.117.123
130.61.64.122
130.61.69.123
134.195.4.2
137.184.12.79
137.220.55.93
138.197.140.189
138.201.81.119
139.177.199.175
142.4.204.111
142.4.205.47
147.135.113.37
147.135.115.88
147.182.243.49
151.80.222.79
155.130.14.5
162.243.19.47
162.248.241.94
168.138.12.137
168.138.8.38
168.235.111.72
172.104.162.222
172.104.242.111
172.105.162.206
172.105.220.183
172.105.49.243
172.96.167.214
172.98.193.42
176.126.70.119
176.9.37.132
178.254.22.166
185.120.22.15
185.181.61.24
185.203.18.182
185.227.110.86
185.52.0.55
185.84.81.194
188.68.231.82
192.3.165.37
192.71.166.92
194.36.144.87
195.10.195.195
195.154.106.113
195.90.211.16
198.100.148.224
198.98.49.91
212.83.46.246
213.171.203.115
217.160.166.161
217.160.70.42
35.211.96.150
37.252.191.197
38.103.195.4
45.61.49.203
45.77.153.179
45.79.193.205
45.79.57.113
45.9.63.233
46.21.150.56
5.132.191.104
5.161.95.21
5.78.81.68
51.158.108.203
51.178.92.105
51.254.162.59
51.255.211.146
51.38.99.35
51.77.149.139
51.83.172.84
54.36.111.116
62.210.177.189
62.210.180.71
63.231.92.27
66.18.1.46
66.70.228.164
69.164.196.21
78.47.243.3
80.152.203.134
80.78.132.79
81.169.136.222
82.117.252.6
87.98.175.85
88.198.92.222
88.99.98.111
89.163.140.67
91.199.87.89
91.217.137.37
94.16.114.254
94.23.60.104
94.247.43.254
95.216.99.249

# Reference: https://twitter.com/malwrhunterteam/status/1329746585891315713/photo/2
# Reference: https://www.virustotal.com/gui/domain/esentry.xyz/relations

esentry.xyz

# Reference: https://www.crowdstrike.com/blog/farewell-to-kelihos-and-zombie-spider/
# Reference: https://www.virustotal.com/gui/domain/utbs.ws/relations

utbs.ws

# Reference: https://securelist.com/what-did-deathstalker-hide-between-two-ferns/99616/

1drv.ws

# Reference: https://gameanalytics.com/product-updates/reduce-costs-https-api-aws/

ss2.us

# Reference: https://itinfinity.ru/servisy/minercheck/ (Russian)
# Note: Whitelisting for itinfinity.ru Bitrixcore (https://github.com/stamparm/maltrail/blob/master/trails/static/malicious/bitrixcore.txt) attacks scanner service

itinfinity.ru

# Reference: https://www.virustotal.com/gui/domain/zerkalo.cc/relations

zerkalo.cc

# Reference: https://github.com/nextdns/metadata/issues/508
# Reference: https://github.com/stamparm/maltrail/commit/733a4d2029755ad71c84caf07fc8dfb0e8332e60

netguard.me
netguard.pw
netguard.re

# Reference: http://ipnoise.undo.it/blacklist.txt
# Reference: http://ipnoise.now.im/blacklist.txt

ipnoise.undo.it
ipnoise.now.im

# Reference: https://github.com/stamparm/maltrail/issues/13674
# Reference: https://github.com/stamparm/maltrail/pull/19062#issuecomment-1079982016

# wordbot.xyz

# Reference: https://www.virustotal.com/gui/domain/siem.su/relations

siem.su

# Reference: https://www.virustotal.com/gui/domain/iptools.su/relations

iptools.su

# Reference: https://twitter.com/alberto__segura/status/1426152674303561728

alidns.com
dns.google
dns.alidns.com

# Reference: https://www.virustotal.com/gui/domain/robotdreams.cc/relations

robotdreams.cc

# Reference: https://www.virustotal.com/gui/domain/slovar.cc/relations

slovar.cc

# Reference: https://github.com/stamparm/maltrail/issues/19047#issuecomment-1031777893
# Reference: https://otx.alienvault.com/indicator/domain/dr49lng3n1n2s.cloudfront.net
# Reference: https://securitytrails.com/domain/dr49lng3n1n2s.cloudfront.net/dns

dr49lng3n1n2s.cloudfront.net

# Reference: https://github.com/stamparm/maltrail/issues/19055

awsstatic.com
aw0.awsstatic.com

# Reference: https://github.com/stamparm/maltrail/pull/19093

account.qa-demo.wire.link
assets.qa-demo.wire.link
nginz-https.qa-demo.wire.link
nginz-ssl.qa-demo.wire.link
teams.qa-demo.wire.link
webapp.qa-demo.wire.link
account.wire.com
clientblacklist.wire.com
prod-nginz-https.wire.com
prod-nginz-ssl.wire.com
teams.wire.com
staging-nginz-https.zinfra.io
taging-nginz-ssl.zinfra.io
wire-account-staging.zinfra.io
wire-teams-staging.zinfra.io

# Reference: https://github.com/stamparm/aux/issues/6
# Reference: https://github.com/stamparm/maltrail/commit/4f8aa8c6592a11ad64b3b038bf51502ebb8db556

shaparak.ir
bpm.shaparak.ir

# Reference: https://github.com/stamparm/maltrail/commit/10c5434d42e6a378832914a9a3221d58ffe937ae

dnsv1.com
cdn.dnsv1.com

# Reference: https://github.com/stamparm/maltrail/issues/19110

windowsupdate.com
download.windowsupdate.com

# Reference: https://github.com/stamparm/maltrail/commit/25c0a9c4f304e880d38b03bae15fa371e29877b9

atlassian.com
bootcdn.net
stackpath.com
automation.atlassian.com
cdn.bootcdn.net

# Reference: https://www.virustotal.com/gui/domain/msftncsi.com/relations

msftncsi.com
dns.msftncsi.com
inbound.msftncsi.com
ipv6.msftncsi.com

# Reference: https://twitter.com/suyog41/status/1595020860121034753
# Reference: https://twitter.com/lowmal3/status/1600551259328724995
# Reference: https://www.virustotal.com/gui/file/0d54959cda6c8904d343752c8a0c54749c7f0aa0a8b0dd9e45b70b7acf42e7ef/detection

185.125.188.59:443

# Reference: https://www.virustotal.com/gui/domain/korabli.su/relations

korabli.su
auth.korabli.su
blog.korabli.su
dockyard.korabli.su
forum-new.korabli.su
forum.korabli.su
friends.korabli.su
phobos-api.korabli.su
profile.korabli.su
promo.korabli.su
stats.korabli.su
vortex.korabli.su

# Reference: https://github.com/stamparm/aux/issues/7
# Reference: https://github.com/stamparm/maltrail/commit/1aa132c1534beedb357c31bd14f9b9f04cf74860

autism-101.com

# Reference: https://www.virustotal.com/gui/domain/keyauth.win/relations

keyauth.win

# Reference: https://twitter.com/lowmal3/status/1621119663995498496
# Reference: https://www.virustotal.com/gui/domain/emqx.io/relations

emqx.io
accounts-test.emqx.io
accounts.emqx.io
admin.emqx.io
broker-cn.emqx.io
broker.emqx.io
cloud-tools.emqx.io
cloud.emqx.io
developer.emqx.io
docs.emqx.io
packages.emqx.io
pass.emqx.io
repos.emqx.io
slack-invite.emqx.io
telemetry.emqx.io
tools.emqx.io

# Reference: https://otx.alienvault.com/pulse/63f52b7667fbf57d995082a2

bite.lv
cherryservers.com
worldstream.nl

# Reference: https://github.com/stamparm/maltrail/commit/65629f80a414fccf634ccc55c27d16ae51d5b742

objective-see.org

# Reference: https://github.com/stamparm/maltrail/issues/19150
# Reference: https://github.com/stamparm/maltrail/commit/c0b86fcaf077482e1afe5814fc5f9939b91b40b3

kavach.mail.gov.in

# Reference: https://github.com/stamparm/maltrail/issues/19150
# Reference: https://github.com/stamparm/maltrail/commit/b7c91d44dfc3a8de0feec44b0273ef051f413c9a

winrarbrasil.com.br

# Reference: https://www.virustotal.com/gui/domain/apps.identrust.com/relations

identrust.com
apps.identrust.com

# Reference: https://github.com/stamparm/maltrail/issues/19156
# Reference: https://www.virustotal.com/gui/domain/nintendo.com/relations

nintendo.com

# Reference: https://github.com/stamparm/maltrail/issues/19149#issuecomment-1538605607
# Reference: https://github.com/stamparm/maltrail/issues/19149#issuecomment-2081468268
# Reference: https://www.virustotal.com/gui/domain/blackhole.monster/relations

blackhole.monster
blackhole.s-e-r-v-e-r.pw
ip.blackhole.monster

# Reference: https://www.virustotal.com/gui/domain/mastodon.xyz/relations

mastodon.xyz

# Reference: https://twitter.com/lowmal3/status/1658411969592827904

fwupd.org
cdn.fwupd.org

# Reference: https://www.virustotal.com/gui/domain/firaxislive.net/relations

firaxislive.net

# Reference: https://www.virustotal.com/gui/domain/2k.com/relations

2k.com
my.2k.com

# Reference: https://twitter.com/lowmal3/status/1686016618457886722
# Reference: https://github.com/stamparm/maltrail/commit/fcd02ee7e12c33f7de350d973cfde236b9633e33

askubuntu.com

# Reference: https://github.com/nextdns/metadata/issues/1270

cyberplace.social

# Reference: https://www.virustotal.com/gui/file/a37c80228c9608b43ac517f1be89438dd183a2a4e7a605b963c00ae8d51029fa/behavior

fp2e7a.wpc.2be4.phicdn.net
fp2e7a.wpc.phicdn.net

# Reference: https://github.com/stamparm/maltrail/commit/7ba00acdbb5bb47c1a157a66fb8163f156a87456

gitlab.com
github.com
codeload.github.com
portalproveedores.com.mx

# Reference: https://www.virustotal.com/gui/domain/amazontrust.com/relations

amazontrust.com
sca1b.amazontrust.com
ocsp.sca1b.amazontrust.com

# Reference: https://www.virustotal.com/gui/domain/github.io/relations

151.101.0.133
151.101.1.147
151.101.128.133
151.101.129.147
151.101.192.133
151.101.193.147
151.101.64.133
151.101.65.147
185.199.108.153
185.199.109.153
185.199.110.153
185.199.111.153
192.0.78.178
192.0.78.24
192.0.78.248
192.0.78.25
204.232.175.78
23.235.33.133
23.235.37.133

# Reference: https://www.abuseipdb.com/check/17.253.144.10

17.253.144.10

# Reference: https://www.virustotal.com/gui/domain/mozilla.org/relations

mozilla.org
accounts.mozilla.org
acks.mozilla.org
activations.mozilla.org
adblock.mozilla.org
add-ons.mozilla.org
addon.mozilla.org
addons.mozilla.org
adtransparency.mozilla.org
advocacy.mozilla.org
affiliates-cdn.mozilla.org
affiliates.mozilla.org
afyasaccos.mozilla.org
air.mozilla.org
airmo.mozilla.org
ambassadors.mozilla.org
ankeena.mozilla.org
apps.mozilla.org
ar.mozilla.org
archive.mozilla.org
arecibo-phx.mozilla.org
arecibo-sjc.mozilla.org
ask.mozilla.org
assets.mozilla.org
aurora.mozilla.org
aus-api.mozilla.org
aus.mozilla.org
aus2-community.mozilla.org
aus2.mozilla.org
aus3.mozilla.org
aus4-admin.mozilla.org
aus4.mozilla.org
aus5.mozilla.org
badges.mozilla.org
basket.mozilla.org
beta.mozilla.org
blog.mozilla.org
bm1.mozilla.org
bmf1.mozilla.org
bonsai-www.mozilla.org
bonsai.mozilla.org
browserquest.mozilla.org
browserwww.mozilla.org
bugherder.mozilla.org
bugzilla-stage.mozilla.org
bugzilla.mozilla.org
buzilla.mozilla.org
bzr.mozilla.org
calendar.mozilla.org
careers.mozilla.org
castro.mozilla.org
charts.mozilla.org
chat.mozilla.org
chrome.mozilla.org
ci.mozilla.org
cjms.mozilla.org
codetribute.mozilla.org
college.mozilla.org
commonvoice.mozilla.org
community.mozilla.org
communitystore.mozilla.org
config.mozilla.org
confsurvey.mozilla.org
connect.mozilla.org
connected.mozilla.org
content.mozilla.org
contribute.mozilla.org
coverage.mozilla.org
crash-stats.mozilla.org
creative.mozilla.org
cresendo.mozilla.org
cvs-mirror.mozilla.org
cvs.mozilla.org
datalus-source-docs.mozilla.org
dataviz.mozilla.org
demos.mozilla.org
designlanguage.mozilla.org
despot.mozilla.org
dev.mozilla.org
devbasicbasiceloper.mozilla.org
devderby.mozilla.org
devedge-temp.mozilla.org
devel-oper.mozilla.org
develayd.mozilla.org
develoeer.mozilla.org
developer-cluster.mozilla.org
developer-new.mozilla.org
developer-old.mozilla.org
developer-stage.mozilla.org
developer-test.mozilla.org
developer.mozilla.org
developeroper.mozilla.org
developers.mozilla.org
devolopper.mozilla.org
directory.mozilla.org
directorysearch.mozilla.org
discourse.mozilla.org
dm-download02.mozilla.org
dmwsaccos.mozilla.org
dnt-dashboard.mozilla.org
dnt.mozilla.org
doctor-test.mozilla.org
doctor.mozilla.org
donate.mozilla.org
donor.mozilla.org
download-eu.mozilla.org
download-stats.mozilla.org
download.mozilla.org
ducesaccos.mozilla.org
dummyhost.mozilla.org
dxr.mozilla.org
dynamicua-origin.mozilla.org
e.mozilla.org
email.mozilla.org
etherpad.mozilla.org
europe.mozilla.org
events.mozilla.org
experiencethearch.mozilla.org
experiments.mozilla.org
extensions.mozilla.org
extranet.mozilla.org
fake.mozilla.org
fastforgoodcontest.mozilla.org
feedback.mozilla.org
festival.mozilla.org
fictitious-forum.mozilla.org
firefox-bug-handling.mozilla.org
firefox-source-docs.mozilla.org
firefoxflicks.mozilla.org
floorp-source-docs.mozilla.org
foo.mozilla.org
forums.mozilla.org
foundation.mozilla.org
foxyeah.mozilla.org
framer.mozilla.org
friends.mozilla.org
fsa.mozilla.org
ftp-ssl.mozilla.org
ftp-test.mozilla.org
ftp.mozilla.org
ftppp.mozilla.org
fundraising.mozilla.org
future.mozilla.org
fxfeeds.mozilla.org
games.mozilla.org
gear.mozilla.org
geo.mozilla.org
git.mozilla.org
give.mozilla.org
glow.mozilla.org
go.mozilla.org
goggles.mozilla.org
gpg.mozilla.org
graphs.mozilla.org
guides.mozilla.org
hacks.mozilla.org
handler-test.mozilla.org
hang-reports.mozilla.org
hendrix.mozilla.org
hg.mozilla.org
hub.mozilla.org
hubs.mozilla.org
icecat-source-docs.mozilla.org
ideas.mozilla.org
ijawosa.mozilla.org
infosec.mozilla.org
input.mozilla.org
install.mozilla.org
intlstore.mozilla.org
intranet.mozilla.org
iot.mozilla.org
ipv4.mozilla.org
ipv6.mozilla.org
irc.mozilla.org
irutesa.mozilla.org
jenkins-dxr.mozilla.org
jobs.mozilla.org
join.mozilla.org
jp-nii01.mozilla.org
keys.mozilla.org
keyserver.mozilla.org
komodo.mozilla.org
krakenbenchmark.mozilla.org
l10n.mozilla.org
labs.mozilla.org
ldap.mozilla.org
learning.mozilla.org
library.mozilla.org
lists.mozilla.org
litmus.mozilla.org
localize.mozilla.org
login.mozilla.org
lumbakisaccos.mozilla.org
lxr.mozilla.org
m.mozilla.org
mail.mozilla.org
mana.mozilla.org
market.mozilla.org
marketplace.mozilla.org
markup.mozilla.org
masterfirefoxos.mozilla.org
maven.mozilla.org
md8.mozilla.org
mdn-contributor-docs.mozilla.org
mdn-samples.mozilla.org
media.mozilla.org
mid.mozilla.org
mig.mozilla.org
mixedreality.mozilla.org
mobile.support.mozilla.org
mobilepartners.mozilla.org
moderator.mozilla.org
moz08.mozilla.org
moztrap.mozilla.org
mpl.mozilla.org
mr.mozilla.org
mrepo.mozilla.org
mt0.mozilla.org
muhimbilisaccos.mozilla.org
mx.mozilla.org
mxr.mozilla.org
nagios.mozilla.org
nbesaccos.mozilla.org
network.mozilla.org
news.mozilla.org
nightly.mozilla.org
nigthly.mozilla.org
notifications.mozilla.org
ns.mozilla.org
ns1.mozilla.org
ns2.mozilla.org
ns3.mozilla.org
nucleus.mozilla.org
observatory-test.mozilla.org
observatory.mozilla.org
oneanddone.mozilla.org
open.mozilla.org
openinnovation.mozilla.org
outgoing.mozilla.org
packages.mozilla.org
pad.mozilla.org
partner-projects.mozilla.org
passwordreset.mozilla.org
paste.mozilla.org
pastebin.mozilla.org
patentquest.mozilla.org
people.mozilla.org
pfs.mozilla.org
phonebook.mozilla.org
phonedash.mozilla.org
pj-mirror01.mozilla.org
planet.mozilla.org
platform-status.mozilla.org
plugins.mozilla.org
pontoon.mozilla.org
prodeloper.mozilla.org
product-details.mozilla.org
protocol.mozilla.org
pto.mozilla.org
pulse.mozilla.org
pulseguardian.mozilla.org
pv-mirror01.mozilla.org
pv-mirror02.mozilla.org
quality.mozilla.org
r.mozilla.org
rally.mozilla.org
random-dashboard.mozilla.org
reality.mozilla.org
redirect-san.mozilla.org
redirects.mozilla.org
refractr.mozilla.org
reimagine.mozilla.org
release.mozilla.org
releases-api.mozilla.org
releases.mozilla.org
relman-ci.mozilla.org
remote-settings.mozilla.org
reporter.mozilla.org
reps.mozilla.org
research.mozilla.org
reviewboard.mozilla.org
ruandalutheransaccos.mozilla.org
saccosdigitalsolution.mozilla.org
saddons.mozilla.org
science.mozilla.org
secure.mozilla.org
securitywiki.mozilla.org
self-repair.mozilla.org
selfrepair.mozilla.org
sendto.mozilla.org
sfx-images.mozilla.org
shapeoftheweb.mozilla.org
share.mozilla.org
sheriff.mozilla.org
site.mozilla.org
smtp.mozilla.org
snippets-admin.mozilla.org
snippets-stats.mozilla.org
spark.mozilla.org
sre-blocklist.mozilla.org
ssl-config.mozilla.org
ssr2020.mozilla.org
stage.mozilla.org
start.mozilla.org
status.mozilla.org
stenciljs.mozilla.org
store.mozilla.org
students.mozilla.org
sub.mozilla.org
surf.mozilla.org
surveillance.mozilla.org
svn.mozilla.org
symbolapi.mozilla.org
symbols.mozilla.org
talentdirectory.mozilla.org
talkback-public.mozilla.org
talkback-reports.mozilla.org
talkback.mozilla.org
tanescombeyasaccos.mozilla.org
tb1.mozilla.org
tbf1.mozilla.org
tbpl.mozilla.org
teach.mozilla.org
techspeakers.mozilla.org
telemetry-coverage.mozilla.org
telemetry.mozilla.org
test.mozilla.org
themes.mozilla.org
thimble.mozilla.org
tinderbox.mozilla.org
tlscanary.mozilla.org
tmeloper.mozilla.org
toolkit.mozilla.org
treeherder.mozilla.org
treestatus.mozilla.org
triagebot.mozilla.org
ub1.mozilla.org
ubf1.mozilla.org
university.mozilla.org
unknown.mozilla.org
update.mozilla.org
updates.mozilla.org
uwsasaccos.mozilla.org
uww.mozilla.org
videos.mozilla.org
voice.mozilla.org
vpn.mozilla.org
vr.mozilla.org
w.mozilla.org
webdev.mozilla.org
webnev.mozilla.org
website-archive.mozilla.org
website-beta.mozilla.org
webtools.mozilla.org
webvision.mozilla.org
webwewant.mozilla.org
whistlepig.mozilla.org
wiki-europe.mozilla.org
wiki.mozilla.org
wirelesschallenge.mozilla.org
wwhw.mozilla.org
www-archive.mozilla.org
wwww.mozilla.org
xr.mozilla.org

# Reference: https://github.com/stamparm/aux/issues/9

nshc.net
redalert.nshc.net

# Reference: https://twitter.com/lowmal3/status/1719980601489375489
# github ip

185.199.108.133
185.199.109.133

# Reference: https://github.com/netbootxyz/netboot.xyz
# Reference: https://www.virustotal.com/gui/domain/netboot.xyz/relations

netboot.xyz

# Reference: https://github.com/stamparm/maltrail/commit/80add532b2148f124ffa76794314d7581ad4097a

sqlite.org
dynupdate.noip.com

# Reference: https://www.virustotal.com/gui/domain/example.com/relations

ns1.example.com
ns2.example.com

# Reference: https://www.malwarebytes.com/blog/threat-intelligence/2023/12/new-metastealer-malvertising-campaigns

accounts.google.com

# Reference: https://www.virustotal.com/gui/domain/uploaddeimagens.com.br/relations

uploaddeimagens.com.br

# Reference: https://twitter.com/birchb0y/status/1790832044584349756

brew.sh

# Reference: https://github.com/stamparm/maltrail/issues/19259
# Reference: https://github.com/stamparm/maltrail/commit/916ce06a90227a0f3ab4629aa101417effcc0b47

docusign.net
polaris.me
powerdms.com

# Reference: https://github.com/stamparm/maltrail/commit/1bda0a4aea0d0fc6684b8a734d9db393df52c74d

tokenlon.im

# Reference: https://www.virustotal.com/gui/domain/myseosucks.com/relations

myseosucks.com

# Reference: https://www.virustotal.com/gui/domain/cloudflarestorage.com/relations

cloudflarestorage.com

# Reference: https://github.com/stamparm/aux/issues/13
# Reference: https://github.com/stamparm/maltrail/commit/7460f550e6b21ad6797e49d855aacc2e6646eee3

slug.vercel.app

# Reference: https://x.com/Cyber0verload/status/1833422623318933865

1-you.njalla.no
2-can.njalla.in
3-get.njalla.fo
you.can-get-no.info

# Reference: https://github.com/hagezi/dns-blocklists/issues/4763
# Reference: https://github.com/MikhailKasimov/validin-phish-feed/commit/09674bfe873e7412391cfc5bba0bfe633f08d846

typeorm.io

# Reference: https://github.com/hagezi/dns-blocklists/issues/4767

tau.how
taubyte.com

# Reference: https://github.com/hagezi/dns-blocklists/issues/4771

insomnia.rest

# Reference: https://x.com/infok3k/status/1884197797060341784
# Reference: https://forums.malwarebytes.com/topic/309197-false-positive/

telega.one

# Reference: https://github.com/stamparm/maltrail/issues/19295

gggtracker.com

# Reference: https://github.com/stamparm/maltrail/commit/748e99b23e46e72881bdac7c678278ae6c7ef32f

s3.ap-southeast-1.wasabisys.com
s3.us-west-1.wasabisys.com

# Reference: https://github.com/stamparm/maltrail/commit/ff73434d350485510e73ae7fefabc561ac6c75b6

icloud-content.com
cvws.icloud-content.com

# Reference: https://github.com/stamparm/maltrail/commit/c145da642c07c76bbdbbed11cc1f30ab3d21cc89

freeapi.free.hr
freechat.biz.id

# Reference: https://github.com/stamparm/maltrail/commit/806f8a49d2423a8b5882f8828c3e2939aff3f76e

telegram.dog

# Reference: https://github.com/stamparm/maltrail/commit/0030faf3247abf7c982011455b794c37266f2094

jamboreeindia.com
staging.jamboreeindia.com

# Reference: https://github.com/stamparm/maltrail/issues/19296

files-accl.zohopublic.eu

# Reference: https://threatfox.abuse.ch/ioc/1338516/

rentry.co

# Reference: https://github.com/stamparm/maltrail/issues/19299
# Reference: https://otx.alienvault.com/indicator/hostname/d3e54v103j8qbb.cloudfront.net

d3e54v103j8qbb.cloudfront.net

# Reference: https://github.com/MikhailKasimov/validin-phish-feed/pull/8

aimr.dev
appolon.dev
autoplus.gg
keyauth.com
vercel-dns.com

# Reference: https://github.com/MikhailKasimov/validin-phish-feed/commit/f5b5fdc5d3ebe2357e7556fb2cd7c43eb26dd30d

icloud.com

# Reference: https://github.com/stamparm/maltrail/commit/569eecae9e987f44dd81c7a3a007f1b9bed17eab

steamcommunity.com

# Reference: https://github.com/hagezi/dns-blocklists/issues/7019

ptt.cc

# Reference: https://github.com/hagezi/dns-blocklists/issues/7021

transfer.zip
