# Copyright (c) 2014-2019 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

localhost
127.0.0.1
::1
local
localdomain

# triggering suspicious (sub)domain names

1e100.net
2o7.net
acer-euro.com
adcash.com
adinf.com
adsk2.co
akadns.net
akamaiedge.net
akamaihd.net
akamai.net
akamaitechnologies.com
alibaba.com
amazon.com
amazonaws.com
amazonses.com
a-msedge.net
angsrvr.com
anycastb.com
anti-virus.by
azure.com
baidu.com
bdnsrt.org
benkow.cc
bitdefender.net
blogspot.com
bstatic.com
cbox.ws
cdxall.com
cdxgoog.com
cdxultra.com
cedexis-radar.net
chip.de
clickbank.net
clipconverter.cc
cloudapp.net
cloudfront.net
colocrossing.com
coppersurfer.tk
councilforeuropeanstudies.org
cyfral.net.ua
da3e3.net
dataprotection.com.ua
demdex.net
disqus.com
drweb.cn
drweb.com
drweb.fr
drweb.ru
drweb.ua
e5.sk
edgecastcdn.net
edgekey.net
edgesuite.net
elasticbeanstalk.com
eset.com
eset.ua
esetnod32.ru
example.com
f-secure.com
fap.to
fastly.net
fbcdn.net
fortiddns.com
fslcdn.net
footprintdns.com
footprintpredict.com
gexperiments1.com
gexperiments2.com
gexperiments3.com
gigaset.net
googleapis.com
googlecode.com
google.com
google.com.ua
google.com.vn
google.co.za
google.kz
googledrive.com
googlegroups.com
googleusercontent.com
googlevideo.com
gstatic.com
h-cdn.com
herokuapp.com
hotmail.com
ibm.com
igsonar.com
infernotions.com
internationalmonetaryfund.org
ipv6test.com
ipv6test.net
iteam.net.ru
kaspersky.com
kaspersky.de
kaspersky.fr
kaspersky.ru
kaspersky.ua
kvt.su
kvt.tools
kvt-shop.ru
laola1.tv
linux.org.ru
live.com
lswcdn.net
mail-abuse.com
mailchimp.com
mailprotector.net
mailshell.net
mcafee.com
microsoft.com
msv1.invalid
netdna-cdn.com
nowvideo.sx
nsatc.net
officeshoes.ws
opendns.com
outlook.com
pandasecurity.com
postimg.cc
proofpoint.com
protext.su
pubnub.com
rackcdn.com
rarbg.to
rncdn1.com
rncdn2.com
rncdn3.com
rncdn4.com
rncdn5.com
rncdn6.com
rncdn7.com
rncdn8.com
rncdn.com
senderbase.org
siemens.net
siteforce.com
sophosxl.com
sophosxl.net
sophoslive.net
spiegel.de
spotify.com
shtok.ru
shtok.su
street-directory.com.au
sucuri.net
takprosto.cc
tawk.to
testanalytics.net
testflightapp.com
trendmicro.com
tumblr.com
twitter.com
ubuntu.com
w3schools.com
v-mate.mobi
vba.com.by
verisign.com
verisign.net
weborama.fr
weebly.com
windows.net
wordpress.com
wsusoffline.net
yahoo.com
yahoodns.net
yimg.com
yvimg.kz
zillya.com
zillya.ua
zillyaoem.com

# triggering potential DNS exhaustion

barracudabrts.com
dynamic-ip.hinet.net
kasserver.com
sl-reverse.com
t-com.hr
tedata.net

# to ignore in direct .exe downloads

360safe.com
7-zip.org
acer.com
acropdf.com
adinf.com
adobe.com
akeo.ie
apple.com
avantbrowser.com
avast.com
avg.com
anti-virus.by
bitdefender.com
bleepingcomputer.com
cnet.com
cwfservice.net
dell.com
devbuilds.kaspersky-labs.com
digitalrivercontent.net
divx.com
download.drp.su
download.eset.com
download.esetnod32.ru
download.geo.drweb.com
download.zillya.com
easeus.com
filehippo.com
foxitsoftware.com
fraps.com
garr.it
gimp.org
googleapis.com
google.com
googlesyndication.com
gvt1.com
hitmanpro.com
hp.com
htc.com
intel.com
justbasic.com
kmplayer.com
lenovo.com
lexmark.com
logitech.com
macromedia.com
majorgeeks.com
mcafee.com
microsoft.com
mozilla.net
msi.com
nai.com
notepad-plus-plus.org
nvidia.com
on.net
oracle.com
p4dragon.com
pandasoftware.com
pdfwordconverter.net
portableapps.com
pysoft.com
rarlab.com
rarsoft.com
real.com
ricoh.com
samsung.com
samsungdp.com
samsungimaging.com
skype.com
softpedia.com
sonymobile.com
sourceforge.net
sun.com
surfright.nl
symantecliveupdate.com
teamviewer.com
toshiba.com
tucows.com
vba.com.by
videolan.org
windowsupdate.com
win-rar.com
winzip.com
wsusoffline.net
xboxlive.com
yahoodns.net
yandex.net
zdnet.com

# have script tags in ad links

emediate.dk

# appeared on malwareurls.joxeankoret.com

pinterest.com
tinypic.com
s3.amazonaws.com

# appeared on malwaredomains.com

atw.hu
gandi.net

# appeared on malwaredomainlist.com

hausnet.ru
triangleservicesltd.com

# Reference: https://answers.microsoft.com/en-us/msoffice/forum/msoffice_outlook-mso_winother-mso_o365b/sync-euexebid/a2f18771-d49a-44dc-8c2a-0dac6a8eb0b2

sync-eu.exe.bid

# appeared on malc0de.com

msecnd.net
lang-8.com
popads.net
c1.popads.net
githubusercontent.com

# appeared on malwarepatrol.net

hdwallpapers.in
alicdn.com
pr-link.at
esc.net.au
starlan.com
pastebin.com
imgur.com
alicdn.com
wordpress.org
iobit.com
static.xvideos.com
hanstrackr.com
bitly.com
silvergames.com
easydriverpro.com
sc01.alicdn.com
sc02.alicdn.com
any-video-converter.com
adriaticsailor.com
setitagila.ru
imganuncios.mitula.net
napravi-sam.com

# web (JS) miners appearing as "malware" on malwarepatrol.net

coin-hive.com
jsecoin.com
cryptoloot.pro
webassembly.stream
ppoi.org
xmrstudio
webmine.pro
miner.start
allfontshere.press
freecontent.bid
freecontent.date
freecontent.faith
freecontent.party
freecontent.science
freecontent.stream
freecontent.trade
hostingcloud.accountant
hostingcloud.bid
hostingcloud.date
hostingcloud.download
hostingcloud.faith
hostingcloud.loan
jshosting.bid
jshosting.date
jshosting.download
jshosting.loan
jshosting.party
jshosting.racing
jshosting.review
jshosting.stream
jshosting.trade
jshosting.win

# triggering suspicious http request

216.58.214.76
api.geograph.org.uk
api.facebook.com
codepen.io
graph.facebook.com
google-analytics.com
htccode.com
imei.info
imeipro.info
quackit.com
query.yahooapis.com
sanasecurity.com
sim-unlock.net
sqlzoo.net
symcb.com
symcd.com
victronenergy.com

# old compromised sites on cybercrime-tracker.net

gripa.hr
czk-cakovec.hr
nk-slaven-belupo.hr
fongyeh.com.tw
ee.ncu.edu.tw
hupt.hr

# found as false positive on cybercrime-tracker.net

geocities.ws

# found as false positive on urlvir.com

pdf-archive.com
discordapp.com
cl.ly

# found as false positive on abuse.ch

citibank.com

# found as false positive in otx.alienvault.com

digicert.com
globalsign.net
creativecommons.org
arstechnica.co.uk
hpe.com
doubleclick.net
sify.com
publicdomainregistry.com

# DNSBL/RBL/MHR

abuse.ch
abuseat.org
ahbl.org
anticaptcha.net
apews.org
aupads.org
backscatterer.org
barracudacentral.org
berkeley.edu
bit.nl
blocklist.de
blocklist.messaging.microsoft.com
blogspambl.com
burnt-tech.com
choon.net
cyberlogic.net
cymru.com
digibase.ca
dns-servicios.com
dronebl.org
efnetrbl.org
emailbasura.org
fabel.dk
fast.net
five-ten-sg.com
fusionzero.com
gbudb.net
gremlin.ru
gweep.ca
iip.lu
imp.ch
inps.de
interserver.net
jippg.org
justspam.org
kempt.net
kundenserver.de
lashback.com
leadmon.net
mailblacklist.com
mailspike.org
manitu.net
mcafee.com
me.uk
megarbl.net
nether.net
njabl.org
orbitrbl.com
org.cn
pedantic.org
polarcomm.net
pte.hu
rbl.jp
redhawk.org
rothen.com
rv-soft.info
s5h.net
sectoor.de
senderscore.com
services.net
solid.net
sorbs.net
spamcannibal.org
spamcop.net
spameatingmonkey.net
spamgrouper.com
spamhaus.org
spamrats.com
surbl.org
surriel.com
swinog.ch
technovision.dk
tornevall.org
trblspam.com
triumf.ca
uceprotect.net
unsubscore.com
v4bl.org
webequipped.com
woody.ch
wpbl.info

# SonicWall

webcfs07.com

# Reference: http://www.blalert.com/dnsbls

0spam.fusionzero.com
88.blacklist.zap
all.rbl.jp
all.s5h.net
all.spam-rbl.fr
aspews.ext.sorbs.net
b.barracudacentral.org
backscatter.spameatingmonkey.net
bad.psky.me
badconf.rhsbl.sorbs.net
badhost.stopspam.org
badnets.spameatingmonkey.net
bl.blocklist.de
bl.deadbeef.com
bl.drmx.org
bl.emailbasura.org
bl.konstant.no
bl.mailspike.net
bl.mav.com.br
bl.scientificspam.net
bl.spamcannibal.org
bl.spamcop.net
bl.spameatingmonkey.net
bl.spamstinks.com
bl.suomispam.net
blackholes.five-ten-sg.com
blacklist.sci.kun.nl
blacklist.woody.ch
block.dnsbl.sorbs.net
block.stopspam.org
bogon.spam-rbl.fr
bogons.cymru.com
bsb.empty.us
cbl.abuseat.org
cbl.anti-spam.org.cn
cblplus.anti-spam.org.cn
cdl.anti-spam.org.cn
cidr.bl.mcafee.com
combined.abuse.ch
combined.rbl.msrbl.net
db.wpbl.info
dnsbl-1.uceprotect.net
dnsbl-2.uceprotect.net
dnsbl-3.uceprotect.net
dnsbl.ahbl.org
dnsbl.anticaptcha.net
dnsbl.aspnet.hu
dnsbl.burnt-tech.com
dnsbl.cobion.com
dnsbl.cyberlogic.net
dnsbl.dronebl.org
dnsbl.inps.de
dnsbl.ipocalypse.net
dnsbl.justspam.org
dnsbl.kempt.net
dnsbl.madavi.de
dnsbl.njabl.org
dnsbl.openresolvers.org
dnsbl.proxybl.org
dnsbl.rv-soft.info
dnsbl.rymsho.ru
dnsbl.sorbs.net
dnsbl.tornevall.org
dnsbl.zapbl.net
dnsblchile.org
dnsrbl.org
dnsrbl.swinog.ch
drone.abuse.ch
dsl.spam-rbl.fr
duinv.aupads.org
dul.dnsbl.sorbs.net
dul.pacifier.net
dul.ru
dyna.spamrats.com
dynip.rothen.com
escalations.dnsbl.sorbs.net
exitnodes.tor.dnsbl.sectoor.de
free.v4bl.org
gl.suomispam.net
hartkore.dnsbl.tuxad.de
hostkarma.junkemailfilter.com
http.dnsbl.sorbs.net
images.rbl.msrbl.net
ipbl.mailhosts.org
ipbl.zeustracker.abuse.ch
ips.backscatterer.org
ix.dnsbl.manitu.net
korea.services.net
l2.apews.org
list.blogspambl.com
lookup.dnsbl.iip.lu
mail-abuse.blacklist.jippg.org
mail-abuse.com
misc.dnsbl.sorbs.net
netbl.spameatingmonkey.net
netblock.pedantic.org
netscan.rbl.blockedservers.com
new.spam.dnsbl.sorbs.net
nomail.rhsbl.sorbs.net
noptr.spamrats.com
ohps.dnsbl.net.au
old.spam.dnsbl.sorbs.net
omrs.dnsbl.net.au
orvedb.aupads.org
osps.dnsbl.net.au
osrs.dnsbl.net.au
owfs.dnsbl.net.au
owps.dnsbl.net.au
pbl.spamhaus.org
phishing.rbl.msrbl.net
pofon.foobar.hu
probes.dnsbl.net.au
problems.dnsbl.sorbs.net
proxies.dnsbl.sorbs.net
proxy.bl.gweep.ca
proxy.block.transip.nl
psbl.surriel.com
rbl.abuse.ro
rbl.blakjak.net
rbl.blockedservers.com
rbl.choon.net
rbl.dns-servicios.com
rbl.efnetrbl.org
rbl.fasthosts.co.uk
rbl.interserver.net
rbl.iprange.net
rbl.lugh.ch
rbl.megarbl.net
rbl.orbitrbl.com
rbl.polarcomm.net
rbl.schulte.org
rbl.talkactive.net
rbl.tdk.net
rbl.zenon.net
rdts.dnsbl.net.au
recent.spam.dnsbl.sorbs.net
relays.bl.gweep.ca
relays.bl.kundenserver.de
relays.dnsbl.sorbs.net
relays.nether.net
residential.block.transip.nl
rhsbl.sorbs.net
ricn.dnsbl.net.au
rmst.dnsbl.net.au
safe.dnsbl.sorbs.net
sbl.spamhaus.org
service.mailblacklist.com
short.rbl.jp
shortlist.mailhosts.org
singular.ttk.pte.hu
smtp.dnsbl.sorbs.net
socks.dnsbl.sorbs.net
spam.abuse.ch
spam.dnsbl.anonmails.de
spam.dnsbl.sorbs.net
spam.pedantic.org
spam.rbl.blockedservers.com
spam.rbl.msrbl.net
spam.spam-rbl.fr
spam.spamrats.com
spamguard.leadmon.net
spamlist.or.kr
spamrbl.imp.ch
spamsources.fabel.dk
srnblack.surgate.net
st.technovision.dk
t3direct.dnsbl.net.au
tor.ahbl.org
tor.dnsbl.sectoor.de
tor.efnet.org
truncate.gbudb.net
ubl.lashback.com
ubl.unsubscore.com
v4.fullbogons.cymru.com
virbl.dnsbl.bit.nl
virus.rbl.jp
virus.rbl.msrbl.net
web.dnsbl.sorbs.net
wormrbl.imp.ch
xbl.spamhaus.org
xpews.mailhosts.org
z.mailspike.net
zen.spamhaus.org
zombie.dnsbl.sorbs.net

# Reference: https://discuss.newrelic.com/t/what-is-bam-nr-data-net/13848

bam.nr-data.net
50.31.164.166
50.31.164.175
50.31.164.174
50.31.164.165
50.31.164.173

# Spam checking service

ctmail.com

# Reference: https://github.com/hanzhang0116/BotDigger/blob/dff7f5f367932eb91e807d5beac7316c35e27a7f/OverloadDNSWebsites

uribl.com
spamhaus.org
ahbl.org
senderscore.com
dnswl.org
sorbs.net
surbl.org
dob.sibl.support-intelligence.net
spamcop.net
cbl.abuseat.org
list.dsbl.org
psbl.surriel.com
ubl.unsubscore.com
dnsbl-1.uceprotect.net
dnsbl-2.uceprotect.net
dnsbl-3.uceprotect.net
ips.backscatterer.org
ips.whitelisted.org
db.wpbl.info
dnsbl.sorbs.net
spam.abuse.ch
dnsbl.abuse.ch
dnsbl.bit.nl
dnsbl.inps.de
dnsbl.manitu.net
bl.spamcannibal.org
all.s5h.net
dnsbl.anonmails.de
aupads.org
ips.backscatterer.org
b.barracudacentral.org
bl.blocklist.de
list.blogspambl.com
bsb.empty.us
mcafee.com
dan.me.uk
rbl.dns-servicios.com
dnsbl.rv-soft.info
dul.ru
dnsbl.dronebl.org
rbl.efnetrbl.org
efnet.org
blackholes.five-ten-sg.com
dnsbl.iip.lu
spamrbl.imp.ch
dnsbl.justspam.org
dnsbl.kempt.net
mailspike.net
rbl.megarbl.net
nszones.com
dnsbl.openresolvers.org
spam.pedantic.org
rbl.jp
rbl.schulte.org
dnsbl.sectoor.de
bl.spamcannibal.org
backscatter.spameatingmonkey.net
spamgrouper.com
spamsources.fabel.dk
stopspam.org
ubl.unsubscore.com
dnsbl.zapbl.net
resl.emailreg.org
ips.whitelisted.org
sophosxl.net

# Generic

animiranifilmovi.com
bing.com
cardsgames.club
cratis.cc
defaultmailserver.com
dict.cc
dropboxusercontent.com
security-research.dyndns.org
dropbox.com
nirsoft.net
comcast.net
gmail.cm
gmail.cf
db.tt
api.zanox.ws
www.nirsoft.net/utils
glotorrents.pw
gplus.to
t.domdex.com
forestapp.cc
frog.wix.com
8.8.4.4
8.8.8.8
1.0.0.1
1.1.1.1
9.9.9.9
opendsp.com
pool.ntp.org
tru.am
put.re
2606:4700:4700::1001
2606:4700:4700::1111
msn.com
azureedge.net
rubrkik.ga
microsoftstream.com
azurewebsites.net
office.com
keep2share.cc
dropboxusercontent.com
facebook.com
es.pn
wywx.xyz
kaloo.ga
msgamestudios.com
worldssl.net
vanuatu.com.vu
sotelma.ml
robtex.com
check.googlezip.net
ingress-guard.tk
mshome.net
playx.fun

# NS of afraid.org

evergreen.v6.afraid.org

# NS of no-ip.com

nf1.no-ip.com
nf2.no-ip.com
nf3.no-ip.com
nf4.no-ip.com
nf5.no-ip.com

# Sh.ty ad / tracker networks introducing noise (e.g. long subdomain names)

adbrn.com
adsco.re
mucocutaneousmyrmecophaga.com
scorecardresearch.com
dsp.io
postaffiliatepro.com
askmediagroup.com
litix.io
ubembed.com
conviva.com
hrins.net
imrworldwide.com
casalemedia.com
advertising.com
agentanalytics.com
rs6.net
moatpixel.com
adjust.com
appsee.com
found.io
trafficmanager.net
report-uri.com
omtrdc.net
playground.xyz
app.link
lkqd.net
yoox.com
adnxs.com
ads.playground.xyz
btrll.com
mmstat.com
sdad.guru
markedup.com
yottaa.net

# Google crawlers

35.184.0.0/13

# Google

216.58.192.0/19

# Teamviewer

37.252.227.51

# SupRemo

supremodesk.com
nanosystems.it

# Microsoft's network connectivity check domain

msftncsi.com

# Microsoft's SmartScreen

ucsuri.tcs

# Reference: https://github.com/Bigjoos/U-232-V4

forum-u-232.servebeer.com

# Reference: https://apkscan.nviso.be/report/show/e2646fe8fd76bf2c2d413b056b76f7d9
# Reference: https://www.virustotal.com/#/file/71487fc3f0b75d5e75bf9ae849ee5cd80f0688428fd06103becb80432036a16e/detection
# Note: Android's Battery Doctor (FP on abuse.ch)

cfg.cml.ksmobile.com