====== Infoblox Test Domains ====== ===== Third Party Malware Domains ===== * https://urlhaus.abuse.ch/?ref=techblog.nexxwave.eu * https://cert.pl/en/warning-list/ * https://zonefiles.io/compromised-domain-list/ ===== Infoblox Test Domains ===== Domains that can be used for testing RPZ / Feed configuration. ^ Domain ^ Property ^ Threat Level ^ RPZ (Links to CSP page) ^ | antimalware.eicar.network | MalwareC2_Generic | 100 | [[https://csp.infoblox.com/#/security_research/search/auto/antimalware.eicar.network/summary|Infoblox-Base]] | | base.eicar.network | APT_Generic | 100 | [[https://csp.infoblox.com/#/security_research/search/auto/base.eicar.network/summary|Infoblox-Base]]| | malware-dga.eicar.network | MalwareC2DGA_BackdoorRAT | 100 | [[https://csp.infoblox.com/#/security_research/search/auto/malware-dga.eicar.network/summary|Malware_DGA]] | | ransomware.eicar.network | MalwareC2DGA_CryptoLocker | 100 | [[https://csp.infoblox.com/#/security_research/search/auto/ransomware.eicar.network/summary|Ransomware]] | | cryptocurrency.eicar.network | Cryptocurrency_Generic | 100 | [[https://csp.infoblox.com/#/security_research/search/auto/cryptocurrency.eicar.network/summary|Cryptocurrency]] | | public-doh.eicar.network | InternetInfrastructure_DoHService | 100 | [[https://csp.infoblox.com/#/security_research/search/auto/public-doh.eicar.network/summary|Public_DOH]] | | suspicious.eicar.network | Suspicious_Behavior | 100 | [[https://csp.infoblox.com/#/security_research/search/auto/suspicious.eicar.network/summary|Suspicious Domains]] | | suspicious-lookalikes.eicar.network | Suspicious_Lookalike | 100 | [[https://csp.infoblox.com/#/security_research/search/auto/suspicious-lookalikes.eicar.network/summary|Suspicious Lookalikes]] | | suspicious-noed.eicar.network | Suspicious_EmergentDomain | 100 | [[https://csp.infoblox.com/#/security_research/search/auto/suspicious-noed.eicar.network/summary|Suspicious NOED]] | | noed.eicar.network | Policy_NewlyObservedDomains | 100 | [[https://csp.infoblox.com/#/security_research/search/auto/noed.eicar.network/summary|NOED]] | | subscriberservicesurldata.eicar.network | LimitedDistro_MalwareGeneric | 100 | [[https://csp.infoblox.com/#/security_research/search/auto/subscriberservicesurldata.eicar.network/summary|Subscriber Servicess URL Data]] | | eicar.co | MaliciousNameserver_Generic | 100 | [[https://csp.infoblox.com/#/security_research/search/auto/eicar.co/summary|Infoblox-Base]] | | eicar.host | Bot_Node | 100 | [[https://csp.infoblox.com/#/security_research/search/auto/eicar.host/summary|Infoblox-Base]] | | eicar.online | Phishing_Phish | 100 | [[https://csp.infoblox.com/#/security_research/search/auto/eicar.online/summary|Infoblox-Base]] | | eicar.parts | MalwareC2_Locky | 100 | [[https://csp.infoblox.com/#/security_research/search/auto/eicar.parts/summary|Infoblox-Base]] | | eicar.pro | MalwareC2DGA_CryptoLocker | 100 | [[https://csp.infoblox.com/#/security_research/search/auto/eicar.pro/summary|Infoblox-Base]] | | eicar.pw | CompromisedHost_Generic & MalwareC2DGA_Locky | 100 | [[https://csp.infoblox.com/#/security_research/search/auto/eicar.pro/summary|Infoblox-Base]] | | eicar.stream | Sinkhole_Generic | 100 | [[https://csp.infoblox.com/#/security_research/search/auto/eicar.pw/summary|Infoblox-Base]] | | eicar.tech | MalwareC2DGA_Generic | 100 | [[https://csp.infoblox.com/#/security_research/search/auto/eicar.tech/summary|Infoblox-Base]] | | eicar.top | MalwareC2_Generic | 100 | [[https://csp.infoblox.com/#/security_research/search/auto/eicar.top/summary|Infoblox-Base]] | | eicar.us | MalwareDownload_Generic | 100 | [[https://csp.infoblox.com/#/security_research/search/auto/eicar.us/summary|Infoblox-Base]] | | eicar.website | MalwareC2DGA_BackdoorRAT | 100 | [[https://csp.infoblox.com/#/security_research/search/auto/eicar.website/summary|Infoblox-Base]] | | sinkhole.eicar.network | Sinkhole_Generic | 100 | [[https://csp.infoblox.com/#/security_research/search/auto/sinkhole.eicar.network/summary|Infoblox-Base]] | | exploitkit.eicar.network | ExploitKit_Generic | 100 | [[https://csp.infoblox.com/#/security_research/search/auto/exploitkit.eicar.network/summary|Infoblox-Base]] | | compromisedhost.eicar.network | CompromisedHost_Generic | 100 | [[https://csp.infoblox.com/#/security_research/search/auto/compromisedhost.eicar.network/summary|Infoblox-Base]] | | compromiseddomain.eicar.network | CompromisedDomain_Generic | 100 | [[https://csp.infoblox.com/#/security_research/search/auto/compromiseddomain.eicar.network/summary|v]] | | maliciousnameserver.eicar.network | MaliciousNameserver_Generic | 100 | [[https://csp.infoblox.com/#/security_research/search/auto/maliciousnameserver.eicar.network/summary|Infoblox-Base & DHS_AIS_Domain]] | | apt.eicar.network | APT_Generic | 100 | [[https://csp.infoblox.com/#/security_research/search/auto/apt.eicar.network/summary|Infoblox-Base & DHS_AIS_Domain]] | | phishing.eicar.network | Phishing_Generic | 100 | [[https://csp.infoblox.com/#/security_research/search/auto/phishing.eicar.network/summary|Infoblox-Base & DHS_AIS_Domain]] | | malwarec2.eicar.network | MalwareC2_Generic | 100 | [[https://csp.infoblox.com/#/security_research/search/auto/malwarec2.eicar.network/summary|Infoblox-Base & DHS_AIS_Domain]] | | malwaredownload.eicar.network | MalwareDownload_Generic | 100 | [[https://csp.infoblox.com/#/security_research/search/auto/malwaredownload.eicar.network/summary|Infoblox-Base & DHS_AIS_Domain]] | | ics.eicar.network | ICS_Generic | 100 | [[https://csp.infoblox.com/#/security_research/search/auto/ics.eicar.network/summary|Infoblox-Base]] | | malwarec2dga.eicar.network | MalwareC2DGA_Generic | 100 | [[https://csp.infoblox.com/#/security_research/search/auto/malwarec2dga.eicar.network/summary|Infoblox-Base]] | | webappattack.eicar.network | WebAppAttack_Generic | 100 | [[https://csp.infoblox.com/#/security_research/search/auto/webappattack.eicar.network/summary|Infoblox-Base]] | ===== SURBL ===== * test.surbl.org [[https://csp.infoblox.com/#/security_research/search/auto/test.surbl.org/summary|SURBL_Multi & SURBL_Lite]] * test.multi.surbl.org [[https://csp.infoblox.com/#/security_research/search/auto/test.multi.surbl.org/summary|SURBL_Multi & SURBL_Lite]] * surbl-org-permanent-test-point.com - [[https://csp.infoblox.com/#/security_research/search/auto/surbl-org-permanent-test-point.com/summary|SURBL_Multi & SURBL_Lite]] ===== Public Domains Useful for Testing NIOS RPZ ===== This is useful when also testing RPZ re-rewrite capability * rpztest.test.macware.net - 1.2.3.4 * a.rpztest.test.macware.net - 2.2.2.2 * b.rpztest.test.macware.net - 1.1.1.1 * c.rpztest.test.macware.net - 4.4.4.4 * d.rpztest.test.macware.net - 5.5.5.5 ===== Cloudflare ===== Cloudflare has [[https://developers.cloudflare.com/1.1.1.1/setup|test domains]]. Cloudflare returns 0.0.0.0 if the fully qualified domain name (FQDN) or IP in a DNS query is classified as malicious. These are not filtered by 1.1.1.1 but are filtered by 1.1.1.2 (malware) and 1.1.1.3 (malware+adult) * Malware - malware.testcategory.com * Adult - nudity.testcategory.com ===== OpenDNS/Cisco ===== [[https://support.umbrella.com/hc/en-us/articles/230903728-How-To-Successfully-test-to-ensure-you-re-running-Umbrella-correctly|Home page]] * Adult - www.exampleadultsite.com * Phishing - www.internetbadguys.com * Malware - www.examplemalwaredomain.com * C2 - www.examplebotnetdomain.com