infoblox_threat_defense:test

Domains that can be used for testing RPZ / Feed configuration.

Domain	Property	Threat Level	RPZ (Links to CSP page)
antimalware.eicar.network	MalwareC2_Generic	100	Infoblox-Base
base.eicar.network	APT_Generic	100	Infoblox-Base
malware-dga.eicar.network	MalwareC2DGA_BackdoorRAT	100	Malware_DGA
ransomware.eicar.network	MalwareC2DGA_CryptoLocker	100	Ransomware
cryptocurrency.eicar.network	Cryptocurrency_Generic	100	Cryptocurrency
public-doh.eicar.network	InternetInfrastructure_DoHService	100	Public_DOH
suspicious.eicar.network	Suspicious_Behavior	100	Suspicious Domains
suspicious-lookalikes.eicar.network	Suspicious_Lookalike	100	Suspicious Lookalikes
suspicious-noed.eicar.network	Suspicious_EmergentDomain	100	Suspicious NOED
noed.eicar.network	Policy_NewlyObservedDomains	100	NOED
subscriberservicesurldata.eicar.network	LimitedDistro_MalwareGeneric	100	Subscriber Servicess URL Data
eicar.co	MaliciousNameserver_Generic	100	Infoblox-Base
eicar.host	Bot_Node	100	Infoblox-Base
eicar.online	Phishing_Phish	100	Infoblox-Base
eicar.parts	MalwareC2_Locky	100	Infoblox-Base
eicar.pro	MalwareC2DGA_CryptoLocker	100	Infoblox-Base
eicar.pw	CompromisedHost_Generic & MalwareC2DGA_Locky	100	Infoblox-Base
eicar.stream	Sinkhole_Generic	100	Infoblox-Base
eicar.tech	MalwareC2DGA_Generic	100	Infoblox-Base
eicar.top	MalwareC2_Generic	100	Infoblox-Base
eicar.us	MalwareDownload_Generic	100	Infoblox-Base
eicar.website	MalwareC2DGA_BackdoorRAT	100	Infoblox-Base
sinkhole.eicar.network	Sinkhole_Generic	100	Infoblox-Base
exploitkit.eicar.network	ExploitKit_Generic	100	Infoblox-Base
compromisedhost.eicar.network	CompromisedHost_Generic	100	Infoblox-Base
compromiseddomain.eicar.network	CompromisedDomain_Generic	100	v
maliciousnameserver.eicar.network	MaliciousNameserver_Generic	100	Infoblox-Base & DHS_AIS_Domain
apt.eicar.network	APT_Generic	100	Infoblox-Base & DHS_AIS_Domain
phishing.eicar.network	Phishing_Generic	100	Infoblox-Base & DHS_AIS_Domain
malwarec2.eicar.network	MalwareC2_Generic	100	Infoblox-Base & DHS_AIS_Domain
malwaredownload.eicar.network	MalwareDownload_Generic	100	Infoblox-Base & DHS_AIS_Domain
ics.eicar.network	ICS_Generic	100	Infoblox-Base
malwarec2dga.eicar.network	MalwareC2DGA_Generic	100	Infoblox-Base
webappattack.eicar.network	WebAppAttack_Generic	100	Infoblox-Base

test.surbl.org SURBL_Multi & SURBL_Lite
test.multi.surbl.org SURBL_Multi & SURBL_Lite
surbl-org-permanent-test-point.com - SURBL_Multi & SURBL_Lite

This is useful when also testing RPZ re-rewrite capability

rpztest.test.macware.net - 1.2.3.4
a.rpztest.test.macware.net - 2.2.2.2
b.rpztest.test.macware.net - 1.1.1.1
c.rpztest.test.macware.net - 4.4.4.4
d.rpztest.test.macware.net - 5.5.5.5

Cloudflare has test domains.

Cloudflare returns 0.0.0.0 if the fully qualified domain name (FQDN) or IP in a DNS query is classified as malicious.

These are not filtered by 1.1.1.1 but are filtered by 1.1.1.2 (malware) and 1.1.1.3 (malware+adult)

Malware - malware.testcategory.com
Adult - nudity.testcategory.com

Home page

Table of Contents

Infoblox Test Domains

Third Party Malware Domains

Infoblox Test Domains

SURBL

Public Domains Useful for Testing NIOS RPZ

Cloudflare

OpenDNS/Cisco