infoblox_threat_defense:test_domains
This is an old revision of the document!
Table of Contents
Infoblox Test Domains
Domains that can be used for testing RPZ / Feed configuration.
Infoblox Test Threats
| Domain | Property | Threat Level | RPZ (Links to CSP page) |
|---|---|---|---|
| antimalware.eicar.network | MalwareC2_Generic | 100 | Infoblox-Base |
| base.eicar.network | APT_Generic | 100 | BaseInfoblox-Base| | malware-dga.eicar.network | MalwareC2DGA_BackdoorRAT | 100 | [[https://csp.infoblox.com/#/security_research/search/auto/malware-dga.eicar.network/summary|Malware_DGA |
| ransomware.eicar.network | MalwareC2DGA_CryptoLocker | 100 | Ransomeware |
| cryptocurrency.eicar.network | Cryptocurrency_Generic | 100 | Cryptocurrency |
| public-doh.eicar.network | InternetInfrastructure_DoHService | 100 | Public_DOH |
| suspicious.eicar.network | Suspicious_Behavior | 100 | Suspicious Domains |
| suspicious-lookalikes.eicar.network | Suspicious_Lookalike | 100 | Suspicious Lookalikes |
| suspicious-noed.eicar.network | Suspicious_EmergentDomain | 100 | Suspicious NOED |
| noed.eicar.network | Policy_NewlyObservedDomains | 100 | NOED |
| subscriberservicesurldata.eicar.network (not live yet) | 100 | Subscriber Servicess URL Data | |
| eicar.co | MaliciousNameserver_Generic | 100 | Base |
| eicar.host | Bot_Node | 100 | Base |
| eicar.online | Phishing_Phish | 100 | AntiMalware |
| eicar.parts | MalwareC2_Locky | 100 | AntiMalware |
| eicar.pro | MalwareC2DGA_CryptoLocker | 100 | Ransomeware |
| eicar.pw | CompromisedHost_Generic & MalwareC2DGA_Locky | 100 | Base & Ransomware |
| eicar.stream | Sinkhole_Generic | 100 | Base |
| eicar.tech | MalwareC2DGA_Generic | 100 | Malware_DGA |
| eicar.top | MalwareC2_Generic | 100 | AntiMalware |
| eicar.us | MalwareDownload_Generic | 100 | AntiMalware |
| eicar.website | MalwareC2DGA_BackdoorRAT | 100 | Malware_DGA |
| sinkhole.eicar.network | Sinkhole_Generic | 100 | Base |
| exploitkit.eicar.network | ExploitKit_Generic | 100 | Base |
| compromisedhost.eicar.network | CompromisedHost_Generic | 100 | Base |
| compromiseddomain.eicar.network | CompromisedDomain_Generic | 100 | Base |
| maliciousnameserver.eicar.network | MaliciousNameserver_Generic | 100 | Base & DHS_AIS_Domain |
| apt.eicar.network | APT_Generic | 100 | AntiMalware & DHS_AIS_Domain |
| phishing.eicar.network | Phishing_Generic | 100 | AntiMalware & DHS_AIS_Domain |
| malwarec2.eicar.network | MalwareC2_Generic | 100 | AntiMalware & DHS_AIS_Domain |
| malwaredownload.eicar.network | MalwareDownload_Generic | 100 | AntiMalware & DHS_AIS_Domain |
| ics.eicar.network | ICS_Generic | 100 | DHS_AIS_Domain |
| malwarec2dga.eicar.network | MalwareC2DGA_Generic | 100 | Malware_DGA |
| webappattack.eicar.network | WebAppAttack_Generic | 100 | none |
SURBL
- test.surbl.org SURBL_Multi & SURBL_Lite
- test.multi.surbl.org SURBL_Multi & SURBL_Lite
- surbl-org-permanent-test-point.com - SURBL_Multi & SURBL_Lite
Public Domains Useful for Testing NIOS RPZ
This is useful when also testing RPZ re-rewrite capability
- rpztest.test.macware.net - 1.2.3.4
- a.rpztest.test.macware.net - 2.2.2.2
- b.rpztest.test.macware.net - 1.1.1.1
- c.rpztest.test.macware.net - 4.4.4.4
- d.rpztest.test.macware.net - 5.5.5.5
Cloudflare
Cloudflare has test domains.
Cloudflare returns 0.0.0.0 if the fully qualified domain name (FQDN) or IP in a DNS query is classified as malicious.
These are not filtered by 1.1.1.1 but are filtered by 1.1.1.2 (malware) and 1.1.1.3 (malware+adult)
- Malware - malware.testcategory.com
- Adult - nudity.testcategory.com
OpenDNS/Cisco
- Adult - www.exampleadultsite.com
- Phishing - www.internetbadguys.com
- Malware - www.examplemalwaredomain.com
infoblox_threat_defense/test_domains.1735825879.txt.gz · Last modified: by bstafford