Comment by cbsks
1 day ago
What’s up with wvdbozpfc.com?
There’s a bunch of random looking domain names: cmidphnvq.com, rpqihexdb.com, facebook.com. I’d guess they for advertising?
1 day ago
What’s up with wvdbozpfc.com?
There’s a bunch of random looking domain names: cmidphnvq.com, rpqihexdb.com, facebook.com. I’d guess they for advertising?
I looked up a couple. They're cloudflare regional servers.
Or malware, those would typically be fairly random domain names that are queried for updates or instructions by a large number of infected devices.
That's what I'm thinking too. That would suggest some very large operational botnets ... :-/
Or they query the DNS very often. Most devices have DNS caching, so if things like tiktok.com end up there, there must be a loot of devices (also, a lot of subdomains, which aren't visible in these lists).
Are there host lists for pihole/adguard/ublock for these kinds of domains?
I'd assume the domains change regularly if it's malware or bot networks, but because they rank so high in this list, it sounds like it should be feasible to keep a blocklist somewhat up to date.
It could also be ad networks; create random domains and subdomains so that simple domain blocklists are difficult to keep up to date efficiently (or at least, so that constant maintenance is required).
https://gitlab.com/malware-filter
Some of these lists are already in uBO out of the box.
It could be a good pattern for spam/ads organizations, changing the random domain name as soon as traffic drops because the actual ones ended in enough blocklists.
Also blockdh100b ?
router.blockdh100b.net resolves
so does router.blockdh100c.co