# List of "Forbidden" (blocked) names & CIDRs

# This is a list of forbidden names and CIDRs that are often used in phishing
# attacks. We won't resolve these hostnames to their embedded IP address (e.g.
# we won't resolve "raiffeisen.94.228.116.140.sslip.io" to 94.228.116.140);
# instead, we'll resolve it to one of our server's, ns-aws.sslip.io's, IP
# addresses, 52.0.56.137 or 2600:1f18:aaf:6900::a.  Similarly, we won't resolve
# nf-43-134-66-67.sslip.io to 43.134.66.67 because it falls within one of our
# blocked CIDRs (43.134.66.67/24).

# Forbidden names are resolved as expected for private networks (e.g.
# "raiffeisen.192.168.0.1.sslip.io" resolves to 192.168.0.1) because they
# aren't publicly accessible & thus can't be used for phishing attempts.

# File format: blank lines are ignored, "#" are comments and are ignored. One
# name or CIDR per line.

raiffeisen # https://www.rbinternational.com/en/homepage.html
43-134-66-67 # Netflix, https://nf-43-134-66-67.sslip.io/sg
43.134.66.67/24 # Netflix
2601:646:100:69f7:cafe:bebe:cafe:bebe/112 # personal (Comcast) IPv6 range for testing blocklist
139.198.158.74/32 # @yongzhi-weee: not obtain/acquiring a ICP license
20.55.32.72 # hxxps://bofa-tablas-v2.20-55-32-72[.]sslip[.]io/#/user
91.107.178.82/32 # Linkedin Phishing
45.82.251.70/32 # ??
68.183.106.84/32 # EasyWeb Login
188.64.13.153/32 # https://188.64.13.153.sslip.io/business Facebook phishing
185.229.65.160/32 # ¿"benarponpombahk"?
185.248.144.24/32 # CommBank
5.206.224.115/32 # ABNAMRO.nl
37.28.157.12/32 # Belfius Bank, also Argenta.be
5.182.36.181/32 # Protonmail
34.125.139.171/32 # Linkedin
194.99.79.28/32  # LinkedIn
107.189.5.14/32 # amazon.co.jp
79.137.202.34/32 # "The Global Fund"
45.156.24.10/32 # amazon.co.jp
91.107.154.247/32 # United Nations Population Fund UNFPA