From a92ef80539cd81df367fde2b3de2e6ae50f93640 Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Thu, 12 Oct 2023 08:43:01 +0200
Subject: [PATCH] new: [findip-host] New warning-list for known hostname used
 to lookup source IP of the resolver

---
 lists/findip-host/list.json | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
 create mode 100644 lists/findip-host/list.json

diff --git a/lists/findip-host/list.json b/lists/findip-host/list.json
new file mode 100644
index 0000000..170b017
--- /dev/null
+++ b/lists/findip-host/list.json
@@ -0,0 +1,16 @@
+{
+  "description": "Event contains one or more entries of known hostname querying your source IP.",
+  "list": [
+    "whoami.akamai.net",
+    "ip.parrotdns.com",
+    "api.extralargecoffee.com"
+  ],
+  "matching_attributes": [
+    "domain",
+    "hostname",
+    "domain|ip"
+  ],
+  "name": "List of known hostname used for querying your source IP. This can be used as exclusion for your Passive DNS lookup.",
+  "type": "hostname",
+  "version": 1
+}