KrakenTech/RMM-Hunter
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add README, .gitignore, and refactor common detection constants

Browse Source
This commit is contained in:
Evan Hosinski
2025-10-10 16:20:55 -04:00
parent e2015b3df2
commit f48178f450
7 changed files with 764 additions and 92 deletions
Download Patch File Download Diff File Expand all files Collapse all files
internal/pkg/hunt/detect/common/imageSuffixes.go
+943
View File
@@ -0,0 +1,943 @@
package common
var CommonImageSuffixes = []string{
"\\9380CC75B872221A7425D7503565B67580407F60",
"\\AEMAgent.exe",
"\\AMMYY_Admin.exe",
"\\ARDAgent.app",
"\\AcronisCyberProtectConnectAgent.exe",
"\\AcronisCyberProtectConnectQuickAssist*.exe",
"\\AeroAdmin.exe",
"\\AgentSetup-*.exe",
"\\Agent_*_RW.exe",
"\\AgentlessRC.exe",
"\\ArcUI.exe",
"\\AweSun.exe",
"\\BASEClient.exe",
"\\BASupApp.exe",
"\\BASupAppElev.exe",
"\\BASupAppSrvc.exe",
"\\BASupSrvc.exe",
"\\BASupSrvcCnfg.exe",
"\\BASupSysInf.exe",
"\\BASupTSHelper.exe",
"\\Beinsync*.exe",
"\\G2RDesktopConsole-x64.msi",
"\\MobaXterm_installer_12.1.msi",
"\\SecureCRT.EXE",
"\\ZA_Access.exe",
"\\kitty.exe",
"\\ngrok.zip",
"\\nxplayer.exe",
"\\puttytray.exe",
"\\AlpemixService.exe",
"\\Radmin.exe",
"\\ScreenConnect.ClientService.exe",
"\\UltraViewer_Desktop.exe",
"\\AMMYY_Admin.exe",
"\\ExtraPuTTY-0.30-2016-01-28-installer.exe",
"\\Insync.exe",
"\\rserver3.exe",
"\\mstsc.exe",
"\\CBBackupPlan.exe",
"\\CagService.exe",
"\\Cloud.Backup.RM.Service.exe",
"\\Cloud.Backup.Scheduler.exe",
"\\CloudRaCmd.exe",
"\\CloudRaSd.exe",
"\\CloudRaService.exe",
"\\CloudRaUtilities.exe",
"\\ComodoRemoteControl.exe",
"\\Connect.Backdrop.cloud*.exe",
"\\Connect.exe",
"\\ConnectAppSetup*.exe",
"\\ConnectDetector.exe",
"\\ConnectShellSetup*.exe",
"\\ConnectWiseControl*.exe",
"\\CrossLoopConnect.exe",
"\\DSGuest.exe",
"\\DameWare Mini Remote Control*.exe",
"\\DameWare Remote Support.exe",
"\\DeskRollUA.exe",
"\\Deskroll.exe",
"\\Domotz Pro Desktop App Setup*.exe",
"\\Domotz Pro Desktop App.exe",
"\\ERAAgent.exe",
"\\EricomConnectRemoteHost*.exe",
"\\FastViewer.exe",
"\\FixMeit Client.exe",
"\\FixMeit Expert Setup.exe",
"\\FixMeit Unattended Access Setup.exe",
"\\FixMeitClient*.exe",
"\\GetScreen.exe",
"\\GoTo Assist Opener.exe",
"\\GotoHTTP*.exe",
"\\GotoHTTP_x64.exe",
"\\GovAgentInstallHelper.exe",
"\\GovAgentx64.exe",
"\\GovReachClient.exe",
"\\HelpuManager.exe",
"\\HelpuUpdater.exe",
"\\I'm InTouch Go Installer.exe",
"\\ISLLight.exe",
"\\ISLLightClient.exe",
"\\ITSMAgent.exe",
"\\ITSMService.exe",
"\\ITarianRemoteAccessSetup.exe",
"\\Idrive.File-Transfer",
"\\ImperoClientSVC.exe",
"\\ImperoInit.exe",
"\\InstallShield Setup.exe",
"\\InstantHousecall.exe",
"\\ItsmRsp.exe",
"\\IvantiRemoteControl.exe",
"'\\JumpCloud*.exe '",
"\\KHelpDesk.exe",
"\\Kabuto.App.Runner.exe",
"\\Kabuto.Installer.exe",
"\\Kabuto.Service.Runner.exe",
"\\KabutoSetup.exe",
"\\LANDeskPortalManager.exe",
"\\MEAgentHelper.exe",
"\\ManageEngine_Remote_Access_Plus.exe",
"\\ManualLauncher.exe",
"\\Microsoft Remote Desktop",
"\\MonitoringAgent.exe",
"\\NTRsupportPro_EN.exe",
"\\Netop Ondemand.exe",
"\\NinjaRMMAgenPatcher.exe",
"\\NinjaRMMAgent.exe",
"\\OOSysAgent.exe",
"\\OTPowerShell.exe",
"\\OTService.exe",
"\\OnionShare-win*.msi",
"\\Online Backup.exe",
"\\OrayRemoteService.exe",
"\\OrayRemoteShell.exe",
"\\PAExec-*.exe",
"\\PCIVIDEO.EXE",
"\\PCMonitorManager.exe",
"\\Pilixo_Installer*.exe",
"\\QQProtect.exe",
"\\RAccess.exe",
"\\RDConsole.exe",
"\\RDPCheck.exe",
"\\RDPConf.exe",
"\\RDPWInst.exe",
"\\RDesktop.exe",
"\\RHost.exe",
"\\ROMFUSClient.exe",
"\\ROMServer.exe",
"\\RViewer.exe",
"\\Remote Desktop.exe",
"\\Remote Workforce Client.exe",
"\\RemotePC.exe",
"\\RemotePCService.exe",
"\\RmmService.exe",
"\\RocketRemoteDesktop_Setup.exe",
"\\SMPCSetup.exe",
"\\SRManager.exe",
"\\SRServer.exe",
"\\ScreenMeet.Support.exe",
"\\ScreenMeetSupport.exe",
"\\SensoClient.exe",
"\\SensoService.exe",
"\\ServiceProxyLocalSys.exe",
"\\Site24x7PluginAgent.exe",
"\\Site24x7WindowsAgentTrayIcon.exe",
"\\SolarWinds-Dameware-DRS*.exe",
"\\SolarWinds-Dameware-MRC*.exe",
"\\Sorillus Launcher.exe",
"\\Sorillus-Launcher*.exe",
"\\SplashtopSOS.exe",
"\\Splashtop_Streamer_Windows*.exe",
"\\Syncro.App.Runner.exe",
"\\Syncro.Installer.exe",
"\\Syncro.Overmind.Service.exe",
"\\Syncro.Service.exe",
"\\SyncroLive.Agent.exe",
"\\SyncroLive.Service.exe",
"\\TPowerShell.exe",
"\\TSClient.exe",
"\\TakeControl.exe",
"\\TaniumCX.exe",
"\\TaniumClient.exe",
"\\TaniumExecWrapper.exe",
"\\TaniumFileInfo.exe",
"\\TeamTaskManager.exe",
"\\TiClientCore.exe",
"\\TiClientHelper*.exe",
"\\TiExpertCore.exe",
"\\TiExpertStandalone.exe",
"\\TightVNCViewerPortable*.exe",
"\\ToDesk_Service.exe",
"\\ToDesk_Setup.exe",
"\\UltraVNC*.exe",
"\\UltraViewer_Desktop.exe",
"\\UltraViewer_Service.exe",
"\\UltraViewer_setup*",
"\\WinVNCStub.exe",
"\\XSightService.exe",
"\\ZMAgent.exe",
"\\Zaservice.exe",
"\\ZohoMeeting.exe",
"\\ZohoURSService.exe",
"\\Zohours.exe",
"\\aa_v*.exe",
"\\aadg.exe",
"\\accessserver*.exe",
"\\accessserver.exe",
"\\addigy-*.pkg",
"\\aeroadmin.exe",
"\\agent32.exe",
"\\agent64.exe",
"\\agent_setup_5.exe",
"\\agentu.exe",
"\\alitask.exe",
"\\apc_host.exe",
"\\atera_agent.exe",
"\\ateraagent.exe",
"\\auvik.agent.exe",
"\\auvik.engine.exe",
"\\aweray_remote*.exe",
"\\awhost32.exe",
"\\awrem32.exe",
"\\basupsrvc.exe",
"\\basupsrvcupdate.exe",
"\\basuptshelper.exe",
"\\beamyourscreen-host.exe",
"\\beamyourscreen.exe",
"\\bomgar-pac-*.exe",
"\\bomgar-pac.exe",
"\\bomgar-rdp.exe",
"\\bomgar-scc-*.exe",
"\\bomgar-scc.exe",
"\\Duplicati.Server.exe",
"\\cbb.exe",
"\\client32.exe",
"\\clientmrinit.exe",
"\\cloudflared.exe",
"\\connectwise*.exe",
"\\connectwisechat-customer.exe",
"\\connectwisecontrol.client.exe",
"\\crossloopservice.exe",
"\\csexec.exe",
"\\ctes.exe",
"\\cteshostsvc.exe",
"\\ctespersitence.exe",
"\\ctiserv.exe",
"\\dcagentregister.exe",
"\\dcagentservice.exe",
"\\dd.exe",
"\\ddsystem.exe",
"\\desktopnow.exe",
"\\distant-desktop.exe",
"\\dntus*.exe",
"\\domotz*.exe",
"\\domotz-windows*.exe",
"\\domotz.exe",
"\\domotz_bash.exe",
"\\dwagent.exe",
"\\dwagsvc.exe",
"\\dwrcs.exe",
"\\echoserver*.exe",
"\\echoware.dll",
"\\ehorus standalone.exe",
"\\ehorus_agent.exe",
"\\einstaller.exe",
"\\era.exe",
"\\eratool.exe",
"\\ericomconnnectconfigurationtool.exe",
"\\ezHelpManager.exe",
"\\ezhelp*.exe",
"\\ezhelpclient.exe",
"\\ezhelpclientmanager.exe",
"\\fastclient.exe",
"\\fastmaster.exe",
"\\fixmeitclient.exe",
"\\fleetdeck_agent.exe",
"\\fleetdeck_agent_svc.exe",
"\\fleetdeck_commander_launcher.exe",
"\\fleetdeck_commander_svc.exe",
"\\fleetdeck_installer.exe",
"\\g2a*.exe",
"\\getscreen.exe",
"\\gotoassist.exe",
"\\gotohttp.exe",
"\\goverrmc.exe",
"\\govsrv*.exe",
"\\gp3.exe",
"\\gp4.exe",
"\\gp5.exe",
"\\grabberEM.*msi",
"\\grabberTT*.msi",
"\\guacd.exe",
"\\helpbeam*.exe",
"\\helpu_install.exe",
"\\hsloader.exe",
"\\iadmin.exe",
"\\idrive.RemotePCAgent",
"\\ihcserver.exe",
"\\iit.exe",
"\\instanthousecall.exe",
"\\intelliadmin.exe",
"\\intouch.exe",
"\\iperius.exe",
"\\iperiusremote.exe",
"\\ir_agent.exe",
"\\islalwaysonmonitor.exe",
"\\isllight.exe",
"\\isllightservice.exe",
"\\issuser.exe",
"\\itsmagent.exe",
"\\jumpclient.exe",
"\\jumpconnect.exe",
"\\jumpdesktop.exe",
"\\jumpservice.exe",
"\\jumpupdater.exe",
"\\konea.exe",
"\\landeskagentbootstrap.exe",
"\\laplink-everywhere-setup*.exe",
"\\laplink.exe",
"\\laplinkeverywhere.exe",
"\\ldinv32.exe",
"\\ldsensors.exe",
"\\level-remote-control-ffmpeg.exe",
"\\level-windows-amd64.exe",
"\\level.exe",
"\\llrcservice.exe",
"\\lmi_rescue.exe",
"\\lmnoipserver.exe",
"\\ltsvc.exe",
"\\ltsvcmon.exe",
"\\lttray.exe",
"\\mRemoteNG-Installer-*.msi",
"\\mRemoteNG.exe",
"\\meshagent*.exe",
"\\meshcentral*.exe",
"\\mgntsvc.exe",
"\\mikogo-service.exe",
"\\mikogo-starter.exe",
"\\mikogo.exe",
"\\mikogolauncher.exe",
"\\mionet.exe",
"\\mionetmanager.exe",
"\\mstsc.exe",
"\\mwcliun.exe",
"\\mygreenpc.exe",
"\\myivomanager.exe",
"\\myivomgr.exe",
"\\nateon*.exe",
"\\nateon.exe",
"\\nateonmain.exe",
"\\neturo*.exe",
"\\neturo.exe",
"\\netviewer*.exe",
"\\netviewer.exe",
"\\ngrok.exe",
"\\ngstw32.exe",
"\\nhostsvc.exe",
"\\nhstw32.exe",
"\\ninjarmm-cli.exe",
"\\ninjarmmagent.exe",
"\\nldrw32.exe",
"\\nomachine*.exe",
"\\ntrntservice.exe",
"\\nvClient.exe",
"\\nxd.exe",
"\\nxservice*.ese",
"\\ocsinventory.exe",
"\\ocsservice.exe",
"\\oo-syspectr*.exe",
"\\p9agent*.exe",
"\\paexec.exe",
"\\parallelsaccess-*.exe",
"\\pcaquickconnect.exe",
"\\pcicfgui.exe",
"\\pcictlui.exe",
"\\pcmonitorsrv.exe",
"\\pcnmgr.exe",
"\\pcstarter.exe",
"\\pcvisit-easysupport.exe",
"\\pcvisit.exe",
"\\pcvisit_client.exe",
"\\pcvisit_service_client.exe",
"\\pdq-connect*.exe",
"\\pocketcloud*.exe",
"\\pocketcloudservice.exe",
"\\pocketcontroller.exe",
"\\prl_deskctl_agent.exe",
"\\prl_deskctl_wizard.exe",
"\\prl_pm_service.exe",
"\\psexec.exe",
"\\psexecsvc.exe",
"\\pstlaunch.exe",
"\\ptdskclient.exe",
"\\ptdskhost.exe",
"\\qq.exe",
"\\qqpcmgr.exe",
"\\quickassist.exe",
"\\raautoup.exe",
"\\rapid7_agent_core.exe",
"\\rapid7_endpoint_broker.exe",
"\\rcengmgru.exe",
"\\rcmgrsvc.exe",
"\\rcstartsupport.exe",
"\\rd.exe",
"\\rdp.exe",
"\\rdp2tcp.py",
"\\remcom.exe",
"\\remcomsvc.exe",
"\\remcos*.exe",
"\\remobo.exe",
"\\remobo_client.exe",
"\\remobo_tracker.exe",
"\\remote access.exe",
"\\remote-it-installer.exe",
"\\remote.it.exe",
"\\remote_host.exe",
"\\remoteconsole.exe",
"\\remoteit.exe",
"\\remotepass-access.exe",
"\\remotepchost.exe",
"\\remotepcservice.exe",
"\\remotesupportplayeru.exe",
"\\remoteview.exe",
"\\remoting_host.exe",
"\\requires sign up",
"\\rfusclient.exe",
"\\rmserverconsolemediator.exe",
"\\romfusclient.exe",
"\\romserver.exe",
"\\romviewer.exe",
"\\routernt.exe",
"\\royalserver.exe",
"\\royalts.exe",
"\\rpaccess.exe",
"\\rpcld.exe",
"\\rpcnet.exe",
"\\rpcsuite.exe",
"\\rport.exe",
"\\rpwhostscr.exe",
"\\rudesktop*.exe",
"\\rustdesk*.exe",
"\\rustdesk.exe",
"\\rutserv.exe",
"\\rutview.exe",
"\\rv.exe",
"\\rvagent.exe",
"\\rvagtray.exe",
"\\rviewer.exe",
"\\rxstartsupport.exe",
"\\saazapsc.exe",
"\\screenconnect*.exe",
"\\screenconnect.clientservice.exe",
"\\screenconnect.windowsclient.exe",
"\\seetrolcenter.exe",
"\\seetrolclient.exe",
"\\seetrolmyservice.exe",
"\\seetrolremote.exe",
"\\seetrolsetting.exe",
"\\servereye*.exe",
"\\serverproxyservice.exe",
"\\serviceconfig.xml",
"\\showmypc*.exe",
"\\showmypc.exe",
"\\simplegatewayservice.exe",
"\\simplehelpcustomer.exe",
"\\simpleservice.exe",
"\\smpcsetup.exe",
"\\spsrv.exe",
"\\sragent.exe",
"\\srmanager.exe",
"\\srserver.exe",
"\\srservice.exe",
"\\strwinclt.exe",
"\\sunlogin*.exe",
"\\superops.exe",
"\\superopsticket.exe",
"\\support-logmeinrescue*.exe",
"\\support-logmeinrescue.exe",
"\\supporttool.exe",
"\\supremo.exe",
"\\supremohelper.exe",
"\\supremoservice.exe",
"\\supremosystem.exe",
"\\syncrosetup.exe",
"\\sysdiag.exe",
"\\tacticalrmm.exe",
"\\tailscale-*.exe",
"\\tailscale-ipn.exe",
"\\tailscaled.exe",
"\\tdp2tcp.exe",
"\\teamviewer_desktop.exe",
"\\teamviewer_service.exe",
"\\teamviewerhost",
"\\termsrv.exe",
"\\tigervnc*.exe",
"\\todesk.exe",
"\\tsircusr.exe",
"\\turbomeeting.exe",
"\\turbomeetingstarter.exe",
"\\tvnserver.exe",
"\\tvnviewer.exe",
"\\ultimate_*.exe",
"\\ultraviewer.exe",
"\\ultraviewer_desktop.exe",
"\\ultraviewer_service.exe",
"\\vncserver.exe",
"\\vncserverui.exe",
"\\vncviewer.exe",
"\\webexpcnow.exe",
"\\webrdp.exe",
"\\weezo setup*.exe",
"\\weezo.exe",
"\\weezohttpd.exe",
"\\winagent.exe",
"\\winaw32.exe",
"\\windowslauncher.exe",
"\\winvnc*.exe",
"\\winvnc.exe",
"\\winvnc4.exe",
"\\winvncsc.exe",
"\\winwvc.exe",
"\\wisshell*.exe",
"\\wmc.exe",
"\\wmc_deployer.exe",
"\\wmcsvc.exe",
"\\wysebrowser.exe",
"\\xcmd.exe",
"\\xcmdsvc.exe",
"\\xeox-agent_*.exe",
"\\xeox-agent_x64.exe",
"\\xeox-agent_x86.exe",
"\\xeox_service_windows.exe",
"\\za_connect.exe",
"\\zabbix_agent*.exe",
"\\zaservice.exe",
"\\zero-powershell.exe",
"\\zerotier*.exe",
"\\zerotier*.msi",
"\\zohotray.exe",
}
var CommonDNS = []string{
"*.ezhelp.co.kr",
"*.remobo.en.softonic.com",
"*.action1.com",
"*.zohoassist.jp",
"*-dms.zoho.com.cn",
"*.teamviewer.com",
"*.superopsbeta.com",
"*.realvnc.com/en/connect/download/vnc",
"*.devtunnels.ms",
"*.agentreporting.atera.com",
"*.51.255.19.178",
"*.level.io",
"*.skyfex.com",
"*.mremoteng.org",
"*.gotohttp.com",
"*.guacamole.apache.org",
"*.zohoassist.com.cn",
"*.getgo.com",
"*.logmeinrescue.com",
"*.nate.com",
"*.spytech-web.com",
"*.rview.com",
"*.relay.splashtop.com",
"*.logmeinrescue.eu",
"*.opti-tune.com",
"*.hostedrmm.com",
"*.*mdmsupport.comodo.com",
"*.barracudamsp.com",
"*.cloudbackup.management",
"*.server-eye.de",
"*.todesktop.com",
"*.atled.syspectr.com",
"*.agent-api.atera.com",
"*.domotz.com",
"*.beamyourscreen.com",
"*.fleetdeck.io",
"*.cacerts.thawte.com",
"*.anysupport.net",
"*.basecamp.com",
"*.remotedesktop.com",
"*.*content.rview.com",
"*.auth.api.remote.it",
"*.eset.com/me/business/remote-management/remote-administrator/",
"*.136.243.104.235",
"*.ultraviewer.net",
"*.ultraviewer.net",
"*.cfcdn.pdq.com",
"*.getscreen.me",
"*.ninjaone.com",
"*.pilixo.com",
"*.kabutoservices.com",
"*.grtmprod.addigy.com",
"*.techinline.net",
"*.system-monitor.com",
"*.itsm-us1.comodo.com",
"*.jumpto.me",
"*.GoToMyPC.com",
"*.goverlan.com",
"*.upload_data.qq.com",
"*.rustdesk.com",
"*.imperosoftware.com",
"*.pubsub.pubnub.com",
"*.gatherplace.com",
"*.syncromsp.com",
"*.desktop.qq.com",
"*.meshcentral.com",
"*.beyondtrustcloud.com",
"*.ld.aurelius.host",
"*.beinsync.com",
"*.helpbeam.software.informer.com",
"*.*remotedesktop-pa.googleapis.com",
"*.deploy01.kaseya.com",
"*.servably.com",
"*.*cell-1.domotz.com",
"*.gw.remotix.com",
"*.au.pcmag.com/utilities/21470/webex-pcnow",
"*.rel.tunnels.api.visualstudio.com",
"*.site24x7.com/msp",
"*.tailscale.com",
"*.agents.level.io",
"*.ehorus.com",
"*.myivo-server.software.informer.com",
"*.*system-monitor.com",
"*.web.rustdesk.com",
"*.gotoassist.com",
"*.sophosupd.com",
"*.systemmonitor.us",
"*.desktopcentral.manageengine.cn",
"*.tailscale.com",
"*.remoteaccess.itarian.com",
"*.islonline.net",
"*.downloads.io",
"*.gateway.zohoassist.com",
"*.iperius-rs.com",
"*.nomachine.com",
"*.136.243.104.242",
"*.rport.io",
"*.fortra.com",
"*.plus*.site24x7.com",
"*.crosstecsoftware.com/remotecontrol",
"*.kaseya.net",
"*.rmansys.ru",
"*.connect.acronis.com",
"*.superops.ai",
"*.pulseway.com",
"*.download.pilixo.com",
"*.tele-desk.com",
"*.logicnow.com",
"*.www.remotepc.com",
"*.client.teamviewer.com",
"*.deskroll.com",
"*.serv.superopsalpha.com",
"*.builds.level.io",
"*.parallels.com/products/ras/try",
"*.adobeconnect.com",
"*.zoho.com",
"*.gatherplace.com",
"*.weezo.en.softonic.com",
"*.appcdn.atera.com",
"*.radmin.com",
"*.nanosystems.it",
"*.plus*.site24x7.eu",
"*.*cloudbackup.management",
"*.*setme.net",
"*.getscreen.me",
"*.bomgarcloud.com",
"*.plus*.site24x7.cn",
"*.remotedesktop.google.com",
"*.ngrok.com",
"*.jumpdesktop.com",
"*.*soti.net",
"*.senso.cloud",
"*.ps.pndsn.com",
"*.cloud.tanium.com",
"*.*systemmonitor.eu.com",
"*.repairshopr.com",
"*.01com.com/imintouch-remote-pc-desktop",
"*.dameware.com",
"*.le.laplink.com",
"*.endpoint.ingress.rapid7.com",
"*.ninjaone.com",
"*.analytics.insight.rapid7.com",
"*.iperiusremote.com",
"*.beamyourscreen.com",
"*.instanthousecall.net",
"*.screenconnect.com",
"*.remotepc.com",
"*.fastviewer.com",
"*.gatherplace.net",
"*.logmeininc.com",
"*.mspbackups.com",
"*.tanium.com/products/tanium-deploy",
"*.suspicious.barracudamsp.com",
"*.*remotedesktop.google.com",
"*.weezo.me",
"*.pcvisit.de",
"*.remotepass.com",
"*.manageengine.com/remote-monitoring-management/",
"*.iperiusremote.com",
"*.mikogo4.com",
"*.wen.laplink.com/product/laplink-gold",
"*.crossloop.en.softonic.com",
"*.sophosupd.net",
"*.ericom.com",
"*.internetid.ru",
"*.plus*.site24x7.in",
"*.plus*.site24x7.net.au",
"*.netop.com",
"*.beanywhere.en.uptodown.com/windows",
"*.*search.namequery.com",
"*.netreo.com",
"*.kickidler.com",
"*.kabuto.io",
"*.supremocontrol.com",
"*.atera-agent-heartbeat.servicebus.windows.net",
"*.fleetdeck.io",
"*.emcosoftware.com",
"*.deskday.ai",
"*.domotz.co",
"*.encapto.com",
"*.one.comodo.com",
"*.app.kabuto.io",
"*.*managedsupport.kaseya.net",
"*.kabuto.io",
"*.splashtop.com",
"*.logmein.com",
"*.client-api.aweray.com",
"*.01com.com",
"*.logmein-gateway.com",
"*.*systemmonitor.co.uk",
"*.goto.com",
"*.bomgarcloud.com",
"*.sunlogin.oray.com",
"*.parallels.com",
"*.systemmonitor.co.uk",
"*.online.level.io",
"*.router15.teamviewer.com",
"*.mdmsupport.comodo.com",
"*.showmypc.com",
"*.beinsync.net",
"*.agentreportingstore.blob.core.windows.net",
"*.community.sophos.com/on-premise-endpoint/f/sophos-endpoint-software/5725/sophos-remote-management-system",
"*.splashtop.com",
"*.fastsupport.com",
"*.superopsalpha.com",
"*.pubsub.atera.com",
"*.real-time-collaboration.com",
"*.dms.zoho.com.eu",
"*.gotohttp.com",
"*.app.pdq.com",
"*.nchuser.com",
"*.khelpdesk.com.br",
"*.cloudberrylab.com",
"*.*server.absolute.com",
"*.*cc.centrastage.net",
"*.electric.ai",
"*.GetScreen.me",
"*.github.com/Mikej81/WebRDP",
"*.msp360.com",
"*.getalphacontrol.com",
"*.screenmeet.com",
"*.portal.ehorus.com",
"*.logmein.eu",
"*.global.rel.tunnels.api.visualstudio.com",
"*.auvik.com",
"*.ps.atera.com",
"*.senso.cloud",
"*.msp360.com",
"*.www.quest.com/kace/",
"*.itsupport247.net",
"*.atera.pubnubapi.com",
"*.pcvisit.de",
"*.*ammyy.com",
"*.remotepc.com",
"*.support.services.microsoft.com",
"*.ivanticloud.com",
"*.client.oray.net",
"*.swi-tc.com",
"*.*systemmonitor.us",
"*.zoho.eu",
"*.panorama9.com",
"*.learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview",
"*.live.screenconnect.com",
"*.anydesk.com",
"*.distantdesktop.com",
"*.itsupport247.net",
"*.bluetrait.io",
"*.remotecall.com",
"*.level.io",
"*.systemmonitor.eu.com",
"*.litemanager.com",
"*.agenthb.atera.com",
"*.app.atera.com",
"*.api.netreo.com",
"*.cloud.tanium.com",
"*.aomeisoftware.com",
"*.ammyy.com",
"*.netsupportmanager.com",
"*.litemanager.com",
"*.mikogo.com",
"*.instanthousecall.com",
"*.agents.addigy.com",
"*.136.243.18.122",
"*.remote.it",
"*.syncromsp.com",
"*.51.255.19.179",
"*.optitune.us",
"*.geo.netsupportsoftware.com",
"*.weezo.net",
"*.aeroadmin.com",
"*.*set.me",
"*.zoho.in",
"*.instanthousecall.com",
"*.pilixo.com",
"*.cloudflare.com/products/tunnel/",
"*.api.remote.it",
"*.startsupport.com",
"*.changes.panorama9.com",
"*.cognito-idp.us-west-2.amazonaws.com",
"*.my.kickidler.com",
"*.islonline.com",
"*.ultravnc.com",
"*.mdt.qq.com",
"*.connect.backdrop.cloud",
"*.beanywhere.com",
"*.neturo.uplus.co.kr",
"*.todesk.com",
"*.superops.ai",
"*.dwservice.net",
"*.alpemix.com",
"*.acceo.com/turbomeeting/",
"*.github.com/V-E-O/rdp2tcp",
"*.seetrol.co.kr",
"*.showmypc.com",
"*.assist.zoho.com",
"*.downloads.zohocdn.com",
"*.ocsinventory-ng.org",
"*.imperosoftware.com/impero-connect/",
"*.iperius.com",
"*.connectwise.com",
"*.dms.zoho.com",
"*.helpu.co.kr",
"*.anyplace-control.com",
"*.zerotier.com",
"*.weezo.net",
"*.sorillus.com",
"*.helpme.net",
"*.download.cnet.com/Net-Viewer/3000-2370_4-10034828.html",
"*.a1-backend-packages.s3.amazonaws.com",
"*.kabutoservices.com",
"*.assist.jumpcloud.com",
"*.kace.com",
"*.helpu.co.kr",
"*.rudesktop.ru",
"*.content.rview.com",
"*.systemmanager.ru/dntu.en/rdp_view.htm",
"*.syncroapi.com",
"*.control.connectwise.com",
"*.mikogo.com",
"*.api.splashtop.eu",
"*.datto.com/au/products/suspicious/",
"*.simple-help.com",
"*.gotoassist.me",
"*.repairtechsolutions.com/kabuto/",
"*.ivanti.com",
"*.litemanager.ru",
"*.api.jumpcloud.com",
"*.islonline.com",
"*.logicnow.com",
"*.anyviewer.com",
"*.supremocontrol.com",
"*.charon.netreo.net",
"*.logmeinrescue.com",
"*.zabbix.com",
"*.centuriontech.com",
"*.fixme.it",
"*.suspicious.datto.com",
"*.relay-[a-f0-9]{8}.net.anydesk.com:443",
"*.intelliadmin.com/remote-control",
"*.ivanti.com",
"*.app.syspectr.com",
"*.royalapps.com",
"*.ninjarmm.com",
"*.sorillus.com",
"*.donkz.nl",
"*.*remote.management",
"*.api.splashtop.com",
"*.gotoassist.at",
"*.todesk.com",
"*.*mygreenpc.com",
"*.servicedesk.itarian.com",
"*.zoho.com.cn",
"*.runsmart.io",
"*.jumpto.me",
"*.zohoassist.com",
"*.ivanti.com/",
"*.downloads.zohodl.com.cn",
"*.qq-messenger.en.softonic.com",
"*.docs.tacticalrmm.com",
"*.cmdm.comodo.com",
"*.sophos.com",
"*.247ithelp.com",
"*.jumpdesktop.com",
"*.boot.net.anydesk.com",
"*.auth*.aeroadmin.com",
"*.zoho.com/assist/",
"*.zoho.com.au",
"*.ezhelp.co.kr",
"*.rudesktop.ru",
"*.netsupportmanager.com",
"*.systemmonitor.us.cdn.cloudflare.net",
"*.fixme.it",
"*.desktopcentral.manageengine.com",
"*.trusted.panorama9.com",
"*.secure.instanthousecall.com",
"*.desktopcentral.manageengine.com.eu",
"*.n-able.com",
"*.crossloop.com",
"*.remote.management",
"*.attachments.servably.com",
"*.taf.teamviewer.com",
"*.remoteutilities.com",
"*.n-able.com",
"*.beanywhere.com",
"*.tailscale.io",
"*.tightvnc.com",
"*.xeox.com",
"*.soti.net/products/soti-pocket-controller",
"*.fastviewer.com",
"*.wangwang.taobao.com",
"*.agents*-cloud.acronis.com",
"*.deskroll.com",
"*.activation.netreo.net",
"*.packagesstore.blob.core.windows.net",
"*.everywhere.laplink.com",
"*.spyanywhere.com",
"*.github.com/stascorp/rdpwrap",
"*.teknopars.com",
"*.asapi*.aweray.net",
"*.auvik.com",
"*.intelliadmin.com",
"*.resources.ninjarmm.com",
"*.app.deskday.ai",
"*.scrn.mt",
"*.zerotier.com",
"*.prod.addigy.com",
"*.*signalserver.xyz",
"*.remotecall.com",
"*.my.auvik.com",
"*.cloud.acronis.com",
"*.connectwise.com",
"*.xeox.com",
"*.login.tailscale.com",
"*.naverisk.com",
"*.ntrsupport.com",
"*.kaseya.com",
"*.desktopstreaming.com",
"*.bluetrait.io",
}