User-controlled subdomains of top domains

[mosajjal]

Hi,

the title might be a bit out of context. I'm looking for a list that has all the domains (possibly well-known ones) that offer a user-controlled subdomain content. eg:

workers.dev
r2.dev
herokuapp.com
azurewebsites.net

these domains are very popular in phishing, and having this list will allow the analyst to resort to "newly observed subdomain" through passive dns data and determine if the subdomain is new or not.

Looked around and didn't see anything similar to this. any ideas?

[adulau]

It's a very good question. It's kind of the dynamic-dns list but more for SaaS and alike. I'm not aware of such list, maybe we could start one in the misp-warning-lists.