## simplelogin.io:
The current domains according to what I can see are:
slmail…s.com
simplelogin.com
aleeas.com
slmail.me
silomails.com
8shield.net
8alias.com
dralias.com
simplelogin.fr
Their entire project is also open source so there may be more domains hidden within the source (maybe even the domain generation process)
https://github.com/simple-login/
EDIT: I dug around their API, and here's a resource to obtain all possible domain (without custom domains that require valid MX records) (you must be logged in to the app or else it says wrong api key):
https://app.simplelogin.io/api/v2/setting/domains
![image](https://github.com/7c/fakefilter/assets/92037085/a4ead6fa-1006-44d6-8807-143e5231d295)
## addy.io:
[possible subdomain].anonaddy.me
[possible subdomain].anonaddy.com
Also open source:
https://github.com/anonaddy/anonaddy
EDIT: Dug around their API as well, it seems as though they need a user to be logged in:
https://app.addy.io/api/v1/domains but would require a bit of digging becausse they need authentication which I don't really know how to integrate with fakefilter considering I don't know what technology you use, so I'll leave that to you.
There is however another endpoint that displays the domain options, which is as follows:
https://app.addy.io/api/v1/domain-options
Returns:
![image](https://github.com/7c/fakefilter/assets/92037085/0fdb72c0-cc8c-4833-a099-b06f35cb412d)
The data is the array of the possible domains a logged in user can use. The domains is used for custom, additional domains that like simplelogin require valid records.
## noip.com:
noip.com
ddns.net
ddnsking.com
3utilities.com
bounceme.net
freedynamicdns.net
freedynamicdns.org
gotdns.ch
hopto.org
myddns.me
myftp.biz
myftp.org
myvnc.com
onthewifi.com
redirectme.net
servebeer.com
serveblog.net
servecounterstrike.com
serveftp.com
servegame.com
servehalflife.com
servehttp.com
serveirc.com
serveminecraft.net
servemp3.com
servepics.com
servequake.com
sytes.net
viewdns.net
webhop.me
zapto.org
access.ly
blogsyte.com
brasilia.me
cable-modem.org
ciscofreak.com
collegefan.org
couchpotatofries.org
damnserver.com
ddns.me
ditchyourip.com
dnsfor.me
dnsiskinky.com
dvrcam.info
dynns.com
eating-organic.net
fantasyleague.cc
geekgalaxy.com
golffan.us
health-carereform.com
homesecuritymac.com
homesecuritypc.com
hosthampster.com
hopto.me
ilovecollege.info
loginto.me
mlbfan.org
mmafan.biz
myactivedirectory.com
mydissent.net
myeffect.net
mymediapc.net
mypsx.net
mysecuritycamera.com
mysecuritycamera.net
mysecuritycamera.org
net-freaks.com
nflfan.org
nhlfan.net
pgafan.net
point2this.com
pointto.us
privatizehealthinsurance.net
quicksytes.com
read-books.org
securitytactics.com
serveexchange.com
servehumour.com
servep2p.com
servesarcasm.com
stufftoread.com
ufcfan.org
unusualperson.com
workisboring.com
Appears to have a paid API access, will try to dig deeper to find the endpoint.
EDIT: Dug around their API, the domain list is retrievable through the following code (it's an inline script that exists at https://my.noip.com only, from my research):
```ts
const element=document.getElementById("app_config")
const json=JSON.parse(element.textContent)
const domains=json.domains
```
![image](https://github.com/7c/fakefilter/assets/92037085/12d87d19-bed6-460c-bad9-19a87af8e547)
Or in text form:
```json
{
"free": [
"ddns.net",
"ddnsking.com",
"3utilities.com",
"bounceme.net",
"freedynamicdns.net",
"freedynamicdns.org",
"gotdns.ch",
"hopto.org",
"myddns.me",
"myftp.biz",
"myftp.org",
"myvnc.com",
"onthewifi.com",
"redirectme.net",
"servebeer.com",
"serveblog.net",
"servecounterstrike.com",
"serveftp.com",
"servegame.com",
"servehalflife.com",
"servehttp.com",
"serveirc.com",
"serveminecraft.net",
"servemp3.com",
"servepics.com",
"servequake.com",
"sytes.net",
"viewdns.net",
"webhop.me",
"zapto.org"
],
"enhanced": [
"access.ly",
"blogsyte.com",
"brasilia.me",
"cable-modem.org",
"ciscofreak.com",
"collegefan.org",
"couchpotatofries.org",
"damnserver.com",
"ddns.me",
"ditchyourip.com",
"dnsfor.me",
"dnsiskinky.com",
"dvrcam.info",
"dynns.com",
"eating-organic.net",
"fantasyleague.cc",
"geekgalaxy.com",
"golffan.us",
"health-carereform.com",
"homesecuritymac.com",
"homesecuritypc.com",
"hosthampster.com",
"hopto.me",
"ilovecollege.info",
"loginto.me",
"mlbfan.org",
"mmafan.biz",
"myactivedirectory.com",
"mydissent.net",
"myeffect.net",
"mymediapc.net",
"mypsx.net",
"mysecuritycamera.com",
"mysecuritycamera.net",
"mysecuritycamera.org",
"net-freaks.com",
"nflfan.org",
"nhlfan.net",
"pgafan.net",
"point2this.com",
"pointto.us",
"privatizehealthinsurance.net",
"quicksytes.com",
"read-books.org",
"securitytactics.com",
"serveexchange.com",
"servehumour.com",
"servep2p.com",
"servesarcasm.com",
"stufftoread.com",
"ufcfan.org",
"unusualperson.com",
"workisboring.com"
],
"affiliate": []
}
```
## emailnator.com:
smartnator.com
femailtor.com
Randomly generated Gmail accounts
googlemail.com
mydefipet.live
tmpmailtor.com
psnator.com
Has a freemium API for bulk domains:
```ts
const axios = require('axios');
const options = {
method: 'POST',
url: 'https://gmailnator.p.rapidapi.com/bulk-emails',
headers: {
'content-type': 'application/json',
'X-RapidAPI-Key': 'b0d5becc39msh5d66ccd02a4f40dp16f7a9jsn4315d6fbc1dc',
'X-RapidAPI-Host': 'gmailnator.p.rapidapi.com'
},
data: {
limit: 20,
options: [1, 2, 3]
}
};
try {
const response = await axios.request(options);
console.log(response.data);
} catch (error) {
console.error(error);
}
```
Something interesting I learnt about the generated gmail accounts is that they either contain + or an excessive amount of dots, 2 very odd patterns in real, legitimate email accounts. I was able to reliably detect at least 3 or 4 dots in the email itself when it's using the dotted variation.
## rambler.ru:
rambler.ru
myrambler.ru
autorambler.ru
rambler.ua
ro.ru
This site is a semi legit news site, but the mail service is used for temp emails.
Their API endpoint:
https://id.rambler.ru/api/v3/legacy/Rambler::Id::get_available_domains
It appears to have very odd authentication type middleware, it can only be used from a **[certain part](https://id.rambler.ru/login-20/mail-registration?rname=mail&theme=&session=false&back=https%3A%2F%2Fmail.rambler.ru%2F¶m=embed&iframeOrigin=https%3A%2F%2Fmail.rambler.ru)** of their website with the following fetch:
```ts
await fetch("https://id.rambler.ru/api/v3/legacy/Rambler::Id::get_available_domains", {
"headers": {
"accept": "*/*",
"accept-language": "he,en;q=0.9,en-GB;q=0.8,en-US;q=0.7",
"cache-control": "no-cache",
"content-type": "application/json",
"pragma": "no-cache",
"sec-ch-ua": "\"Microsoft Edge\";v=\"117\", \"Not;A=Brand\";v=\"8\", \"Chromium\";v=\"117\"",
"sec-ch-ua-mobile": "?0",
"sec-ch-ua-platform": "\"Windows\"",
"sec-fetch-dest": "empty",
"sec-fetch-mode": "cors",
"sec-fetch-site": "same-origin",
"x-client-request-id": "ridduMw2OekRXLeVWwTD"
},
"referrer": "https://id.rambler.ru/login-20/mail-registration?rname=mail&theme=&session=false&back=https%3A%2F%2Fmail.rambler.ru%2F¶m=embed&iframeOrigin=https%3A%2F%2Fmail.rambler.ru",
"referrerPolicy": "strict-origin-when-cross-origin",
"body": "{\"id\":\"ridduMw2OekRXLeVWwTD\",\"params\":{}}",
"method": "POST",
"mode": "cors",
"credentials": "include"
})
```
And returns the following:
![image](https://github.com/7c/fakefilter/assets/92037085/7a20d8b8-42fc-4f1d-8b84-6c128687641e)
## seznam.cz
seznam.cz
## wp.pl
wp.pl
## tempmaili.com
hopeon.xyz
munik.edu.pl
(Looking for the API for that)
## skiff.com
skiff.com
[possible subdomain].maskmy.id
This should be a wildcard as there are infinite amount of subdomains all under maskmy.id
## proton.me
proton.me
protonmail.com
## courvix.com
API endpoint: https://courvix.com/api/emails
Returns all of the possible domains (below is a screenshot of the partial response):
![image](https://github.com/7c/fakefilter/assets/92037085/cb5e36ec-ebaf-4e07-a053-9bc3f4c10511)
## tutanota.com
tutanota.com
tutanota.de
tutamail.com
tuta.io
keemail.me
tuta.com
A way to automate this process would be to go to https://app.tuta.com/common-min-b91bbf95.js and take the `e("bW",["tutanota.com","tutanota.de","tutamail.com","tuta.io","keemail.me","tuta.com"])` part (whether it be through regex or a different method). The [**source map**](https://app.tuta.com/common-min-b91bbf95.js.map) for this has it as an export: `export const TUTANOTA_MAIL_ADDRESS_DOMAINS = [\"tutanota.com\", \"tutanota.de\", \"tutamail.com\", \"tuta.io\", \"keemail.me\", \"tuta.com\"]`
## 5ymail.com
5ymails.com
5ymail.com
5ymail.net
5ymail.de
e9mail.com
e9hosting.com
5ymail.me
## internxt.com
theeyeoftruth.com
beaconmessenger.com
lamasticots.com
They are open source so I'm still looking into where their API is
## tempmail.email
The endpoint: https://tempmail.email/api/domains.alternative.config.json
Returns all available domains:
![image](https://github.com/7c/fakefilter/assets/92037085/d39fea87-5a5d-4c3f-985b-f5026b620d05)
They have another endpoints: https://tempmail.email/api/domains.config.json
Which returns more domains:
![image](https://github.com/7c/fakefilter/assets/92037085/44ad19c8-0c81-4348-a923-9df400be3f7c)
## emailondeck.com
sloveniakm.com appears to be the only domain, has a PRO api endpoint to list all available domains that requires a token:
https://api.emailondeck.com/api.php?token=[TOKEN_HERE]&act=list_email_domains&order=date_desc
## tempor.email
scandicdeals25.com
nurumassager.com
varaunited.in
whitworthknifecompany.com
hatberkshire.com
moreview.xyz
nmemail.xyz
aconnectioninc.com
bendnsend.com
waleskfb.com
lamedicalbilling.com
fabtours.live
klearlogistics.com
stragedycd.com
igeekmagz.pw
91sedh.xyz
besttimenews.xyz
secure-mail.cc
dromancehu.com
wremail.xyz
ohioflyfishinguides.com
affordableroofcare.com
redfaunstudio.com
aeshopshop.xyz
uqkemail.xyz
elmcreekcoop.com
linseyalexander.com
otratransportation.com
z1p.biz
wremail.top
stivendigital.club
gssfire.com
asifboot.com
pliqya.xyz
tmailcloud.net
andersonelectricnw.com
3mail.rocks
pwruttz.com
customequipmentstore.com
partmed.net
csderf.xyz
mylandjet.com
wuupr.com
ivyplayers.com
bacinj.com
volunteerindustries.com
liquidlogisticsmanagement.com
tlcemail.xyz
colourmedigital.com
childrenofthesyrianwar.com
jgwinindia.com
mailrock.biz
unicomti.com
buzztrucking.com
wellnessconnecthc.com
amazinggift.life
meibokele.com
mailpoly.xyz
bukutututul.xyz
syonacosmetics.com
abunasser.site
efundpro.com
360wellnessuk.com
ambientiusa.com
btcmod.com
twichzhuce.com
straightflightgolf.com
strategysuperb.com
leafrelief.org
uniaotrafego.com
garoofinginc.com
nmemail.top
acampadaparis.com
gofsrhr.com
skxemail.com
pekanrabu.biz
thelubot.site
tesqwiklabsss.shop
eellee.org
jwpemail.eu
apexhearthealth.com
yandexmailserv.com
They have an API which I'm trying to explore right now, but for the time being I had to write this all down
## fakesmail.com
stacktix.one
votexrise.com
otelekom.live
xtoox.com
profunivers.site
enoiv.pro
fugmi.xyz
## tempimail.org
iemail.fun
wemail.pics
loveblog.help
## temp-mailbox.com
codjobs.com
jocdk.com
mvpve.com
page.edu.pl
sdkjob.com
codvip.net
## temp-mail.us
fosil.pro
rootfest.net
polyfaust.com
cartelera.org
hostcalls.com
## 10minemail.com
jucatyo.com
eazenity.com
mkurg.com
othao.com
newnime.com
mainmile.com
I know this website is already monitored, however I couldn't find these specific domains in the list
It has a freemium API just like emailnator:
```ts
const axios = require('axios');
const options = {
method: 'GET',
url: 'https://privatix-temp-mail-v1.p.rapidapi.com/request/domains/',
headers: {
'X-RapidAPI-Key': 'b0d5becc39msh5d66ccd02a4f40dp16f7a9jsn4315d6fbc1dc',
'X-RapidAPI-Host': 'privatix-temp-mail-v1.p.rapidapi.com'
}
};
try {
const response = await axios.request(options);
console.log(response.data);
} catch (error) {
console.error(error);
}
```
## hour.email
mynamejewel.com
## cloudtempmail.com
bigddns.net
4save.net
taxibmt.com
videotoptop.com
ipxwan.com
email84.com
soc123.net
nhmvn.com
nickmxh.com
cloudtempmail.net
choigi.com
coffeejadore.com
bigddns.org
acc1s.com
dulich84.com
pingddns.org
emailtik.com
huongdanfb.com
tatadidi.com
tubeemail.com
5semail.com
nextsuns.com
tinpho.com
embekhoe.com
mp3oxi.com
n-h-m.com
mikfarm.com
nuoifb.com
voxinh.net
vinakop.com
storebanme.com
email-68.com
emailcoffeehouse.com
camera47.net
mikrotikvn.com
kenhbanme.com
muadaingan.com
pingddns.com
xehop.org
connho.net
vinaemail.com
fastddns.net
vncctv.net
nick-ao.com
bigddns.com
emailracc.com
chamconnho.com
coffeeazzan.com
datadudi.com
mikrotikvietnam.com
libinit.com
taxibmt.net
cloneemail.com
giodaingan.com
vobau.net
diemhenvn.com
mikrotikx.com
vinakoop.com
123clone.com
## tmail.ai
happy9toy.com
leechchannel.com
likemovie.net
pertera.com
Couldn't get more because their firewall is broken but I would assume some shared domains would be in cloudtempmail.com
## zemail.me
solariss.me
blocki.tech
thimble.email
codda.me
astern.live
(this one will be hard to distinguish) gmail.com
## tempumail.com
umail.edu.pl
tempumail.online
ezblog.co
## emailfake.com
proceedwky.com
jdefiningqt.com
legal-research-investigation.com
kocheme.com
varaunited.in
avobitekc.com
epppl.com
jnckteam.eu
wantwp.com
guesthousenation.com
cabovertrans.com
nyfinestbarbershop.com
bromeil.com
strategysuperb.com
sikatan.co
7814445.com
eligibilitysolutions.com
discardmail.ninja
haqoci.com
shiningblogpro.com
easy-mail.top
rumahcloudindonesia.online
salonkarma.club
mentornkc.com
gspousea.com
uenglandrn.com
senduvu.com
affliatemagz.com
mywayzs.com
And any other domain with valid records
This one is a bit harder to collect all domains from, I have noticed their script however I am still trying to figure out a way to use it to obtain all possible domains. They're using jQuery and typeahead so that may be useful information.
## o2.pl
o2.pl