This is a recommended baseline of 50 thousand most commonly used global websites. It is recommended to use as exception or risk score reduction filter in correlation rules that are based on Indicators of Compromise matching. We have observed that OSINT and even commercial Threat Intelligence feeds are prone to mistakes and false-positives when listing domain IOCs. Adding a baseline filter of most commonly used domains will help to avoid unnecessary correlated alerts both to save SOC staff time and SIEM performance. This is especially critical during global outbreaks like WannaCry or NotPetya. Package contains 2 domain lists based on Alexa 1M and Cisco Umbrella OpenDNS 1M domains.