Use our REGEX Cheat Sheet

*

{0,}

0 or More

[a-z]* → [a-z]{0,}

+

{1,}

1 or More

[a-z]+ → [a-z]{1,}

?

(<term>l)

Zero or 1

(www.)?google.com → (www.l)google.com

\w

[a-zA-Z0-9]

Alphanumerical

\w → [a-zA-Z0-9]

\d

[0-9]

Numerical

\d → [0-9]

\

.

Literal Dot

. (no escape needed)

\-

-

Literal dash

- (no escape needed)

^

^

Start

^ (no escape needed)

$

$

End

$ (no escape needed)

www.\w+.xyz

www.[a-zA-Z0-9]{1,}.xyz

www.malserver7.xyz

Grabs www-starting .xyz domains

www.\d+.xyz

www.[a-zA-Z0-9]{1,}.xyz

www.3039129.xyz'

Targets www-starting numeric .xyz.

\d+.\w+

[0-9]{1,}.[a-z0-9A-Z]{1,}

393029.top

Matches numeric domains with any TLD.

malserver.\w+

malserver.[a-z0-9A-Z]{1,}

malserver.top

Finds malserver-starting TLDs

google\d+.com

google[0-9]{1,}.com

google8.com

Spots google-impersonating domains.

\w+.\w+.ru

[a-zA-Z0-9]{1,}.[a-zA-Z0-9]{1,}.ru

a39c.xuedejclsy.ru

Nabs .ru subdomains (no parent).

(\w+.)?\w+.ru

([a-zA-Z0-9]{1,}.l)[a-zA-Z0-9]{1,}.ru

xuedejclsy.ru

Includes .ru parents and subdomains.

\d+.server.top

[0-9]{1,}.server.top

3399.server.top

Matches numeric server.top subdomains.

(\w+.)?server.top

([a-z0-9A-Z]{1,}.l)server.top

44dc.server.top

Grabs all server.top subdomains.