Thank you, Pondus, for drawing my and our attention to that fact.
Also what is flagged for instance through IDS alerts at urlquery dot net is *xyz domains,
which are considered suspicious by their nature, just like the *ga and *su domains are considered such suspicious domains.
I do not see such targeting general IDS rules appear inside other listings on VT or elsewhere, just at Forcepoint Theatseeker.
polonus