diff --git a/Build/build-anti-bogus-domain.ts b/Build/build-anti-bogus-domain.ts
deleted file mode 100644
index 9ecfa61d..00000000
--- a/Build/build-anti-bogus-domain.ts
+++ /dev/null
@@ -1,68 +0,0 @@
-// @ts-check
-import path from 'path';
-import { createRuleset } from './lib/create-file';
-import { fetchRemoteTextByLine, readFileIntoProcessedArray } from './lib/fetch-text-by-line';
-import { task } from './trace';
-import { SHARED_DESCRIPTION } from './lib/constants';
-import { isProbablyIpv4, isProbablyIpv6 } from './lib/is-fast-ip';
-import { TTL, deserializeArray, fsFetchCache, serializeArray } from './lib/cache-filesystem';
-
-const URL = 'https://raw.githubusercontent.com/felixonmars/dnsmasq-china-list/master/bogus-nxdomain.china.conf';
-
-const getBogusNxDomainIPsPromise = fsFetchCache.apply(
-  URL,
-  async () => {
-    const result: string[] = [];
-    for await (const line of await fetchRemoteTextByLine(URL)) {
-      if (line.startsWith('bogus-nxdomain=')) {
-        const ip = line.slice(15).trim();
-        if (isProbablyIpv4(ip)) {
-          result.push(`IP-CIDR,${ip}/32,no-resolve`);
-        } else if (isProbablyIpv6(ip)) {
-          result.push(`IP-CIDR6,${ip}/128,no-resolve`);
-        }
-      }
-    }
-    return result;
-  },
-  {
-    ttl: TTL.ONE_WEEK(),
-    serializer: serializeArray,
-    deserializer: deserializeArray
-  }
-);
-
-export const buildAntiBogusDomain = task(import.meta.path, async (span) => {
-  const result: string[] = await readFileIntoProcessedArray(path.resolve(import.meta.dir, '../Source/ip/reject.conf'));
-
-  const peeked = Bun.peek(getBogusNxDomainIPsPromise);
-  const bogusNxDomainIPs = peeked === getBogusNxDomainIPsPromise
-    ? await span.traceChildPromise('get bogus nxdomain ips', getBogusNxDomainIPsPromise)
-    : (peeked as string[]);
-
-  result.push(...bogusNxDomainIPs);
-
-  const description = [
-    ...SHARED_DESCRIPTION,
-    '',
-    'This file contains known addresses that are hijacking NXDOMAIN results returned by DNS servers.',
-    '',
-    'Data from:',
-    ' - https://github.com/felixonmars/dnsmasq-china-list'
-  ];
-
-  return createRuleset(
-    span,
-    'Sukka\'s Ruleset - Anti Bogus Domain',
-    description,
-    new Date(),
-    result,
-    'ruleset',
-    path.resolve(import.meta.dir, '../List/ip/reject.conf'),
-    path.resolve(import.meta.dir, '../Clash/ip/reject.txt')
-  );
-});
-
-if (import.meta.main) {
-  buildAntiBogusDomain();
-}
diff --git a/Build/build-reject-ip-list.ts b/Build/build-reject-ip-list.ts
new file mode 100644
index 00000000..e8cd1be4
--- /dev/null
+++ b/Build/build-reject-ip-list.ts
@@ -0,0 +1,99 @@
+// @ts-check
+import path from 'path';
+import { createRuleset } from './lib/create-file';
+import { fetchRemoteTextByLine, readFileIntoProcessedArray } from './lib/fetch-text-by-line';
+import { task } from './trace';
+import { SHARED_DESCRIPTION } from './lib/constants';
+import { isProbablyIpv4, isProbablyIpv6 } from './lib/is-fast-ip';
+import { TTL, deserializeArray, fsFetchCache, serializeArray } from './lib/cache-filesystem';
+import { fetchAssets } from './lib/fetch-assets';
+import { processLine } from './lib/process-line';
+
+const BOGUS_NXDOMAIN_URL = 'https://raw.githubusercontent.com/felixonmars/dnsmasq-china-list/master/bogus-nxdomain.china.conf';
+
+const getBogusNxDomainIPsPromise = fsFetchCache.apply(
+  BOGUS_NXDOMAIN_URL,
+  async () => {
+    const result: string[] = [];
+    for await (const line of await fetchRemoteTextByLine(BOGUS_NXDOMAIN_URL)) {
+      if (line.startsWith('bogus-nxdomain=')) {
+        const ip = line.slice(15).trim();
+        if (isProbablyIpv4(ip)) {
+          result.push(`IP-CIDR,${ip}/32,no-resolve`);
+        } else if (isProbablyIpv6(ip)) {
+          result.push(`IP-CIDR6,${ip}/128,no-resolve`);
+        }
+      }
+    }
+    return result;
+  },
+  {
+    ttl: TTL.ONE_WEEK(),
+    serializer: serializeArray,
+    deserializer: deserializeArray
+  }
+);
+
+const BOTNET_FILTER_URL = 'https://curbengh.github.io/botnet-filter/botnet-filter-dnscrypt-blocked-ips.txt';
+const BOTNET_FILTER_MIRROR_URL = [
+  'https://curbengh.github.io/malware-filter/botnet-filter-dnscrypt-blocked-ips.txt',
+  'https://malware-filter.gitlab.io/malware-filter/botnet-filter-dnscrypt-blocked-ips.txt',
+  'https://malware-filter.pages.dev/botnet-filter-dnscrypt-blocked-ips.txt'
+];
+
+const getBotNetFilterIPsPromise = fsFetchCache.apply(
+  BOTNET_FILTER_URL,
+  async () => {
+    const text = await fetchAssets(BOTNET_FILTER_URL, BOTNET_FILTER_MIRROR_URL);
+    return text.split('\n').reduce<string[]>((acc, cur) => {
+      const ip = processLine(cur);
+      if (ip) {
+        if (isProbablyIpv4(ip)) {
+          acc.push(`IP-CIDR,${ip}/32,no-resolve`);
+        } else if (isProbablyIpv6(ip)) {
+          acc.push(`IP-CIDR6,${ip}/128,no-resolve`);
+        }
+      }
+      return acc;
+    }, []);
+  },
+  {
+    ttl: TTL.TWLVE_HOURS(),
+    serializer: serializeArray,
+    deserializer: deserializeArray
+  }
+);
+
+export const buildRejectIPList = task(import.meta.path, async (span) => {
+  const result: string[] = await readFileIntoProcessedArray(path.resolve(import.meta.dir, '../Source/ip/reject.conf'));
+
+  const bogusNxDomainIPs = await span.traceChildPromise('get bogus nxdomain ips', getBogusNxDomainIPsPromise);
+  const botNetIPs = await span.traceChildPromise('get botnet ips', getBotNetFilterIPsPromise);
+
+  result.push(...bogusNxDomainIPs, ...botNetIPs);
+
+  const description = [
+    ...SHARED_DESCRIPTION,
+    '',
+    'This file contains known addresses that are hijacking NXDOMAIN results returned by DNS servers, and botnet controller IPs.',
+    '',
+    'Data from:',
+    ' - https://github.com/felixonmars/dnsmasq-china-list',
+    ' - https://github.com/curbengh/botnet-filter'
+  ];
+
+  return createRuleset(
+    span,
+    'Sukka\'s Ruleset - Anti Bogus Domain',
+    description,
+    new Date(),
+    result,
+    'ruleset',
+    path.resolve(import.meta.dir, '../List/ip/reject.conf'),
+    path.resolve(import.meta.dir, '../Clash/ip/reject.txt')
+  );
+});
+
+if (import.meta.main) {
+  buildRejectIPList();
+}
diff --git a/Build/index.ts b/Build/index.ts
index c0f7b664..d5b523fe 100644
--- a/Build/index.ts
+++ b/Build/index.ts
@@ -2,7 +2,7 @@ console.log('Bun version:', Bun.version, Bun.revision);
 
 import { downloadPreviousBuild } from './download-previous-build';
 import { buildCommon } from './build-common';
-import { buildAntiBogusDomain } from './build-anti-bogus-domain';
+import { buildRejectIPList } from './build-reject-ip-list';
 import { buildAppleCdn } from './build-apple-cdn';
 import { buildCdnDownloadConf } from './build-cdn-download-conf';
 import { buildRejectDomainSet } from './build-reject-domainset';
@@ -35,7 +35,7 @@ import { buildDeprecateFiles } from './build-deprecate-files';
     const downloadPreviousBuildPromise = downloadPreviousBuild(rootSpan);
 
     const buildCommonPromise = downloadPreviousBuildPromise.then(() => buildCommon(rootSpan));
-    const buildAntiBogusDomainPromise = downloadPreviousBuildPromise.then(() => buildAntiBogusDomain(rootSpan));
+    const buildRejectIPListPromise = downloadPreviousBuildPromise.then(() => buildRejectIPList(rootSpan));
     const buildAppleCdnPromise = downloadPreviousBuildPromise.then(() => buildAppleCdn(rootSpan));
     const buildCdnConfPromise = downloadPreviousBuildPromise.then(() => buildCdnDownloadConf(rootSpan));
     const buildRejectDomainSetPromise = downloadPreviousBuildPromise.then(() => buildRejectDomainSet(rootSpan));
@@ -70,7 +70,7 @@ import { buildDeprecateFiles } from './build-deprecate-files';
     await Promise.all([
       downloadPreviousBuildPromise,
       buildCommonPromise,
-      buildAntiBogusDomainPromise,
+      buildRejectIPListPromise,
       buildAppleCdnPromise,
       buildCdnConfPromise,
       buildRejectDomainSetPromise,