shadowbq-threatinator 0.5.0

data/spec/feeds/data/isc_suspicious_high_domainlist.txt

@@ -0,0 +1,26 @@
+
+#
+#   DShield.org Suspicious Domain List
+#    (c) 2014 DShield.org
+#   some rights reserved. Details http://creativecommons.org/licenses/by-nc-sa/2.5/
+#   use on your own risk. No warranties implied.
+#   primary URL: http://www.dshield.org/feeds/suspiciousdomains_High.txt
+#
+#   comments: info@dshield.org
+#    updated: Fri Sep 12 04:27:04 2014 UTC
+#   
+#    This list consists of High Level Sensitivity website URLs
+#     Columns (tab delimited):
+#
+#      (1) site
+#
+Site
+000007.ru	
+000cc.com	
+09cd.co.kr	
+1-verygoods.ru	
+10kpictures.com	
+114bds.com	
+114oldest.com	
+120a.com	
+123kochi.com	

data/spec/feeds/data/isc_suspicious_low_domainlist.txt

@@ -0,0 +1,34 @@
+
+#
+#   DShield.org Suspicious Domain List
+#    (c) 2014 DShield.org
+#   some rights reserved. Details http://creativecommons.org/licenses/by-nc-sa/2.5/
+#   use on your own risk. No warranties implied.
+#   primary URL: http://www.dshield.org/feeds/suspiciousdomains_Low.txt
+#
+#   comments: info@dshield.org
+#    updated: Fri Sep 12 04:27:03 2014 UTC
+#   
+#    This list consists of Low Level Sensitivity website URLs
+#     Columns (tab delimited):
+#
+#      (1) site
+#
+Site
+000007.ru	
+000cc.com	
+09cd.co.kr	
+1-verygoods.ru	
+10kpictures.com	
+114bds.com	
+114oldest.com	
+120a.com	
+123kochi.com	
+123mdw.com	
+13grandferi.ru	
+1492tapasbar.com	
+168asia.com	
+18dd.net	
+18xn.com	
+19tenco.com	
+1a-teensbilder.de	

data/spec/feeds/data/isc_suspicious_medium_domainlist.txt

@@ -0,0 +1,32 @@
+
+#
+#   DShield.org Suspicious Domain List
+#    (c) 2014 DShield.org
+#   some rights reserved. Details http://creativecommons.org/licenses/by-nc-sa/2.5/
+#   use on your own risk. No warranties implied.
+#   primary URL: http://www.dshield.org/feeds/suspiciousdomains_Medium.txt
+#
+#   comments: info@dshield.org
+#    updated: Fri Sep 12 04:27:04 2014 UTC
+#   
+#    This list consists of Medium Level Sensitivity website URLs
+#     Columns (tab delimited):
+#
+#      (1) site
+#
+Site
+000007.ru	
+000cc.com	
+09cd.co.kr	
+1-verygoods.ru	
+10kpictures.com	
+114bds.com	
+114oldest.com	
+120a.com	
+123kochi.com	
+123mdw.com	
+13grandferi.ru	
+1492tapasbar.com	
+168asia.com	
+18dd.net	
+18xn.com	

data/spec/feeds/data/malc0de_domainlist.txt

@@ -0,0 +1,18 @@
+
+// This file will be automatically updated daily and populated with the last 30 days of malicious domains.
+// It will return 127.0.0.1 for all domains found to be distributing malware
+// Additional information to get this working can be found http://www.malwaredomains.com/wordpress/?page_id=6
+// Last updated 2014-07-08	
+
+PRIMARY beespace.com.ua blockeddomain.hosts
+PRIMARY opencandy.com blockeddomain.hosts
+PRIMARY netdna-cdn.com blockeddomain.hosts
+PRIMARY drivers.drp.su blockeddomain.hosts
+PRIMARY dropcanvas.com blockeddomain.hosts
+PRIMARY 52z.com blockeddomain.hosts
+PRIMARY baixaki.com.br blockeddomain.hosts
+PRIMARY nzs.com.br blockeddomain.hosts
+PRIMARY uniblue.com blockeddomain.hosts
+PRIMARY downloadsrv13.com blockeddomain.hosts
+PRIMARY cachelocal.org blockeddomain.hosts
+PRIMARY ttriber.com blockeddomain.hosts

data/spec/feeds/data/malc0de_iplist.txt

@@ -0,0 +1,14 @@
+
+// This file will be automatically updated daily and populated with the last 30 days of malicious IP addresses.
+// Last updated 2014-07-08	
+
+91.188.117.157
+216.151.164.53
+91.222.136.251
+208.111.160.6
+5.79.71.240
+162.159.242.11
+218.75.155.39
+96.17.197.34
+176.32.99.47
+23.66.230.137

data/spec/feeds/data/malwaredomainlist-url-reputation.txt

@@ -0,0 +1,8 @@
+"2014/10/07_04:23","www.yehuam.com/dist/video.php?l=1","198.15.122.221","-","Leads to exploit, Malvertising","Registrar Abuse Contact abuse@enom.com","20454"
+"2014/10/07_04:23","exkn0md6fh.qsdgi.com/azomytze3q","5.135.230.183","-","RIG EK","Registrar Abuse Contact abuse@web.com","16276"
+"2014/10/01_09:34","radiology.starlightcapitaladvisors.net/dr/southeast/steve/dropdown.js","85.10.229.207","85-10-229-207.clients.your-server.de.","obfuscated script leads to exploit kit","-","24940"
+"2014/10/01_09:30","avecat.missouritheatre.org:15106/full/cnstats/clients/stories.php?wink=322","87.118.127.230","ns2.km33436-26.keymachine.de.","exploit kit","T Fankhauser / artstaff@stjoearts.org","31103"
+"2014/10/01_09:30","aveconomic.trailswest.org:15106/haddan_files/stories.php","87.118.127.230","ns2.km33436-26.keymachine.de.","exploit kit","T Fankhauser / artstaff@stjoearts.org","31103"
+"2014/09/17_10:11","borneo.aqq79.com/wbxx3.html","217.23.5.88","customer.worldstream.nl.","frame leads to exploit kit","Registrar Abuse Contact domain@west263.com","49981"
+"2014/09/17_10:11","asd.vicentelopez.us/vbign3s2pe","192.99.197.133","-","exploit kit","Virna Springer / virnaspringer2001@mail.com","16276"
+"2014/09/17_10:11","qwe.affairedhonneur.us/depqfie59y","192.99.197.131","-","exploit kit","Ben Bazar / benbazar2011y@mail.com","16276"

data/spec/feeds/data/malwaredomains_domainlist.txt

@@ -0,0 +1,24 @@
+##	notice	notice	duplication is not permitted
+##	 if you do not accept these terms, then do not use this information.
+##	nextvalidation	domain	type	original_reference-why_it_was_listed	dateverified
+##	for noncommercial use only. using this information indicates you agree to be bound by these terms.
+	20161231	brenz.pl	attackpage	safebrowsing.clients.google.com	20140302	20131228	20110304	20100805	relisted
+	20161231	retro-7-3.cz.cc	harmful	safebrowsing.clients.google.com	20140703	20131227	20130614	20120724	20110503	relisted
+	20161231	38zu.cn	attackpage	safebrowsing.google.com	20140703	20140302	20130325	20120426	20110715
+	20161231	pempoo.com	attackpage	safebrowsing.google.com	20140703	20140307	20131227	20120423	20110712
+	20161230	gumblar.cn	attackpage	safebrowsing.clients.google.com	20140703	20140226	20131228	20130526	20110711	20100403
+	20160601	cg79wo20kl92doowfn01oqpo9mdieowv5tyj.com	malware	safebrowsing.google.com	20130611	20131228	20121227	20120724	20110319	relisted
+	20160601	neepelsty.cz.cc	attackpage	www.google.com/interstitial?url=neepelsty.cz.cc	20130614	20131228	20121227	20120724	20110520	relisted
+	20160601	x0a.in	iframe	blog.unmaskparasites.com/2009/06/25/hidden-cn-iframes-are-still-prevalent	20131226	20110311	20090830
+	20160601	x1g.in	iframe	blog.unmaskparasites.com/2009/06/25/hidden-cn-iframes-are-still-prevalent	20131226	20110311	20090830
+	20160601	x3v.in	iframe	blog.unmaskparasites.com/2009/06/25/hidden-cn-iframes-are-still-prevalent	20131226	20110311	20090830
+	20160601	x5o.ru	iframe	blog.unmaskparasites.com/2009/06/25/hidden-cn-iframes-are-still-prevalent	20131226	20110311	20090830
+	20160601	x6i.ru	iframe	blog.unmaskparasites.com/2009/06/25/hidden-cn-iframes-are-still-prevalent	20131226	20110311	20090830
+	20160601	x6p.in	iframe	blog.unmaskparasites.com/2009/06/25/hidden-cn-iframes-are-still-prevalent	20131226	20110311	20090830
+	20160601	x3b.ru	attackpage	google.com/safebrowsing	20131226	20110311	20090913
+	20160601	x0c.ru	malware	hosts-file.net/?s=80.93.90.88&view=history	20131226	20110311	20090830
+	20160601	x3y.ru	malware	hosts-file.net/?s=80.93.90.88&view=history	20131226	20110311	20090830
+	20160601	x9m.ru	malware	hosts-file.net/?s=80.93.90.88&view=history	20131226	20110311	20090830
+	20160601	x8l.in	iframe	safebrowsing.google.com	20131226	20110311	20090826
+	20160601	x8o.ru	iframe	safebrowsing.google.com	20131226	20110311	20090826
+	20160601	x8v.ru	iframe	safebrowsing.google.com	20131226	20110311	20090826

data/spec/feeds/data/malwaredomains_dyndns_domainlist.txt

@@ -0,0 +1,34 @@
+
+## this is a listdynamic dns providers - for informational purposes only, use as a blocklist at your own risk
+##please send additions or corrrections to malwaredomains2@gmail23.com1 (remove numbers in email address)
+#easydns4u.com
+#freelancedeveloper.com
+#ipupdater.com
+#iwas2.net
+#microtech.co.gg
+#myip.us
+#ohflip.com
+#reidmail.com
+#reidsville-dns.com
+#sysopworld.com
+#thebbs.org
+
+0000000000000000000000.com	#from http://freedns.afraid.org
+020huahai.com	malicious	siteinspector.comodo.com/
+021christine.com	malicious	siteinspector.comodo.com/
+051.no	malicious	siteinspector.comodo.com/
+0815x.com	#from http://freedns.afraid.org
+0bit.org	#from http://freedns.afraid.org
+0wnz-u.com	#from http://freedns.afraid.org
+0x.no	#from http://freedns.afraid.org
+101main.com	#from http://dns2go.com
+101main.net	#from http://dns2go.com
+1040ezdotcom.com	malicious	siteinspector.comodo.com/
+120v.ac	#from http://freedns.afraid.org
+1243.ru	malicious	siteinspector.comodo.com/
+12wildwood.ca	#from http://freedns.afraid.org
+1313.pl	#from http://freedns.afraid.org
+1337.cx	#from http://freedns.afraid.org
+136k.com	#from http://freedns.afraid.org
+17life.com	#from http://freedns.afraid.org
+18videoclip.com	harmful	safebrowsing.clients.google.com

data/spec/feeds/data/malwaredomains_justdomains_domainlist.txt

@@ -0,0 +1,18 @@
+brenz.pl
+retro-7-3.cz.cc
+38zu.cn
+pempoo.com
+gumblar.cn
+cg79wo20kl92doowfn01oqpo9mdieowv5tyj.com
+neepelsty.cz.cc
+x0a.in
+x1g.in
+x3v.in
+x5o.ru
+x6i.ru
+x6p.in
+x3b.ru
+x0c.ru
+x3y.ru
+x9m.ru
+x8l.in

data/spec/feeds/data/mirc_domainlist.txt

@@ -0,0 +1,31 @@
+;For more information about this file see http://www.mirc.com/serverslist.html
+
+[timestamp]
+date=13/06/2012
+
+[networks]
+n0=DALnet
+n1=EFnet
+n2=Freenode
+n3=GameSurge
+n4=IRCnet
+n5=Quakenet
+n6=Rizon
+n7=SwiftIRC
+n8=Undernet
+n9=WebChat
+
+[servers]
+n0=Random serverSERVER:irc.dal.net:6660-6667GROUP:DALnet
+n1=Random AU serverSERVER:irc.au.dal.net:6665-6668,7000GROUP:DALnet
+n2=Random EU serverSERVER:irc.eu.dal.net:6665-6668,7000GROUP:DALnet
+n3=Random US serverSERVER:irc.us.dal.net:6665-6668,7000GROUP:DALnet
+n4=US, CA, OrangeSERVER:krypt.ca.us.dal.net:6665-6668,7000GROUP:DALnet
+n5=US, NJ, ChoopaSERVER:choopa.nj.us.dal.net:6667:GROUP:DALnet
+n6=US, VA, RichmondSERVER:punch.va.us.dal.net:6665-6668,7000GROUP:DALnet
+n7=US, WA, SeattleSERVER:serverbuffet.wa.us.dal.net:6665-6668,7000GROUP:DALnet
+n8=Random serverSERVER:irc.efnet.org:6667GROUP:EFnet
+n9=CA, AB, CalgarySERVER:irc.arcti.ca:6665-6669GROUP:EFnet
+n10=CA, ON, TorontoSERVER:irc.teksavvy.ca:6661-6669GROUP:EFnet
+n11=EU, DK, AarhusSERVER:irc.inet.tele.dk:6661-6669GROUP:EFnet
+n12=EU, NL, AmsterdamSERVER:efnet.xs4all.nl:6661-6669GROUP:EFnet

data/spec/feeds/data/multiproxy_iplist.txt

@@ -0,0 +1,15 @@
+122.6.245.14:8090
+123.184.6.251:8088
+123.236.215.131:6588
+172.163.146.56:6588
+189.37.28.147:6588
+190.53.89.103:6588
+200.104.104.91:6588
+200.126.98.135:6588
+200.252.201.144:80
+201.42.59.201:6588
+202.134.202.226:80
+211.140.151.214:8080
+212.12.114.252:3128
+218.252.37.227:808
+59.95.1.229:6588

data/spec/feeds/data/nothink_irc_iplist.txt

@@ -0,0 +1,14 @@
+# Provided by nothink.org
+# Malware IRC network traffic blacklist (IP address)
+# Generated 2014-07-07 22:05:01 UTC
+122.160.232.194
+123.240.75.169
+173.163.151.27
+189.107.132.113
+193.107.16.22
+193.136.119.33
+194.14.236.50
+201.48.61.38
+218.61.22.10
+218.61.22.28
+46.166.162.116

data/spec/feeds/data/nothink_ssh_iplist.txt

@@ -0,0 +1,10 @@
+# Provided by nothink.org
+# SSH blacklist, last 24 hours (IP address)
+# Generated 2014-07-08 22:05:01 UTC
+1.93.26.15
+31.196.84.131
+36.39.246.121
+61.144.43.235
+64.111.196.174
+88.191.151.44
+94.32.71.168

data/spec/feeds/data/openbl_iplist.txt

@@ -0,0 +1,12 @@
+# openbl.org/lists/base_90days.txt
+# Wed Jul  9 15:12:00 2014 UTC
+#
+# source ip
+61.174.51.216
+61.174.51.233
+218.108.247.91
+183.46.250.53
+61.174.51.230
+61.174.51.204
+1.93.29.130
+117.21.191.35

data/spec/feeds/data/openphish-url-reputation.txt

@@ -0,0 +1,16 @@
+http://22872.in/
+http://www.sikaram.lk/wp-content/uploads/10421312312/19890907.html
+http://www.seventoons.com/includes/languages/espanol/images/sfre/9a8c90c1e89a8d9660b5eb59308d5f15/cas.php?clicid=13698&default=031c2011f7b699ad4676d01035827f44
+http://www.alternativ-credit.fr/includes/html/classic/ibks/bradesco/?WLMFKUGXUPHVZUFEZWIKYHYWGUGPFXEPNGOFZEYGTSTNTWUIYMFIRLZTUUNVRNTNPTMSTZKZKNITNRNPHLKWYKOZMXWSJYKWY
+http://www.alternativ-credit.fr/includes/html/classic/ibks/bradesco/?ZNLROJIJRSSTQWEGUKKYXWQJKMPRLJNOYVHNXTGSJVTNPLTPTKEOLVHGSLXXIURSPFWXHYNKSWJSYNQZKRGXMSRLZVTGRVXPNJTV
+http://www.jacks-music.co.uk/wp-admin/a/ef26da3516ec9b3f8d06a8d876804d0a/da276c95119f380b9466516ca1f35551/4db64aeb194a008c3589ca0252caf430/14526566c864daf0a9cf4f6cc527b315/884c7f2309881eef92d29429c9b15f32/95a77b9c4a1258900b96726a003351ec/a06ae15727fc9b5a8daf9a61563a9b2a/?pagein=https://signin.ebay.it/ws/eBayISAPI.dll?SignIn&ru=http://www.ebay.it/
+http://www.jacks-music.co.uk/wp-admin/a/e4f701810e80c05c0533876dd4b4246d/97286d2ffb4c29125e8534b5f34eac1f/?pagein=https://signin.ebay.it/ws/eBayISAPI.dll?SignIn&ru=http://www.ebay.it/
+http://www.jacks-music.co.uk/wp-admin/a/ef26da3516ec9b3f8d06a8d876804d0a/da276c95119f380b9466516ca1f35551/4db64aeb194a008c3589ca0252caf430/14526566c864daf0a9cf4f6cc527b315/6f9b49ea7ad3bd488d03146e455585f7/c144bd8041f407331fe66af1d6c07c51/8c3f20513475139edeccc7f47f237552/?pagein=https://signin.ebay.it/ws/eBayISAPI.dll?SignIn&ru=http://www.ebay.it/
+http://www.jacks-music.co.uk/wp-admin/a/ef26da3516ec9b3f8d06a8d876804d0a/da276c95119f380b9466516ca1f35551/4db64aeb194a008c3589ca0252caf430/14526566c864daf0a9cf4f6cc527b315/884c7f2309881eef92d29429c9b15f32/95a77b9c4a1258900b96726a003351ec/bfe3005edf73b44b6c18a88ddf633d08/?pagein=https://signin.ebay.it/ws/eBayISAPI.dll?SignIn&ru=http://www.ebay.it/
+http://www.jacks-music.co.uk/wp-admin/a/ef26da3516ec9b3f8d06a8d876804d0a/da276c95119f380b9466516ca1f35551/4db64aeb194a008c3589ca0252caf430/14526566c864daf0a9cf4f6cc527b315/d5f8fba1e788b4723fb87c788aae85a7/d5c3a11c45b2d46ff81cd25281d43510/2102dde13e5e7dcb942d34af83a59c31/?pagein=https://signin.ebay.it/ws/eBayISAPI.dll?SignIn&ru=http://www.ebay.it/
+http://www.jacks-music.co.uk/wp-admin/a/ef26da3516ec9b3f8d06a8d876804d0a/da276c95119f380b9466516ca1f35551/40001ba92bc71fa1a87cbd6014c6a93c/f855e92746daac9349ec8606bc21dc1c/?pagein=https://signin.ebay.it/ws/eBayISAPI.dll?SignIn&ru=http://www.ebay.it/
+http://190.86.185.227/Site-Seguro-SSL/Cadastramento/
+http://www.turesidenciapremium.com/Trader/trade/index.html
+http://datosfiscales.com/plugins/connect/portfolio/index.htm
+http://www.thethreetouch.com/thai/store/images/stories/safepay.wellsfargo.com/index.php
+http://www.

data/spec/feeds/data/packetmail_perimeterbad-ip_reputation.txt

@@ -0,0 +1,44 @@
+# Disclaimer - You may not use this list without acceptance of the below:
+#
+# The following IP addresses have made HTTP/HTTPS requests to files that are either non-existent or denied by configuration to 
+# unique and new URLs over the past 30 days.
+#
+# No assertion is made, nor implied, that any of the below listed IP addresses are accurate, malicious, hostile, or engaged in nefarious acts.
+# Use this list at your own risk.  By using this list in any capacity or capability you release all claims of damages and shall not hold or perceive any
+# liability against the publisher for:  damage, unexpected events or results, decision, or reputation damage, even those resulting from wilful
+# or intentional neglect.
+#
+# No claims made against this data shall be honored; no assertions have been made about the quality, accuracy, usability, actionability,
+# reputation, merit, or hostility of the below findings.
+#
+# If you feel that an IP address is inaccurately listed below please contact me at any RFC822 6.3, RFC1123 5.2.7, or RFC2821 4.5.1
+# address associated with this domain.
+#
+# This list may not be included in any 'for-sale' component and may not be included in pay-wall subscription-based services except
+# for organizations that I have explicitly given permission to by E-Mail which has been GPG signed using Key ID 0x37085D70.
+#
+# Changelog:
+#	Thu Sep 04 2014 - Initial Development
+#
+# This file contains these \x09 (TAB) separated fields:
+#	date_time               string                  Time the request was received (standard english format)
+#	remote_ip               string                  Remote IP-address
+#	server_name             string                  The server name according to the UseCanonicalName setting
+#	status                  string                  Status. For requests that got internally redirected, this is the status of the original request
+#	request                 string                  The first line of the request
+#	http_referer            string                  HTTP Referer
+#	user_agent              string                  HTTP User-Agent
+#	day                     string                  Day in YYYY-MM-DD format
+#
+#
+# This list was last updated on Thu Sep  4 10:16:10 CDT 2014
+#
+[03/Sep/2014:13:11:47 -0500]	192.99.152.38	206.82.85.197	403	GET /cc/process.php HTTP/1.1	-	Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20100101 Firefox/8.0	2014-09-03
+[03/Sep/2014:10:06:47 -0500]	110.45.241.238	206.82.85.197	403	POST /cfg HTTP/1.1	-	-	2014-09-03
+[03/Sep/2014:13:11:47 -0500]	192.99.152.38	206.82.85.197	403	GET /process.php HTTP/1.1	-	Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20100101 Firefox/8.0	2014-09-03
+[03/Sep/2014:09:48:18 -0500]	62.210.167.201	206.82.85.197	403	GET /mad/inc/config.php HTTP/1.1	-	Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20100101 Firefox/8.0	2014-09-03
+[03/Sep/2014:05:39:48 -0500]	192.99.166.102	206.82.85.197	403	GET /Panel/bins.php HTTP/1.1	-	Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20100101 Firefox/8.0	2014-09-03
+[03/Sep/2014:05:39:48 -0500]	192.99.166.102	206.82.85.197	403	GET /jackposprivate12/bins.php HTTP/1.1	-	Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20100101 Firefox/8.0	2014-09-03
+[03/Sep/2014:05:39:48 -0500]	192.99.166.102	206.82.85.197	403	GET /jack/bins.php HTTP/1.1	-	Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20100101 Firefox/8.0	2014-09-03
+[03/Sep/2014:18:06:59 -0500]	69.28.85.204	www.hackbraten.tk	403	HEAD /Hackbraten.zip HTTP/1.1	-	curl/7.32.0	2014-09-03
+

data/spec/feeds/data/palevo_domainlist.txt

@@ -0,0 +1,25 @@
+# Palevo C&C Domain Blocklist by abuse.ch
+arta.romail3arnest.info
+asp.spinchats.com
+bff.7oorq8.com
+bff4.7oorq8.com
+computo164.laweb.es
+fitt.prince.kz
+hcuewgbbnfdu1ew.com
+hcuewgbbnfs1uew.com
+internet.estr.es
+legionarios.servecounterstrike.com
+mail3.nad123nad.com
+mariposita.web-personal.org
+masterkey.com.ua
+ms4all.twoplayers.net
+mst.com.ua
+ns.dunno-net.com
+panchitox.laweb.es
+penchatox.sin-ip.es
+rastu.com.ua
+s.24otuwotefsmd.com
+shv4.no-ip.biz
+shv4b.getmyip.com
+ssl.aukro.ua
+symconempkr.com

data/spec/feeds/data/palevo_iplist.txt

@@ -0,0 +1,24 @@
+# Palevo C&C IP Blocklist by abuse.ch
+107.150.36.226
+109.123.109.132
+115.236.76.168
+144.76.143.4
+173.230.133.99
+176.31.117.59
+187.214.120.147
+189.135.116.163
+189.236.206.143
+193.23.48.228
+194.116.174.85
+208.185.82.133
+50.63.202.42
+67.198.207.34
+67.210.170.140
+67.210.170.141
+67.210.170.169
+69.43.161.141
+76.74.255.138
+80.83.124.187
+82.196.6.164
+91.208.194.18
+98.126.44.98

data/spec/feeds/data/snort_bpf-ip_reputation.txt

@@ -0,0 +1,16 @@
+212.89.13.111
+46.242.145.99
+91.220.62.190
+91.220.62.112
+91.213.217.36
+194.44.157.130
+193.107.17.62
+193.106.31.12
+94.63.149.51
+93.171.202.70
+204.16.169.2
+182.160.162.65
+91.228.154.199
+76.74.184.23
+85.214.26.248
+80.48.62.18

data/spec/feeds/data/spyeye_domainlist.txt

@@ -0,0 +1,16 @@
+################################################################################
+# abuse.ch SpyEye domain blocklist                                             #
+#                                                                              #
+# For questions please referer to https://spyeyetracker.abuse.ch/blocklist.php #
+################################################################################
+
+beromder56.com
+detadomain.su
+doemguing.net
+firexiasds.wha.la
+futuretelefonica.com
+gate.eyeonarte.it
+helen33nasanorth.com
+sebortemesd5.com
+stendtlong.net
+

data/spec/feeds/data/spyeye_iplist.txt

@@ -0,0 +1,19 @@
+################################################################################
+# abuse.ch SpyEye IP blocklist                                                 #
+#                                                                              #
+# For questions please referer to https://spyeyetracker.abuse.ch/blocklist.php #
+################################################################################
+
+188.190.126.173
+188.190.126.175
+188.190.126.176
+193.106.31.12
+193.107.17.62
+194.44.157.130
+46.166.143.56
+91.213.217.36
+91.220.62.112
+91.220.62.190
+93.171.202.70
+94.63.149.51
+

data/spec/feeds/data/steeman-ip-reputation.txt

@@ -0,0 +1,13 @@
+# 2104 Block List (IPV4 IP addresses to avoid contact with) - Jeron Steeman - http://jeroen.steeman.org
+# Created: 10/3/2014 4:00:24 PM
+1.0.253.17
+1.1.153.136
+1.10.220.118
+1.10.221.14
+1.10.221.78
+1.10.253.13
+1.161.123.10
+1.162.217.96
+1.168.163.133
+1.168.242.142
+1.169.45.13

data/spec/feeds/data/t-arend-de_ssh_iplist.txt

@@ -0,0 +1,17 @@
+#Bad Guys List
+#From: thomas@t-arend.de
+#Date: So 6. Sep 13:03:16 CEST 2009
+sshd: 113.11.200.191
+sshd: 116.122.107.58
+sshd: 116.127.93.201
+sshd: 116.58.96.55
+sshd: 116.68.194.45
+sshd: 117.21.249.75
+sshd: 117.32.128.141
+sshd: 118.128.150.210
+sshd: 119.113.0.4
+sshd: 119.113.0.7
+sshd: 121.13.229.221
+sshd: 121.138.192.152
+sshd: 121.14.142.46
+sshd: 121.15.167.243

data/spec/feeds/data/the_haleys_ssh_iplist.txt

@@ -0,0 +1,12 @@
+# IP addresses launching SSH dictionary attacks. As of Fri, 11 Jul 2014 15:22:17 +0100
+ALL : 1.30.20.146 
+ALL : 1.82.184.23 
+ALL : 1.82.184.25 
+ALL : 1.85.2.246 
+ALL : 1.93.22.107 
+ALL : 1.93.24.62 
+ALL : 1.93.24.72 
+ALL : 1.93.25.63 
+ALL : 1.93.25.165 
+ALL : 1.93.25.234 
+ALL : 1.93.25.253 

data/spec/feeds/data/trustedsec-ip-reputation.txt

@@ -0,0 +1,12 @@
+#
+100.1.176.8
+100.42.209.114
+100.42.227.89
+100.42.229.73
+100.42.74.90
+101.0.4.104
+101.0.4.108
+101.0.53.229
+101.0.5.88
+101.0.5.90
+101.108.127.106