shadowbq-threatinator 0.5.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/CHANGELOG.md +66 -0
- data/CONTRIBUTING.md +119 -0
- data/Gemfile +38 -0
- data/LICENSE +165 -0
- data/README.md +101 -0
- data/Rakefile +47 -0
- data/VERSION +1 -0
- data/bin/threatinator +5 -0
- data/bin/threatinator_loader +21 -0
- data/feeds/ET_block-ip_reputation.feed +27 -0
- data/feeds/ET_compromised-ip_reputation.feed +20 -0
- data/feeds/ET_openbadlist-ip_reputation.feed +36 -0
- data/feeds/alienvault-ip_reputation.feed +39 -0
- data/feeds/arbor_fastflux-domain_reputation.feed +19 -0
- data/feeds/arbor_ssh-ip_reputation.feed +24 -0
- data/feeds/autoshun_shunlist.feed +17 -0
- data/feeds/bambenek_c2_masterlist-domain_reputation.feed +16 -0
- data/feeds/bambenek_c2_masterlist-ip_reputation.feed +16 -0
- data/feeds/bambenek_dga_feed-domain_reputation.feed +16 -0
- data/feeds/berkeley-ip_reputation.feed +25 -0
- data/feeds/bitcash_cz_blacklist.feed +22 -0
- data/feeds/blocklist_de_apache-ip_reputation.feed +26 -0
- data/feeds/blocklist_de_bots-ip_reputation.feed +26 -0
- data/feeds/blocklist_de_ftp-ip_reputation.feed +25 -0
- data/feeds/blocklist_de_imap-ip_reputation.feed +25 -0
- data/feeds/blocklist_de_pop3-ip_reputation.feed +26 -0
- data/feeds/blocklist_de_proftpd-ip_reputation.feed +26 -0
- data/feeds/blocklist_de_sip-ip_reputation.feed +25 -0
- data/feeds/blocklist_de_ssh-ip_reputation.feed +25 -0
- data/feeds/blocklist_de_strongips-ip_reputation.feed +25 -0
- data/feeds/botscout-ip_reputation.feed +25 -0
- data/feeds/cert_mxpoison-ip_reputation.feed +22 -0
- data/feeds/chaosreigns-ip_reputation.feed +37 -0
- data/feeds/ciarmy-ip_reputation.feed +20 -0
- data/feeds/cruzit-ip_reputation.feed +30 -0
- data/feeds/cydef_torexit-ip_reputation.feed +25 -0
- data/feeds/dan_me_uk_torlist-ip_reputation.feed +25 -0
- data/feeds/danger_bruteforce-ip_reputation.feed +24 -0
- data/feeds/dshield_attackers-top1000.feed +34 -0
- data/feeds/falconcrest-ip_reputation.feed +19 -0
- data/feeds/feodo-domain_reputation.feed +19 -0
- data/feeds/feodo-ip_reputation.feed +20 -0
- data/feeds/h3x_asprox.feed +18 -0
- data/feeds/hosts-file_hphostspartial-domain_reputation.feed +19 -0
- data/feeds/infiltrated-ip_reputation.feed +26 -0
- data/feeds/infiltrated_vabl-ip_reputation.feed +30 -0
- data/feeds/isc_suspicious_high-domain_reputation.feed +26 -0
- data/feeds/isc_suspicious_low-domain_reputation.feed +26 -0
- data/feeds/isc_suspicious_medium-domain_reputation.feed +26 -0
- data/feeds/malc0de-domain_reputation.feed +24 -0
- data/feeds/malc0de-ip_reputation.feed +26 -0
- data/feeds/malwaredomainlist-url_reputation.feed +18 -0
- data/feeds/malwaredomains-domain_reputation.feed +29 -0
- data/feeds/malwaredomains_dyndns-domain_reputation.feed +29 -0
- data/feeds/malwaredomains_justdomains-domain_reputation.feed +20 -0
- data/feeds/mirc-domain_reputation.feed +30 -0
- data/feeds/multiproxy-ip_reputation.feed +22 -0
- data/feeds/nothink_irc-ip_reputation.feed +23 -0
- data/feeds/nothink_ssh-ip_reputation.feed +21 -0
- data/feeds/openbl-ip_reputation.feed +21 -0
- data/feeds/openphish-url_reputation.feed +24 -0
- data/feeds/packetmail_perimeterbad-ip_reputation.feed +28 -0
- data/feeds/palevo-domain_reputation.feed +22 -0
- data/feeds/palevo-ip_reputation.feed +23 -0
- data/feeds/phishtank.feed +22 -0
- data/feeds/sigmaproject_atma.feed +27 -0
- data/feeds/sigmaproject_spyware.feed +28 -0
- data/feeds/sigmaproject_webexploit.feed +26 -0
- data/feeds/snort_bpf-ip_reputation.feed +19 -0
- data/feeds/spyeye-domain_reputation.feed +18 -0
- data/feeds/spyeye-ip_reputation.feed +19 -0
- data/feeds/steeman-ip_reputation.feed +20 -0
- data/feeds/t-arend-de_ssh-ip_reputation.feed +20 -0
- data/feeds/the_haleys_ssh-ip_reputation.feed +20 -0
- data/feeds/trustedsec-ip_reputation.feed +18 -0
- data/feeds/virbl-ip_reputation.feed +25 -0
- data/feeds/vxvault-url_reputation.feed +23 -0
- data/feeds/yourcmc_ssh-ip_reputation.feed +20 -0
- data/feeds/yoyo_adservers-domain_reputation.feed +17 -0
- data/feeds/zeus-domain_reputation.feed +19 -0
- data/feeds/zeus-ip_reputation.feed +21 -0
- data/lib/threatinator/action.rb +14 -0
- data/lib/threatinator/actions/list/action.rb +97 -0
- data/lib/threatinator/actions/list/config.rb +12 -0
- data/lib/threatinator/actions/list.rb +2 -0
- data/lib/threatinator/actions/run/action.rb +57 -0
- data/lib/threatinator/actions/run/config.rb +32 -0
- data/lib/threatinator/actions/run/coverage_observer.rb +59 -0
- data/lib/threatinator/actions/run/output_config.rb +59 -0
- data/lib/threatinator/actions/run/status_observer.rb +37 -0
- data/lib/threatinator/actions/run.rb +2 -0
- data/lib/threatinator/cli/action_builder.rb +33 -0
- data/lib/threatinator/cli/list_action_builder.rb +19 -0
- data/lib/threatinator/cli/parser.rb +123 -0
- data/lib/threatinator/cli/run_action_builder.rb +41 -0
- data/lib/threatinator/cli.rb +19 -0
- data/lib/threatinator/config/base.rb +35 -0
- data/lib/threatinator/config/feed_search.rb +25 -0
- data/lib/threatinator/config/logger.rb +14 -0
- data/lib/threatinator/config.rb +7 -0
- data/lib/threatinator/decoder.rb +24 -0
- data/lib/threatinator/decoders/gzip.rb +30 -0
- data/lib/threatinator/event.rb +63 -0
- data/lib/threatinator/event_builder.rb +70 -0
- data/lib/threatinator/exceptions.rb +58 -0
- data/lib/threatinator/feed.rb +88 -0
- data/lib/threatinator/feed_builder.rb +161 -0
- data/lib/threatinator/feed_registry.rb +47 -0
- data/lib/threatinator/feed_runner.rb +177 -0
- data/lib/threatinator/fetcher.rb +22 -0
- data/lib/threatinator/fetchers/http.rb +50 -0
- data/lib/threatinator/filter.rb +12 -0
- data/lib/threatinator/filters/block.rb +18 -0
- data/lib/threatinator/filters/comments.rb +16 -0
- data/lib/threatinator/filters/whitespace.rb +19 -0
- data/lib/threatinator/logger.rb +66 -0
- data/lib/threatinator/logging.rb +20 -0
- data/lib/threatinator/model/base.rb +23 -0
- data/lib/threatinator/model/collection.rb +89 -0
- data/lib/threatinator/model/observables/fqdn_collection.rb +15 -0
- data/lib/threatinator/model/observables/ipv4.rb +33 -0
- data/lib/threatinator/model/observables/ipv4_collection.rb +14 -0
- data/lib/threatinator/model/observables/url_collection.rb +16 -0
- data/lib/threatinator/model/validations/type.rb +21 -0
- data/lib/threatinator/model/validations.rb +1 -0
- data/lib/threatinator/output.rb +50 -0
- data/lib/threatinator/parser.rb +23 -0
- data/lib/threatinator/parsers/csv/parser.rb +77 -0
- data/lib/threatinator/parsers/csv.rb +7 -0
- data/lib/threatinator/parsers/getline/parser.rb +45 -0
- data/lib/threatinator/parsers/getline.rb +8 -0
- data/lib/threatinator/parsers/json/adapters/oj.rb +65 -0
- data/lib/threatinator/parsers/json/parser.rb +45 -0
- data/lib/threatinator/parsers/json/record.rb +20 -0
- data/lib/threatinator/parsers/json.rb +8 -0
- data/lib/threatinator/parsers/xml/node.rb +79 -0
- data/lib/threatinator/parsers/xml/node_builder.rb +39 -0
- data/lib/threatinator/parsers/xml/parser.rb +44 -0
- data/lib/threatinator/parsers/xml/path.rb +70 -0
- data/lib/threatinator/parsers/xml/pattern.rb +53 -0
- data/lib/threatinator/parsers/xml/record.rb +14 -0
- data/lib/threatinator/parsers/xml/sax_document.rb +64 -0
- data/lib/threatinator/parsers/xml.rb +8 -0
- data/lib/threatinator/plugin_loader.rb +115 -0
- data/lib/threatinator/plugins/output/amqp/config.rb +18 -0
- data/lib/threatinator/plugins/output/amqp.rb +41 -0
- data/lib/threatinator/plugins/output/csv.rb +58 -0
- data/lib/threatinator/plugins/output/json/config.rb +14 -0
- data/lib/threatinator/plugins/output/json.rb +53 -0
- data/lib/threatinator/plugins/output/null.rb +17 -0
- data/lib/threatinator/plugins/output/rubydebug.rb +16 -0
- data/lib/threatinator/record.rb +22 -0
- data/lib/threatinator/registry.rb +53 -0
- data/lib/threatinator/util.rb +15 -0
- data/lib/threatinator.rb +3 -0
- data/spec/feeds/ET_block-ip_reputation_spec.rb +50 -0
- data/spec/feeds/ET_compromised-ip_reputation_spec.rb +47 -0
- data/spec/feeds/ET_openbadlist-ip_reputation_spec.rb +56 -0
- data/spec/feeds/alienvault-ip_reputation_spec.rb +46 -0
- data/spec/feeds/arbor_fastflux-domain_reputation_spec.rb +46 -0
- data/spec/feeds/arbor_ssh-ip_reputation_spec.rb +46 -0
- data/spec/feeds/autoshun_shunlist_spec.rb +38 -0
- data/spec/feeds/bambenek_c2_masterlist-domain_reputation_spec.rb +38 -0
- data/spec/feeds/bambenek_c2_masterlist-ip_reputation_spec.rb +39 -0
- data/spec/feeds/bambenek_dga_feed-domain_reputation_spec.rb +39 -0
- data/spec/feeds/berkeley-ip_reputation_spec.rb +47 -0
- data/spec/feeds/bitcash_cz_blacklist-ip_reputation_spec.rb +50 -0
- data/spec/feeds/blocklist_de_apache-ip_reputation_spec.rb +47 -0
- data/spec/feeds/blocklist_de_bots-ip_reputation_spec.rb +47 -0
- data/spec/feeds/blocklist_de_ftp-ip_reputation_spec.rb +47 -0
- data/spec/feeds/blocklist_de_imap-ip_reputation_spec.rb +47 -0
- data/spec/feeds/blocklist_de_pop3-ip_reputation_spec.rb +47 -0
- data/spec/feeds/blocklist_de_proftpd-ip_reputation_spec.rb +47 -0
- data/spec/feeds/blocklist_de_sip-ip_reputation_spec.rb +47 -0
- data/spec/feeds/blocklist_de_ssh-ip_reputation_spec.rb +47 -0
- data/spec/feeds/blocklist_de_strongips-ip_reputation_spec.rb +47 -0
- data/spec/feeds/botscout-ip_reputation_spec.rb +50 -0
- data/spec/feeds/cert_mxpoison-ip_reputation_spec.rb +47 -0
- data/spec/feeds/chaosreigns-ip_reputation_spec.rb +50 -0
- data/spec/feeds/ciarmy-ip_reputation_spec.rb +47 -0
- data/spec/feeds/cruzit-ip_reputation_spec.rb +47 -0
- data/spec/feeds/cydef_torexit-ip_reputation_spec.rb +47 -0
- data/spec/feeds/dan_me_uk_torlist-ip_reputation_spec.rb +47 -0
- data/spec/feeds/danger_bruteforce-ip_reputation_spec.rb +47 -0
- data/spec/feeds/data/ET_block-ip_reputation.txt +80 -0
- data/spec/feeds/data/ET_compromised-ip_reputation.txt +11 -0
- data/spec/feeds/data/ET_openbadlist-ip_reputation.txt +62 -0
- data/spec/feeds/data/alienvault-ip_reputation.txt +18 -0
- data/spec/feeds/data/arbor_domainlist.txt +11 -0
- data/spec/feeds/data/arbor_ssh.txt +16 -0
- data/spec/feeds/data/autoshun_shunlist.csv +20 -0
- data/spec/feeds/data/bambenek_c2-dommasterlist.csv +30 -0
- data/spec/feeds/data/bambenek_c2-ipmasterlist.csv +27 -0
- data/spec/feeds/data/bambenek_dga_feed.csv +42 -0
- data/spec/feeds/data/berkeley.txt +29 -0
- data/spec/feeds/data/bitcash_cz_blacklist.txt +7 -0
- data/spec/feeds/data/blocklist_de_apache-ip-reputation.txt +17 -0
- data/spec/feeds/data/blocklist_de_bots-ip-reputation.txt +15 -0
- data/spec/feeds/data/blocklist_de_ftp-ip-reputation.txt +7 -0
- data/spec/feeds/data/blocklist_de_imap-ip-reputation.txt +8 -0
- data/spec/feeds/data/blocklist_de_pop3-ip-reputation.txt +11 -0
- data/spec/feeds/data/blocklist_de_proftpd-ip-reputation.txt +12 -0
- data/spec/feeds/data/blocklist_de_sip-ip-reputation.txt +9 -0
- data/spec/feeds/data/blocklist_de_ssh-ip-reputation.txt +10 -0
- data/spec/feeds/data/blocklist_de_strongips-ip-reputation.txt +11 -0
- data/spec/feeds/data/botscout-ip-reputation.txt +713 -0
- data/spec/feeds/data/cert_mxpoison-ip_reputation.txt +17 -0
- data/spec/feeds/data/chaosreigns-ip-reputation.txt +26 -0
- data/spec/feeds/data/ciarmy-ip-reputation.txt +11 -0
- data/spec/feeds/data/cruzit-ip-reputation.txt +14 -0
- data/spec/feeds/data/cydef_torexit-ip_reputation.txt +27 -0
- data/spec/feeds/data/dan_me_uk_torlist-ip-reputation.txt +11 -0
- data/spec/feeds/data/danger_bruteforce-ip_reputation.txt +12 -0
- data/spec/feeds/data/dshield_topattackers.xml +4 -0
- data/spec/feeds/data/falconcrest_iplist.txt +345 -0
- data/spec/feeds/data/feodo_domainlist.txt +18 -0
- data/spec/feeds/data/feodo_iplist.txt +20 -0
- data/spec/feeds/data/h3x_asprox.txt +20 -0
- data/spec/feeds/data/hosts-file_hphostspartial_domainlist.txt +24 -0
- data/spec/feeds/data/infiltrated_iplist.txt +16 -0
- data/spec/feeds/data/infiltrated_vabl_iplist.txt +33 -0
- data/spec/feeds/data/isc_suspicious_high_domainlist.txt +26 -0
- data/spec/feeds/data/isc_suspicious_low_domainlist.txt +34 -0
- data/spec/feeds/data/isc_suspicious_medium_domainlist.txt +32 -0
- data/spec/feeds/data/malc0de_domainlist.txt +18 -0
- data/spec/feeds/data/malc0de_iplist.txt +14 -0
- data/spec/feeds/data/malwaredomainlist-url-reputation.txt +8 -0
- data/spec/feeds/data/malwaredomains_domainlist.txt +24 -0
- data/spec/feeds/data/malwaredomains_dyndns_domainlist.txt +34 -0
- data/spec/feeds/data/malwaredomains_justdomains_domainlist.txt +18 -0
- data/spec/feeds/data/mirc_domainlist.txt +31 -0
- data/spec/feeds/data/multiproxy_iplist.txt +15 -0
- data/spec/feeds/data/nothink_irc_iplist.txt +14 -0
- data/spec/feeds/data/nothink_ssh_iplist.txt +10 -0
- data/spec/feeds/data/openbl_iplist.txt +12 -0
- data/spec/feeds/data/openphish-url-reputation.txt +16 -0
- data/spec/feeds/data/packetmail_perimeterbad-ip_reputation.txt +44 -0
- data/spec/feeds/data/palevo_domainlist.txt +25 -0
- data/spec/feeds/data/palevo_iplist.txt +24 -0
- data/spec/feeds/data/phishtank-sample.json.gz +0 -0
- data/spec/feeds/data/sigmaproject_atma.return.gz +0 -0
- data/spec/feeds/data/sigmaproject_spyware.return.gz +0 -0
- data/spec/feeds/data/sigmaproject_webexploit.return.gz +0 -0
- data/spec/feeds/data/snort_bpf-ip_reputation.txt +16 -0
- data/spec/feeds/data/spyeye_domainlist.txt +16 -0
- data/spec/feeds/data/spyeye_iplist.txt +19 -0
- data/spec/feeds/data/steeman-ip-reputation.txt +13 -0
- data/spec/feeds/data/t-arend-de_ssh_iplist.txt +17 -0
- data/spec/feeds/data/the_haleys_ssh_iplist.txt +12 -0
- data/spec/feeds/data/trustedsec-ip-reputation.txt +12 -0
- data/spec/feeds/data/valid.json +2908 -0
- data/spec/feeds/data/virbl-ip_reputation.txt +14 -0
- data/spec/feeds/data/vxvault-url-reputation.txt +15 -0
- data/spec/feeds/data/yourcmc_ssh-ip_reputation.txt +27 -0
- data/spec/feeds/data/yoyo_adservers.txt +25 -0
- data/spec/feeds/data/zeus-ip_reputation.txt +285 -0
- data/spec/feeds/data/zeus_domainlist.txt +27 -0
- data/spec/feeds/dshield_attackers-top1000_spec.rb +39 -0
- data/spec/feeds/falconcrest-ip_reputation_spec.rb +39 -0
- data/spec/feeds/feodo-domain_reputation_spec.rb +47 -0
- data/spec/feeds/feodo-ip_reputation_spec.rb +47 -0
- data/spec/feeds/h3x_asprox-ip_reputation_spec.rb +50 -0
- data/spec/feeds/hosts-file_hphostspartial-domain_reputation_spec.rb +47 -0
- data/spec/feeds/infiltrated-ip_reputation_spec.rb +47 -0
- data/spec/feeds/infiltrated_vabl-ip_reputation_spec.rb +47 -0
- data/spec/feeds/isc_suspicious_high-domain_reputation_spec.rb +47 -0
- data/spec/feeds/isc_suspicious_low-domain_reputation_spec.rb +47 -0
- data/spec/feeds/isc_suspicious_medium-domain_reputation_spec.rb +47 -0
- data/spec/feeds/malc0de-domain_reputation_spec.rb +47 -0
- data/spec/feeds/malc0de-ip_reputation_spec.rb +47 -0
- data/spec/feeds/malwaredomainlist_url_reputation_spec.rb +50 -0
- data/spec/feeds/malwaredomains-domain_reputation_spec.rb +47 -0
- data/spec/feeds/malwaredomains_dyndns-domain_reputation_spec.rb +47 -0
- data/spec/feeds/malwaredomains_justdomains-domain_reputation_spec.rb +47 -0
- data/spec/feeds/mirc-domain_reputation_spec.rb +47 -0
- data/spec/feeds/multiproxy-ip_reputation_spec.rb +47 -0
- data/spec/feeds/nothink_irc-ip_reputation_spec.rb +47 -0
- data/spec/feeds/nothink_ssh-ip_reputation_spec.rb +47 -0
- data/spec/feeds/openbl-ip_reputation_spec.rb +47 -0
- data/spec/feeds/openphish_url_reputation_spec.rb +50 -0
- data/spec/feeds/packetmail_perimeterbad-ip_reputation_spec.rb +47 -0
- data/spec/feeds/palevo-domain_reputation_spec.rb +47 -0
- data/spec/feeds/palevo-ip_reputation_spec.rb +47 -0
- data/spec/feeds/phishtank_spec.rb +41 -0
- data/spec/feeds/sigmaproject_atma_spec.rb +62 -0
- data/spec/feeds/sigmaproject_spyware_spec.rb +63 -0
- data/spec/feeds/sigmaproject_webexploit_spec.rb +62 -0
- data/spec/feeds/snort_bpf-ip_reputation_spec.rb +47 -0
- data/spec/feeds/spyeye-domain_reputation_spec.rb +47 -0
- data/spec/feeds/spyeye-ip_reputation_spec.rb +47 -0
- data/spec/feeds/steeman-ip_reputation_spec.rb +50 -0
- data/spec/feeds/t-arend-de_ssh-ip_reputation_spec.rb +47 -0
- data/spec/feeds/the_haleys_ssh-ip_reputation_spec.rb +47 -0
- data/spec/feeds/trustedsec-ip_reputation_spec.rb +47 -0
- data/spec/feeds/virbl-ip_reputation_spec.rb +47 -0
- data/spec/feeds/vxvault_url_reputation_spec.rb +50 -0
- data/spec/feeds/yourcmc_ssh-ip_reputation_spec.rb +47 -0
- data/spec/feeds/yoyo_adservers_spec.rb +47 -0
- data/spec/feeds/zeus-domain_reputation_spec.rb +47 -0
- data/spec/feeds/zeus-ip_reputation_spec.rb +47 -0
- data/spec/fixtures/feed/provider1/feed1.feed +6 -0
- data/spec/fixtures/parsers/test.xml +13 -0
- data/spec/fixtures/parsers/test_self_closing.xml +20 -0
- data/spec/fixtures/plugins/bad/threatinator/plugins/test_error1/plugin.rb +1 -0
- data/spec/fixtures/plugins/bad/threatinator/plugins/test_missing1/plugin.rb +0 -0
- data/spec/fixtures/plugins/fake.rb +19 -0
- data/spec/fixtures/plugins/good/threatinator/plugins/test_type1/plugin_a.rb +8 -0
- data/spec/fixtures/plugins/good/threatinator/plugins/test_type1/plugin_b.rb +8 -0
- data/spec/fixtures/plugins/good/threatinator/plugins/test_type2/plugin_c.rb +8 -0
- data/spec/fixtures/plugins/good/threatinator/plugins/test_type2/plugin_d.rb +8 -0
- data/spec/fixtures/plugins/good/threatinator/plugins/test_type3/plugin_e.rb +8 -0
- data/spec/fixtures/plugins/good/threatinator/plugins/test_type3/plugin_f.rb +8 -0
- data/spec/spec_helper.rb +54 -0
- data/spec/support/bad_feeds/missing_fetcher.feed +7 -0
- data/spec/support/bad_feeds/missing_name.feed +6 -0
- data/spec/support/bad_feeds/missing_parser.feed +3 -0
- data/spec/support/bad_feeds/missing_provider.feed +5 -0
- data/spec/support/factories/event.rb +31 -0
- data/spec/support/factories/feed.rb +59 -0
- data/spec/support/factories/feed_builder.rb +65 -0
- data/spec/support/factories/feed_registry.rb +8 -0
- data/spec/support/factories/ipv4.rb +36 -0
- data/spec/support/factories/output.rb +11 -0
- data/spec/support/factories/record.rb +17 -0
- data/spec/support/factories/url.rb +34 -0
- data/spec/support/factories/xml_node.rb +33 -0
- data/spec/support/helpers/io.rb +11 -0
- data/spec/support/helpers/models.rb +13 -0
- data/spec/support/shared/action_builder.rb +47 -0
- data/spec/support/shared/decoder.rb +70 -0
- data/spec/support/shared/feed_runner_observer.rb +136 -0
- data/spec/support/shared/feeds.rb +233 -0
- data/spec/support/shared/fetcher.rb +48 -0
- data/spec/support/shared/filter.rb +14 -0
- data/spec/support/shared/io-like.rb +7 -0
- data/spec/support/shared/model/collection.rb +164 -0
- data/spec/support/shared/output.rb +120 -0
- data/spec/support/shared/parsers.rb +51 -0
- data/spec/support/shared/record.rb +111 -0
- data/spec/threatinator/actions/list/action_spec.rb +148 -0
- data/spec/threatinator/actions/run/action_spec.rb +106 -0
- data/spec/threatinator/actions/run/config_spec.rb +39 -0
- data/spec/threatinator/actions/run/coverage_observer_spec.rb +151 -0
- data/spec/threatinator/actions/run/output_config_spec.rb +89 -0
- data/spec/threatinator/actions/run/status_observer_spec.rb +86 -0
- data/spec/threatinator/cli/list_action_builder_spec.rb +57 -0
- data/spec/threatinator/cli/run_action_builder_spec.rb +133 -0
- data/spec/threatinator/cli_spec.rb +175 -0
- data/spec/threatinator/config/base_spec.rb +39 -0
- data/spec/threatinator/config/feed_search_spec.rb +76 -0
- data/spec/threatinator/decoders/gzip_spec.rb +75 -0
- data/spec/threatinator/event_builder_spec.rb +123 -0
- data/spec/threatinator/event_spec.rb +254 -0
- data/spec/threatinator/event_spec.rb.new +319 -0
- data/spec/threatinator/feed_builder_spec.rb +633 -0
- data/spec/threatinator/feed_registry_spec.rb +198 -0
- data/spec/threatinator/feed_runner_spec.rb +372 -0
- data/spec/threatinator/feed_spec.rb +169 -0
- data/spec/threatinator/fetcher_spec.rb +12 -0
- data/spec/threatinator/fetchers/http_spec.rb +32 -0
- data/spec/threatinator/filter_spec.rb +13 -0
- data/spec/threatinator/filters/block_spec.rb +16 -0
- data/spec/threatinator/filters/comments_spec.rb +13 -0
- data/spec/threatinator/filters/whitespace_spec.rb +12 -0
- data/spec/threatinator/logger_spec.rb +29 -0
- data/spec/threatinator/model/observables/fqdn_collection_spec.rb +41 -0
- data/spec/threatinator/model/observables/ipv4_collection_spec.rb +36 -0
- data/spec/threatinator/model/observables/ipv4_spec.rb +75 -0
- data/spec/threatinator/model/observables/url_collection_spec.rb +45 -0
- data/spec/threatinator/model/validations/type_spec.rb +37 -0
- data/spec/threatinator/parser_spec.rb +13 -0
- data/spec/threatinator/parsers/csv/parser_spec.rb +202 -0
- data/spec/threatinator/parsers/getline/parser_spec.rb +83 -0
- data/spec/threatinator/parsers/json/parser_spec.rb +106 -0
- data/spec/threatinator/parsers/json/record_spec.rb +30 -0
- data/spec/threatinator/parsers/xml/node_spec.rb +335 -0
- data/spec/threatinator/parsers/xml/parser_spec.rb +263 -0
- data/spec/threatinator/parsers/xml/path_spec.rb +209 -0
- data/spec/threatinator/parsers/xml/pattern_spec.rb +72 -0
- data/spec/threatinator/parsers/xml/record_spec.rb +27 -0
- data/spec/threatinator/plugin_loader_spec.rb +238 -0
- data/spec/threatinator/plugins/output/csv_spec.rb +47 -0
- data/spec/threatinator/plugins/output/null_spec.rb +17 -0
- data/spec/threatinator/plugins/output/rubydebug_spec.rb +37 -0
- data/spec/threatinator/record_spec.rb +19 -0
- data/spec/threatinator/registry_spec.rb +97 -0
- data/spec/threatinator/runner_spec.rb +273 -0
- metadata +674 -0
@@ -0,0 +1,26 @@
|
|
1
|
+
|
2
|
+
#
|
3
|
+
# DShield.org Suspicious Domain List
|
4
|
+
# (c) 2014 DShield.org
|
5
|
+
# some rights reserved. Details http://creativecommons.org/licenses/by-nc-sa/2.5/
|
6
|
+
# use on your own risk. No warranties implied.
|
7
|
+
# primary URL: http://www.dshield.org/feeds/suspiciousdomains_High.txt
|
8
|
+
#
|
9
|
+
# comments: info@dshield.org
|
10
|
+
# updated: Fri Sep 12 04:27:04 2014 UTC
|
11
|
+
#
|
12
|
+
# This list consists of High Level Sensitivity website URLs
|
13
|
+
# Columns (tab delimited):
|
14
|
+
#
|
15
|
+
# (1) site
|
16
|
+
#
|
17
|
+
Site
|
18
|
+
000007.ru
|
19
|
+
000cc.com
|
20
|
+
09cd.co.kr
|
21
|
+
1-verygoods.ru
|
22
|
+
10kpictures.com
|
23
|
+
114bds.com
|
24
|
+
114oldest.com
|
25
|
+
120a.com
|
26
|
+
123kochi.com
|
@@ -0,0 +1,34 @@
|
|
1
|
+
|
2
|
+
#
|
3
|
+
# DShield.org Suspicious Domain List
|
4
|
+
# (c) 2014 DShield.org
|
5
|
+
# some rights reserved. Details http://creativecommons.org/licenses/by-nc-sa/2.5/
|
6
|
+
# use on your own risk. No warranties implied.
|
7
|
+
# primary URL: http://www.dshield.org/feeds/suspiciousdomains_Low.txt
|
8
|
+
#
|
9
|
+
# comments: info@dshield.org
|
10
|
+
# updated: Fri Sep 12 04:27:03 2014 UTC
|
11
|
+
#
|
12
|
+
# This list consists of Low Level Sensitivity website URLs
|
13
|
+
# Columns (tab delimited):
|
14
|
+
#
|
15
|
+
# (1) site
|
16
|
+
#
|
17
|
+
Site
|
18
|
+
000007.ru
|
19
|
+
000cc.com
|
20
|
+
09cd.co.kr
|
21
|
+
1-verygoods.ru
|
22
|
+
10kpictures.com
|
23
|
+
114bds.com
|
24
|
+
114oldest.com
|
25
|
+
120a.com
|
26
|
+
123kochi.com
|
27
|
+
123mdw.com
|
28
|
+
13grandferi.ru
|
29
|
+
1492tapasbar.com
|
30
|
+
168asia.com
|
31
|
+
18dd.net
|
32
|
+
18xn.com
|
33
|
+
19tenco.com
|
34
|
+
1a-teensbilder.de
|
@@ -0,0 +1,32 @@
|
|
1
|
+
|
2
|
+
#
|
3
|
+
# DShield.org Suspicious Domain List
|
4
|
+
# (c) 2014 DShield.org
|
5
|
+
# some rights reserved. Details http://creativecommons.org/licenses/by-nc-sa/2.5/
|
6
|
+
# use on your own risk. No warranties implied.
|
7
|
+
# primary URL: http://www.dshield.org/feeds/suspiciousdomains_Medium.txt
|
8
|
+
#
|
9
|
+
# comments: info@dshield.org
|
10
|
+
# updated: Fri Sep 12 04:27:04 2014 UTC
|
11
|
+
#
|
12
|
+
# This list consists of Medium Level Sensitivity website URLs
|
13
|
+
# Columns (tab delimited):
|
14
|
+
#
|
15
|
+
# (1) site
|
16
|
+
#
|
17
|
+
Site
|
18
|
+
000007.ru
|
19
|
+
000cc.com
|
20
|
+
09cd.co.kr
|
21
|
+
1-verygoods.ru
|
22
|
+
10kpictures.com
|
23
|
+
114bds.com
|
24
|
+
114oldest.com
|
25
|
+
120a.com
|
26
|
+
123kochi.com
|
27
|
+
123mdw.com
|
28
|
+
13grandferi.ru
|
29
|
+
1492tapasbar.com
|
30
|
+
168asia.com
|
31
|
+
18dd.net
|
32
|
+
18xn.com
|
@@ -0,0 +1,18 @@
|
|
1
|
+
|
2
|
+
// This file will be automatically updated daily and populated with the last 30 days of malicious domains.
|
3
|
+
// It will return 127.0.0.1 for all domains found to be distributing malware
|
4
|
+
// Additional information to get this working can be found http://www.malwaredomains.com/wordpress/?page_id=6
|
5
|
+
// Last updated 2014-07-08
|
6
|
+
|
7
|
+
PRIMARY beespace.com.ua blockeddomain.hosts
|
8
|
+
PRIMARY opencandy.com blockeddomain.hosts
|
9
|
+
PRIMARY netdna-cdn.com blockeddomain.hosts
|
10
|
+
PRIMARY drivers.drp.su blockeddomain.hosts
|
11
|
+
PRIMARY dropcanvas.com blockeddomain.hosts
|
12
|
+
PRIMARY 52z.com blockeddomain.hosts
|
13
|
+
PRIMARY baixaki.com.br blockeddomain.hosts
|
14
|
+
PRIMARY nzs.com.br blockeddomain.hosts
|
15
|
+
PRIMARY uniblue.com blockeddomain.hosts
|
16
|
+
PRIMARY downloadsrv13.com blockeddomain.hosts
|
17
|
+
PRIMARY cachelocal.org blockeddomain.hosts
|
18
|
+
PRIMARY ttriber.com blockeddomain.hosts
|
@@ -0,0 +1,14 @@
|
|
1
|
+
|
2
|
+
// This file will be automatically updated daily and populated with the last 30 days of malicious IP addresses.
|
3
|
+
// Last updated 2014-07-08
|
4
|
+
|
5
|
+
91.188.117.157
|
6
|
+
216.151.164.53
|
7
|
+
91.222.136.251
|
8
|
+
208.111.160.6
|
9
|
+
5.79.71.240
|
10
|
+
162.159.242.11
|
11
|
+
218.75.155.39
|
12
|
+
96.17.197.34
|
13
|
+
176.32.99.47
|
14
|
+
23.66.230.137
|
@@ -0,0 +1,8 @@
|
|
1
|
+
"2014/10/07_04:23","www.yehuam.com/dist/video.php?l=1","198.15.122.221","-","Leads to exploit, Malvertising","Registrar Abuse Contact abuse@enom.com","20454"
|
2
|
+
"2014/10/07_04:23","exkn0md6fh.qsdgi.com/azomytze3q","5.135.230.183","-","RIG EK","Registrar Abuse Contact abuse@web.com","16276"
|
3
|
+
"2014/10/01_09:34","radiology.starlightcapitaladvisors.net/dr/southeast/steve/dropdown.js","85.10.229.207","85-10-229-207.clients.your-server.de.","obfuscated script leads to exploit kit","-","24940"
|
4
|
+
"2014/10/01_09:30","avecat.missouritheatre.org:15106/full/cnstats/clients/stories.php?wink=322","87.118.127.230","ns2.km33436-26.keymachine.de.","exploit kit","T Fankhauser / artstaff@stjoearts.org","31103"
|
5
|
+
"2014/10/01_09:30","aveconomic.trailswest.org:15106/haddan_files/stories.php","87.118.127.230","ns2.km33436-26.keymachine.de.","exploit kit","T Fankhauser / artstaff@stjoearts.org","31103"
|
6
|
+
"2014/09/17_10:11","borneo.aqq79.com/wbxx3.html","217.23.5.88","customer.worldstream.nl.","frame leads to exploit kit","Registrar Abuse Contact domain@west263.com","49981"
|
7
|
+
"2014/09/17_10:11","asd.vicentelopez.us/vbign3s2pe","192.99.197.133","-","exploit kit","Virna Springer / virnaspringer2001@mail.com","16276"
|
8
|
+
"2014/09/17_10:11","qwe.affairedhonneur.us/depqfie59y","192.99.197.131","-","exploit kit","Ben Bazar / benbazar2011y@mail.com","16276"
|
@@ -0,0 +1,24 @@
|
|
1
|
+
## notice notice duplication is not permitted
|
2
|
+
## if you do not accept these terms, then do not use this information.
|
3
|
+
## nextvalidation domain type original_reference-why_it_was_listed dateverified
|
4
|
+
## for noncommercial use only. using this information indicates you agree to be bound by these terms.
|
5
|
+
20161231 brenz.pl attackpage safebrowsing.clients.google.com 20140302 20131228 20110304 20100805 relisted
|
6
|
+
20161231 retro-7-3.cz.cc harmful safebrowsing.clients.google.com 20140703 20131227 20130614 20120724 20110503 relisted
|
7
|
+
20161231 38zu.cn attackpage safebrowsing.google.com 20140703 20140302 20130325 20120426 20110715
|
8
|
+
20161231 pempoo.com attackpage safebrowsing.google.com 20140703 20140307 20131227 20120423 20110712
|
9
|
+
20161230 gumblar.cn attackpage safebrowsing.clients.google.com 20140703 20140226 20131228 20130526 20110711 20100403
|
10
|
+
20160601 cg79wo20kl92doowfn01oqpo9mdieowv5tyj.com malware safebrowsing.google.com 20130611 20131228 20121227 20120724 20110319 relisted
|
11
|
+
20160601 neepelsty.cz.cc attackpage www.google.com/interstitial?url=neepelsty.cz.cc 20130614 20131228 20121227 20120724 20110520 relisted
|
12
|
+
20160601 x0a.in iframe blog.unmaskparasites.com/2009/06/25/hidden-cn-iframes-are-still-prevalent 20131226 20110311 20090830
|
13
|
+
20160601 x1g.in iframe blog.unmaskparasites.com/2009/06/25/hidden-cn-iframes-are-still-prevalent 20131226 20110311 20090830
|
14
|
+
20160601 x3v.in iframe blog.unmaskparasites.com/2009/06/25/hidden-cn-iframes-are-still-prevalent 20131226 20110311 20090830
|
15
|
+
20160601 x5o.ru iframe blog.unmaskparasites.com/2009/06/25/hidden-cn-iframes-are-still-prevalent 20131226 20110311 20090830
|
16
|
+
20160601 x6i.ru iframe blog.unmaskparasites.com/2009/06/25/hidden-cn-iframes-are-still-prevalent 20131226 20110311 20090830
|
17
|
+
20160601 x6p.in iframe blog.unmaskparasites.com/2009/06/25/hidden-cn-iframes-are-still-prevalent 20131226 20110311 20090830
|
18
|
+
20160601 x3b.ru attackpage google.com/safebrowsing 20131226 20110311 20090913
|
19
|
+
20160601 x0c.ru malware hosts-file.net/?s=80.93.90.88&view=history 20131226 20110311 20090830
|
20
|
+
20160601 x3y.ru malware hosts-file.net/?s=80.93.90.88&view=history 20131226 20110311 20090830
|
21
|
+
20160601 x9m.ru malware hosts-file.net/?s=80.93.90.88&view=history 20131226 20110311 20090830
|
22
|
+
20160601 x8l.in iframe safebrowsing.google.com 20131226 20110311 20090826
|
23
|
+
20160601 x8o.ru iframe safebrowsing.google.com 20131226 20110311 20090826
|
24
|
+
20160601 x8v.ru iframe safebrowsing.google.com 20131226 20110311 20090826
|
@@ -0,0 +1,34 @@
|
|
1
|
+
|
2
|
+
## this is a listdynamic dns providers - for informational purposes only, use as a blocklist at your own risk
|
3
|
+
##please send additions or corrrections to malwaredomains2@gmail23.com1 (remove numbers in email address)
|
4
|
+
#easydns4u.com
|
5
|
+
#freelancedeveloper.com
|
6
|
+
#ipupdater.com
|
7
|
+
#iwas2.net
|
8
|
+
#microtech.co.gg
|
9
|
+
#myip.us
|
10
|
+
#ohflip.com
|
11
|
+
#reidmail.com
|
12
|
+
#reidsville-dns.com
|
13
|
+
#sysopworld.com
|
14
|
+
#thebbs.org
|
15
|
+
|
16
|
+
0000000000000000000000.com #from http://freedns.afraid.org
|
17
|
+
020huahai.com malicious siteinspector.comodo.com/
|
18
|
+
021christine.com malicious siteinspector.comodo.com/
|
19
|
+
051.no malicious siteinspector.comodo.com/
|
20
|
+
0815x.com #from http://freedns.afraid.org
|
21
|
+
0bit.org #from http://freedns.afraid.org
|
22
|
+
0wnz-u.com #from http://freedns.afraid.org
|
23
|
+
0x.no #from http://freedns.afraid.org
|
24
|
+
101main.com #from http://dns2go.com
|
25
|
+
101main.net #from http://dns2go.com
|
26
|
+
1040ezdotcom.com malicious siteinspector.comodo.com/
|
27
|
+
120v.ac #from http://freedns.afraid.org
|
28
|
+
1243.ru malicious siteinspector.comodo.com/
|
29
|
+
12wildwood.ca #from http://freedns.afraid.org
|
30
|
+
1313.pl #from http://freedns.afraid.org
|
31
|
+
1337.cx #from http://freedns.afraid.org
|
32
|
+
136k.com #from http://freedns.afraid.org
|
33
|
+
17life.com #from http://freedns.afraid.org
|
34
|
+
18videoclip.com harmful safebrowsing.clients.google.com
|
@@ -0,0 +1,31 @@
|
|
1
|
+
;For more information about this file see http://www.mirc.com/serverslist.html
|
2
|
+
|
3
|
+
[timestamp]
|
4
|
+
date=13/06/2012
|
5
|
+
|
6
|
+
[networks]
|
7
|
+
n0=DALnet
|
8
|
+
n1=EFnet
|
9
|
+
n2=Freenode
|
10
|
+
n3=GameSurge
|
11
|
+
n4=IRCnet
|
12
|
+
n5=Quakenet
|
13
|
+
n6=Rizon
|
14
|
+
n7=SwiftIRC
|
15
|
+
n8=Undernet
|
16
|
+
n9=WebChat
|
17
|
+
|
18
|
+
[servers]
|
19
|
+
n0=Random serverSERVER:irc.dal.net:6660-6667GROUP:DALnet
|
20
|
+
n1=Random AU serverSERVER:irc.au.dal.net:6665-6668,7000GROUP:DALnet
|
21
|
+
n2=Random EU serverSERVER:irc.eu.dal.net:6665-6668,7000GROUP:DALnet
|
22
|
+
n3=Random US serverSERVER:irc.us.dal.net:6665-6668,7000GROUP:DALnet
|
23
|
+
n4=US, CA, OrangeSERVER:krypt.ca.us.dal.net:6665-6668,7000GROUP:DALnet
|
24
|
+
n5=US, NJ, ChoopaSERVER:choopa.nj.us.dal.net:6667:GROUP:DALnet
|
25
|
+
n6=US, VA, RichmondSERVER:punch.va.us.dal.net:6665-6668,7000GROUP:DALnet
|
26
|
+
n7=US, WA, SeattleSERVER:serverbuffet.wa.us.dal.net:6665-6668,7000GROUP:DALnet
|
27
|
+
n8=Random serverSERVER:irc.efnet.org:6667GROUP:EFnet
|
28
|
+
n9=CA, AB, CalgarySERVER:irc.arcti.ca:6665-6669GROUP:EFnet
|
29
|
+
n10=CA, ON, TorontoSERVER:irc.teksavvy.ca:6661-6669GROUP:EFnet
|
30
|
+
n11=EU, DK, AarhusSERVER:irc.inet.tele.dk:6661-6669GROUP:EFnet
|
31
|
+
n12=EU, NL, AmsterdamSERVER:efnet.xs4all.nl:6661-6669GROUP:EFnet
|
@@ -0,0 +1,15 @@
|
|
1
|
+
122.6.245.14:8090
|
2
|
+
123.184.6.251:8088
|
3
|
+
123.236.215.131:6588
|
4
|
+
172.163.146.56:6588
|
5
|
+
189.37.28.147:6588
|
6
|
+
190.53.89.103:6588
|
7
|
+
200.104.104.91:6588
|
8
|
+
200.126.98.135:6588
|
9
|
+
200.252.201.144:80
|
10
|
+
201.42.59.201:6588
|
11
|
+
202.134.202.226:80
|
12
|
+
211.140.151.214:8080
|
13
|
+
212.12.114.252:3128
|
14
|
+
218.252.37.227:808
|
15
|
+
59.95.1.229:6588
|
@@ -0,0 +1,14 @@
|
|
1
|
+
# Provided by nothink.org
|
2
|
+
# Malware IRC network traffic blacklist (IP address)
|
3
|
+
# Generated 2014-07-07 22:05:01 UTC
|
4
|
+
122.160.232.194
|
5
|
+
123.240.75.169
|
6
|
+
173.163.151.27
|
7
|
+
189.107.132.113
|
8
|
+
193.107.16.22
|
9
|
+
193.136.119.33
|
10
|
+
194.14.236.50
|
11
|
+
201.48.61.38
|
12
|
+
218.61.22.10
|
13
|
+
218.61.22.28
|
14
|
+
46.166.162.116
|
@@ -0,0 +1,16 @@
|
|
1
|
+
http://22872.in/
|
2
|
+
http://www.sikaram.lk/wp-content/uploads/10421312312/19890907.html
|
3
|
+
http://www.seventoons.com/includes/languages/espanol/images/sfre/9a8c90c1e89a8d9660b5eb59308d5f15/cas.php?clicid=13698&default=031c2011f7b699ad4676d01035827f44
|
4
|
+
http://www.alternativ-credit.fr/includes/html/classic/ibks/bradesco/?WLMFKUGXUPHVZUFEZWIKYHYWGUGPFXEPNGOFZEYGTSTNTWUIYMFIRLZTUUNVRNTNPTMSTZKZKNITNRNPHLKWYKOZMXWSJYKWY
|
5
|
+
http://www.alternativ-credit.fr/includes/html/classic/ibks/bradesco/?ZNLROJIJRSSTQWEGUKKYXWQJKMPRLJNOYVHNXTGSJVTNPLTPTKEOLVHGSLXXIURSPFWXHYNKSWJSYNQZKRGXMSRLZVTGRVXPNJTV
|
6
|
+
http://www.jacks-music.co.uk/wp-admin/a/ef26da3516ec9b3f8d06a8d876804d0a/da276c95119f380b9466516ca1f35551/4db64aeb194a008c3589ca0252caf430/14526566c864daf0a9cf4f6cc527b315/884c7f2309881eef92d29429c9b15f32/95a77b9c4a1258900b96726a003351ec/a06ae15727fc9b5a8daf9a61563a9b2a/?pagein=https://signin.ebay.it/ws/eBayISAPI.dll?SignIn&ru=http://www.ebay.it/
|
7
|
+
http://www.jacks-music.co.uk/wp-admin/a/e4f701810e80c05c0533876dd4b4246d/97286d2ffb4c29125e8534b5f34eac1f/?pagein=https://signin.ebay.it/ws/eBayISAPI.dll?SignIn&ru=http://www.ebay.it/
|
8
|
+
http://www.jacks-music.co.uk/wp-admin/a/ef26da3516ec9b3f8d06a8d876804d0a/da276c95119f380b9466516ca1f35551/4db64aeb194a008c3589ca0252caf430/14526566c864daf0a9cf4f6cc527b315/6f9b49ea7ad3bd488d03146e455585f7/c144bd8041f407331fe66af1d6c07c51/8c3f20513475139edeccc7f47f237552/?pagein=https://signin.ebay.it/ws/eBayISAPI.dll?SignIn&ru=http://www.ebay.it/
|
9
|
+
http://www.jacks-music.co.uk/wp-admin/a/ef26da3516ec9b3f8d06a8d876804d0a/da276c95119f380b9466516ca1f35551/4db64aeb194a008c3589ca0252caf430/14526566c864daf0a9cf4f6cc527b315/884c7f2309881eef92d29429c9b15f32/95a77b9c4a1258900b96726a003351ec/bfe3005edf73b44b6c18a88ddf633d08/?pagein=https://signin.ebay.it/ws/eBayISAPI.dll?SignIn&ru=http://www.ebay.it/
|
10
|
+
http://www.jacks-music.co.uk/wp-admin/a/ef26da3516ec9b3f8d06a8d876804d0a/da276c95119f380b9466516ca1f35551/4db64aeb194a008c3589ca0252caf430/14526566c864daf0a9cf4f6cc527b315/d5f8fba1e788b4723fb87c788aae85a7/d5c3a11c45b2d46ff81cd25281d43510/2102dde13e5e7dcb942d34af83a59c31/?pagein=https://signin.ebay.it/ws/eBayISAPI.dll?SignIn&ru=http://www.ebay.it/
|
11
|
+
http://www.jacks-music.co.uk/wp-admin/a/ef26da3516ec9b3f8d06a8d876804d0a/da276c95119f380b9466516ca1f35551/40001ba92bc71fa1a87cbd6014c6a93c/f855e92746daac9349ec8606bc21dc1c/?pagein=https://signin.ebay.it/ws/eBayISAPI.dll?SignIn&ru=http://www.ebay.it/
|
12
|
+
http://190.86.185.227/Site-Seguro-SSL/Cadastramento/
|
13
|
+
http://www.turesidenciapremium.com/Trader/trade/index.html
|
14
|
+
http://datosfiscales.com/plugins/connect/portfolio/index.htm
|
15
|
+
http://www.thethreetouch.com/thai/store/images/stories/safepay.wellsfargo.com/index.php
|
16
|
+
http://www.
|
@@ -0,0 +1,44 @@
|
|
1
|
+
# Disclaimer - You may not use this list without acceptance of the below:
|
2
|
+
#
|
3
|
+
# The following IP addresses have made HTTP/HTTPS requests to files that are either non-existent or denied by configuration to
|
4
|
+
# unique and new URLs over the past 30 days.
|
5
|
+
#
|
6
|
+
# No assertion is made, nor implied, that any of the below listed IP addresses are accurate, malicious, hostile, or engaged in nefarious acts.
|
7
|
+
# Use this list at your own risk. By using this list in any capacity or capability you release all claims of damages and shall not hold or perceive any
|
8
|
+
# liability against the publisher for: damage, unexpected events or results, decision, or reputation damage, even those resulting from wilful
|
9
|
+
# or intentional neglect.
|
10
|
+
#
|
11
|
+
# No claims made against this data shall be honored; no assertions have been made about the quality, accuracy, usability, actionability,
|
12
|
+
# reputation, merit, or hostility of the below findings.
|
13
|
+
#
|
14
|
+
# If you feel that an IP address is inaccurately listed below please contact me at any RFC822 6.3, RFC1123 5.2.7, or RFC2821 4.5.1
|
15
|
+
# address associated with this domain.
|
16
|
+
#
|
17
|
+
# This list may not be included in any 'for-sale' component and may not be included in pay-wall subscription-based services except
|
18
|
+
# for organizations that I have explicitly given permission to by E-Mail which has been GPG signed using Key ID 0x37085D70.
|
19
|
+
#
|
20
|
+
# Changelog:
|
21
|
+
# Thu Sep 04 2014 - Initial Development
|
22
|
+
#
|
23
|
+
# This file contains these \x09 (TAB) separated fields:
|
24
|
+
# date_time string Time the request was received (standard english format)
|
25
|
+
# remote_ip string Remote IP-address
|
26
|
+
# server_name string The server name according to the UseCanonicalName setting
|
27
|
+
# status string Status. For requests that got internally redirected, this is the status of the original request
|
28
|
+
# request string The first line of the request
|
29
|
+
# http_referer string HTTP Referer
|
30
|
+
# user_agent string HTTP User-Agent
|
31
|
+
# day string Day in YYYY-MM-DD format
|
32
|
+
#
|
33
|
+
#
|
34
|
+
# This list was last updated on Thu Sep 4 10:16:10 CDT 2014
|
35
|
+
#
|
36
|
+
[03/Sep/2014:13:11:47 -0500] 192.99.152.38 206.82.85.197 403 GET /cc/process.php HTTP/1.1 - Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20100101 Firefox/8.0 2014-09-03
|
37
|
+
[03/Sep/2014:10:06:47 -0500] 110.45.241.238 206.82.85.197 403 POST /cfg HTTP/1.1 - - 2014-09-03
|
38
|
+
[03/Sep/2014:13:11:47 -0500] 192.99.152.38 206.82.85.197 403 GET /process.php HTTP/1.1 - Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20100101 Firefox/8.0 2014-09-03
|
39
|
+
[03/Sep/2014:09:48:18 -0500] 62.210.167.201 206.82.85.197 403 GET /mad/inc/config.php HTTP/1.1 - Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20100101 Firefox/8.0 2014-09-03
|
40
|
+
[03/Sep/2014:05:39:48 -0500] 192.99.166.102 206.82.85.197 403 GET /Panel/bins.php HTTP/1.1 - Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20100101 Firefox/8.0 2014-09-03
|
41
|
+
[03/Sep/2014:05:39:48 -0500] 192.99.166.102 206.82.85.197 403 GET /jackposprivate12/bins.php HTTP/1.1 - Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20100101 Firefox/8.0 2014-09-03
|
42
|
+
[03/Sep/2014:05:39:48 -0500] 192.99.166.102 206.82.85.197 403 GET /jack/bins.php HTTP/1.1 - Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20100101 Firefox/8.0 2014-09-03
|
43
|
+
[03/Sep/2014:18:06:59 -0500] 69.28.85.204 www.hackbraten.tk 403 HEAD /Hackbraten.zip HTTP/1.1 - curl/7.32.0 2014-09-03
|
44
|
+
|
@@ -0,0 +1,25 @@
|
|
1
|
+
# Palevo C&C Domain Blocklist by abuse.ch
|
2
|
+
arta.romail3arnest.info
|
3
|
+
asp.spinchats.com
|
4
|
+
bff.7oorq8.com
|
5
|
+
bff4.7oorq8.com
|
6
|
+
computo164.laweb.es
|
7
|
+
fitt.prince.kz
|
8
|
+
hcuewgbbnfdu1ew.com
|
9
|
+
hcuewgbbnfs1uew.com
|
10
|
+
internet.estr.es
|
11
|
+
legionarios.servecounterstrike.com
|
12
|
+
mail3.nad123nad.com
|
13
|
+
mariposita.web-personal.org
|
14
|
+
masterkey.com.ua
|
15
|
+
ms4all.twoplayers.net
|
16
|
+
mst.com.ua
|
17
|
+
ns.dunno-net.com
|
18
|
+
panchitox.laweb.es
|
19
|
+
penchatox.sin-ip.es
|
20
|
+
rastu.com.ua
|
21
|
+
s.24otuwotefsmd.com
|
22
|
+
shv4.no-ip.biz
|
23
|
+
shv4b.getmyip.com
|
24
|
+
ssl.aukro.ua
|
25
|
+
symconempkr.com
|
@@ -0,0 +1,24 @@
|
|
1
|
+
# Palevo C&C IP Blocklist by abuse.ch
|
2
|
+
107.150.36.226
|
3
|
+
109.123.109.132
|
4
|
+
115.236.76.168
|
5
|
+
144.76.143.4
|
6
|
+
173.230.133.99
|
7
|
+
176.31.117.59
|
8
|
+
187.214.120.147
|
9
|
+
189.135.116.163
|
10
|
+
189.236.206.143
|
11
|
+
193.23.48.228
|
12
|
+
194.116.174.85
|
13
|
+
208.185.82.133
|
14
|
+
50.63.202.42
|
15
|
+
67.198.207.34
|
16
|
+
67.210.170.140
|
17
|
+
67.210.170.141
|
18
|
+
67.210.170.169
|
19
|
+
69.43.161.141
|
20
|
+
76.74.255.138
|
21
|
+
80.83.124.187
|
22
|
+
82.196.6.164
|
23
|
+
91.208.194.18
|
24
|
+
98.126.44.98
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
@@ -0,0 +1,16 @@
|
|
1
|
+
212.89.13.111
|
2
|
+
46.242.145.99
|
3
|
+
91.220.62.190
|
4
|
+
91.220.62.112
|
5
|
+
91.213.217.36
|
6
|
+
194.44.157.130
|
7
|
+
193.107.17.62
|
8
|
+
193.106.31.12
|
9
|
+
94.63.149.51
|
10
|
+
93.171.202.70
|
11
|
+
204.16.169.2
|
12
|
+
182.160.162.65
|
13
|
+
91.228.154.199
|
14
|
+
76.74.184.23
|
15
|
+
85.214.26.248
|
16
|
+
80.48.62.18
|
@@ -0,0 +1,16 @@
|
|
1
|
+
################################################################################
|
2
|
+
# abuse.ch SpyEye domain blocklist #
|
3
|
+
# #
|
4
|
+
# For questions please referer to https://spyeyetracker.abuse.ch/blocklist.php #
|
5
|
+
################################################################################
|
6
|
+
|
7
|
+
beromder56.com
|
8
|
+
detadomain.su
|
9
|
+
doemguing.net
|
10
|
+
firexiasds.wha.la
|
11
|
+
futuretelefonica.com
|
12
|
+
gate.eyeonarte.it
|
13
|
+
helen33nasanorth.com
|
14
|
+
sebortemesd5.com
|
15
|
+
stendtlong.net
|
16
|
+
|
@@ -0,0 +1,19 @@
|
|
1
|
+
################################################################################
|
2
|
+
# abuse.ch SpyEye IP blocklist #
|
3
|
+
# #
|
4
|
+
# For questions please referer to https://spyeyetracker.abuse.ch/blocklist.php #
|
5
|
+
################################################################################
|
6
|
+
|
7
|
+
188.190.126.173
|
8
|
+
188.190.126.175
|
9
|
+
188.190.126.176
|
10
|
+
193.106.31.12
|
11
|
+
193.107.17.62
|
12
|
+
194.44.157.130
|
13
|
+
46.166.143.56
|
14
|
+
91.213.217.36
|
15
|
+
91.220.62.112
|
16
|
+
91.220.62.190
|
17
|
+
93.171.202.70
|
18
|
+
94.63.149.51
|
19
|
+
|
@@ -0,0 +1,13 @@
|
|
1
|
+
# 2104 Block List (IPV4 IP addresses to avoid contact with) - Jeron Steeman - http://jeroen.steeman.org
|
2
|
+
# Created: 10/3/2014 4:00:24 PM
|
3
|
+
1.0.253.17
|
4
|
+
1.1.153.136
|
5
|
+
1.10.220.118
|
6
|
+
1.10.221.14
|
7
|
+
1.10.221.78
|
8
|
+
1.10.253.13
|
9
|
+
1.161.123.10
|
10
|
+
1.162.217.96
|
11
|
+
1.168.163.133
|
12
|
+
1.168.242.142
|
13
|
+
1.169.45.13
|
@@ -0,0 +1,17 @@
|
|
1
|
+
#Bad Guys List
|
2
|
+
#From: thomas@t-arend.de
|
3
|
+
#Date: So 6. Sep 13:03:16 CEST 2009
|
4
|
+
sshd: 113.11.200.191
|
5
|
+
sshd: 116.122.107.58
|
6
|
+
sshd: 116.127.93.201
|
7
|
+
sshd: 116.58.96.55
|
8
|
+
sshd: 116.68.194.45
|
9
|
+
sshd: 117.21.249.75
|
10
|
+
sshd: 117.32.128.141
|
11
|
+
sshd: 118.128.150.210
|
12
|
+
sshd: 119.113.0.4
|
13
|
+
sshd: 119.113.0.7
|
14
|
+
sshd: 121.13.229.221
|
15
|
+
sshd: 121.138.192.152
|
16
|
+
sshd: 121.14.142.46
|
17
|
+
sshd: 121.15.167.243
|
@@ -0,0 +1,12 @@
|
|
1
|
+
# IP addresses launching SSH dictionary attacks. As of Fri, 11 Jul 2014 15:22:17 +0100
|
2
|
+
ALL : 1.30.20.146
|
3
|
+
ALL : 1.82.184.23
|
4
|
+
ALL : 1.82.184.25
|
5
|
+
ALL : 1.85.2.246
|
6
|
+
ALL : 1.93.22.107
|
7
|
+
ALL : 1.93.24.62
|
8
|
+
ALL : 1.93.24.72
|
9
|
+
ALL : 1.93.25.63
|
10
|
+
ALL : 1.93.25.165
|
11
|
+
ALL : 1.93.25.234
|
12
|
+
ALL : 1.93.25.253
|