threatinator 0.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/CHANGELOG.md +23 -0
- data/CONTRIBUTING.md +119 -0
- data/Gemfile +28 -0
- data/LICENSE +165 -0
- data/README.md +45 -0
- data/Rakefile +45 -0
- data/VERSION +1 -0
- data/bin/threatinator +5 -0
- data/lib/threatinator.rb +3 -0
- data/lib/threatinator/action.rb +14 -0
- data/lib/threatinator/actions/list.rb +2 -0
- data/lib/threatinator/actions/list/action.rb +53 -0
- data/lib/threatinator/actions/list/config.rb +10 -0
- data/lib/threatinator/actions/run.rb +2 -0
- data/lib/threatinator/actions/run/action.rb +45 -0
- data/lib/threatinator/actions/run/config.rb +32 -0
- data/lib/threatinator/actions/run/coverage_observer.rb +54 -0
- data/lib/threatinator/actions/run/output_config.rb +59 -0
- data/lib/threatinator/cli.rb +13 -0
- data/lib/threatinator/cli/action_builder.rb +33 -0
- data/lib/threatinator/cli/list_action_builder.rb +19 -0
- data/lib/threatinator/cli/parser.rb +113 -0
- data/lib/threatinator/cli/run_action_builder.rb +41 -0
- data/lib/threatinator/config.rb +6 -0
- data/lib/threatinator/config/base.rb +35 -0
- data/lib/threatinator/config/feed_search.rb +25 -0
- data/lib/threatinator/decoder.rb +24 -0
- data/lib/threatinator/decoders/gzip.rb +30 -0
- data/lib/threatinator/event.rb +27 -0
- data/lib/threatinator/event_builder.rb +41 -0
- data/lib/threatinator/exceptions.rb +61 -0
- data/lib/threatinator/feed.rb +82 -0
- data/lib/threatinator/feed_builder.rb +156 -0
- data/lib/threatinator/feed_registry.rb +47 -0
- data/lib/threatinator/feed_runner.rb +118 -0
- data/lib/threatinator/fetcher.rb +22 -0
- data/lib/threatinator/fetchers/http.rb +46 -0
- data/lib/threatinator/filter.rb +12 -0
- data/lib/threatinator/filters/block.rb +18 -0
- data/lib/threatinator/filters/comments.rb +16 -0
- data/lib/threatinator/filters/whitespace.rb +19 -0
- data/lib/threatinator/output.rb +50 -0
- data/lib/threatinator/parser.rb +23 -0
- data/lib/threatinator/parsers/csv.rb +7 -0
- data/lib/threatinator/parsers/csv/parser.rb +77 -0
- data/lib/threatinator/parsers/getline.rb +8 -0
- data/lib/threatinator/parsers/getline/parser.rb +45 -0
- data/lib/threatinator/parsers/json.rb +8 -0
- data/lib/threatinator/parsers/json/adapters/oj.rb +65 -0
- data/lib/threatinator/parsers/json/parser.rb +45 -0
- data/lib/threatinator/parsers/json/record.rb +20 -0
- data/lib/threatinator/parsers/xml.rb +8 -0
- data/lib/threatinator/parsers/xml/node.rb +79 -0
- data/lib/threatinator/parsers/xml/node_builder.rb +39 -0
- data/lib/threatinator/parsers/xml/parser.rb +44 -0
- data/lib/threatinator/parsers/xml/path.rb +70 -0
- data/lib/threatinator/parsers/xml/pattern.rb +53 -0
- data/lib/threatinator/parsers/xml/record.rb +14 -0
- data/lib/threatinator/parsers/xml/sax_document.rb +64 -0
- data/lib/threatinator/plugin_loader.rb +115 -0
- data/lib/threatinator/plugins/output/csv.rb +47 -0
- data/lib/threatinator/plugins/output/null.rb +17 -0
- data/lib/threatinator/plugins/output/rubydebug.rb +16 -0
- data/lib/threatinator/property_definer.rb +101 -0
- data/lib/threatinator/record.rb +22 -0
- data/lib/threatinator/registry.rb +53 -0
- data/lib/threatinator/util.rb +15 -0
- data/spec/feeds/ET_compromised-ip_reputation_spec.rb +50 -0
- data/spec/feeds/alienvault-ip_reputation_spec.rb +50 -0
- data/spec/feeds/arbor_fastflux-domain_reputation_spec.rb +50 -0
- data/spec/feeds/arbor_ssh-ip_reputation_spec.rb +50 -0
- data/spec/feeds/autoshun_shunlist_spec.rb +42 -0
- data/spec/feeds/blocklist_de_apache-ip_reputation_spec.rb +50 -0
- data/spec/feeds/blocklist_de_bots-ip_reputation_spec.rb +50 -0
- data/spec/feeds/blocklist_de_ftp-ip_reputation_spec.rb +50 -0
- data/spec/feeds/blocklist_de_imap-ip_reputation_spec.rb +50 -0
- data/spec/feeds/blocklist_de_pop3-ip_reputation_spec.rb +50 -0
- data/spec/feeds/blocklist_de_proftpd-ip_reputation_spec.rb +50 -0
- data/spec/feeds/blocklist_de_sip-ip_reputation_spec.rb +50 -0
- data/spec/feeds/blocklist_de_ssh-ip_reputation_spec.rb +50 -0
- data/spec/feeds/blocklist_de_strongips-ip_reputation_spec.rb +50 -0
- data/spec/feeds/ciarmy-ip_reputation_spec.rb +50 -0
- data/spec/feeds/cruzit-ip_reputation_spec.rb +50 -0
- data/spec/feeds/dan_me_uk_torlist-ip_reputation_spec.rb +50 -0
- data/spec/feeds/data/ET_compromised-ip_reputation.txt +11 -0
- data/spec/feeds/data/alienvault-ip_reputation.txt +18 -0
- data/spec/feeds/data/arbor_domainlist.txt +11 -0
- data/spec/feeds/data/arbor_ssh.txt +16 -0
- data/spec/feeds/data/autoshun_shunlist.csv +20 -0
- data/spec/feeds/data/blocklist_de_apache-ip-reputation.txt +17 -0
- data/spec/feeds/data/blocklist_de_bots-ip-reputation.txt +15 -0
- data/spec/feeds/data/blocklist_de_ftp-ip-reputation.txt +7 -0
- data/spec/feeds/data/blocklist_de_imap-ip-reputation.txt +8 -0
- data/spec/feeds/data/blocklist_de_pop3-ip-reputation.txt +11 -0
- data/spec/feeds/data/blocklist_de_proftpd-ip-reputation.txt +12 -0
- data/spec/feeds/data/blocklist_de_sip-ip-reputation.txt +9 -0
- data/spec/feeds/data/blocklist_de_ssh-ip-reputation.txt +10 -0
- data/spec/feeds/data/blocklist_de_strongips-ip-reputation.txt +11 -0
- data/spec/feeds/data/ciarmy-ip-reputation.txt +11 -0
- data/spec/feeds/data/cruzit-ip-reputation.txt +14 -0
- data/spec/feeds/data/dan_me_uk_torlist-ip-reputation.txt +11 -0
- data/spec/feeds/data/dshield_topattackers.xml +4 -0
- data/spec/feeds/data/feodo_domainlist.txt +18 -0
- data/spec/feeds/data/feodo_iplist.txt +20 -0
- data/spec/feeds/data/infiltrated_iplist.txt +16 -0
- data/spec/feeds/data/malc0de_domainlist.txt +18 -0
- data/spec/feeds/data/malc0de_iplist.txt +14 -0
- data/spec/feeds/data/mirc_domainlist.txt +31 -0
- data/spec/feeds/data/nothink_irc_iplist.txt +14 -0
- data/spec/feeds/data/nothink_ssh_iplist.txt +10 -0
- data/spec/feeds/data/openbl_iplist.txt +12 -0
- data/spec/feeds/data/palevo_domainlist.txt +25 -0
- data/spec/feeds/data/palevo_iplist.txt +24 -0
- data/spec/feeds/data/phishtank-sample.json.gz +0 -0
- data/spec/feeds/data/spyeye_domainlist.txt +16 -0
- data/spec/feeds/data/spyeye_iplist.txt +19 -0
- data/spec/feeds/data/t-arend-de_ssh_iplist.txt +17 -0
- data/spec/feeds/data/the_haleys_ssh_iplist.txt +12 -0
- data/spec/feeds/data/yourcmc_ssh-ip_reputation.txt +27 -0
- data/spec/feeds/data/zeus-ip_reputation.txt +285 -0
- data/spec/feeds/data/zeus_domainlist.txt +27 -0
- data/spec/feeds/dshield_attackers-top1000_spec.rb +43 -0
- data/spec/feeds/feodo-domain_reputation_spec.rb +50 -0
- data/spec/feeds/feodo-ip_reputation_spec.rb +50 -0
- data/spec/feeds/infiltrated-ip_reputation_spec.rb +50 -0
- data/spec/feeds/malc0de-domain_reputation_spec.rb +50 -0
- data/spec/feeds/malc0de-ip_reputation_spec.rb +50 -0
- data/spec/feeds/mirc-domain_reputation_spec.rb +50 -0
- data/spec/feeds/nothink_irc-ip_reputation_spec.rb +50 -0
- data/spec/feeds/nothink_ssh-ip_reputation_spec.rb +50 -0
- data/spec/feeds/openbl-ip_reputation_spec.rb +50 -0
- data/spec/feeds/palevo-domain_reputation_spec.rb +50 -0
- data/spec/feeds/palevo-ip_reputation_spec.rb +50 -0
- data/spec/feeds/phishtank_spec.rb +45 -0
- data/spec/feeds/spyeye-domain_reputation_spec.rb +50 -0
- data/spec/feeds/spyeye-ip_reputation_spec.rb +50 -0
- data/spec/feeds/t-arend-de_ssh-ip_reputation_spec.rb +50 -0
- data/spec/feeds/the_haleys_ssh-ip_reputation_spec.rb +50 -0
- data/spec/feeds/yourcmc_ssh-ip_reputation_spec.rb +50 -0
- data/spec/feeds/zeus-domain_reputation_spec.rb +50 -0
- data/spec/feeds/zeus-ip_reputation_spec.rb +50 -0
- data/spec/fixtures/feed/provider1/feed1.feed +6 -0
- data/spec/fixtures/parsers/test.xml +13 -0
- data/spec/fixtures/parsers/test_self_closing.xml +20 -0
- data/spec/fixtures/plugins/bad/threatinator/plugins/test_error1/plugin.rb +1 -0
- data/spec/fixtures/plugins/bad/threatinator/plugins/test_missing1/plugin.rb +0 -0
- data/spec/fixtures/plugins/fake.rb +19 -0
- data/spec/fixtures/plugins/good/threatinator/plugins/test_type1/plugin_a.rb +8 -0
- data/spec/fixtures/plugins/good/threatinator/plugins/test_type1/plugin_b.rb +8 -0
- data/spec/fixtures/plugins/good/threatinator/plugins/test_type2/plugin_c.rb +8 -0
- data/spec/fixtures/plugins/good/threatinator/plugins/test_type2/plugin_d.rb +8 -0
- data/spec/fixtures/plugins/good/threatinator/plugins/test_type3/plugin_e.rb +8 -0
- data/spec/fixtures/plugins/good/threatinator/plugins/test_type3/plugin_f.rb +8 -0
- data/spec/spec_helper.rb +52 -0
- data/spec/support/bad_feeds/missing_fetcher.feed +7 -0
- data/spec/support/bad_feeds/missing_name.feed +6 -0
- data/spec/support/bad_feeds/missing_parser.feed +3 -0
- data/spec/support/bad_feeds/missing_provider.feed +5 -0
- data/spec/support/factories/event.rb +27 -0
- data/spec/support/factories/feed.rb +32 -0
- data/spec/support/factories/feed_builder.rb +65 -0
- data/spec/support/factories/feed_registry.rb +8 -0
- data/spec/support/factories/output.rb +11 -0
- data/spec/support/factories/record.rb +17 -0
- data/spec/support/factories/xml_node.rb +33 -0
- data/spec/support/helpers/io.rb +11 -0
- data/spec/support/helpers/models.rb +13 -0
- data/spec/support/shared/action_builder.rb +47 -0
- data/spec/support/shared/decoder.rb +70 -0
- data/spec/support/shared/feeds.rb +218 -0
- data/spec/support/shared/fetcher.rb +48 -0
- data/spec/support/shared/filter.rb +14 -0
- data/spec/support/shared/io-like.rb +7 -0
- data/spec/support/shared/output.rb +120 -0
- data/spec/support/shared/parsers.rb +51 -0
- data/spec/support/shared/record.rb +111 -0
- data/spec/threatinator/actions/list/action_spec.rb +93 -0
- data/spec/threatinator/actions/run/action_spec.rb +89 -0
- data/spec/threatinator/actions/run/config_spec.rb +39 -0
- data/spec/threatinator/actions/run/coverage_observer_spec.rb +116 -0
- data/spec/threatinator/actions/run/output_config_spec.rb +89 -0
- data/spec/threatinator/cli/list_action_builder_spec.rb +57 -0
- data/spec/threatinator/cli/run_action_builder_spec.rb +133 -0
- data/spec/threatinator/cli_spec.rb +175 -0
- data/spec/threatinator/config/base_spec.rb +39 -0
- data/spec/threatinator/config/feed_search_spec.rb +76 -0
- data/spec/threatinator/decoders/gzip_spec.rb +75 -0
- data/spec/threatinator/event_builder_spec.rb +33 -0
- data/spec/threatinator/event_spec.rb +30 -0
- data/spec/threatinator/feed_builder_spec.rb +636 -0
- data/spec/threatinator/feed_registry_spec.rb +198 -0
- data/spec/threatinator/feed_runner_spec.rb +155 -0
- data/spec/threatinator/feed_spec.rb +169 -0
- data/spec/threatinator/fetcher_spec.rb +12 -0
- data/spec/threatinator/fetchers/http_spec.rb +32 -0
- data/spec/threatinator/filter_spec.rb +13 -0
- data/spec/threatinator/filters/block_spec.rb +16 -0
- data/spec/threatinator/filters/comments_spec.rb +13 -0
- data/spec/threatinator/filters/whitespace_spec.rb +12 -0
- data/spec/threatinator/parser_spec.rb +13 -0
- data/spec/threatinator/parsers/csv/parser_spec.rb +202 -0
- data/spec/threatinator/parsers/getline/parser_spec.rb +83 -0
- data/spec/threatinator/parsers/json/parser_spec.rb +106 -0
- data/spec/threatinator/parsers/json/record_spec.rb +30 -0
- data/spec/threatinator/parsers/xml/node_spec.rb +335 -0
- data/spec/threatinator/parsers/xml/parser_spec.rb +263 -0
- data/spec/threatinator/parsers/xml/path_spec.rb +209 -0
- data/spec/threatinator/parsers/xml/pattern_spec.rb +72 -0
- data/spec/threatinator/parsers/xml/record_spec.rb +27 -0
- data/spec/threatinator/plugin_loader_spec.rb +238 -0
- data/spec/threatinator/plugins/output/csv_spec.rb +46 -0
- data/spec/threatinator/plugins/output/null_spec.rb +17 -0
- data/spec/threatinator/plugins/output/rubydebug_spec.rb +37 -0
- data/spec/threatinator/property_definer_spec.rb +155 -0
- data/spec/threatinator/record_spec.rb +19 -0
- data/spec/threatinator/registry_spec.rb +97 -0
- data/spec/threatinator/runner_spec.rb +273 -0
- metadata +376 -0
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
|
|
2
|
+
###
|
|
3
|
+
# Alienvault IP Reputation Database
|
|
4
|
+
# https://reputation.alienvault.com/
|
|
5
|
+
###
|
|
6
|
+
|
|
7
|
+
# Generic format
|
|
8
|
+
|
|
9
|
+
37.205.198.162 # Scanning Host IT,,42.8333015442,12.8332996368
|
|
10
|
+
182.131.22.235 # Scanning Host CN,Chengdu,30.6667003632,104.066703796
|
|
11
|
+
58.250.71.43 # Scanning Host CN,Guangzhou,23.1166992188,113.25
|
|
12
|
+
211.160.19.250 # Scanning Host CN,Hang,30.2936000824,120.161399841
|
|
13
|
+
203.121.165.16 # C&C TH,,15.0,100.0
|
|
14
|
+
211.151.57.196 # Scanning Host CN,Beijing,39.9289016724,116.388298035
|
|
15
|
+
108.59.1.5 # Scanning Host A1,,0.0,0.0
|
|
16
|
+
108.59.5.139 # Scanning Host US,,39.6734008789,-75.7052001953
|
|
17
|
+
108.85.139.165 # Scanning Host US,Los Angeles,34.043800354,-118.251197815
|
|
18
|
+
109.169.60.121 # Scanning Host US,,38.0,-97.0
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
190.255.48.99 2257.0
|
|
2
|
+
91.217.82.135 1984.0
|
|
3
|
+
113.31.19.111 1832.0
|
|
4
|
+
125.65.112.133 1714.0
|
|
5
|
+
204.93.219.147 1408.0
|
|
6
|
+
46.20.10.101 1295.0
|
|
7
|
+
85.25.191.144 1198.0
|
|
8
|
+
199.119.227.17 1168.0
|
|
9
|
+
58.26.187.6 1135.0
|
|
10
|
+
221.2.227.118 1.0
|
|
11
|
+
186.18.67.167 1.0
|
|
12
|
+
190.248.54.165 1.0
|
|
13
|
+
186.169.181.150 1.0
|
|
14
|
+
186.22.21.101 1.0
|
|
15
|
+
186.113.86.157 1.0
|
|
16
|
+
other 0
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
Shunlist as of Mon, 21 Jul 2014 13:30:02 -0500
|
|
2
|
+
1.93.25.165,2014-07-11 09:58:15,SSH Brute Force
|
|
3
|
+
1.93.26.130,2014-07-14 09:55:26,SSH Brute Force
|
|
4
|
+
1.93.30.188,2014-07-09 08:36:42,SSH Brute Force
|
|
5
|
+
1.93.34.230,2014-07-16 08:01:23,SSH Brute Force
|
|
6
|
+
1.169.130.159,2014-07-07 23:10:08,Attempted MS SQL Server version enumeration
|
|
7
|
+
1.214.212.74,2014-07-09 03:35:12,SSH Brute Force
|
|
8
|
+
1.235.28.170,2014-07-16 03:13:39,SSH Brute Force
|
|
9
|
+
2.133.208.102,2014-07-16 23:48:25,Malware Distribution Site
|
|
10
|
+
2.184.57.192,2014-07-21 02:26:17,Teminal Server (RDP) brute force
|
|
11
|
+
4.31.171.50,2014-07-07 06:58:50,Sipvicious Scan
|
|
12
|
+
5.1.13.241,2014-07-16 23:48:23,Malware Distribution Site
|
|
13
|
+
5.104.226.12,2014-07-16 09:01:23,SSH Brute Force
|
|
14
|
+
5.135.112.45,2014-07-21 08:01:22,Sipvicious Scan
|
|
15
|
+
5.135.176.35,2014-07-12 16:18:47,SSH Brute Force
|
|
16
|
+
5.148.172.116,2014-07-07 06:58:09,SSH Brute Force
|
|
17
|
+
5.159.232.139,2014-07-07 06:58:09,SSH Brute Force
|
|
18
|
+
5.178.71.246,2014-07-20 21:16:07,SSH Brute Force
|
|
19
|
+
5.199.165.189,2014-07-19 05:48:09,Sipvicious Scan
|
|
20
|
+
5.199.166.61,2014-07-20 08:06:28,Sipvicious Scan
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
106.187.47.170
|
|
2
|
+
107.150.59.170
|
|
3
|
+
107.23.78.119
|
|
4
|
+
108.59.252.133
|
|
5
|
+
109.197.193.202
|
|
6
|
+
109.200.1.211
|
|
7
|
+
109.228.235.167
|
|
8
|
+
109.70.54.11
|
|
9
|
+
110.168.195.5
|
|
10
|
+
110.44.123.159
|
|
11
|
+
110.77.136.102
|
|
12
|
+
23.91.115.60
|
|
13
|
+
24.114.29.162
|
|
14
|
+
2a00:1210:fffe:72::1
|
|
15
|
+
2a01:238:20a:202:1000::25
|
|
16
|
+
31.23.230.60
|
|
17
|
+
31.28.99.108
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
1.23.110.131
|
|
2
|
+
101.255.170.18
|
|
3
|
+
101.66.202.183
|
|
4
|
+
101.66.204.111
|
|
5
|
+
101.66.251.72
|
|
6
|
+
101.71.196.164
|
|
7
|
+
101.78.144.2
|
|
8
|
+
103.18.80.99
|
|
9
|
+
103.20.220.205
|
|
10
|
+
200.93.43.157
|
|
11
|
+
200.93.92.234
|
|
12
|
+
2001:250:4001:4001:e23f:49ff:fe44:595c
|
|
13
|
+
2002:5bbc:75c1::5bbc:75c1
|
|
14
|
+
201.144.141.194
|
|
15
|
+
201.18.145.149
|
|
@@ -0,0 +1,4 @@
|
|
|
1
|
+
<?xml version="1.0" encoding="UTF-8"?>
|
|
2
|
+
<sources>
|
|
3
|
+
<data><ip>150.164.082.010</ip><attacks>136726</attacks><count>137770</count><firstseen>2014-07-04</firstseen><lastseen>2014-07-23</lastseen></data><data><ip>184.105.139.067</ip><attacks>86532</attacks><count>2365149</count><firstseen>2014-02-23</firstseen><lastseen>2014-07-30</lastseen></data><data><ip>218.077.079.043</ip><attacks>80805</attacks><count>4227189</count><firstseen>2014-06-11</firstseen><lastseen>2014-07-30</lastseen></data><data><ip>173.255.218.186</ip><attacks>80393</attacks><count>314100</count><firstseen>2014-07-16</firstseen><lastseen>2014-07-25</lastseen></data><data><ip>096.126.102.057</ip><attacks>78996</attacks><count>290559</count><firstseen>2014-07-15</firstseen><lastseen>2014-07-25</lastseen></data><data><ip>050.116.010.162</ip><attacks>78916</attacks><count>272788</count><firstseen>2014-07-15</firstseen><lastseen>2014-07-25</lastseen></data><data><ip>050.116.003.246</ip><attacks>76859</attacks><count>239177</count><firstseen>2014-07-15</firstseen><lastseen>2014-07-25</lastseen></data><data><ip>114.112.090.054</ip><attacks>68334</attacks><count>68403</count><firstseen>2014-03-01</firstseen><lastseen>2014-07-10</lastseen></data><data><ip>116.010.191.236</ip><attacks>65450</attacks><count>209602</count><firstseen>2014-04-09</firstseen><lastseen>2014-07-30</lastseen></data><data><ip>116.010.191.228</ip><attacks>65424</attacks><count>209329</count><firstseen>2014-04-04</firstseen><lastseen>2014-07-30</lastseen></data>
|
|
4
|
+
</sources>
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
##########################################################################
|
|
2
|
+
# Feodo Domain Blocklist #
|
|
3
|
+
# #
|
|
4
|
+
# For questions please refer to https://feodotracker.abuse.ch/blocklist/ #
|
|
5
|
+
##########################################################################
|
|
6
|
+
# START
|
|
7
|
+
avcctrnrxx.com
|
|
8
|
+
belijvetercat.ru
|
|
9
|
+
beliyvolkalak.ru
|
|
10
|
+
bestofthewest.ru
|
|
11
|
+
buriymishka.ru
|
|
12
|
+
deepandtouch.ru
|
|
13
|
+
djubkafriend.ru
|
|
14
|
+
europastewmk.ru
|
|
15
|
+
giaddkbzcyaoim.com
|
|
16
|
+
godaddy-up.ru
|
|
17
|
+
hawozkino.com
|
|
18
|
+
jvrdwnload.ru
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
##########################################################################
|
|
2
|
+
# Feodo IP Blocklist #
|
|
3
|
+
# #
|
|
4
|
+
# For questions please refer to https://feodotracker.abuse.ch/blocklist/ #
|
|
5
|
+
##########################################################################
|
|
6
|
+
# START
|
|
7
|
+
103.25.59.120
|
|
8
|
+
103.28.148.51
|
|
9
|
+
109.235.76.136
|
|
10
|
+
114.32.54.164
|
|
11
|
+
119.81.5.242
|
|
12
|
+
122.155.3.6
|
|
13
|
+
149.171.156.234
|
|
14
|
+
173.203.112.215
|
|
15
|
+
173.236.153.210
|
|
16
|
+
173.236.185.238
|
|
17
|
+
173.236.86.214
|
|
18
|
+
176.28.31.137
|
|
19
|
+
182.160.162.65
|
|
20
|
+
182.253.237.6
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
# Tue Jul 8 07:10:01 CDT 2014
|
|
2
|
+
|
|
3
|
+
99.69.103.21
|
|
4
|
+
99.188.58.18
|
|
5
|
+
95.79.148.122
|
|
6
|
+
95.65.31.161
|
|
7
|
+
95.221.86.160
|
|
8
|
+
95.221.71.219
|
|
9
|
+
95.178.180.145
|
|
10
|
+
95.153.177.1
|
|
11
|
+
95.153.170.102
|
|
12
|
+
94.77.239.126
|
|
13
|
+
94.41.71.52
|
|
14
|
+
94.41.244.143
|
|
15
|
+
94.231.70.53
|
|
16
|
+
94.23.19.116
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
|
|
2
|
+
// This file will be automatically updated daily and populated with the last 30 days of malicious domains.
|
|
3
|
+
// It will return 127.0.0.1 for all domains found to be distributing malware
|
|
4
|
+
// Additional information to get this working can be found http://www.malwaredomains.com/wordpress/?page_id=6
|
|
5
|
+
// Last updated 2014-07-08
|
|
6
|
+
|
|
7
|
+
PRIMARY beespace.com.ua blockeddomain.hosts
|
|
8
|
+
PRIMARY opencandy.com blockeddomain.hosts
|
|
9
|
+
PRIMARY netdna-cdn.com blockeddomain.hosts
|
|
10
|
+
PRIMARY drivers.drp.su blockeddomain.hosts
|
|
11
|
+
PRIMARY dropcanvas.com blockeddomain.hosts
|
|
12
|
+
PRIMARY 52z.com blockeddomain.hosts
|
|
13
|
+
PRIMARY baixaki.com.br blockeddomain.hosts
|
|
14
|
+
PRIMARY nzs.com.br blockeddomain.hosts
|
|
15
|
+
PRIMARY uniblue.com blockeddomain.hosts
|
|
16
|
+
PRIMARY downloadsrv13.com blockeddomain.hosts
|
|
17
|
+
PRIMARY cachelocal.org blockeddomain.hosts
|
|
18
|
+
PRIMARY ttriber.com blockeddomain.hosts
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
|
|
2
|
+
// This file will be automatically updated daily and populated with the last 30 days of malicious IP addresses.
|
|
3
|
+
// Last updated 2014-07-08
|
|
4
|
+
|
|
5
|
+
91.188.117.157
|
|
6
|
+
216.151.164.53
|
|
7
|
+
91.222.136.251
|
|
8
|
+
208.111.160.6
|
|
9
|
+
5.79.71.240
|
|
10
|
+
162.159.242.11
|
|
11
|
+
218.75.155.39
|
|
12
|
+
96.17.197.34
|
|
13
|
+
176.32.99.47
|
|
14
|
+
23.66.230.137
|
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
;For more information about this file see http://www.mirc.com/serverslist.html
|
|
2
|
+
|
|
3
|
+
[timestamp]
|
|
4
|
+
date=13/06/2012
|
|
5
|
+
|
|
6
|
+
[networks]
|
|
7
|
+
n0=DALnet
|
|
8
|
+
n1=EFnet
|
|
9
|
+
n2=Freenode
|
|
10
|
+
n3=GameSurge
|
|
11
|
+
n4=IRCnet
|
|
12
|
+
n5=Quakenet
|
|
13
|
+
n6=Rizon
|
|
14
|
+
n7=SwiftIRC
|
|
15
|
+
n8=Undernet
|
|
16
|
+
n9=WebChat
|
|
17
|
+
|
|
18
|
+
[servers]
|
|
19
|
+
n0=Random serverSERVER:irc.dal.net:6660-6667GROUP:DALnet
|
|
20
|
+
n1=Random AU serverSERVER:irc.au.dal.net:6665-6668,7000GROUP:DALnet
|
|
21
|
+
n2=Random EU serverSERVER:irc.eu.dal.net:6665-6668,7000GROUP:DALnet
|
|
22
|
+
n3=Random US serverSERVER:irc.us.dal.net:6665-6668,7000GROUP:DALnet
|
|
23
|
+
n4=US, CA, OrangeSERVER:krypt.ca.us.dal.net:6665-6668,7000GROUP:DALnet
|
|
24
|
+
n5=US, NJ, ChoopaSERVER:choopa.nj.us.dal.net:6667:GROUP:DALnet
|
|
25
|
+
n6=US, VA, RichmondSERVER:punch.va.us.dal.net:6665-6668,7000GROUP:DALnet
|
|
26
|
+
n7=US, WA, SeattleSERVER:serverbuffet.wa.us.dal.net:6665-6668,7000GROUP:DALnet
|
|
27
|
+
n8=Random serverSERVER:irc.efnet.org:6667GROUP:EFnet
|
|
28
|
+
n9=CA, AB, CalgarySERVER:irc.arcti.ca:6665-6669GROUP:EFnet
|
|
29
|
+
n10=CA, ON, TorontoSERVER:irc.teksavvy.ca:6661-6669GROUP:EFnet
|
|
30
|
+
n11=EU, DK, AarhusSERVER:irc.inet.tele.dk:6661-6669GROUP:EFnet
|
|
31
|
+
n12=EU, NL, AmsterdamSERVER:efnet.xs4all.nl:6661-6669GROUP:EFnet
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
# Provided by nothink.org
|
|
2
|
+
# Malware IRC network traffic blacklist (IP address)
|
|
3
|
+
# Generated 2014-07-07 22:05:01 UTC
|
|
4
|
+
122.160.232.194
|
|
5
|
+
123.240.75.169
|
|
6
|
+
173.163.151.27
|
|
7
|
+
189.107.132.113
|
|
8
|
+
193.107.16.22
|
|
9
|
+
193.136.119.33
|
|
10
|
+
194.14.236.50
|
|
11
|
+
201.48.61.38
|
|
12
|
+
218.61.22.10
|
|
13
|
+
218.61.22.28
|
|
14
|
+
46.166.162.116
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
# Palevo C&C Domain Blocklist by abuse.ch
|
|
2
|
+
arta.romail3arnest.info
|
|
3
|
+
asp.spinchats.com
|
|
4
|
+
bff.7oorq8.com
|
|
5
|
+
bff4.7oorq8.com
|
|
6
|
+
computo164.laweb.es
|
|
7
|
+
fitt.prince.kz
|
|
8
|
+
hcuewgbbnfdu1ew.com
|
|
9
|
+
hcuewgbbnfs1uew.com
|
|
10
|
+
internet.estr.es
|
|
11
|
+
legionarios.servecounterstrike.com
|
|
12
|
+
mail3.nad123nad.com
|
|
13
|
+
mariposita.web-personal.org
|
|
14
|
+
masterkey.com.ua
|
|
15
|
+
ms4all.twoplayers.net
|
|
16
|
+
mst.com.ua
|
|
17
|
+
ns.dunno-net.com
|
|
18
|
+
panchitox.laweb.es
|
|
19
|
+
penchatox.sin-ip.es
|
|
20
|
+
rastu.com.ua
|
|
21
|
+
s.24otuwotefsmd.com
|
|
22
|
+
shv4.no-ip.biz
|
|
23
|
+
shv4b.getmyip.com
|
|
24
|
+
ssl.aukro.ua
|
|
25
|
+
symconempkr.com
|