threatinator 0.1.6 → 0.2.0

data/spec/feeds/data/hosts-file_hphostspartial_domainlist.txt

@@ -0,0 +1,24 @@
+# hosts-Partial.txt
+#
+# The following hosts were added to hpHosts AFTER the last full release.
+#
+#Last partial update: 9/5/2014 9:32:27 AM
+#Last FULL hpHosts update: 201481651036
+#DEBUG INFO:
+#	DB: 2014050993227
+#	File: 201416851036
+#	First: 1599283 (8/30/2014 5:52:43 PM)
+#	Last: 1546551
+127.0.0.1	0.cordelia8.waslittrefxwpc.eu
+127.0.0.1	0002.tonsciryqbty.eu
+127.0.0.1	0025.gaa08056.waslittrefxwpc.eu
+127.0.0.1	003a32c.rithertningiuao.eu
+127.0.0.1	004.bloglnewarciniabe.ru
+127.0.0.1	006e0ed5.bloglnewarcinialy.ru
+127.0.0.1	0071525d.bevedidnzbep.eu
+127.0.0.1	007c746.suburonounx.eu
+127.0.0.1	008845.bevedidnzbep.eu
+127.0.0.1	008845.tonsciryqbty.eu
+127.0.0.1	008f9e2.tonsciryqbty.eu
+127.0.0.1	009.blogfoxnewsators.ru
+127.0.0.1	009.bloglfoxnewsareb.ru

data/spec/feeds/data/infiltrated_vabl_iplist.txt

@@ -0,0 +1,33 @@
+
+#
+# Prior VABL list can be viewed at www.infiltrated.net/vabl-q1-2011.txt
+# Prior VABL list can be viewed at www.infiltrated.net/vabl-q2-2011.txt
+
+# WARNING: The new addition to this list is "APT" which is short for the
+# listed here, it is listed for a reason. Use/block those IP addresses
+# obvious "Advanced Persistent Threat" buzzword. The hosts listed with
+# this flag are either C&C sources, pivots, and so forth. If it is
+# with caution
+
+
+108.59.1.205 | BRU | VABL | 20110609 | e22b6e201b3533a0dd1ac8bb47426169 | 30633 | 108.59.0.0/20 | LEASEWEB-US | US | - | LEASEWEB USA INC
+108.59.1.205 | BRU | VABL | 20110708 | 8850509672ee7d983d9a511e31b13a9a | 30633 | 108.59.0.0/20 | LEASEWEB-US | US | - | LEASEWEB USA INC
+108.59.1.5 | BRU | VABL | 20110726 | 4fd0c880f8cbe31e4efc18890b4ac51a | 30633 | 108.59.0.0/20 | LEASEWEB-US | US | - | LEASEWEB USA INC
+108.59.1.5 | BRU | VABL | 20110726 | fb17621acd4b0626c80ba8e66e963518 | 30633 | 108.59.0.0/20 | LEASEWEB-US | US | - | LEASEWEB USA INC
+108.59.1.5 | BRU | VABL | 20110727 | 8850509672ee7d983d9a511e31b13a9a | 30633 | 108.59.0.0/20 | LEASEWEB-US | US | - | LEASEWEB USA INC
+108.59.1.5 | BRU | VABL | 20110729 | 8850509672ee7d983d9a511e31b13a9a | 30633 | 108.59.0.0/20 | LEASEWEB-US | US | - | LEASEWEB USA INC
+108.59.1.5 | BRU | VABL | 20110730 | 8850509672ee7d983d9a511e31b13a9a | 30633 | 108.59.0.0/20 | LEASEWEB-US | US | - | LEASEWEB USA INC
+108.59.5.139 | BRU | VABL | 20110720 | 4fd0c880f8cbe31e4efc18890b4ac51a | 30633 | 108.59.0.0/20 | LEASEWEB-US | US | - | LEASEWEB USA INC
+108.59.5.139 | BRU | VABL | 20110720 | fb17621acd4b0626c80ba8e66e963518 | 30633 | 108.59.0.0/20 | LEASEWEB-US | US | - | LEASEWEB USA INC
+108.59.5.139 | BRU | VABL | 20110725 | 8850509672ee7d983d9a511e31b13a9a | 30633 | 108.59.0.0/20 | LEASEWEB-US | US | - | LEASEWEB USA INC
+108.85.139.165 | BRU | VABL | 20110611 | fb17621acd4b0626c80ba8e66e963518 | 7132 | 108.64.0.0/11 | SBIS-AS | US | ATT.COM | AT&T INTERNET SERVICES
+109.123.83.130 | BRU | VABL | 20110606 | 8850509672ee7d983d9a511e31b13a9a | 13213 | 109.123.64.0/18 | UK2NET | UK | THECOUNTRYKITTEN.COM | UK2 - LTD
+109.168.200.104 | ATK | HPOT | 20110818 | fb17621acd4b0626c80ba8e66e963518 | 34060 | 94.176.216.0/22 | TCCFR | RO | ELECTROSIM.RO | JUMP INTERNET SERVICES SRL
+109.168.200.104 | ATK | HPOT | 20110818 | fb17621acd4b0626c80ba8e66e963518 | 34104 | 91.93.32.0/21 | GLOBAL | TR | TELETEKTELEKOM.COM | GLOBAL ILETISIM HIZMETLERI A.S
+109.168.200.104 | ATK | HPOT | 20110819 | fb17621acd4b0626c80ba8e66e963518 | 34060 | 94.176.216.0/22 | TCCFR | RO | ELECTROSIM.RO | JUMP INTERNET SERVICES SRL
+109.168.200.104 | ATK | HPOT | 20110819 | fb17621acd4b0626c80ba8e66e963518 | 34104 | 91.93.32.0/21 | GLOBAL | TR | TELETEKTELEKOM.COM | GLOBAL ILETISIM HIZMETLERI A.S
+109.169.60.121 | BRU | VABL | 20110618 | bf85b024eec53c533630a4551d9f63a7 | 29761 | 109.169.60.0/23 | OC3-NETWORKS-AS-NUMB | US | BMTRADAGROUP.COM | RAPIDSWITCH LTD
+109.169.60.121 | BRU | VABL | 20110621 | 8850509672ee7d983d9a511e31b13a9a | 29761 | 109.169.60.0/23 | OC3-NETWORKS-AS-NUMB | US | BMTRADAGROUP.COM | RAPIDSWITCH LTD
+109.169.60.121 | BRU | VABL | 20110622 | bf85b024eec53c533630a4551d9f63a7 | 29761 | 109.169.60.0/23 | OC3-NETWORKS-AS-NUMB | US | BMTRADAGROUP.COM | RAPIDSWITCH LTD
+109.169.60.121 | BRU | VABL | 20110711 | 8850509672ee7d983d9a511e31b13a9a | 29761 | 109.169.60.0/23 | OC3-NETWORKS-AS-NUMB | US | AIMSDESPATCH.COM | RAPIDSWITCH LTD
+109.169.60.121 | BRU | VABL | 20110713 | 4fd0c880f8cbe31e4efc18890b4ac51a | 29761 | 109.169.60.0/23 | OC3-NETWORKS-AS-NUMB | US | AIMSDESPATCH.COM | RAPIDSWITCH LTD

data/spec/feeds/data/isc_suspicious_high_domainlist.txt

@@ -0,0 +1,26 @@
+
+#
+#   DShield.org Suspicious Domain List
+#    (c) 2014 DShield.org
+#   some rights reserved. Details http://creativecommons.org/licenses/by-nc-sa/2.5/
+#   use on your own risk. No warranties implied.
+#   primary URL: http://www.dshield.org/feeds/suspiciousdomains_High.txt
+#
+#   comments: info@dshield.org
+#    updated: Fri Sep 12 04:27:04 2014 UTC
+#   
+#    This list consists of High Level Sensitivity website URLs
+#     Columns (tab delimited):
+#
+#      (1) site
+#
+Site
+000007.ru	
+000cc.com	
+09cd.co.kr	
+1-verygoods.ru	
+10kpictures.com	
+114bds.com	
+114oldest.com	
+120a.com	
+123kochi.com	

data/spec/feeds/data/isc_suspicious_low_domainlist.txt

@@ -0,0 +1,34 @@
+
+#
+#   DShield.org Suspicious Domain List
+#    (c) 2014 DShield.org
+#   some rights reserved. Details http://creativecommons.org/licenses/by-nc-sa/2.5/
+#   use on your own risk. No warranties implied.
+#   primary URL: http://www.dshield.org/feeds/suspiciousdomains_Low.txt
+#
+#   comments: info@dshield.org
+#    updated: Fri Sep 12 04:27:03 2014 UTC
+#   
+#    This list consists of Low Level Sensitivity website URLs
+#     Columns (tab delimited):
+#
+#      (1) site
+#
+Site
+000007.ru	
+000cc.com	
+09cd.co.kr	
+1-verygoods.ru	
+10kpictures.com	
+114bds.com	
+114oldest.com	
+120a.com	
+123kochi.com	
+123mdw.com	
+13grandferi.ru	
+1492tapasbar.com	
+168asia.com	
+18dd.net	
+18xn.com	
+19tenco.com	
+1a-teensbilder.de	

data/spec/feeds/data/isc_suspicious_medium_domainlist.txt

@@ -0,0 +1,32 @@
+
+#
+#   DShield.org Suspicious Domain List
+#    (c) 2014 DShield.org
+#   some rights reserved. Details http://creativecommons.org/licenses/by-nc-sa/2.5/
+#   use on your own risk. No warranties implied.
+#   primary URL: http://www.dshield.org/feeds/suspiciousdomains_Medium.txt
+#
+#   comments: info@dshield.org
+#    updated: Fri Sep 12 04:27:04 2014 UTC
+#   
+#    This list consists of Medium Level Sensitivity website URLs
+#     Columns (tab delimited):
+#
+#      (1) site
+#
+Site
+000007.ru	
+000cc.com	
+09cd.co.kr	
+1-verygoods.ru	
+10kpictures.com	
+114bds.com	
+114oldest.com	
+120a.com	
+123kochi.com	
+123mdw.com	
+13grandferi.ru	
+1492tapasbar.com	
+168asia.com	
+18dd.net	
+18xn.com	

data/spec/feeds/data/malwaredomainlist-url-reputation.txt

@@ -0,0 +1,8 @@
+"2014/10/07_04:23","www.yehuam.com/dist/video.php?l=1","198.15.122.221","-","Leads to exploit, Malvertising","Registrar Abuse Contact abuse@enom.com","20454"
+"2014/10/07_04:23","exkn0md6fh.qsdgi.com/azomytze3q","5.135.230.183","-","RIG EK","Registrar Abuse Contact abuse@web.com","16276"
+"2014/10/01_09:34","radiology.starlightcapitaladvisors.net/dr/southeast/steve/dropdown.js","85.10.229.207","85-10-229-207.clients.your-server.de.","obfuscated script leads to exploit kit","-","24940"
+"2014/10/01_09:30","avecat.missouritheatre.org:15106/full/cnstats/clients/stories.php?wink=322","87.118.127.230","ns2.km33436-26.keymachine.de.","exploit kit","T Fankhauser / artstaff@stjoearts.org","31103"
+"2014/10/01_09:30","aveconomic.trailswest.org:15106/haddan_files/stories.php","87.118.127.230","ns2.km33436-26.keymachine.de.","exploit kit","T Fankhauser / artstaff@stjoearts.org","31103"
+"2014/09/17_10:11","borneo.aqq79.com/wbxx3.html","217.23.5.88","customer.worldstream.nl.","frame leads to exploit kit","Registrar Abuse Contact domain@west263.com","49981"
+"2014/09/17_10:11","asd.vicentelopez.us/vbign3s2pe","192.99.197.133","-","exploit kit","Virna Springer / virnaspringer2001@mail.com","16276"
+"2014/09/17_10:11","qwe.affairedhonneur.us/depqfie59y","192.99.197.131","-","exploit kit","Ben Bazar / benbazar2011y@mail.com","16276"

data/spec/feeds/data/malwaredomains_domainlist.txt

@@ -0,0 +1,24 @@
+##	notice	notice	duplication is not permitted
+##	 if you do not accept these terms, then do not use this information.
+##	nextvalidation	domain	type	original_reference-why_it_was_listed	dateverified
+##	for noncommercial use only. using this information indicates you agree to be bound by these terms.
+	20161231	brenz.pl	attackpage	safebrowsing.clients.google.com	20140302	20131228	20110304	20100805	relisted
+	20161231	retro-7-3.cz.cc	harmful	safebrowsing.clients.google.com	20140703	20131227	20130614	20120724	20110503	relisted
+	20161231	38zu.cn	attackpage	safebrowsing.google.com	20140703	20140302	20130325	20120426	20110715
+	20161231	pempoo.com	attackpage	safebrowsing.google.com	20140703	20140307	20131227	20120423	20110712
+	20161230	gumblar.cn	attackpage	safebrowsing.clients.google.com	20140703	20140226	20131228	20130526	20110711	20100403
+	20160601	cg79wo20kl92doowfn01oqpo9mdieowv5tyj.com	malware	safebrowsing.google.com	20130611	20131228	20121227	20120724	20110319	relisted
+	20160601	neepelsty.cz.cc	attackpage	www.google.com/interstitial?url=neepelsty.cz.cc	20130614	20131228	20121227	20120724	20110520	relisted
+	20160601	x0a.in	iframe	blog.unmaskparasites.com/2009/06/25/hidden-cn-iframes-are-still-prevalent	20131226	20110311	20090830
+	20160601	x1g.in	iframe	blog.unmaskparasites.com/2009/06/25/hidden-cn-iframes-are-still-prevalent	20131226	20110311	20090830
+	20160601	x3v.in	iframe	blog.unmaskparasites.com/2009/06/25/hidden-cn-iframes-are-still-prevalent	20131226	20110311	20090830
+	20160601	x5o.ru	iframe	blog.unmaskparasites.com/2009/06/25/hidden-cn-iframes-are-still-prevalent	20131226	20110311	20090830
+	20160601	x6i.ru	iframe	blog.unmaskparasites.com/2009/06/25/hidden-cn-iframes-are-still-prevalent	20131226	20110311	20090830
+	20160601	x6p.in	iframe	blog.unmaskparasites.com/2009/06/25/hidden-cn-iframes-are-still-prevalent	20131226	20110311	20090830
+	20160601	x3b.ru	attackpage	google.com/safebrowsing	20131226	20110311	20090913
+	20160601	x0c.ru	malware	hosts-file.net/?s=80.93.90.88&view=history	20131226	20110311	20090830
+	20160601	x3y.ru	malware	hosts-file.net/?s=80.93.90.88&view=history	20131226	20110311	20090830
+	20160601	x9m.ru	malware	hosts-file.net/?s=80.93.90.88&view=history	20131226	20110311	20090830
+	20160601	x8l.in	iframe	safebrowsing.google.com	20131226	20110311	20090826
+	20160601	x8o.ru	iframe	safebrowsing.google.com	20131226	20110311	20090826
+	20160601	x8v.ru	iframe	safebrowsing.google.com	20131226	20110311	20090826

data/spec/feeds/data/malwaredomains_dyndns_domainlist.txt

@@ -0,0 +1,34 @@
+
+## this is a listdynamic dns providers - for informational purposes only, use as a blocklist at your own risk
+##please send additions or corrrections to malwaredomains2@gmail23.com1 (remove numbers in email address)
+#easydns4u.com
+#freelancedeveloper.com
+#ipupdater.com
+#iwas2.net
+#microtech.co.gg
+#myip.us
+#ohflip.com
+#reidmail.com
+#reidsville-dns.com
+#sysopworld.com
+#thebbs.org
+
+0000000000000000000000.com	#from http://freedns.afraid.org
+020huahai.com	malicious	siteinspector.comodo.com/
+021christine.com	malicious	siteinspector.comodo.com/
+051.no	malicious	siteinspector.comodo.com/
+0815x.com	#from http://freedns.afraid.org
+0bit.org	#from http://freedns.afraid.org
+0wnz-u.com	#from http://freedns.afraid.org
+0x.no	#from http://freedns.afraid.org
+101main.com	#from http://dns2go.com
+101main.net	#from http://dns2go.com
+1040ezdotcom.com	malicious	siteinspector.comodo.com/
+120v.ac	#from http://freedns.afraid.org
+1243.ru	malicious	siteinspector.comodo.com/
+12wildwood.ca	#from http://freedns.afraid.org
+1313.pl	#from http://freedns.afraid.org
+1337.cx	#from http://freedns.afraid.org
+136k.com	#from http://freedns.afraid.org
+17life.com	#from http://freedns.afraid.org
+18videoclip.com	harmful	safebrowsing.clients.google.com

data/spec/feeds/data/malwaredomains_justdomains_domainlist.txt

@@ -0,0 +1,18 @@
+brenz.pl
+retro-7-3.cz.cc
+38zu.cn
+pempoo.com
+gumblar.cn
+cg79wo20kl92doowfn01oqpo9mdieowv5tyj.com
+neepelsty.cz.cc
+x0a.in
+x1g.in
+x3v.in
+x5o.ru
+x6i.ru
+x6p.in
+x3b.ru
+x0c.ru
+x3y.ru
+x9m.ru
+x8l.in

data/spec/feeds/data/multiproxy_iplist.txt

@@ -0,0 +1,15 @@
+122.6.245.14:8090
+123.184.6.251:8088
+123.236.215.131:6588
+172.163.146.56:6588
+189.37.28.147:6588
+190.53.89.103:6588
+200.104.104.91:6588
+200.126.98.135:6588
+200.252.201.144:80
+201.42.59.201:6588
+202.134.202.226:80
+211.140.151.214:8080
+212.12.114.252:3128
+218.252.37.227:808
+59.95.1.229:6588

data/spec/feeds/data/openphish-url-reputation.txt

@@ -0,0 +1,16 @@
+http://22872.in/
+http://www.sikaram.lk/wp-content/uploads/10421312312/19890907.html
+http://www.seventoons.com/includes/languages/espanol/images/sfre/9a8c90c1e89a8d9660b5eb59308d5f15/cas.php?clicid=13698&default=031c2011f7b699ad4676d01035827f44
+http://www.alternativ-credit.fr/includes/html/classic/ibks/bradesco/?WLMFKUGXUPHVZUFEZWIKYHYWGUGPFXEPNGOFZEYGTSTNTWUIYMFIRLZTUUNVRNTNPTMSTZKZKNITNRNPHLKWYKOZMXWSJYKWY
+http://www.alternativ-credit.fr/includes/html/classic/ibks/bradesco/?ZNLROJIJRSSTQWEGUKKYXWQJKMPRLJNOYVHNXTGSJVTNPLTPTKEOLVHGSLXXIURSPFWXHYNKSWJSYNQZKRGXMSRLZVTGRVXPNJTV
+http://www.jacks-music.co.uk/wp-admin/a/ef26da3516ec9b3f8d06a8d876804d0a/da276c95119f380b9466516ca1f35551/4db64aeb194a008c3589ca0252caf430/14526566c864daf0a9cf4f6cc527b315/884c7f2309881eef92d29429c9b15f32/95a77b9c4a1258900b96726a003351ec/a06ae15727fc9b5a8daf9a61563a9b2a/?pagein=https://signin.ebay.it/ws/eBayISAPI.dll?SignIn&ru=http://www.ebay.it/
+http://www.jacks-music.co.uk/wp-admin/a/e4f701810e80c05c0533876dd4b4246d/97286d2ffb4c29125e8534b5f34eac1f/?pagein=https://signin.ebay.it/ws/eBayISAPI.dll?SignIn&ru=http://www.ebay.it/
+http://www.jacks-music.co.uk/wp-admin/a/ef26da3516ec9b3f8d06a8d876804d0a/da276c95119f380b9466516ca1f35551/4db64aeb194a008c3589ca0252caf430/14526566c864daf0a9cf4f6cc527b315/6f9b49ea7ad3bd488d03146e455585f7/c144bd8041f407331fe66af1d6c07c51/8c3f20513475139edeccc7f47f237552/?pagein=https://signin.ebay.it/ws/eBayISAPI.dll?SignIn&ru=http://www.ebay.it/
+http://www.jacks-music.co.uk/wp-admin/a/ef26da3516ec9b3f8d06a8d876804d0a/da276c95119f380b9466516ca1f35551/4db64aeb194a008c3589ca0252caf430/14526566c864daf0a9cf4f6cc527b315/884c7f2309881eef92d29429c9b15f32/95a77b9c4a1258900b96726a003351ec/bfe3005edf73b44b6c18a88ddf633d08/?pagein=https://signin.ebay.it/ws/eBayISAPI.dll?SignIn&ru=http://www.ebay.it/
+http://www.jacks-music.co.uk/wp-admin/a/ef26da3516ec9b3f8d06a8d876804d0a/da276c95119f380b9466516ca1f35551/4db64aeb194a008c3589ca0252caf430/14526566c864daf0a9cf4f6cc527b315/d5f8fba1e788b4723fb87c788aae85a7/d5c3a11c45b2d46ff81cd25281d43510/2102dde13e5e7dcb942d34af83a59c31/?pagein=https://signin.ebay.it/ws/eBayISAPI.dll?SignIn&ru=http://www.ebay.it/
+http://www.jacks-music.co.uk/wp-admin/a/ef26da3516ec9b3f8d06a8d876804d0a/da276c95119f380b9466516ca1f35551/40001ba92bc71fa1a87cbd6014c6a93c/f855e92746daac9349ec8606bc21dc1c/?pagein=https://signin.ebay.it/ws/eBayISAPI.dll?SignIn&ru=http://www.ebay.it/
+http://190.86.185.227/Site-Seguro-SSL/Cadastramento/
+http://www.turesidenciapremium.com/Trader/trade/index.html
+http://datosfiscales.com/plugins/connect/portfolio/index.htm
+http://www.thethreetouch.com/thai/store/images/stories/safepay.wellsfargo.com/index.php
+http://www.

data/spec/feeds/data/packetmail_perimeterbad-ip_reputation.txt

@@ -0,0 +1,44 @@
+# Disclaimer - You may not use this list without acceptance of the below:
+#
+# The following IP addresses have made HTTP/HTTPS requests to files that are either non-existent or denied by configuration to 
+# unique and new URLs over the past 30 days.
+#
+# No assertion is made, nor implied, that any of the below listed IP addresses are accurate, malicious, hostile, or engaged in nefarious acts.
+# Use this list at your own risk.  By using this list in any capacity or capability you release all claims of damages and shall not hold or perceive any
+# liability against the publisher for:  damage, unexpected events or results, decision, or reputation damage, even those resulting from wilful
+# or intentional neglect.
+#
+# No claims made against this data shall be honored; no assertions have been made about the quality, accuracy, usability, actionability,
+# reputation, merit, or hostility of the below findings.
+#
+# If you feel that an IP address is inaccurately listed below please contact me at any RFC822 6.3, RFC1123 5.2.7, or RFC2821 4.5.1
+# address associated with this domain.
+#
+# This list may not be included in any 'for-sale' component and may not be included in pay-wall subscription-based services except
+# for organizations that I have explicitly given permission to by E-Mail which has been GPG signed using Key ID 0x37085D70.
+#
+# Changelog:
+#	Thu Sep 04 2014 - Initial Development
+#
+# This file contains these \x09 (TAB) separated fields:
+#	date_time               string                  Time the request was received (standard english format)
+#	remote_ip               string                  Remote IP-address
+#	server_name             string                  The server name according to the UseCanonicalName setting
+#	status                  string                  Status. For requests that got internally redirected, this is the status of the original request
+#	request                 string                  The first line of the request
+#	http_referer            string                  HTTP Referer
+#	user_agent              string                  HTTP User-Agent
+#	day                     string                  Day in YYYY-MM-DD format
+#
+#
+# This list was last updated on Thu Sep  4 10:16:10 CDT 2014
+#
+[03/Sep/2014:13:11:47 -0500]	192.99.152.38	206.82.85.197	403	GET /cc/process.php HTTP/1.1	-	Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20100101 Firefox/8.0	2014-09-03
+[03/Sep/2014:10:06:47 -0500]	110.45.241.238	206.82.85.197	403	POST /cfg HTTP/1.1	-	-	2014-09-03
+[03/Sep/2014:13:11:47 -0500]	192.99.152.38	206.82.85.197	403	GET /process.php HTTP/1.1	-	Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20100101 Firefox/8.0	2014-09-03
+[03/Sep/2014:09:48:18 -0500]	62.210.167.201	206.82.85.197	403	GET /mad/inc/config.php HTTP/1.1	-	Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20100101 Firefox/8.0	2014-09-03
+[03/Sep/2014:05:39:48 -0500]	192.99.166.102	206.82.85.197	403	GET /Panel/bins.php HTTP/1.1	-	Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20100101 Firefox/8.0	2014-09-03
+[03/Sep/2014:05:39:48 -0500]	192.99.166.102	206.82.85.197	403	GET /jackposprivate12/bins.php HTTP/1.1	-	Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20100101 Firefox/8.0	2014-09-03
+[03/Sep/2014:05:39:48 -0500]	192.99.166.102	206.82.85.197	403	GET /jack/bins.php HTTP/1.1	-	Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20100101 Firefox/8.0	2014-09-03
+[03/Sep/2014:18:06:59 -0500]	69.28.85.204	www.hackbraten.tk	403	HEAD /Hackbraten.zip HTTP/1.1	-	curl/7.32.0	2014-09-03
+

data/spec/feeds/data/snort_bpf-ip_reputation.txt

@@ -0,0 +1,16 @@
+212.89.13.111
+46.242.145.99
+91.220.62.190
+91.220.62.112
+91.213.217.36
+194.44.157.130
+193.107.17.62
+193.106.31.12
+94.63.149.51
+93.171.202.70
+204.16.169.2
+182.160.162.65
+91.228.154.199
+76.74.184.23
+85.214.26.248
+80.48.62.18

data/spec/feeds/data/steeman-ip-reputation.txt

@@ -0,0 +1,13 @@
+# 2104 Block List (IPV4 IP addresses to avoid contact with) - Jeron Steeman - http://jeroen.steeman.org
+# Created: 10/3/2014 4:00:24 PM
+1.0.253.17
+1.1.153.136
+1.10.220.118
+1.10.221.14
+1.10.221.78
+1.10.253.13
+1.161.123.10
+1.162.217.96
+1.168.163.133
+1.168.242.142
+1.169.45.13

data/spec/feeds/data/trustedsec-ip-reputation.txt

@@ -0,0 +1,12 @@
+#
+100.1.176.8
+100.42.209.114
+100.42.227.89
+100.42.229.73
+100.42.74.90
+101.0.4.104
+101.0.4.108
+101.0.53.229
+101.0.5.88
+101.0.5.90
+101.108.127.106

data/spec/feeds/data/virbl-ip_reputation.txt

@@ -0,0 +1,14 @@
+Export date: Fri Sep  5 16:07:01 2014
+39.31.123.178
+163.16.166.9
+5.164.174.1
+180.4.151.67
+103.178.151.119
+193.20.147.167
+50.242.226.97
+208.159.51.152
+181.107.101.162
+37.84.148.198
+40.188.94.4
+171.136.38.9
+209.167.192.55

data/spec/feeds/data/vxvault-url-reputation.txt

@@ -0,0 +1,15 @@
+VX Vault last 100 Links
+Mon, 06 Oct 2014 16:14:20 +0200
+
+http://alles-99cent.de/public_html/xtcommerce/Judaslods23.exe
+http://46.30.42.178/1/bot.exe
+http://liqweed.alwaysdata.net/z/bot.exe
+http://icbcasia.info/7/serverphp/bot.exe
+http://fiu-eu.org/4/serverphp/bot.exe
+http://esum.org.in/01/serverphp/bot.exe
+http://xoho.in/grace/bot.exe
+http://love.saleb.ru/g0zilla.exe
+http://lnstgram.com/Java32.exe
+http://103.26.128.84/botnet/1/installer.exe
+http://46.30.42.178/1/bot.exe
+http://iappem.com.br/images/109x090191.jpg

data/spec/feeds/data/yoyo_adservers.txt

@@ -0,0 +1,25 @@
+101com.com
+101order.com
+123found.com
+180hits.de
+180searchassistant.com
+1x1rank.com
+207.net
+247media.com
+24log.com
+24log.de
+24pm-affiliation.com
+2mdn.net
+2o7.net
+360yield.com
+4affiliate.net
+4d5.net
+50websads.com
+518ad.com
+51yes.com
+600z.com
+777partner.com
+777seo.com
+77tracking.com
+7adpower.com
+7bpeople.com