chg: Add script to make lists unique, and sort the keys.
Update covid lists.pull/145/head
parent
bad8b17fff
commit
300d823638
|
@ -7,7 +7,7 @@ set -x
|
|||
|
||||
for dir in lists/*/list.json
|
||||
do
|
||||
cat ${dir} | jq . | sponge ${dir}
|
||||
cat ${dir} | jq -S . | sponge ${dir}
|
||||
done
|
||||
|
||||
cat schema.json | jq . | sponge schema.json
|
||||
cat schema.json | jq -S . | sponge schema.json
|
||||
|
|
|
@ -1,8 +1,5 @@
|
|||
{
|
||||
"description": "Event contains one or more entries from the top 1000 of the most used website (Alexa).",
|
||||
"version": 20190424,
|
||||
"name": "Top 1000 website from Alexa",
|
||||
"type": "hostname",
|
||||
"list": [
|
||||
"104.com.tw",
|
||||
"11st.co.kr",
|
||||
|
@ -1008,5 +1005,8 @@
|
|||
"matching_attributes": [
|
||||
"hostname",
|
||||
"domain"
|
||||
]
|
||||
],
|
||||
"name": "Top 1000 website from Alexa",
|
||||
"type": "hostname",
|
||||
"version": 20190424
|
||||
}
|
||||
|
|
|
@ -1,8 +1,5 @@
|
|||
{
|
||||
"name": "List of known Amazon AWS IP address ranges",
|
||||
"version": 20200210,
|
||||
"description": "Amazon AWS IP address ranges (https://ip-ranges.amazonaws.com/ip-ranges.json)",
|
||||
"type": "cidr",
|
||||
"list": [
|
||||
"100.20.0.0/14",
|
||||
"100.24.0.0/13",
|
||||
|
@ -1695,5 +1692,8 @@
|
|||
"ip-src",
|
||||
"ip-dst",
|
||||
"domain|ip"
|
||||
]
|
||||
],
|
||||
"name": "List of known Amazon AWS IP address ranges",
|
||||
"type": "cidr",
|
||||
"version": 20200210
|
||||
}
|
||||
|
|
|
@ -1,40 +1,40 @@
|
|||
{
|
||||
"name": "List of known domains used by automated malware analysis services & security vendors",
|
||||
"version": 5,
|
||||
"description": "Domains used by automated malware analysis services & security vendors",
|
||||
"type": "substring",
|
||||
"list": [
|
||||
"akana.mobiseclab.org",
|
||||
"analyze.intezer.com",
|
||||
"anlyz.io",
|
||||
"app.any.run",
|
||||
"app.sndbox.com",
|
||||
"cape.contextis.com",
|
||||
"capesandbox.com",
|
||||
"carbonblack.com",
|
||||
"detux.org",
|
||||
"emergingthreats.net",
|
||||
"hybrid-analysis.com",
|
||||
"jevereg.amnpardaz.com",
|
||||
"joesandbox.com",
|
||||
"koodous.com",
|
||||
"malwr.com",
|
||||
"mcafee.com",
|
||||
"reverse.it",
|
||||
"sandbox.pikker.ee",
|
||||
"sanddroid.xjtu.edu.cn",
|
||||
"securelist.com",
|
||||
"symantec.com",
|
||||
"tria.ge",
|
||||
"undroid.av-comparatives.org",
|
||||
"virustotal.com",
|
||||
"www.threatexpert.com",
|
||||
"www.vicheck.ca"
|
||||
],
|
||||
"matching_attributes": [
|
||||
"domain",
|
||||
"hostname",
|
||||
"domain|ip",
|
||||
"url"
|
||||
],
|
||||
"list": [
|
||||
"virustotal.com",
|
||||
"malwr.com",
|
||||
"hybrid-analysis.com",
|
||||
"emergingthreats.net",
|
||||
"joesandbox.com",
|
||||
"anlyz.io",
|
||||
"detux.org",
|
||||
"akana.mobiseclab.org",
|
||||
"sandbox.pikker.ee",
|
||||
"www.threatexpert.com",
|
||||
"www.vicheck.ca",
|
||||
"reverse.it",
|
||||
"mcafee.com",
|
||||
"symantec.com",
|
||||
"securelist.com",
|
||||
"carbonblack.com",
|
||||
"app.any.run",
|
||||
"cape.contextis.com",
|
||||
"tria.ge",
|
||||
"koodous.com",
|
||||
"undroid.av-comparatives.org",
|
||||
"sanddroid.xjtu.edu.cn",
|
||||
"jevereg.amnpardaz.com",
|
||||
"analyze.intezer.com",
|
||||
"app.sndbox.com",
|
||||
"capesandbox.com"
|
||||
]
|
||||
"name": "List of known domains used by automated malware analysis services & security vendors",
|
||||
"type": "substring",
|
||||
"version": 5
|
||||
}
|
||||
|
|
|
@ -1,13 +1,5 @@
|
|||
{
|
||||
"name": "List of known bank domains",
|
||||
"version": 2,
|
||||
"description": "Event contains one or more entries of known banking website",
|
||||
"matching_attributes": [
|
||||
"domain",
|
||||
"hostname",
|
||||
"domain|ip"
|
||||
],
|
||||
"type": "hostname",
|
||||
"list": [
|
||||
".02bancorp.com",
|
||||
".1822direkt.com",
|
||||
|
@ -1501,8 +1493,8 @@
|
|||
".spk-suedholstein.de",
|
||||
".spk-vorpommern.de",
|
||||
".spk-westholstein.de",
|
||||
".spkhb.de",
|
||||
".spkef.is",
|
||||
".spkhb.de",
|
||||
".ssbia.com",
|
||||
".ssbnd.com",
|
||||
".ssbnet.com",
|
||||
|
@ -1763,5 +1755,13 @@
|
|||
".zionsbank.com",
|
||||
".ziraatbank.de",
|
||||
".zvezabank.at"
|
||||
]
|
||||
],
|
||||
"matching_attributes": [
|
||||
"domain",
|
||||
"hostname",
|
||||
"domain|ip"
|
||||
],
|
||||
"name": "List of known bank domains",
|
||||
"type": "hostname",
|
||||
"version": 2
|
||||
}
|
||||
|
|
|
@ -1,9 +1,4 @@
|
|||
{
|
||||
"matching_attributes": [
|
||||
"hostname",
|
||||
"domain",
|
||||
"domain|ip"
|
||||
],
|
||||
"description": "Event contains one or more entries from the top 1000 of the most used website (Cisco Umbrella).",
|
||||
"list": [
|
||||
"0.client-channel.google.com",
|
||||
|
@ -1007,7 +1002,12 @@
|
|||
"z.moatads.com",
|
||||
"zemanta.com"
|
||||
],
|
||||
"version": 20190309,
|
||||
"matching_attributes": [
|
||||
"hostname",
|
||||
"domain",
|
||||
"domain|ip"
|
||||
],
|
||||
"name": "Top 1000 website from Cisco Umbrella",
|
||||
"type": "hostname",
|
||||
"name": "Top 1000 website from Cisco Umbrella"
|
||||
"version": 20190309
|
||||
}
|
||||
|
|
|
@ -1,34 +1,34 @@
|
|||
{
|
||||
"description": "List of known Cloudflare IP ranges (https://www.cloudflare.com/ips/)",
|
||||
"list": [
|
||||
"188.114.96.0/20",
|
||||
"2405:8100::/32",
|
||||
"2c0f:f248::/32",
|
||||
"190.93.240.0/20",
|
||||
"173.245.48.0/20",
|
||||
"103.21.244.0/22",
|
||||
"103.22.200.0/22",
|
||||
"103.31.4.0/22",
|
||||
"104.16.0.0/12",
|
||||
"108.162.192.0/18",
|
||||
"131.0.72.0/22",
|
||||
"141.101.64.0/18",
|
||||
"162.158.0.0/15",
|
||||
"172.64.0.0/13",
|
||||
"173.245.48.0/20",
|
||||
"188.114.96.0/20",
|
||||
"190.93.240.0/20",
|
||||
"197.234.240.0/22",
|
||||
"198.41.128.0/17",
|
||||
"2400:cb00::/32",
|
||||
"2405:8100::/32",
|
||||
"2405:b500::/32",
|
||||
"2606:4700::/32",
|
||||
"2803:f800::/32",
|
||||
"2400:cb00::/32",
|
||||
"141.101.64.0/18",
|
||||
"198.41.128.0/17",
|
||||
"172.64.0.0/13",
|
||||
"108.162.192.0/18",
|
||||
"197.234.240.0/22",
|
||||
"2405:b500::/32",
|
||||
"103.31.4.0/22",
|
||||
"131.0.72.0/22",
|
||||
"2a06:98c0::/29",
|
||||
"162.158.0.0/15",
|
||||
"103.22.200.0/22"
|
||||
"2c0f:f248::/32"
|
||||
],
|
||||
"type": "cidr",
|
||||
"matching_attributes": [
|
||||
"ip-dst",
|
||||
"ip-src",
|
||||
"domain|ip"
|
||||
],
|
||||
"name": "List of known Cloudflare IP ranges",
|
||||
"version": 20200210,
|
||||
"description": "List of known Cloudflare IP ranges (https://www.cloudflare.com/ips/)"
|
||||
"type": "cidr",
|
||||
"version": 20200210
|
||||
}
|
||||
|
|
|
@ -1,8 +1,5 @@
|
|||
{
|
||||
"name": "Common contact e-mail addresses",
|
||||
"version": 20200226,
|
||||
"description": "A list of commonly used abuse and contact e-mail addresses, including the ones denoted in RFC2142.",
|
||||
"type": "regex",
|
||||
"list": [
|
||||
"/^(security|noc|soc|abuse)\\@.*\\..*$/i"
|
||||
],
|
||||
|
@ -10,5 +7,8 @@
|
|||
"email-dst",
|
||||
"email-src",
|
||||
"target-email"
|
||||
]
|
||||
],
|
||||
"name": "Common contact e-mail addresses",
|
||||
"type": "regex",
|
||||
"version": 20200226
|
||||
}
|
||||
|
|
|
@ -1,7 +1,76 @@
|
|||
{
|
||||
"name": "List of known hashes with common false-positives (based on Florian Roth input list)",
|
||||
"version": 2,
|
||||
"description": "Event contains one or more entries with common false-positives",
|
||||
"list": [
|
||||
"01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b",
|
||||
"048846ed8ed185a26394adeb3f63274d1029bbd59cffa8e73a4ef8b19456de1d",
|
||||
"06f7826c2862d184a49e3672c0aa6097b11e7771a4bf613ec37941236c1a8e20",
|
||||
"07c4c7ae2c4c7cb3ccd2ba9cd70a94382395ca8e2b0312c1631d09d790b6db33",
|
||||
"0f343b0931126a20f133d67c2b018a3b",
|
||||
"10400c6faf166902b52fb97042f1e0eb",
|
||||
"125da188e26bd119ce8cad7eeb1fc2dfa147ad47",
|
||||
"16e8e953c65d610c3bfc595240f3f5b7",
|
||||
"183d0929423da2aa83441ee625de92b213f33948",
|
||||
"1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d",
|
||||
"200ceb26807d6bf99fd6f4f0d1ca54d4",
|
||||
"231a802e6ff1fae42f2b12561fff2767d473210b",
|
||||
"2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a",
|
||||
"325472601571f31e1bf00674c368d335",
|
||||
"4194d1706ed1f408d5e02d672777019f4d5385c766a8c6ca8acba3167d36a7b9",
|
||||
"41f958d2d3e9ed4504b6a8863fd72b49",
|
||||
"4a15a6777284035dfd8df4ecf496b4f0557a9cc4ffaaf5887659031e843865e1",
|
||||
"4b298058e1d5fd3f2fa20ead21773912a5dc38da3c0da0bbc7de1adfb6011f1c",
|
||||
"4b6c7f3146f86136507497232d2f04a0",
|
||||
"4dde54cfc600dbd9a610645d197a632e064115ffaa3a1b595c3a23036e501678",
|
||||
"5ba93c9db0cff93f52b521d7420e43f6eda2784f",
|
||||
"5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef",
|
||||
"605db3fdbaff4ba13729371ad0c4fbab3889378e",
|
||||
"60cacbf3d72e1e7834203da608037b1bf83b40e8",
|
||||
"620f0b67a91f7f74151bc5be745b7110",
|
||||
"68b329da9893e34099c7d8ad5cb9c940",
|
||||
"6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d",
|
||||
"72c2dbbb1fe642073002b30987fcd68921a6b140",
|
||||
"7eb70257593da06f682a3ddda54a9d260d4fc514f645237f5ca74b08f8da61a6",
|
||||
"8094af5ee310714caebccaeee7769ffb08048503ba478b879edfef5f1a24fefe",
|
||||
"81051bcc2cf1bedf378224b0a93e2877",
|
||||
"86f1895ae8c5e8b17d99ece768a70732",
|
||||
"8a798890fe93817163b10b5f7bd2ca4d25d84c52739a645a889c173eee7d9d3d",
|
||||
"93b885adfe0da089cdf634904fd59f71",
|
||||
"995c770caeb45f7f0c1bc3affc60f11d8c40e16027df2cf711f95824f3534b6f",
|
||||
"a11a2f0cfe6d0b4c50945989db6360cd",
|
||||
"a6105c0a611b41b08f1209506350279e",
|
||||
"ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7",
|
||||
"adc83b19e793491b1c6ea0fd8b46cd9f32e592fc",
|
||||
"b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b",
|
||||
"b3aca92c793ee0e9b1a9b0a5f5fc044e05140df3",
|
||||
"b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c",
|
||||
"b6f9aa44c5f0565b5deb761b1926e9b6",
|
||||
"ba8ab5a0280b953aa97435ff8946cbcbb2755a27",
|
||||
"c4232ddd4d37b9c0884bd44d8476578c54d7f98d58945728e425736a6a07e102",
|
||||
"c5e389341a0b19b6f045823abffc9814",
|
||||
"c82cee5f957ad01068f487eecd430a1389e0d922",
|
||||
"c929701c67a05f90827563eedccf5eba8e65b2da970189a0371f28cd896708b8",
|
||||
"c99a74c555371a433d121f551d6c6398",
|
||||
"d378bffb70923139d6a4f546864aa61c",
|
||||
"d3b07384d113edec49eaa6238ad5ff00",
|
||||
"d41d8cd98f00b204e9800998ecf8427e",
|
||||
"d5502a1d00787d68f548ddeebbde1eca5e2b38ca",
|
||||
"d583c3aa489ed954df3be71e71deae3a9895857e",
|
||||
"d991c16949bd5e85e768385440e18d493ce3aa46",
|
||||
"da39a3ee5e6b4b0d3255bfef95601890afd80709",
|
||||
"deabe082bc0f0f503292e537b2675c7c93dca40f",
|
||||
"df4e26a04a444901b95afef44e4a96cfae34690fff2ad2c66389c70079cdff2b",
|
||||
"e24133dd836d99182a6227dcf6613d08",
|
||||
"e2516fcd1573e70334c8f50bee5241cdfdf48a00",
|
||||
"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
|
||||
"e5a00aa9991ac8a5ee3109844d84a55583bd20572ad3ffcd42792f3c36b183ad",
|
||||
"e617348b8947f28e2a280dd93c75a6ad",
|
||||
"f00aa51c2ed8b2f656318fdc01ee1cf5441011a4",
|
||||
"f1d2d2f924e986ac86fdf7b36c94bcdf32beec15",
|
||||
"f6d380b256b0e66ef347adc78195fd0f228b3e33",
|
||||
"fa8715078d45101200a6e2bf7321aa04",
|
||||
"fb360f9c09ac8c5edb2f18be5de4e80ea4c430d0",
|
||||
"fc4623b113a1f603c0d9ad5f83130bd6de1c62b973be9892305132389c8588de"
|
||||
],
|
||||
"matching_attributes": [
|
||||
"md5",
|
||||
"sha1",
|
||||
|
@ -14,76 +83,7 @@
|
|||
"filename|sha256",
|
||||
"filename|sha512"
|
||||
],
|
||||
"name": "List of known hashes with common false-positives (based on Florian Roth input list)",
|
||||
"type": "string",
|
||||
"list": [
|
||||
"d41d8cd98f00b204e9800998ecf8427e",
|
||||
"da39a3ee5e6b4b0d3255bfef95601890afd80709",
|
||||
"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
|
||||
"68b329da9893e34099c7d8ad5cb9c940",
|
||||
"adc83b19e793491b1c6ea0fd8b46cd9f32e592fc",
|
||||
"01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b",
|
||||
"81051bcc2cf1bedf378224b0a93e2877",
|
||||
"ba8ab5a0280b953aa97435ff8946cbcbb2755a27",
|
||||
"7eb70257593da06f682a3ddda54a9d260d4fc514f645237f5ca74b08f8da61a6",
|
||||
"93b885adfe0da089cdf634904fd59f71",
|
||||
"5ba93c9db0cff93f52b521d7420e43f6eda2784f",
|
||||
"6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d",
|
||||
"0f343b0931126a20f133d67c2b018a3b",
|
||||
"60cacbf3d72e1e7834203da608037b1bf83b40e8",
|
||||
"5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef",
|
||||
"c99a74c555371a433d121f551d6c6398",
|
||||
"605db3fdbaff4ba13729371ad0c4fbab3889378e",
|
||||
"e5a00aa9991ac8a5ee3109844d84a55583bd20572ad3ffcd42792f3c36b183ad",
|
||||
"fa8715078d45101200a6e2bf7321aa04",
|
||||
"d991c16949bd5e85e768385440e18d493ce3aa46",
|
||||
"4b298058e1d5fd3f2fa20ead21773912a5dc38da3c0da0bbc7de1adfb6011f1c",
|
||||
"620f0b67a91f7f74151bc5be745b7110",
|
||||
"1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d",
|
||||
"ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7",
|
||||
"c5e389341a0b19b6f045823abffc9814",
|
||||
"c82cee5f957ad01068f487eecd430a1389e0d922",
|
||||
"995c770caeb45f7f0c1bc3affc60f11d8c40e16027df2cf711f95824f3534b6f",
|
||||
"325472601571f31e1bf00674c368d335",
|
||||
"2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a",
|
||||
"b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b",
|
||||
"e617348b8947f28e2a280dd93c75a6ad",
|
||||
"125da188e26bd119ce8cad7eeb1fc2dfa147ad47",
|
||||
"06f7826c2862d184a49e3672c0aa6097b11e7771a4bf613ec37941236c1a8e20",
|
||||
"200ceb26807d6bf99fd6f4f0d1ca54d4",
|
||||
"b3aca92c793ee0e9b1a9b0a5f5fc044e05140df3",
|
||||
"4194d1706ed1f408d5e02d672777019f4d5385c766a8c6ca8acba3167d36a7b9",
|
||||
"d3b07384d113edec49eaa6238ad5ff00",
|
||||
"fb360f9c09ac8c5edb2f18be5de4e80ea4c430d0",
|
||||
"b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c",
|
||||
"a6105c0a611b41b08f1209506350279e",
|
||||
"f1d2d2f924e986ac86fdf7b36c94bcdf32beec15",
|
||||
"8a798890fe93817163b10b5f7bd2ca4d25d84c52739a645a889c173eee7d9d3d",
|
||||
"10400c6faf166902b52fb97042f1e0eb",
|
||||
"d583c3aa489ed954df3be71e71deae3a9895857e",
|
||||
"df4e26a04a444901b95afef44e4a96cfae34690fff2ad2c66389c70079cdff2b",
|
||||
"4b6c7f3146f86136507497232d2f04a0",
|
||||
"deabe082bc0f0f503292e537b2675c7c93dca40f",
|
||||
"4a15a6777284035dfd8df4ecf496b4f0557a9cc4ffaaf5887659031e843865e1",
|
||||
"a11a2f0cfe6d0b4c50945989db6360cd",
|
||||
"e2516fcd1573e70334c8f50bee5241cdfdf48a00",
|
||||
"fc4623b113a1f603c0d9ad5f83130bd6de1c62b973be9892305132389c8588de",
|
||||
"16e8e953c65d610c3bfc595240f3f5b7",
|
||||
"231a802e6ff1fae42f2b12561fff2767d473210b",
|
||||
"048846ed8ed185a26394adeb3f63274d1029bbd59cffa8e73a4ef8b19456de1d",
|
||||
"e24133dd836d99182a6227dcf6613d08",
|
||||
"72c2dbbb1fe642073002b30987fcd68921a6b140",
|
||||
"4dde54cfc600dbd9a610645d197a632e064115ffaa3a1b595c3a23036e501678",
|
||||
"41f958d2d3e9ed4504b6a8863fd72b49",
|
||||
"f6d380b256b0e66ef347adc78195fd0f228b3e33",
|
||||
"c929701c67a05f90827563eedccf5eba8e65b2da970189a0371f28cd896708b8",
|
||||
"d378bffb70923139d6a4f546864aa61c",
|
||||
"f00aa51c2ed8b2f656318fdc01ee1cf5441011a4",
|
||||
"c4232ddd4d37b9c0884bd44d8476578c54d7f98d58945728e425736a6a07e102",
|
||||
"86f1895ae8c5e8b17d99ece768a70732",
|
||||
"d5502a1d00787d68f548ddeebbde1eca5e2b38ca",
|
||||
"8094af5ee310714caebccaeee7769ffb08048503ba478b879edfef5f1a24fefe",
|
||||
"b6f9aa44c5f0565b5deb761b1926e9b6",
|
||||
"183d0929423da2aa83441ee625de92b213f33948",
|
||||
"07c4c7ae2c4c7cb3ccd2ba9cd70a94382395ca8e2b0312c1631d09d790b6db33"
|
||||
]
|
||||
"version": 2
|
||||
}
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -3,7 +3,6 @@
|
|||
"list": [
|
||||
"akkure4covid.com",
|
||||
"bag-coronavirus.ch",
|
||||
"bag-coronavirus.ch",
|
||||
"co19.oracle.com",
|
||||
"corona-data.ch",
|
||||
"coronamadrid.com",
|
||||
|
@ -36,6 +35,5 @@
|
|||
],
|
||||
"name": "Covid-19 Krassi's Whitelist",
|
||||
"type": "hostname",
|
||||
"uuid": "b600900c-aacc-4860-acf4-7e24a1b08202",
|
||||
"version": 20200403
|
||||
}
|
||||
|
|
|
@ -1,9 +1,8 @@
|
|||
{
|
||||
"name": "Valid covid-19 related domains",
|
||||
"version": 7,
|
||||
"description": "Maintained using different lists (such as Jaime Blasco's and Krassimir's lists).",
|
||||
"list": [
|
||||
"3d.nicovideo.jp",
|
||||
"aatishb.com",
|
||||
"account.nicovideo.jp",
|
||||
"ads.nicovideo.jp",
|
||||
"againstcovid19.com",
|
||||
|
@ -17,8 +16,13 @@
|
|||
"api.nicovideo.jp",
|
||||
"arcgis.com",
|
||||
"asuntosdelsur.org",
|
||||
"bag-coronavirus.ch",
|
||||
"balad.ir",
|
||||
"basemaps.arcgis.com",
|
||||
"bestcoronavirusprotect.tk",
|
||||
"bgvfr.coronavirusware.xyz",
|
||||
"blog.nicovideo.jp",
|
||||
"blogcoronacl.canalcero.digital",
|
||||
"bnnrc.net",
|
||||
"bnpb-inacovid19.hub.arcgis.com",
|
||||
"boisestate-covid-19.slack.com",
|
||||
|
@ -27,6 +31,7 @@
|
|||
"cas.dev.nicovideo.jp",
|
||||
"cas.nicovideo.jp",
|
||||
"cdc-covid19-healthbot.azurefd.net",
|
||||
"cdn.arcgis.com",
|
||||
"cdtcovid.akstd.azureedge.net",
|
||||
"ch.nicovideo.jp",
|
||||
"checkupcovid19.jatimprov.go.id",
|
||||
|
@ -34,6 +39,7 @@
|
|||
"cluster.covid19india.org",
|
||||
"commons.nicovideo.jp",
|
||||
"corona helden",
|
||||
"corona-data.ch",
|
||||
"corona.cloud",
|
||||
"corona.gov.bd",
|
||||
"corona.help",
|
||||
|
@ -51,14 +57,17 @@
|
|||
"coronavirus-dashboard.utah.gov",
|
||||
"coronavirus-disasterresponse.hub.arcgis.com",
|
||||
"coronavirus-map.com",
|
||||
"coronavirus-realtime.com",
|
||||
"coronavirus-vulnerable-people.service.gov.uk",
|
||||
"coronavirus-wvgovstatus-cdn.afd.azureedge.net",
|
||||
"coronavirus.app",
|
||||
"coronavirus.cc",
|
||||
"coronavirus.datafree.co",
|
||||
"coronavirus.dc.gov",
|
||||
"coronavirus.delaware.gov",
|
||||
"coronavirus.fairwork.gov.au",
|
||||
"coronavirus.gob.mx",
|
||||
"coronavirus.gouvernement.lu",
|
||||
"coronavirus.gov",
|
||||
"coronavirus.health.ny.gov",
|
||||
"coronavirus.health.ok.gov",
|
||||
|
@ -74,16 +83,20 @@
|
|||
"coronavirus.wa.gov",
|
||||
"coronavirus.wvgovstatus.com",
|
||||
"coronavirus.zone",
|
||||
"coronavirusaware.xyz",
|
||||
"coronavirusecuador.com",
|
||||
"coronavirusinfections.org",
|
||||
"coronaviruslive.it",
|
||||
"coronavirusnow.com",
|
||||
"coronavirusstatus.space",
|
||||
"coronavirusupdate.tk",
|
||||
"covid-19-assets.htvtools.us",
|
||||
"covid-19.alibabacloud.com",
|
||||
"covid-19.bccdc.ca",
|
||||
"covid-19.chinadaily.com.cn",
|
||||
"covid-19.chinatimes.com",
|
||||
"covid-19.direct",
|
||||
"covid-19.iglocska.eu",
|
||||
"covid-19.kapook.com",
|
||||
"covid-19.livephotos.my",
|
||||
"covid-19.ontario.ca",
|
||||
|
@ -96,6 +109,7 @@
|
|||
"covid-19training.gov.au",
|
||||
"covid-api.com",
|
||||
"covid-global-hackathon.devpost.com",
|
||||
"covid-misp.ncsc.gov.ie",
|
||||
"covid-monitoring.kemkes.go.id",
|
||||
"covid-response-moa-muniorg.hub.arcgis.com",
|
||||
"covid-sheets-mirror.web.app",
|
||||
|
@ -129,7 +143,9 @@
|
|||
"covid19.jogjaprov.go.id",
|
||||
"covid19.kedirikab.go.id",
|
||||
"covid19.kemkes.go.id",
|
||||
"covid19.lu",
|
||||
"covid19.mathdro.id",
|
||||
"covid19.min-saude.pt",
|
||||
"covid19.moph.go.th",
|
||||
"covid19.mt.gov",
|
||||
"covid19.nashville.gov",
|
||||
|
@ -153,6 +169,7 @@
|
|||
"covid19india.github.io",
|
||||
"covid19india.org",
|
||||
"covid19info.live",
|
||||
"covid19japan.com",
|
||||
"covid19japan.s3.ap-northeast-1.amazonaws.com",
|
||||
"covid19musicrelief.byspotify.com",
|
||||
"covid19ph.com",
|
||||
|
@ -161,6 +178,7 @@
|
|||
"covid19stats.live",
|
||||
"covid19tracker.ca",
|
||||
"covid19vm01.azurewebsites.net",
|
||||
"covid3d.fr",
|
||||
"covidabruzzo.it",
|
||||
"covidactnow.org",
|
||||
"covideo.com",
|
||||
|
@ -201,6 +219,7 @@
|
|||
"ichiba.nicovideo.jp",
|
||||
"inacovid19.maps.arcgis.com",
|
||||
"indonesia-covid-19.mathdro.id",
|
||||
"info-coronavirus.be",
|
||||
"infocovid19.jatimprov.go.id",
|
||||
"italy.coronavirusinfections.org",
|
||||
"jabarprov-covid19.netlify.com",
|
||||
|
@ -240,6 +259,7 @@
|
|||
"seiga.dev.nicovideo.jp",
|
||||
"seiga.nicovideo.jp",
|
||||
"servicecovid.tpasaigon.vn",
|
||||
"services9.arcgis.com",
|
||||
"sgwuhan.xose.net",
|
||||
"shiny.john-coene.com",
|
||||
"site.nicovideo.jp",
|
||||
|
@ -262,13 +282,16 @@
|
|||
"stopcov.ge",
|
||||
"stopcovid19.metro.tokyo.lg.jp",
|
||||
"sug.search.nicovideo.jp",
|
||||
"survivecoronavirus.org",
|
||||
"talksub.com",
|
||||
"test.nicovideo.jp",
|
||||
"the2019ncov.com",
|
||||
"thewuhanvirus.com",
|
||||
"tiles.arcgis.com",
|
||||
"trackcorona-images.s3.amazonaws.com",
|
||||
"trackcorona.live",
|
||||
"us-central1-covid-19-live.cloudfunctions.net",
|
||||
"vaccine-coronavirus.com",
|
||||
"veille-coronavirus.fr",
|
||||
"verificovid.mx",
|
||||
"wirvsvirushackathon.org",
|
||||
|
@ -290,47 +313,19 @@
|
|||
"www.covideo.com",
|
||||
"www.covidvisualizer.com",
|
||||
"www.dev.nicovideo.jp",
|
||||
"www.info-coronavirus.be",
|
||||
"www.internet-covid19.com",
|
||||
"www.kycovid19.ky.gov",
|
||||
"www.nicovideo.jp",
|
||||
"www.test.nicovideo.jp",
|
||||
"www.voluntarioscoronavirus.rj.gov.br",
|
||||
"bag-coronavirus.ch",
|
||||
"bestcoronavirusprotect.tk",
|
||||
"bgvfr.coronavirusware.xyz",
|
||||
"blogcoronacl.canalcero.digital",
|
||||
"corona-data.ch",
|
||||
"coronavirus-map.com",
|
||||
"coronavirus-realtime.com",
|
||||
"coronavirus.app",
|
||||
"coronavirus.cc",
|
||||
"coronavirus.zone",
|
||||
"coronavirusaware.xyz",
|
||||
"coronavirusstatus.space",
|
||||
"coronavirusupdate.tk",
|
||||
"covid-19.iglocska.eu",
|
||||
"covid-misp.ncsc.gov.ie",
|
||||
"covid.apollo247.com",
|
||||
"covid19india.org",
|
||||
"covid19japan.com",
|
||||
"survivecoronavirus.org",
|
||||
"vaccine-coronavirus.com",
|
||||
"covid19.min-saude.pt",
|
||||
"www.info-coronavirus.be",
|
||||
"info-coronavirus.be",
|
||||
"coronavirus.gouvernement.lu",
|
||||
"covid19.lu",
|
||||
"covid3d.fr",
|
||||
"aatishb.com",
|
||||
"basemaps.arcgis.com",
|
||||
"services9.arcgis.com",
|
||||
"cdn.arcgis.com",
|
||||
"tiles.arcgis.com"
|
||||
"www.voluntarioscoronavirus.rj.gov.br"
|
||||
],
|
||||
"type": "hostname",
|
||||
"matching_attributes": [
|
||||
"domain",
|
||||
"hostname",
|
||||
"url"
|
||||
]
|
||||
],
|
||||
"name": "Valid covid-19 related domains",
|
||||
"type": "hostname",
|
||||
"version": 8
|
||||
}
|
||||
|
|
|
@ -1,5 +1,383 @@
|
|||
{
|
||||
"type": "substring",
|
||||
"description": "CRL Warninglist from threatstop (https://github.com/threatstop/crl-ocsp-whitelist/)",
|
||||
"list": [
|
||||
"104.16.89.188",
|
||||
"104.16.90.188",
|
||||
"104.16.91.188",
|
||||
"104.16.92.188",
|
||||
"104.16.93.188",
|
||||
"104.17.102.175",
|
||||
"104.17.103.175",
|
||||
"104.17.104.175",
|
||||
"104.17.105.175",
|
||||
"104.17.106.175",
|
||||
"104.215.29.84",
|
||||
"104.215.54.174",
|
||||
"104.41.179.244",
|
||||
"104.91.166.106",
|
||||
"104.91.166.112",
|
||||
"104.91.166.82",
|
||||
"104.91.166.89",
|
||||
"104.91.166.96",
|
||||
"104.91.166.98",
|
||||
"109.70.240.114",
|
||||
"113.52.156.18",
|
||||
"116.92.128.12",
|
||||
"116.92.128.34",
|
||||
"119.145.171.206",
|
||||
"119.145.171.215",
|
||||
"121.50.63.210",
|
||||
"121.50.63.211",
|
||||
"13.114.126.114",
|
||||
"13.33.164.100",
|
||||
"13.33.164.105",
|
||||
"13.33.164.164",
|
||||
"13.33.164.223",
|
||||
"13.33.164.236",
|
||||
"13.33.164.37",
|
||||
"13.33.164.7",
|
||||
"13.33.164.93",
|
||||
"13.78.114.232",
|
||||
"133.242.48.24",
|
||||
"133.242.50.38",
|
||||
"133.242.68.56",
|
||||
"151.101.46.133",
|
||||
"153.120.128.154",
|
||||
"153.127.215.13",
|
||||
"153.127.216.172",
|
||||
"153.149.154.120",
|
||||
"153.149.17.219",
|
||||
"153.149.96.48",
|
||||
"153.149.98.42",
|
||||
"155.207.94.23",
|
||||
"155.207.94.25",
|
||||
"172.217.1.46",
|
||||
"172.217.4.243",
|
||||
"178.255.83.1",
|
||||
"18.194.140.191",
|
||||
"184.73.226.63",
|
||||
"185.102.40.212",
|
||||
"185.102.40.23",
|
||||
"185.33.53.5",
|
||||
"185.62.162.144",
|
||||
"185.62.162.145",
|
||||
"185.69.225.3",
|
||||
"185.69.225.4",
|
||||
"192.35.177.117",
|
||||
"192.35.177.153",
|
||||
"192.35.177.155",
|
||||
"193.104.0.178",
|
||||
"193.104.0.210",
|
||||
"193.140.71.141",
|
||||
"193.140.71.35",
|
||||
"193.27.6.240",
|
||||
"193.42.222.125",
|
||||
"194.140.12.241",
|
||||
"194.140.59.23",
|
||||
"194.145.83.75",
|
||||
"194.145.83.79",
|
||||
"194.30.48.30",
|
||||
"195.77.23.39",
|
||||
"195.77.23.49",
|
||||
"195.80.175.18",
|
||||
"195.80.175.39",
|
||||
"195.80.175.7",
|
||||
"195.95.167.129",
|
||||
"195.95.167.162",
|
||||
"195.95.167.163",
|
||||
"2001:4420:aa01:ff01:210:241:69:194",
|
||||
"2001:4542:2064:7::1010",
|
||||
"2001:4542:2064:7::1013",
|
||||
"2001:559:19:5400::173e:e30b",
|
||||
"2001:559:19:5400::173e:e319",
|
||||
"2001:559:19:5400::173e:e361",
|
||||
"2001:559:19:5400::173e:e36a",
|
||||
"2001:559:19:5400::173e:e378",
|
||||
"2001:559:19:5400::173e:e380",
|
||||
"2001:559:19:5c96::201a",
|
||||
"2001:559:19:5c98::201a",
|
||||
"2001:559:19:6483::201a",
|
||||
"2001:559:19:648f::201a",
|
||||
"2001:559:19:e000::b854:f46a",
|
||||
"2001:b031:1306:ff00::1010",
|
||||
"2001:b031:1306:ff00::1013",
|
||||
"202.32.255.81",
|
||||
"202.32.255.82",
|
||||
"210.151.42.156",
|
||||
"210.241.69.194",
|
||||
"210.71.154.56",
|
||||
"210.74.41.123",
|
||||
"210.74.41.181",
|
||||
"212.142.249.49",
|
||||
"212.175.187.26",
|
||||
"212.175.187.27",
|
||||
"212.175.187.59",
|
||||
"212.31.61.102",
|
||||
"212.31.61.106",
|
||||
"213.162.193.244",
|
||||
"213.162.193.245",
|
||||
"213.229.84.216",
|
||||
"213.61.227.196",
|
||||
"216.58.216.78",
|
||||
"217.150.144.194",
|
||||
"217.150.144.200",
|
||||
"217.150.144.202",
|
||||
"217.170.186.113",
|
||||
"217.170.186.115",
|
||||
"219.127.237.69",
|
||||
"219.87.64.165",
|
||||
"219.87.64.186",
|
||||
"23.215.104.10",
|
||||
"23.215.104.113",
|
||||
"23.215.104.16",
|
||||
"23.215.104.19",
|
||||
"23.215.104.27",
|
||||
"23.215.104.35",
|
||||
"23.215.104.49",
|
||||
"23.215.104.65",
|
||||
"23.215.105.96",
|
||||
"23.34.78.114",
|
||||
"23.4.43.27",
|
||||
"23.5.251.27",
|
||||
"23.54.187.27",
|
||||
"23.62.227.64",
|
||||
"23.62.227.72",
|
||||
"23.62.227.9",
|
||||
"2600:1407:21:2a1::1b01",
|
||||
"2600:1407:21:2b3::1b01",
|
||||
"2600:9000:2044:4800:3:6aa6:6180:21",
|
||||
"2600:9000:2044:a200:3:6aa6:6180:21",
|
||||
"2600:9000:2044:ae00:3:6aa6:6180:21",
|
||||
"2600:9000:2044:bc00:3:6aa6:6180:21",
|
||||
"2600:9000:2044:e200:3:6aa6:6180:21",
|
||||
"2600:9000:2044:ec00:3:6aa6:6180:21",
|
||||
"2600:9000:2044:f800:3:6aa6:6180:21",
|
||||
"2600:9000:2044:fc00:3:6aa6:6180:21",
|
||||
"2606:4700::6810:59bc",
|
||||
"2606:4700::6810:5abc",
|
||||
"2606:4700::6810:5bbc",
|
||||
"2606:4700::6810:5cbc",
|
||||
"2606:4700::6810:5dbc",
|
||||
"2606:4700::6811:66af",
|
||||
"2606:4700::6811:67af",
|
||||
"2606:4700::6811:68af",
|
||||
"2606:4700::6811:69af",
|
||||
"2606:4700::6811:6aaf",
|
||||
"2607:f8b0:4009:80d::200e",
|
||||
"2607:f8b0:4009:815::2013",
|
||||
"2607:f8b0:4009:816::200e",
|
||||
"2620:108:700f::22d4:f675",
|
||||
"2620:108:700f::22d6:45ab",
|
||||
"2620:108:700f::3426:765e",
|
||||
"2a00:17f0:1300:3285::2",
|
||||
"2a00:17f0:1300:3285::3",
|
||||
"2a02:1788:2fd::b2ff:5301",
|
||||
"2a04:4e42:2c::645",
|
||||
"2a04:4e42:b::645",
|
||||
"35.163.43.72",
|
||||
"46.137.168.218",
|
||||
"46.137.183.10",
|
||||
"46.29.101.81",
|
||||
"46.29.101.82",
|
||||
"46.29.101.83",
|
||||
"46.29.101.84",
|
||||
"50.63.243.228",
|
||||
"50.63.243.229",
|
||||
"50.63.243.230",
|
||||
"52.207.77.222",
|
||||
"52.219.73.78",
|
||||
"52.222.217.106",
|
||||
"52.222.217.144",
|
||||
"52.222.217.59",
|
||||
"52.222.217.88",
|
||||
"52.239.142.228",
|
||||
"54.199.233.192",
|
||||
"59.106.216.193",
|
||||
"60.250.3.135",
|
||||
"60.250.3.156",
|
||||
"61.114.186.157",
|
||||
"61.203.134.55",
|
||||
"62.96.224.138",
|
||||
"66.225.197.197",
|
||||
"72.21.91.29",
|
||||
"80.79.96.210",
|
||||
"80.79.96.44",
|
||||
"82.223.54.157",
|
||||
"86.109.121.18",
|
||||
"88.87.212.233",
|
||||
"88.87.212.243",
|
||||
"91.120.239.74",
|
||||
"91.121.147.17",
|
||||
"91.194.146.110",
|
||||
"91.198.11.52",
|
||||
"91.198.11.79",
|
||||
"91.198.11.87",
|
||||
"91.83.236.157",
|
||||
"93.92.105.115",
|
||||
"93.92.105.23",
|
||||
"aces.ocsp.identrust.com",
|
||||
"cdn.d-trust-cloudcrl.net",
|
||||
"cdp.elektronicznypodpis.pl",
|
||||
"cdp1.disig.sk",
|
||||
"cdp2.disig.sk",
|
||||
"commercial.ocsp.identrust.com",
|
||||
"crl-ssl.certificat2.com",
|
||||
"crl.affirmtrust.com",
|
||||
"crl.buypass.no",
|
||||
"crl.camerfirma.com",
|
||||
"crl.certsign.ro",
|
||||
"crl.cfca.com.cn",
|
||||
"crl.comodoca.com",
|
||||
"crl.d-trust.net",
|
||||
"crl.e-tugra.com",
|
||||
"crl.entrust.net",
|
||||
"crl.firmaprofesional.com",
|
||||
"crl.gdca.com.cn",
|
||||
"crl.globalsign.com",
|
||||
"crl.godaddy.com",
|
||||
"crl.igc-g3.certinomis.com",
|
||||
"crl.infocert.it",
|
||||
"crl.izenpe.com",
|
||||
"crl.luxtrust.lu",
|
||||
"crl.managedpki.com",
|
||||
"crl.netsolssl.com",
|
||||
"crl.pki.goog",
|
||||
"crl.quovadisglobal.com",
|
||||
"crl.sbca.telesec.de",
|
||||
"crl.serverpass.telesec.de",
|
||||
"crl.starfieldtech.com",
|
||||
"crl.swisssign.net",
|
||||
"crl.trust-provider.com",
|
||||
"crl.trustcor.ca",
|
||||
"crl.trustwave.com",
|
||||
"crl.usertrust.com",
|
||||
"crl09.actalis.it",
|
||||
"crl1.camerfirma.com",
|
||||
"crl1.e-tugra.com",
|
||||
"crl1.hongkongpost.gov.hk",
|
||||
"crl1.netlock.hu",
|
||||
"crl2.firmaprofesional.com",
|
||||
"crl2.netlock.hu",
|
||||
"crl3.digicert.com",
|
||||
"crl3.netlock.hu",
|
||||
"crl4.digicert.com",
|
||||
"crls.ssl.com",
|
||||
"crlv1.harica.gr",
|
||||
"depo.kamusm.gov.tr",
|
||||
"epscd.catcert.net",
|
||||
"ev.ocsp.quovadisglobal.com",
|
||||
"ev2.ocsp.secomtrust.net",
|
||||
"evcrl1.managedpki.com",
|
||||
"evocsp1.managedpki.com",
|
||||
"evsslocsp.twca.com.tw",
|
||||
"fe.symcb.com",
|
||||
"fe.symcd.com",
|
||||
"fi.symcb.com",
|
||||
"fi.symcd.com",
|
||||
"fj.symcb.com",
|
||||
"fj.symcd.com",
|
||||
"g2ocsp.managedpki.com",
|
||||
"g3ocsp.managedpki.com",
|
||||
"gca.nat.gov.tw",
|
||||
"gk.symcb.com",
|
||||
"gk.symcd.com",
|
||||
"gm.symcb.com",
|
||||
"gm.symcd.com",
|
||||
"gn.symcb.com",
|
||||
"gn.symcd.com",
|
||||
"gold-ev-g2.ocsp.swisssign.net",
|
||||
"igc-g3.certinomis.com",
|
||||
"jcsitlssignpublicca-ocsp.managedpki.ne.jp",
|
||||
"ocsp-ssl.certificat2.com",
|
||||
"ocsp.accv.es",
|
||||
"ocsp.affirmtrust.com",
|
||||
"ocsp.buypass.com",
|
||||
"ocsp.buypass.no",
|
||||
"ocsp.camerfirma.com",
|
||||
"ocsp.catcert.cat",
|
||||
"ocsp.certsign.ro",
|
||||
"ocsp.cfca.com.cn",
|
||||
"ocsp.comodoca.com",
|
||||
"ocsp.digicert.com",
|
||||
"ocsp.e-tugra.com",
|
||||
"ocsp.entrust.net",
|
||||
"ocsp.epki.external.trustcor.ca",
|
||||
"ocsp.ev.hinet.net",
|
||||
"ocsp.firmaprofesional.com",
|
||||
"ocsp.godaddy.com",
|
||||
"ocsp.harica.gr",
|
||||
"ocsp.int-x3.letsencrypt.org",
|
||||
"ocsp.izenpe.com",
|
||||
"ocsp.netsolssl.com",
|
||||
"ocsp.ovcf.ca3.infocert.it",
|
||||
"ocsp.pki.goog",
|
||||
"ocsp.quovadisglobal.com",
|
||||
"ocsp.sca0a.amazontrust.com",
|
||||
"ocsp.sca1a.amazontrust.com",
|
||||
"ocsp.sca2a.amazontrust.com",
|
||||
"ocsp.sca3a.amazontrust.com",
|
||||
"ocsp.sca4a.amazontrust.com",
|
||||
"ocsp.serverpass.telesec.de",
|
||||
"ocsp.starfieldtech.com",
|
||||
"ocsp.trust-provider.com",
|
||||
"ocsp.trustcor.ca",
|
||||
"ocsp.trustwave.com",
|
||||
"ocsp.usertrust.com",
|
||||
"ocsp.wisekey.com",
|
||||
"ocsp03.sbca.telesec.de",
|
||||
"ocsp09.actalis.it",
|
||||
"ocsp1.hongkongpost.gov.hk",
|
||||
"ocsp1.netlock.hu",
|
||||
"ocsp1.trustisfps.com",
|
||||
"ocsp2.globalsign.com",
|
||||
"ocsp2.netlock.hu",
|
||||
"ocsp2.wisekey.com",
|
||||
"ocsp3.gdca.com.cn",
|
||||
"ocsp3.netlock.hu",
|
||||
"ocspap.cert.fnmt.es",
|
||||
"ocsps.ssl.com",
|
||||
"ocspssls1.kamusm.gov.tr",
|
||||
"pki-crl.atos.net",
|
||||
"pki-ocsp.atos.net",
|
||||
"public.wisekey.com",
|
||||
"repo1.secomtrust.net",
|
||||
"repository.ev.hinet.net",
|
||||
"rtcrl.managedpki.ne.jp",
|
||||
"sh.symcb.com",
|
||||
"sh.symcd.com",
|
||||
"silver-server-g2.ocsp.swisssign.net",
|
||||
"sn.symcb.com",
|
||||
"sn.symcd.com",
|
||||
"sr.symcb.com",
|
||||
"sr.symcd.com",
|
||||
"ss.symcb.com",
|
||||
"ss.symcd.com",
|
||||
"ssl-c3-ca1-2009.ocsp.d-trust.net",
|
||||
"ssl-c3-ca1-ev-2009.ocsp.d-trust.net",
|
||||
"ssl.ocsp.luxtrust.lu",
|
||||
"sslca2014-crl1.e-szigno.hu",
|
||||
"sslca2014-crl2.e-szigno.hu",
|
||||
"sslca2014-crl3.e-szigno.hu",
|
||||
"sslca2014-ocsp1.e-szigno.hu",
|
||||
"sslca2014-ocsp2.e-szigno.hu",
|
||||
"sslca2014-ocsp3.e-szigno.hu",
|
||||
"sslserver.twca.com.tw",
|
||||
"subcar2i2-ocsp.disig.sk",
|
||||
"sureseries-crl.cybertrust.ne.jp",
|
||||
"sureseries-ocsp.cybertrust.ne.jp",
|
||||
"tf.symcb.com",
|
||||
"tf.symcd.com",
|
||||
"ti.symcb.com",
|
||||
"ti.symcd.com",
|
||||
"tq.symcb.com",
|
||||
"tq.symcd.com",
|
||||
"validation.identrust.com",
|
||||
"www.accv.es",
|
||||
"www.cert.fnmt.es",
|
||||
"www.certinomis.com",
|
||||
"www.certsign.ro",
|
||||
"www.trustis.com"
|
||||
],
|
||||
"matching_attributes": [
|
||||
"hostname",
|
||||
"domain",
|
||||
|
@ -9,384 +387,6 @@
|
|||
"domain|ip"
|
||||
],
|
||||
"name": "CRL Warninglist",
|
||||
"version": 20190301,
|
||||
"description": "CRL Warninglist from threatstop (https://github.com/threatstop/crl-ocsp-whitelist/)",
|
||||
"list": [
|
||||
"subcar2i2-ocsp.disig.sk",
|
||||
"ocsp3.gdca.com.cn",
|
||||
"ocsp.godaddy.com",
|
||||
"crl.quovadisglobal.com",
|
||||
"66.225.197.197",
|
||||
"2001:4420:aa01:ff01:210:241:69:194",
|
||||
"sslserver.twca.com.tw",
|
||||
"2606:4700::6811:66af",
|
||||
"104.16.92.188",
|
||||
"ssl-c3-ca1-ev-2009.ocsp.d-trust.net",
|
||||
"91.198.11.52",
|
||||
"61.114.186.157",
|
||||
"public.wisekey.com",
|
||||
"18.194.140.191",
|
||||
"tq.symcd.com",
|
||||
"crl.trustcor.ca",
|
||||
"epscd.catcert.net",
|
||||
"fi.symcd.com",
|
||||
"crl.cfca.com.cn",
|
||||
"ss.symcd.com",
|
||||
"60.250.3.156",
|
||||
"sr.symcb.com",
|
||||
"2620:108:700f::22d4:f675",
|
||||
"ocsp.cfca.com.cn",
|
||||
"195.77.23.49",
|
||||
"ocsp1.trustisfps.com",
|
||||
"crl.igc-g3.certinomis.com",
|
||||
"104.16.93.188",
|
||||
"184.73.226.63",
|
||||
"ocsp2.globalsign.com",
|
||||
"ev.ocsp.quovadisglobal.com",
|
||||
"185.69.225.3",
|
||||
"23.215.104.19",
|
||||
"crl.camerfirma.com",
|
||||
"ocsp.certsign.ro",
|
||||
"153.149.96.48",
|
||||
"crl.luxtrust.lu",
|
||||
"104.91.166.98",
|
||||
"2600:9000:2044:a200:3:6aa6:6180:21",
|
||||
"crl1.netlock.hu",
|
||||
"104.215.54.174",
|
||||
"54.199.233.192",
|
||||
"23.215.104.16",
|
||||
"193.140.71.141",
|
||||
"sslca2014-crl2.e-szigno.hu",
|
||||
"tf.symcd.com",
|
||||
"crl.firmaprofesional.com",
|
||||
"crl3.digicert.com",
|
||||
"2001:b031:1306:ff00::1010",
|
||||
"ocsp.serverpass.telesec.de",
|
||||
"2600:1407:21:2b3::1b01",
|
||||
"13.33.164.100",
|
||||
"72.21.91.29",
|
||||
"2001:559:19:5400::173e:e378",
|
||||
"ocsp.sca0a.amazontrust.com",
|
||||
"93.92.105.23",
|
||||
"194.140.59.23",
|
||||
"gn.symcd.com",
|
||||
"2606:4700::6811:69af",
|
||||
"192.35.177.117",
|
||||
"217.170.186.115",
|
||||
"ssl.ocsp.luxtrust.lu",
|
||||
"13.78.114.232",
|
||||
"ocsp.camerfirma.com",
|
||||
"crl.gdca.com.cn",
|
||||
"2a00:17f0:1300:3285::3",
|
||||
"cdn.d-trust-cloudcrl.net",
|
||||
"crl.izenpe.com",
|
||||
"2001:4542:2064:7::1013",
|
||||
"ocsp.catcert.cat",
|
||||
"silver-server-g2.ocsp.swisssign.net",
|
||||
"210.151.42.156",
|
||||
"153.149.98.42",
|
||||
"2606:4700::6811:6aaf",
|
||||
"ti.symcd.com",
|
||||
"194.140.12.241",
|
||||
"sr.symcd.com",
|
||||
"202.32.255.81",
|
||||
"2a00:17f0:1300:3285::2",
|
||||
"213.61.227.196",
|
||||
"evocsp1.managedpki.com",
|
||||
"219.87.64.165",
|
||||
"52.222.217.106",
|
||||
"23.215.104.49",
|
||||
"172.217.4.243",
|
||||
"193.104.0.210",
|
||||
"crl.swisssign.net",
|
||||
"23.215.104.10",
|
||||
"ocsp2.wisekey.com",
|
||||
"tf.symcb.com",
|
||||
"185.102.40.212",
|
||||
"2600:9000:2044:4800:3:6aa6:6180:21",
|
||||
"23.34.78.114",
|
||||
"212.142.249.49",
|
||||
"193.104.0.178",
|
||||
"ocsp-ssl.certificat2.com",
|
||||
"crlv1.harica.gr",
|
||||
"23.5.251.27",
|
||||
"sslca2014-ocsp2.e-szigno.hu",
|
||||
"109.70.240.114",
|
||||
"crl09.actalis.it",
|
||||
"185.62.162.145",
|
||||
"13.114.126.114",
|
||||
"88.87.212.233",
|
||||
"gk.symcd.com",
|
||||
"104.16.91.188",
|
||||
"195.80.175.39",
|
||||
"2001:559:19:5400::173e:e380",
|
||||
"crls.ssl.com",
|
||||
"crl1.camerfirma.com",
|
||||
"evsslocsp.twca.com.tw",
|
||||
"91.198.11.87",
|
||||
"ocsp03.sbca.telesec.de",
|
||||
"104.16.90.188",
|
||||
"23.215.104.65",
|
||||
"60.250.3.135",
|
||||
"2001:559:19:5c96::201a",
|
||||
"13.33.164.164",
|
||||
"www.certsign.ro",
|
||||
"sslca2014-ocsp1.e-szigno.hu",
|
||||
"212.31.61.106",
|
||||
"46.29.101.84",
|
||||
"jcsitlssignpublicca-ocsp.managedpki.ne.jp",
|
||||
"crl.starfieldtech.com",
|
||||
"185.62.162.144",
|
||||
"104.91.166.112",
|
||||
"2600:9000:2044:fc00:3:6aa6:6180:21",
|
||||
"cdp2.disig.sk",
|
||||
"crl.comodoca.com",
|
||||
"104.91.166.89",
|
||||
"153.149.17.219",
|
||||
"ocsp.buypass.com",
|
||||
"ocsp.int-x3.letsencrypt.org",
|
||||
"2607:f8b0:4009:815::2013",
|
||||
"fi.symcb.com",
|
||||
"178.255.83.1",
|
||||
"ev2.ocsp.secomtrust.net",
|
||||
"52.222.217.144",
|
||||
"104.17.106.175",
|
||||
"194.145.83.79",
|
||||
"216.58.216.78",
|
||||
"192.35.177.155",
|
||||
"50.63.243.229",
|
||||
"ocsps.ssl.com",
|
||||
"13.33.164.93",
|
||||
"212.175.187.59",
|
||||
"113.52.156.18",
|
||||
"www.certinomis.com",
|
||||
"116.92.128.12",
|
||||
"23.215.104.27",
|
||||
"sslca2014-crl3.e-szigno.hu",
|
||||
"82.223.54.157",
|
||||
"ssl-c3-ca1-2009.ocsp.d-trust.net",
|
||||
"crl.sbca.telesec.de",
|
||||
"193.42.222.125",
|
||||
"depo.kamusm.gov.tr",
|
||||
"ocsp1.netlock.hu",
|
||||
"sh.symcb.com",
|
||||
"gk.symcb.com",
|
||||
"133.242.68.56",
|
||||
"ocspap.cert.fnmt.es",
|
||||
"2600:9000:2044:ae00:3:6aa6:6180:21",
|
||||
"ocsp.sca1a.amazontrust.com",
|
||||
"46.29.101.83",
|
||||
"ocsp.sca4a.amazontrust.com",
|
||||
"2001:559:19:5400::173e:e30b",
|
||||
"46.29.101.81",
|
||||
"23.4.43.27",
|
||||
"ocsp2.netlock.hu",
|
||||
"crl.trustwave.com",
|
||||
"www.cert.fnmt.es",
|
||||
"195.77.23.39",
|
||||
"crl3.netlock.hu",
|
||||
"219.127.237.69",
|
||||
"46.137.183.10",
|
||||
"ss.symcb.com",
|
||||
"crl2.netlock.hu",
|
||||
"195.95.167.129",
|
||||
"23.215.104.35",
|
||||
"80.79.96.210",
|
||||
"crl.entrust.net",
|
||||
"194.145.83.75",
|
||||
"crl.godaddy.com",
|
||||
"www.accv.es",
|
||||
"crl1.e-tugra.com",
|
||||
"91.120.239.74",
|
||||
"153.127.215.13",
|
||||
"ocsp.wisekey.com",
|
||||
"crl.globalsign.com",
|
||||
"91.194.146.110",
|
||||
"cdp.elektronicznypodpis.pl",
|
||||
"217.150.144.200",
|
||||
"153.120.128.154",
|
||||
"crl-ssl.certificat2.com",
|
||||
"13.33.164.37",
|
||||
"210.74.41.181",
|
||||
"23.62.227.64",
|
||||
"www.trustis.com",
|
||||
"ocsp.izenpe.com",
|
||||
"13.33.164.105",
|
||||
"62.96.224.138",
|
||||
"g2ocsp.managedpki.com",
|
||||
"121.50.63.210",
|
||||
"ocsp.usertrust.com",
|
||||
"fe.symcb.com",
|
||||
"193.140.71.35",
|
||||
"185.33.53.5",
|
||||
"sslca2014-ocsp3.e-szigno.hu",
|
||||
"52.222.217.59",
|
||||
"ti.symcb.com",
|
||||
"195.80.175.7",
|
||||
"13.33.164.7",
|
||||
"2001:559:19:6483::201a",
|
||||
"46.137.168.218",
|
||||
"121.50.63.211",
|
||||
"ocsp.digicert.com",
|
||||
"119.145.171.215",
|
||||
"50.63.243.228",
|
||||
"ocsp.affirmtrust.com",
|
||||
"crl.managedpki.com",
|
||||
"59.106.216.193",
|
||||
"crl.trust-provider.com",
|
||||
"2606:4700::6811:68af",
|
||||
"217.150.144.194",
|
||||
"ocsp.accv.es",
|
||||
"ocsp09.actalis.it",
|
||||
"2001:559:19:5400::173e:e361",
|
||||
"igc-g3.certinomis.com",
|
||||
"23.215.104.113",
|
||||
"cdp1.disig.sk",
|
||||
"23.215.105.96",
|
||||
"195.95.167.162",
|
||||
"commercial.ocsp.identrust.com",
|
||||
"91.83.236.157",
|
||||
"crl1.hongkongpost.gov.hk",
|
||||
"crl.certsign.ro",
|
||||
"86.109.121.18",
|
||||
"202.32.255.82",
|
||||
"fj.symcd.com",
|
||||
"sh.symcd.com",
|
||||
"104.91.166.106",
|
||||
"ocsp.ev.hinet.net",
|
||||
"fj.symcb.com",
|
||||
"185.69.225.4",
|
||||
"52.207.77.222",
|
||||
"sureseries-crl.cybertrust.ne.jp",
|
||||
"crl.pki.goog",
|
||||
"119.145.171.206",
|
||||
"219.87.64.186",
|
||||
"gold-ev-g2.ocsp.swisssign.net",
|
||||
"crl.usertrust.com",
|
||||
"133.242.50.38",
|
||||
"2620:108:700f::3426:765e",
|
||||
"ocsp.harica.gr",
|
||||
"192.35.177.153",
|
||||
"sn.symcd.com",
|
||||
"ocsp.netsolssl.com",
|
||||
"crl.netsolssl.com",
|
||||
"52.222.217.88",
|
||||
"91.121.147.17",
|
||||
"ocspssls1.kamusm.gov.tr",
|
||||
"217.170.186.113",
|
||||
"2606:4700::6810:5abc",
|
||||
"185.102.40.23",
|
||||
"93.92.105.115",
|
||||
"ocsp.ovcf.ca3.infocert.it",
|
||||
"gn.symcb.com",
|
||||
"ocsp.starfieldtech.com",
|
||||
"116.92.128.34",
|
||||
"ocsp.entrust.net",
|
||||
"212.31.61.102",
|
||||
"crl2.firmaprofesional.com",
|
||||
"ocsp.buypass.no",
|
||||
"104.91.166.82",
|
||||
"212.175.187.26",
|
||||
"ocsp.trustwave.com",
|
||||
"fe.symcd.com",
|
||||
"104.17.104.175",
|
||||
"23.62.227.72",
|
||||
"217.150.144.202",
|
||||
"ocsp.comodoca.com",
|
||||
"2620:108:700f::22d6:45ab",
|
||||
"sslca2014-crl1.e-szigno.hu",
|
||||
"ocsp.pki.goog",
|
||||
"ocsp.e-tugra.com",
|
||||
"gm.symcd.com",
|
||||
"2606:4700::6810:5dbc",
|
||||
"212.175.187.27",
|
||||
"crl.serverpass.telesec.de",
|
||||
"pki-crl.atos.net",
|
||||
"13.33.164.223",
|
||||
"104.17.102.175",
|
||||
"193.27.6.240",
|
||||
"210.241.69.194",
|
||||
"2001:b031:1306:ff00::1013",
|
||||
"50.63.243.230",
|
||||
"46.29.101.82",
|
||||
"ocsp.trust-provider.com",
|
||||
"213.162.193.244",
|
||||
"crl.e-tugra.com",
|
||||
"ocsp.epki.external.trustcor.ca",
|
||||
"155.207.94.23",
|
||||
"23.62.227.9",
|
||||
"ocsp.firmaprofesional.com",
|
||||
"133.242.48.24",
|
||||
"tq.symcb.com",
|
||||
"104.16.89.188",
|
||||
"2606:4700::6810:59bc",
|
||||
"validation.identrust.com",
|
||||
"ocsp.sca3a.amazontrust.com",
|
||||
"91.198.11.79",
|
||||
"sureseries-ocsp.cybertrust.ne.jp",
|
||||
"153.127.216.172",
|
||||
"2600:9000:2044:f800:3:6aa6:6180:21",
|
||||
"61.203.134.55",
|
||||
"2607:f8b0:4009:816::200e",
|
||||
"210.74.41.123",
|
||||
"crl.affirmtrust.com",
|
||||
"104.17.105.175",
|
||||
"155.207.94.25",
|
||||
"52.219.73.78",
|
||||
"2600:9000:2044:bc00:3:6aa6:6180:21",
|
||||
"104.215.29.84",
|
||||
"ocsp3.netlock.hu",
|
||||
"repository.ev.hinet.net",
|
||||
"2600:9000:2044:e200:3:6aa6:6180:21",
|
||||
"151.101.46.133",
|
||||
"2a04:4e42:2c::645",
|
||||
"195.80.175.18",
|
||||
"evcrl1.managedpki.com",
|
||||
"194.30.48.30",
|
||||
"2607:f8b0:4009:80d::200e",
|
||||
"213.162.193.245",
|
||||
"35.163.43.72",
|
||||
"2001:559:19:5c98::201a",
|
||||
"104.41.179.244",
|
||||
"88.87.212.243",
|
||||
"g3ocsp.managedpki.com",
|
||||
"2a02:1788:2fd::b2ff:5301",
|
||||
"210.71.154.56",
|
||||
"13.33.164.236",
|
||||
"52.239.142.228",
|
||||
"2606:4700::6811:67af",
|
||||
"104.91.166.96",
|
||||
"23.54.187.27",
|
||||
"ocsp1.hongkongpost.gov.hk",
|
||||
"2001:4542:2064:7::1010",
|
||||
"crl.buypass.no",
|
||||
"pki-ocsp.atos.net",
|
||||
"195.95.167.163",
|
||||
"crl.d-trust.net",
|
||||
"2606:4700::6810:5cbc",
|
||||
"crl4.digicert.com",
|
||||
"crl.infocert.it",
|
||||
"2a04:4e42:b::645",
|
||||
"213.229.84.216",
|
||||
"2600:9000:2044:ec00:3:6aa6:6180:21",
|
||||
"ocsp.sca2a.amazontrust.com",
|
||||
"sn.symcb.com",
|
||||
"2606:4700::6810:5bbc",
|
||||
"2001:559:19:e000::b854:f46a",
|
||||
"2600:1407:21:2a1::1b01",
|
||||
"repo1.secomtrust.net",
|
||||
"rtcrl.managedpki.ne.jp",
|
||||
"172.217.1.46",
|
||||
"ocsp.quovadisglobal.com",
|
||||
"104.17.103.175",
|
||||
"2001:559:19:5400::173e:e36a",
|
||||
"aces.ocsp.identrust.com",
|
||||
"gm.symcb.com",
|
||||
"2001:559:19:5400::173e:e319",
|
||||
"2001:559:19:648f::201a",
|
||||
"gca.nat.gov.tw",
|
||||
"80.79.96.44",
|
||||
"ocsp.trustcor.ca",
|
||||
"153.149.154.120"
|
||||
]
|
||||
"type": "substring",
|
||||
"version": 20190301
|
||||
}
|
||||
|
|
|
@ -1,26 +1,26 @@
|
|||
{
|
||||
"name": "List of known dax30 webpages",
|
||||
"version": 1,
|
||||
"description": "Event contains one or more entries of known dax30 webpages",
|
||||
"list": [
|
||||
".bmw.de",
|
||||
".deutsche-boerse.com",
|
||||
".innogy.com",
|
||||
".linde.de",
|
||||
".lufthansa.com",
|
||||
".rwe.com",
|
||||
".siemens.com",
|
||||
".t-mobile.de",
|
||||
".t-systems.com",
|
||||
".telekom.com",
|
||||
".telekom.de",
|
||||
".the-linde-group.com",
|
||||
".volkswagen.de"
|
||||
],
|
||||
"matching_attributes": [
|
||||
"domain",
|
||||
"hostname",
|
||||
"domain|ip"
|
||||
],
|
||||
"name": "List of known dax30 webpages",
|
||||
"type": "hostname",
|
||||
"list": [
|
||||
".telekom.com",
|
||||
".telekom.de",
|
||||
".t-systems.com",
|
||||
".t-mobile.de",
|
||||
".innogy.com",
|
||||
".linde.de",
|
||||
".the-linde-group.com",
|
||||
".deutsche-boerse.com",
|
||||
".lufthansa.com",
|
||||
".rwe.com",
|
||||
".siemens.com",
|
||||
".volkswagen.de",
|
||||
".bmw.de"
|
||||
]
|
||||
"version": 1
|
||||
}
|
||||
|
|
|
@ -1,7 +1,22 @@
|
|||
{
|
||||
"name": "List of hashes for EICAR test virus",
|
||||
"version": 2,
|
||||
"description": "Event contains one or more entries based on hashes for EICAR test virus",
|
||||
"list": [
|
||||
"2546dcffc5ad854d4ddc64fbf056871cd5a00f2471cb7a5bfd4ac23b6e9eedad",
|
||||
"275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f",
|
||||
"3395856ce81f2b7382dee72602f798b642f14140",
|
||||
"44d88612fea8a8f36de82e1278abb02f",
|
||||
"6ce6f415d8475545be5ba114f208b0ff",
|
||||
"73d6b0ca9c5554fd2b37ff8af6b51812f3af49962cebd6e042d0883a45794ddb8a53724275d26f3e18cebf1cd1d67740acc920aba16965038c0cc75b87030fbe",
|
||||
"765dceb9a8c8ff4318e3ccaf7dbb9b05c0a53a819d24a50714aebe6c",
|
||||
"b31bb2cf25d7e654c694ffb85b426d164a210ead66affc3b004702be",
|
||||
"b42ec8b47deb2dc75edebd01132d63f8e8d4cd08e5d26d8bd366bdc5",
|
||||
"bec1b52d350d721c7e22a6d4bb0a92909893a3ae",
|
||||
"cc805d5fab1fd71a4ab352a9c533e65fb2d5b885518f4e565e68847223b8e6b85cb48f3afad842726d99239c9e36505c64b0dc9a061d9e507d833277ada336ab",
|
||||
"d27265074c9eac2e2122ed69294dbc4d7cce9141",
|
||||
"d9305862fe0bf552718d19db43075d88cffd768974627db60fa1a90a8d45563e035a6449663b8f66aac53791d77f37dbb5035159aa08e69fc473972022f80010",
|
||||
"e1105070ba828007508566e28a2b8d4c65d192e9eaf3b7868382b7cae747b397",
|
||||
"e4968ef99266df7c9a1f0637d2389dab"
|
||||
],
|
||||
"matching_attributes": [
|
||||
"md5",
|
||||
"sha1",
|
||||
|
@ -12,22 +27,7 @@
|
|||
"filename|sha256",
|
||||
"filename|sha512"
|
||||
],
|
||||
"name": "List of hashes for EICAR test virus",
|
||||
"type": "string",
|
||||
"list": [
|
||||
"44d88612fea8a8f36de82e1278abb02f",
|
||||
"6ce6f415d8475545be5ba114f208b0ff",
|
||||
"e4968ef99266df7c9a1f0637d2389dab",
|
||||
"3395856ce81f2b7382dee72602f798b642f14140",
|
||||
"d27265074c9eac2e2122ed69294dbc4d7cce9141",
|
||||
"bec1b52d350d721c7e22a6d4bb0a92909893a3ae",
|
||||
"b42ec8b47deb2dc75edebd01132d63f8e8d4cd08e5d26d8bd366bdc5",
|
||||
"b31bb2cf25d7e654c694ffb85b426d164a210ead66affc3b004702be",
|
||||
"765dceb9a8c8ff4318e3ccaf7dbb9b05c0a53a819d24a50714aebe6c",
|
||||
"275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f",
|
||||
"2546dcffc5ad854d4ddc64fbf056871cd5a00f2471cb7a5bfd4ac23b6e9eedad",
|
||||
"e1105070ba828007508566e28a2b8d4c65d192e9eaf3b7868382b7cae747b397",
|
||||
"cc805d5fab1fd71a4ab352a9c533e65fb2d5b885518f4e565e68847223b8e6b85cb48f3afad842726d99239c9e36505c64b0dc9a061d9e507d833277ada336ab",
|
||||
"d9305862fe0bf552718d19db43075d88cffd768974627db60fa1a90a8d45563e035a6449663b8f66aac53791d77f37dbb5035159aa08e69fc473972022f80010",
|
||||
"73d6b0ca9c5554fd2b37ff8af6b51812f3af49962cebd6e042d0883a45794ddb8a53724275d26f3e18cebf1cd1d67740acc920aba16965038c0cc75b87030fbe"
|
||||
]
|
||||
"version": 2
|
||||
}
|
||||
|
|
|
@ -1,7 +1,13 @@
|
|||
{
|
||||
"name": "List of known hashes for empty files",
|
||||
"version": 3,
|
||||
"description": "Event contains one or more entries of empty files based on known hashed",
|
||||
"list": [
|
||||
"3::",
|
||||
"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e",
|
||||
"d14a028c2a3a2bc9476102bb288234c415a2b01f828ea62ac5b3e42f",
|
||||
"d41d8cd98f00b204e9800998ecf8427e",
|
||||
"da39a3ee5e6b4b0d3255bfef95601890afd80709",
|
||||
"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
|
||||
],
|
||||
"matching_attributes": [
|
||||
"md5",
|
||||
"sha1",
|
||||
|
@ -16,13 +22,7 @@
|
|||
"ssdeep",
|
||||
"filename|ssdeep"
|
||||
],
|
||||
"name": "List of known hashes for empty files",
|
||||
"type": "string",
|
||||
"list": [
|
||||
"d41d8cd98f00b204e9800998ecf8427e",
|
||||
"da39a3ee5e6b4b0d3255bfef95601890afd80709",
|
||||
"d14a028c2a3a2bc9476102bb288234c415a2b01f828ea62ac5b3e42f",
|
||||
"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
|
||||
"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e",
|
||||
"3::"
|
||||
]
|
||||
"version": 3
|
||||
}
|
||||
|
|
|
@ -1,32 +1,32 @@
|
|||
{
|
||||
"description": "List of known gmail sending IP ranges (https://support.google.com/a/answer/27642?hl=en )",
|
||||
"list": [
|
||||
"108.177.8.0/21",
|
||||
"172.217.0.0/19",
|
||||
"173.194.0.0/16",
|
||||
"2001:4860:4000::/36",
|
||||
"207.126.144.0/20",
|
||||
"209.85.128.0/17",
|
||||
"216.239.32.0/19",
|
||||
"216.58.192.0/19",
|
||||
"2404:6800:4000::/36",
|
||||
"2607:f8b0:4000::/36",
|
||||
"2800:3f0:4000::/36",
|
||||
"2a00:1450:4000::/36",
|
||||
"2c0f:fb50:4000::/36",
|
||||
"64.18.0.0/20",
|
||||
"64.233.160.0/19",
|
||||
"66.102.0.0/20",
|
||||
"66.249.80.0/20",
|
||||
"72.14.192.0/18",
|
||||
"74.125.0.0/16",
|
||||
"108.177.8.0/21",
|
||||
"172.217.0.0/19",
|
||||
"173.194.0.0/16",
|
||||
"207.126.144.0/20",
|
||||
"209.85.128.0/17",
|
||||
"216.58.192.0/19",
|
||||
"216.239.32.0/19",
|
||||
"2001:4860:4000::/36",
|
||||
"2404:6800:4000::/36",
|
||||
"2607:f8b0:4000::/36",
|
||||
"2800:3f0:4000::/36",
|
||||
"2a00:1450:4000::/36",
|
||||
"2c0f:fb50:4000::/36"
|
||||
"74.125.0.0/16"
|
||||
],
|
||||
"type": "cidr",
|
||||
"matching_attributes": [
|
||||
"ip-dst",
|
||||
"ip-src",
|
||||
"domain|ip"
|
||||
],
|
||||
"name": "List of known gmail sending IP ranges",
|
||||
"version": 20190809,
|
||||
"description": "List of known gmail sending IP ranges (https://support.google.com/a/answer/27642?hl=en )"
|
||||
"type": "cidr",
|
||||
"version": 20190809
|
||||
}
|
||||
|
|
|
@ -1,131 +1,36 @@
|
|||
{
|
||||
"name": "List of known google domains",
|
||||
"version": 4,
|
||||
"description": "Event contains one or more entries of known google domains",
|
||||
"type": "hostname",
|
||||
"matching_attributes": [
|
||||
"domain",
|
||||
"hostname",
|
||||
"domain|ip"
|
||||
],
|
||||
"list": [
|
||||
"1e100.net",
|
||||
"466453.com",
|
||||
"abc.xyz",
|
||||
"admob.com",
|
||||
"adsense.com",
|
||||
"advertisercommunity.com",
|
||||
"adwords.com",
|
||||
"ai.google",
|
||||
"android.com",
|
||||
"blogger.com",
|
||||
"blog.google",
|
||||
"blogspot.com",
|
||||
"capitalg.com",
|
||||
"chromebook.com",
|
||||
"chromecast.com",
|
||||
"chrome.com",
|
||||
"chromium.org",
|
||||
"cobrasearch.com",
|
||||
"com.google",
|
||||
"domains.google",
|
||||
"doubleclickbygoogle.com",
|
||||
"doubleclick.com",
|
||||
"duck.com",
|
||||
"elgoog.im",
|
||||
"feedburner.com",
|
||||
"foofle.com",
|
||||
"froogle.com",
|
||||
"g.co",
|
||||
"ggpht.com",
|
||||
"gmail.com",
|
||||
"gmodules.com",
|
||||
"gogle.com",
|
||||
"gogole.com",
|
||||
"googel.com",
|
||||
"googil.com",
|
||||
"goo.gl",
|
||||
"googl.com",
|
||||
"google.ac",
|
||||
".google.ad",
|
||||
"google.ad",
|
||||
"googleadservices.com",
|
||||
".google.ae",
|
||||
"google.ae",
|
||||
"google.af",
|
||||
"google.ag",
|
||||
"google.ai",
|
||||
".google.al",
|
||||
"google.al",
|
||||
".google.am",
|
||||
"google.am",
|
||||
"google-analytics.com",
|
||||
"google.ao",
|
||||
"googleapis.com",
|
||||
"googleapps.com",
|
||||
"google.ar",
|
||||
"googlearth.com",
|
||||
".google.as",
|
||||
"google.as",
|
||||
".google.at",
|
||||
"google.at",
|
||||
"google.au",
|
||||
".google.az",
|
||||
"google.az",
|
||||
".google.ba",
|
||||
"google.ba",
|
||||
"google.bd",
|
||||
".google.be",
|
||||
"google.be",
|
||||
".google.bf",
|
||||
"google.bf",
|
||||
".google.bg",
|
||||
"google.bg",
|
||||
"google.bh",
|
||||
".google.bi",
|
||||
"google.bi",
|
||||
".google.bj",
|
||||
"google.bj",
|
||||
"google.bn",
|
||||
"google.bo",
|
||||
"googlebot.com",
|
||||
"google.br",
|
||||
".google.bs",
|
||||
"google.bs",
|
||||
".google.bt",
|
||||
"google.bt",
|
||||
"google.bw",
|
||||
".google.by",
|
||||
"google.by",
|
||||
"google.bz",
|
||||
".google.ca",
|
||||
"google.ca",
|
||||
".google.cat",
|
||||
"google.cat",
|
||||
"google.cc",
|
||||
".google.cd",
|
||||
"google.cd",
|
||||
".google.cf",
|
||||
"google.cf",
|
||||
".google.cg",
|
||||
"google.cg",
|
||||
".google.ch",
|
||||
"google.ch",
|
||||
".google.ci",
|
||||
"google.ci",
|
||||
"google.ck",
|
||||
".google.cl",
|
||||
"google.cl",
|
||||
".google.cm",
|
||||
"google.cm",
|
||||
".google.cn",
|
||||
"google.cn",
|
||||
"google.co",
|
||||
".google.co.ao",
|
||||
".google.co.bw",
|
||||
".google.co.ck",
|
||||
".google.co.cr",
|
||||
"googlecode.com",
|
||||
".google.co.id",
|
||||
".google.co.il",
|
||||
".google.co.in",
|
||||
|
@ -133,9 +38,20 @@
|
|||
".google.co.ke",
|
||||
".google.co.kr",
|
||||
".google.co.ls",
|
||||
".google.com",
|
||||
"google.com",
|
||||
".google.co.ma",
|
||||
".google.co.mz",
|
||||
".google.co.nz",
|
||||
".google.co.th",
|
||||
".google.co.tz",
|
||||
".google.co.ug",
|
||||
".google.co.uk",
|
||||
".google.co.uz",
|
||||
".google.co.ve",
|
||||
".google.co.vi",
|
||||
".google.co.za",
|
||||
".google.co.zm",
|
||||
".google.co.zw",
|
||||
".google.com",
|
||||
".google.com.af",
|
||||
".google.com.ag",
|
||||
".google.com.ai",
|
||||
|
@ -164,7 +80,6 @@
|
|||
".google.com.kw",
|
||||
".google.com.lb",
|
||||
".google.com.ly",
|
||||
"googlecommerce.com",
|
||||
".google.com.mm",
|
||||
".google.com.mt",
|
||||
".google.com.mx",
|
||||
|
@ -195,249 +110,312 @@
|
|||
".google.com.uy",
|
||||
".google.com.vc",
|
||||
".google.com.vn",
|
||||
".google.co.mz",
|
||||
".google.co.nz",
|
||||
".google.co.th",
|
||||
".google.co.tz",
|
||||
".google.co.ug",
|
||||
".google.co.uk",
|
||||
".google.co.uz",
|
||||
".google.co.ve",
|
||||
".google.co.vi",
|
||||
".google.co.za",
|
||||
".google.co.zm",
|
||||
".google.co.zw",
|
||||
".google.cv",
|
||||
".google.cz",
|
||||
".google.de",
|
||||
".google.dj",
|
||||
".google.dk",
|
||||
".google.dm",
|
||||
".google.dz",
|
||||
".google.ee",
|
||||
".google.es",
|
||||
".google.fi",
|
||||
".google.fm",
|
||||
".google.fr",
|
||||
".google.ga",
|
||||
".google.ge",
|
||||
".google.gg",
|
||||
".google.gl",
|
||||
".google.gm",
|
||||
".google.gp",
|
||||
".google.gr",
|
||||
".google.gy",
|
||||
".google.hn",
|
||||
".google.hr",
|
||||
".google.ht",
|
||||
".google.hu",
|
||||
".google.ie",
|
||||
".google.im",
|
||||
".google.iq",
|
||||
".google.is",
|
||||
".google.it",
|
||||
".google.je",
|
||||
".google.jo",
|
||||
".google.kg",
|
||||
".google.ki",
|
||||
".google.kz",
|
||||
".google.la",
|
||||
".google.li",
|
||||
".google.lk",
|
||||
".google.lt",
|
||||
".google.lu",
|
||||
".google.lv",
|
||||
".google.md",
|
||||
".google.me",
|
||||
".google.mg",
|
||||
".google.mk",
|
||||
".google.ml",
|
||||
".google.mn",
|
||||
".google.ms",
|
||||
".google.mu",
|
||||
".google.mv",
|
||||
".google.mw",
|
||||
".google.ne",
|
||||
".google.nl",
|
||||
".google.no",
|
||||
".google.nr",
|
||||
".google.nu",
|
||||
".google.pl",
|
||||
".google.pn",
|
||||
".google.ps",
|
||||
".google.pt",
|
||||
".google.ro",
|
||||
".google.rs",
|
||||
".google.ru",
|
||||
".google.rw",
|
||||
".google.sc",
|
||||
".google.se",
|
||||
".google.sh",
|
||||
".google.si",
|
||||
".google.sk",
|
||||
".google.sm",
|
||||
".google.sn",
|
||||
".google.so",
|
||||
".google.sr",
|
||||
".google.st",
|
||||
".google.td",
|
||||
".google.tg",
|
||||
".google.tk",
|
||||
".google.tl",
|
||||
".google.tm",
|
||||
".google.tn",
|
||||
".google.to",
|
||||
".google.tt",
|
||||
".google.vg",
|
||||
".google.vu",
|
||||
".google.ws",
|
||||
"1e100.net",
|
||||
"466453.com",
|
||||
"abc.xyz",
|
||||
"admob.com",
|
||||
"adsense.com",
|
||||
"advertisercommunity.com",
|
||||
"adwords.com",
|
||||
"ai.google",
|
||||
"android.com",
|
||||
"blog.google",
|
||||
"blogger.com",
|
||||
"blogspot.com",
|
||||
"capitalg.com",
|
||||
"chrome.com",
|
||||
"chromebook.com",
|
||||
"chromecast.com",
|
||||
"chromium.org",
|
||||
"cobrasearch.com",
|
||||
"com.google",
|
||||
"domains.google",
|
||||
"doubleclick.com",
|
||||
"doubleclickbygoogle.com",
|
||||
"duck.com",
|
||||
"elgoog.im",
|
||||
"feedburner.com",
|
||||
"foofle.com",
|
||||
"froogle.com",
|
||||
"g.co",
|
||||
"ggpht.com",
|
||||
"gmail.com",
|
||||
"gmodules.com",
|
||||
"gogle.com",
|
||||
"gogole.com",
|
||||
"goo.gl",
|
||||
"googel.com",
|
||||
"googil.com",
|
||||
"googl.com",
|
||||
"google-analytics.com",
|
||||
"google.ac",
|
||||
"google.ad",
|
||||
"google.ae",
|
||||
"google.af",
|
||||
"google.ag",
|
||||
"google.ai",
|
||||
"google.al",
|
||||
"google.am",
|
||||
"google.ao",
|
||||
"google.ar",
|
||||
"google.as",
|
||||
"google.at",
|
||||
"google.au",
|
||||
"google.az",
|
||||
"google.ba",
|
||||
"google.bd",
|
||||
"google.be",
|
||||
"google.bf",
|
||||
"google.bg",
|
||||
"google.bh",
|
||||
"google.bi",
|
||||
"google.bj",
|
||||
"google.bn",
|
||||
"google.bo",
|
||||
"google.br",
|
||||
"google.bs",
|
||||
"google.bt",
|
||||
"google.bw",
|
||||
"google.by",
|
||||
"google.bz",
|
||||
"google.ca",
|
||||
"google.cat",
|
||||
"google.cc",
|
||||
"google.cd",
|
||||
"google.cf",
|
||||
"google.cg",
|
||||
"google.ch",
|
||||
"google.ci",
|
||||
"google.ck",
|
||||
"google.cl",
|
||||
"google.cm",
|
||||
"google.cn",
|
||||
"google.co",
|
||||
"google.com",
|
||||
"google.cr",
|
||||
"google.cu",
|
||||
".google.cv",
|
||||
"google.cv",
|
||||
"google.cx",
|
||||
"google.cy",
|
||||
".google.cz",
|
||||
"google.cz",
|
||||
".google.de",
|
||||
"google.de",
|
||||
".google.dj",
|
||||
"google.dj",
|
||||
".google.dk",
|
||||
"google.dk",
|
||||
".google.dm",
|
||||
"google.dm",
|
||||
"google.do",
|
||||
"googledrive.com",
|
||||
".google.dz",
|
||||
"google.dz",
|
||||
"googleearth.com",
|
||||
"google.ec",
|
||||
"googlee.com",
|
||||
".google.ee",
|
||||
"google.ee",
|
||||
"google.eg",
|
||||
".google.es",
|
||||
"google.es",
|
||||
"google.et",
|
||||
"google.eu",
|
||||
".google.fi",
|
||||
"google.fi",
|
||||
"google.fj",
|
||||
".google.fm",
|
||||
"google.fm",
|
||||
".google.fr",
|
||||
"google.fr",
|
||||
".google.ga",
|
||||
"google.ga",
|
||||
".google.ge",
|
||||
"google.ge",
|
||||
"google.gf",
|
||||
".google.gg",
|
||||
"google.gg",
|
||||
"google.gh",
|
||||
"google.gi",
|
||||
".google.gl",
|
||||
"google.gl",
|
||||
".google.gm",
|
||||
"google.gm",
|
||||
".google.gp",
|
||||
"google.gp",
|
||||
".google.gr",
|
||||
"google.gr",
|
||||
"google.gt",
|
||||
".google.gy",
|
||||
"google.gy",
|
||||
"google.hk",
|
||||
".google.hn",
|
||||
"google.hn",
|
||||
".google.hr",
|
||||
"google.hr",
|
||||
".google.ht",
|
||||
"google.ht",
|
||||
".google.hu",
|
||||
"google.hu",
|
||||
"google.id",
|
||||
".google.ie",
|
||||
"google.ie",
|
||||
"google.il",
|
||||
".google.im",
|
||||
"google.im",
|
||||
"google.in",
|
||||
"google.io",
|
||||
".google.iq",
|
||||
"google.iq",
|
||||
".google.is",
|
||||
"google.is",
|
||||
".google.it",
|
||||
"google.it",
|
||||
".google.je",
|
||||
"google.je",
|
||||
"google.jm",
|
||||
".google.jo",
|
||||
"google.jo",
|
||||
"google.jp",
|
||||
"google.ke",
|
||||
".google.kg",
|
||||
"google.kg",
|
||||
"google.kh",
|
||||
".google.ki",
|
||||
"google.ki",
|
||||
"google.kr",
|
||||
"google.kw",
|
||||
".google.kz",
|
||||
"google.kz",
|
||||
".google.la",
|
||||
"google.la",
|
||||
"google.lb",
|
||||
"google.lc",
|
||||
".google.li",
|
||||
"google.li",
|
||||
".google.lk",
|
||||
"google.lk",
|
||||
"google.ls",
|
||||
".google.lt",
|
||||
"google.lt",
|
||||
".google.lu",
|
||||
"google.lu",
|
||||
".google.lv",
|
||||
"google.lv",
|
||||
"google.ly",
|
||||
"google.ma",
|
||||
"googlemail.com",
|
||||
"googlemaps.com",
|
||||
".google.md",
|
||||
"google.md",
|
||||
".google.me",
|
||||
"google.me",
|
||||
".google.mg",
|
||||
"google.mg",
|
||||
".google.mk",
|
||||
"google.mk",
|
||||
".google.ml",
|
||||
"google.ml",
|
||||
"google.mm",
|
||||
".google.mn",
|
||||
"google.mn",
|
||||
".google.ms",
|
||||
"google.ms",
|
||||
"google.mt",
|
||||
".google.mu",
|
||||
"google.mu",
|
||||
".google.mv",
|
||||
"google.mv",
|
||||
".google.mw",
|
||||
"google.mw",
|
||||
"google.mx",
|
||||
"google.my",
|
||||
"google.mz",
|
||||
"google.na",
|
||||
".google.ne",
|
||||
"google.ne",
|
||||
"google.net",
|
||||
"google.nf",
|
||||
"google.ng",
|
||||
"google.ni",
|
||||
".google.nl",
|
||||
"google.nl",
|
||||
".google.no",
|
||||
"google.no",
|
||||
"google.np",
|
||||
".google.nr",
|
||||
"google.nr",
|
||||
".google.nu",
|
||||
"google.nu",
|
||||
"google.nz",
|
||||
"google.om",
|
||||
"google.org",
|
||||
"google.pa",
|
||||
"googlepagecreator.com",
|
||||
"google.pe",
|
||||
"google.pg",
|
||||
"google.ph",
|
||||
"google.pk",
|
||||
".google.pl",
|
||||
"google.pl",
|
||||
".google.pn",
|
||||
"google.pn",
|
||||
"google.pr",
|
||||
".google.ps",
|
||||
"google.ps",
|
||||
".google.pt",
|
||||
"google.pt",
|
||||
"google.py",
|
||||
"google.qa",
|
||||
".google.ro",
|
||||
"google.ro",
|
||||
".google.rs",
|
||||
"google.rs",
|
||||
".google.ru",
|
||||
"google.ru",
|
||||
".google.rw",
|
||||
"google.rw",
|
||||
"google.sa",
|
||||
"google.sb",
|
||||
".google.sc",
|
||||
"google.sc",
|
||||
"googlescholar.com",
|
||||
".google.se",
|
||||
"google.se",
|
||||
"google.sg",
|
||||
".google.sh",
|
||||
"google.sh",
|
||||
".google.si",
|
||||
"google.si",
|
||||
".google.sk",
|
||||
"google.sk",
|
||||
"google.sl",
|
||||
".google.sm",
|
||||
"google.sm",
|
||||
".google.sn",
|
||||
"google.sn",
|
||||
".google.so",
|
||||
"google.so",
|
||||
"googlesource.com",
|
||||
".google.sr",
|
||||
"google.sr",
|
||||
".google.st",
|
||||
"google.st",
|
||||
"google.sv",
|
||||
"googlesyndication.com",
|
||||
"googletagmanager.com",
|
||||
".google.td",
|
||||
"google.td",
|
||||
".google.tg",
|
||||
"google.tg",
|
||||
"google.th",
|
||||
"google.tj",
|
||||
".google.tk",
|
||||
"google.tk",
|
||||
".google.tl",
|
||||
"google.tl",
|
||||
".google.tm",
|
||||
"google.tm",
|
||||
".google.tn",
|
||||
"google.tn",
|
||||
".google.to",
|
||||
"google.to",
|
||||
"google.tr",
|
||||
".google.tt",
|
||||
"google.tt",
|
||||
"google.tw",
|
||||
"google.tz",
|
||||
|
@ -445,22 +423,36 @@
|
|||
"google.ug",
|
||||
"google.uk",
|
||||
"google.us",
|
||||
"googleusercontent.com",
|
||||
"google.uy",
|
||||
"google.uz",
|
||||
"google.vc",
|
||||
"google.ve",
|
||||
".google.vg",
|
||||
"google.vg",
|
||||
"google.vi",
|
||||
"google.vn",
|
||||
".google.vu",
|
||||
"google.vu",
|
||||
".google.ws",
|
||||
"google.ws",
|
||||
"google.za",
|
||||
"google.zm",
|
||||
"google.zw",
|
||||
"googleadservices.com",
|
||||
"googleapis.com",
|
||||
"googleapps.com",
|
||||
"googlearth.com",
|
||||
"googlebot.com",
|
||||
"googlecode.com",
|
||||
"googlecommerce.com",
|
||||
"googledrive.com",
|
||||
"googlee.com",
|
||||
"googleearth.com",
|
||||
"googlemail.com",
|
||||
"googlemaps.com",
|
||||
"googlepagecreator.com",
|
||||
"googlescholar.com",
|
||||
"googlesource.com",
|
||||
"googlesyndication.com",
|
||||
"googletagmanager.com",
|
||||
"googleusercontent.com",
|
||||
"googlr.com",
|
||||
"goolge.com",
|
||||
"gooogle.com",
|
||||
|
@ -511,8 +503,20 @@
|
|||
"www.google.co.ke",
|
||||
"www.google.co.kr",
|
||||
"www.google.co.ls",
|
||||
"www.google.com",
|
||||
"www.google.co.ma",
|
||||
"www.google.co.mz",
|
||||
"www.google.co.nz",
|
||||
"www.google.co.th",
|
||||
"www.google.co.tz",
|
||||
"www.google.co.ug",
|
||||
"www.google.co.uk",
|
||||
"www.google.co.uz",
|
||||
"www.google.co.ve",
|
||||
"www.google.co.vi",
|
||||
"www.google.co.za",
|
||||
"www.google.co.zm",
|
||||
"www.google.co.zw",
|
||||
"www.google.com",
|
||||
"www.google.com.af",
|
||||
"www.google.com.ag",
|
||||
"www.google.com.ai",
|
||||
|
@ -571,18 +575,6 @@
|
|||
"www.google.com.uy",
|
||||
"www.google.com.vc",
|
||||
"www.google.com.vn",
|
||||
"www.google.co.mz",
|
||||
"www.google.co.nz",
|
||||
"www.google.co.th",
|
||||
"www.google.co.tz",
|
||||
"www.google.co.ug",
|
||||
"www.google.co.uk",
|
||||
"www.google.co.uz",
|
||||
"www.google.co.ve",
|
||||
"www.google.co.vi",
|
||||
"www.google.co.za",
|
||||
"www.google.co.zm",
|
||||
"www.google.co.zw",
|
||||
"www.google.cv",
|
||||
"www.google.cz",
|
||||
"www.google.de",
|
||||
|
@ -668,11 +660,19 @@
|
|||
"www.google.vu",
|
||||
"www.google.ws",
|
||||
"youtu.be",
|
||||
"youtube-nocookie.com",
|
||||
"youtube.com",
|
||||
"youtubeeducation.com",
|
||||
"youtubegaming.com",
|
||||
"youtube-nocookie.com",
|
||||
"yt.be",
|
||||
"ytimg.com"
|
||||
]
|
||||
],
|
||||
"matching_attributes": [
|
||||
"domain",
|
||||
"hostname",
|
||||
"domain|ip"
|
||||
],
|
||||
"name": "List of known google domains",
|
||||
"type": "hostname",
|
||||
"version": 4
|
||||
}
|
||||
|
|
|
@ -1,26 +1,8 @@
|
|||
{
|
||||
"description": "List of known Googlebot IP ranges (https://www.lifewire.com/what-is-the-ip-address-of-google-818153 )",
|
||||
"list": [
|
||||
"64.68.90.0/24",
|
||||
"64.233.173.193/32",
|
||||
"64.233.173.194/31",
|
||||
"64.233.173.196/30",
|
||||
"64.233.173.200/29",
|
||||
"64.233.173.208/28",
|
||||
"64.233.173.224/27",
|
||||
"66.249.64.1/32",
|
||||
"66.249.64.2/31",
|
||||
"66.249.64.4/30",
|
||||
"66.249.64.8/29",
|
||||
"66.249.64.16/28",
|
||||
"66.249.64.32/27",
|
||||
"66.249.64.64/26",
|
||||
"66.249.64.128/25",
|
||||
"66.249.65.0/24",
|
||||
"66.249.66.0/23",
|
||||
"66.249.68.0/22",
|
||||
"66.249.72.0/21",
|
||||
"216.239.33.96/27",
|
||||
"216.239.33.128/25",
|
||||
"216.239.33.96/27",
|
||||
"216.239.34.0/23",
|
||||
"216.239.36.0/22",
|
||||
"216.239.40.0/21",
|
||||
|
@ -28,15 +10,33 @@
|
|||
"216.239.56.0/23",
|
||||
"216.239.58.0/24",
|
||||
"216.239.59.0/25",
|
||||
"216.239.59.128/32"
|
||||
"216.239.59.128/32",
|
||||
"64.233.173.193/32",
|
||||
"64.233.173.194/31",
|
||||
"64.233.173.196/30",
|
||||
"64.233.173.200/29",
|
||||
"64.233.173.208/28",
|
||||
"64.233.173.224/27",
|
||||
"64.68.90.0/24",
|
||||
"66.249.64.1/32",
|
||||
"66.249.64.128/25",
|
||||
"66.249.64.16/28",
|
||||
"66.249.64.2/31",
|
||||
"66.249.64.32/27",
|
||||
"66.249.64.4/30",
|
||||
"66.249.64.64/26",
|
||||
"66.249.64.8/29",
|
||||
"66.249.65.0/24",
|
||||
"66.249.66.0/23",
|
||||
"66.249.68.0/22",
|
||||
"66.249.72.0/21"
|
||||
],
|
||||
"type": "cidr",
|
||||
"matching_attributes": [
|
||||
"ip-dst",
|
||||
"ip-src",
|
||||
"domain|ip"
|
||||
],
|
||||
"name": "List of known Googlebot IP ranges",
|
||||
"version": 20190724,
|
||||
"description": "List of known Googlebot IP ranges (https://www.lifewire.com/what-is-the-ip-address-of-google-818153 )"
|
||||
"type": "cidr",
|
||||
"version": 20190724
|
||||
}
|
||||
|
|
|
@ -1,14 +1,14 @@
|
|||
{
|
||||
"description": "Event contains one or more entries part of the IPv6 link local prefix (RFC 4291)",
|
||||
"list": [
|
||||
"FE80::/10"
|
||||
],
|
||||
"type": "cidr",
|
||||
"matching_attributes": [
|
||||
"ip-src",
|
||||
"ip-dst",
|
||||
"domain|ip"
|
||||
],
|
||||
"description": "Event contains one or more entries part of the IPv6 link local prefix (RFC 4291)",
|
||||
"version": 2,
|
||||
"name": "List of IPv6 link local blocks"
|
||||
"name": "List of IPv6 link local blocks",
|
||||
"type": "cidr",
|
||||
"version": 2
|
||||
}
|
||||
|
|
|
@ -1,12 +1,5 @@
|
|||
{
|
||||
"name": "Top 10K websites from Majestic Million",
|
||||
"version": 20200203,
|
||||
"description": "Event contains one or more entries from the top 10K of the most used websites (Majestic Million - 10K).",
|
||||
"matching_attributes": [
|
||||
"hostname",
|
||||
"domain"
|
||||
],
|
||||
"type": "hostname",
|
||||
"list": [
|
||||
"00-tv.com",
|
||||
"000webhost.com",
|
||||
|
@ -10008,5 +10001,12 @@
|
|||
"zyxel.com",
|
||||
"zzu.edu.cn",
|
||||
"zzz.com.ua"
|
||||
]
|
||||
],
|
||||
"matching_attributes": [
|
||||
"hostname",
|
||||
"domain"
|
||||
],
|
||||
"name": "Top 10K websites from Majestic Million",
|
||||
"type": "hostname",
|
||||
"version": 20200203
|
||||
}
|
||||
|
|
|
@ -1,4 +1,18 @@
|
|||
{
|
||||
"description": "Office 365 URLs and IP address ranges used for their attack simulator in Office 365 Threat Intelligence",
|
||||
"list": [
|
||||
"52.168.52.134",
|
||||
"portal.docdeliveryapp.com",
|
||||
"portal.docdeliveryapp.net",
|
||||
"portal.docstoreinternal.com",
|
||||
"portal.hardwarecheck.net",
|
||||
"portal.hrsupportint.com",
|
||||
"portal.payrolltooling.com",
|
||||
"portal.payrolltooling.net",
|
||||
"portal.prizegiveaway.net",
|
||||
"portal.prizesforall.com",
|
||||
"securescore-user-prod.cloudapp.net"
|
||||
],
|
||||
"matching_attributes": [
|
||||
"ip-src",
|
||||
"ip-dst",
|
||||
|
@ -6,21 +20,7 @@
|
|||
"domain|ip",
|
||||
"hostname"
|
||||
],
|
||||
"version": 20180711,
|
||||
"list": [
|
||||
"52.168.52.134",
|
||||
"securescore-user-prod.cloudapp.net",
|
||||
"portal.docdeliveryapp.com",
|
||||
"portal.hardwarecheck.net",
|
||||
"portal.payrolltooling.com",
|
||||
"portal.docdeliveryapp.net",
|
||||
"portal.docstoreinternal.com",
|
||||
"portal.prizesforall.com",
|
||||
"portal.payrolltooling.net",
|
||||
"portal.prizegiveaway.net",
|
||||
"portal.hrsupportint.com"
|
||||
],
|
||||
"name": "List of known Office 365 Attack Simulator used for phishing awareness campaigns",
|
||||
"description": "Office 365 URLs and IP address ranges used for their attack simulator in Office 365 Threat Intelligence",
|
||||
"type": "substring"
|
||||
"type": "substring",
|
||||
"version": 20180711
|
||||
}
|
||||
|
|
|
@ -1,6 +1,5 @@
|
|||
{
|
||||
"description": "Microsoft Azure Datacenter IP Ranges",
|
||||
"type": "cidr",
|
||||
"list": [
|
||||
"104.208.0.0/19",
|
||||
"104.208.128.0/17",
|
||||
|
@ -1956,6 +1955,7 @@
|
|||
"ip-dst",
|
||||
"domain|ip"
|
||||
],
|
||||
"version": 20171229,
|
||||
"name": "List of known Microsoft Azure Datacenter IP Ranges"
|
||||
"name": "List of known Microsoft Azure Datacenter IP Ranges",
|
||||
"type": "cidr",
|
||||
"version": 20171229
|
||||
}
|
||||
|
|
|
@ -1,6 +1,5 @@
|
|||
{
|
||||
"type": "cidr",
|
||||
"name": "List of known Office 365 IP address ranges in China",
|
||||
"description": "Office 365 IP address ranges in China",
|
||||
"list": [
|
||||
"139.217.0.0/19",
|
||||
"139.217.128.0/19",
|
||||
|
@ -76,11 +75,12 @@
|
|||
"42.159.80.0/20",
|
||||
"42.159.96.0/19"
|
||||
],
|
||||
"description": "Office 365 IP address ranges in China",
|
||||
"matching_attributes": [
|
||||
"ip-src",
|
||||
"ip-dst",
|
||||
"domain|ip"
|
||||
],
|
||||
"name": "List of known Office 365 IP address ranges in China",
|
||||
"type": "cidr",
|
||||
"version": 20171229
|
||||
}
|
||||
|
|
|
@ -1,42 +1,58 @@
|
|||
{
|
||||
"name": "List of known Windows 10 connection endpoints",
|
||||
"version": 1,
|
||||
"description": "Event contains one or more entries of known Windows 10 connection endpoints (https://docs.microsoft.com/en-us/windows/privacy/manage-windows-endpoints)",
|
||||
"type": "hostname",
|
||||
"matching_attributes": [
|
||||
"domain",
|
||||
"hostname",
|
||||
"domain|ip"
|
||||
],
|
||||
"list": [
|
||||
".1.msftsrvcs.vo.llnwi.net",
|
||||
".a-msedge.net",
|
||||
".akamai.net",
|
||||
".akamaiedge.net",
|
||||
".b.akamaiedge.net",
|
||||
".blob.core.windows.net",
|
||||
".c-msedge.net",
|
||||
".delivery.dsp.mp.microsoft.com.nsatc.net",
|
||||
".dl.delivery.mp.microsoft.com",
|
||||
".dscb1.akamaiedge.net",
|
||||
".dscd.akamai.net",
|
||||
".dspb.akamaiedge.net",
|
||||
".dspg.akamaiedge.net",
|
||||
".dspw65.akamai.net",
|
||||
".e-msedge.net",
|
||||
".g.akamai.net",
|
||||
".g.akamaiedge.net",
|
||||
".hwcdn.net",
|
||||
".l.windowsupdate.com",
|
||||
".login.msa.akadns6.net",
|
||||
".m1-msedge.net",
|
||||
".prod.do.dsp.mp.microsoft.com",
|
||||
".s-msedge.net",
|
||||
".search.msn.com",
|
||||
".telecommand.telemetry.microsoft.com.akadns.net",
|
||||
".tlu.dl.delivery.mp.microsoft.com",
|
||||
".tlu.dl.delivery.mp.microsoft.com.c.footprint.net",
|
||||
".wac.edgecastcdn.net",
|
||||
".wac.phicdn.net",
|
||||
".windowsupdate.com",
|
||||
".wns.windows.com",
|
||||
"2.dl.delivery.mp.microsoft.com",
|
||||
"2.tlu.dl.delivery.mp.microsoft.com",
|
||||
"3.dl.delivery.mp.microsoft.com",
|
||||
"3.dl.delivery.mp.microsoft.com.c.footprint.net",
|
||||
"3.tlu.dl.delivery.mp.microsoft.com",
|
||||
"3.tlu.dl.delivery.mp.microsoft.com.c.footprint.net",
|
||||
"a-ring.msedge.net",
|
||||
"a122.dscd.akamai.net",
|
||||
"a1621.g.akamai.net",
|
||||
".akamaiedge.net",
|
||||
".akamai.net",
|
||||
".a-msedge.net",
|
||||
"arc.msn.com",
|
||||
"arc.msn.com.nsatc.net",
|
||||
"a-ring.msedge.net",
|
||||
"au.download.windowsupdate.com",
|
||||
"auth.gfx.ms",
|
||||
".b.akamaiedge.net",
|
||||
"bing.com",
|
||||
".blob.core.windows.net",
|
||||
"blob.weather.microsoft.com",
|
||||
"b-ring.msedge.net",
|
||||
"bing.com",
|
||||
"blob.weather.microsoft.com",
|
||||
"candycrushsoda.king.com",
|
||||
"cdn.content.prod.cms.msn.com",
|
||||
"cdn.onenote.net",
|
||||
"cds.d2s7q6s2.hwcdn.net",
|
||||
"client-office365-tas.msedge.net",
|
||||
".c-msedge.net",
|
||||
"co4.telecommand.telemetry.microsoft.com.akadns.net",
|
||||
"config.edge.skype.com",
|
||||
"cs12.wpc.v0cdn.net",
|
||||
|
@ -47,22 +63,14 @@
|
|||
"cy2.settings.data.microsoft.com.akadns.net",
|
||||
"cy2.vortex.data.microsoft.com.akadns.net",
|
||||
"definitionupdates.microsoft.com",
|
||||
".delivery.dsp.mp.microsoft.com.nsatc.net",
|
||||
"displaycatalog.mp.microsoft.com",
|
||||
".dl.delivery.mp.microsoft.com",
|
||||
"dl.delivery.mp.microsoft.com",
|
||||
"dm3p.wns.notify.windows.com.akadns.net",
|
||||
"dmd.metaservices.microsoft.com",
|
||||
"dmd.metaservices.microsoft.com.akadns.net",
|
||||
"download.windowsupdate.com",
|
||||
".dscb1.akamaiedge.net",
|
||||
".dscd.akamai.net",
|
||||
".dspb.akamaiedge.net",
|
||||
".dspg.akamaiedge.net",
|
||||
".dspw65.akamai.net",
|
||||
"dual-a-0001.a-msedge.net",
|
||||
"emdl.ws.microsoft.com",
|
||||
".e-msedge.net",
|
||||
"evoke-windowsservices-tas.msedge.net",
|
||||
"fe2.update.microsoft.com",
|
||||
"fe2.update.microsoft.com.nsatc.net",
|
||||
|
@ -71,37 +79,31 @@
|
|||
"fg.download.windowsupdate.com.c.footprint.net",
|
||||
"fp.msedge.net",
|
||||
"fs.microsoft.com",
|
||||
".g.akamaiedge.net",
|
||||
"g.akamaiedge.net",
|
||||
".g.akamai.net",
|
||||
"g.live.com",
|
||||
"g.msn.com",
|
||||
"g.msn.com.nsatc.net",
|
||||
"geo-prod.do.dsp.mp.microsoft.com",
|
||||
"geo-prod.do.dsp.mp.microsoft.com.nsatc.net",
|
||||
"geo-prod.dodsp.mp.microsoft.com.nsatc.net",
|
||||
"geover-prod.do.dsp.mp.microsoft.com",
|
||||
"g.live.com",
|
||||
"g.msn.com",
|
||||
"g.msn.com.nsatc.net",
|
||||
"go.microsoft.com",
|
||||
"gpla1.wac.v2cdn.net",
|
||||
".hwcdn.net",
|
||||
"img-prod-cms-rt-microsoft-com.akamaized.net",
|
||||
"ip5.afdorigin-prod-am02.afdogw.com",
|
||||
"ipv4.login.msa.akadns6.net",
|
||||
"l-ring.msedge.net",
|
||||
"licensing.mp.microsoft.com",
|
||||
"location-inference-westus.cloudapp.net",
|
||||
"login.live.com",
|
||||
".login.msa.akadns6.net",
|
||||
"login.msa.akadns6.net",
|
||||
"l-ring.msedge.net",
|
||||
".l.windowsupdate.com",
|
||||
".m1-msedge.net",
|
||||
"maps.windows.com",
|
||||
"mediaredirect.microsoft.com",
|
||||
"modern.watson.data.microsoft.com.akadns.net",
|
||||
"msftconnecttest.com",
|
||||
"msftsrvcs.vo.llnwd.net",
|
||||
"msnbot-65-52-108-198.search.msn.com",
|
||||
"msnbot-.search.msn.com",
|
||||
"msnbot-65-52-108-198.search.msn.com",
|
||||
"ocos-office365-s2s.msedge.net",
|
||||
"ocsp.digicert.com",
|
||||
"oem.twimg.com",
|
||||
|
@ -109,7 +111,6 @@
|
|||
"outlook.office365.com",
|
||||
"peer1-wst.msedge.net",
|
||||
"peer4-wst.msedge.net",
|
||||
".prod.do.dsp.mp.microsoft.com",
|
||||
"prod.do.dsp.mp.microsoft.com",
|
||||
"prod.do.dsp.mp.microsoft.com.nsatc.net",
|
||||
"pti.store.microsoft.com",
|
||||
|
@ -118,29 +119,22 @@
|
|||
"query.prod.cms.rt.microsoft.com",
|
||||
"ris.api.iris.microsoft.com",
|
||||
"ris.api.iris.microsoft.com.akadns.net",
|
||||
".search.msn.com",
|
||||
"settings.data.microsoft.com",
|
||||
"settings-win.data.microsoft.com",
|
||||
"settings.data.microsoft.com",
|
||||
"sls.update.microsoft.com",
|
||||
"sls.update.microsoft.com.nsatc.net",
|
||||
".s-msedge.net",
|
||||
"star-mini.c10r.facebook.com",
|
||||
"storecatalogrevocation.storequality.microsoft.com",
|
||||
"storeedgefd.dsx.mp.microsoft.com",
|
||||
"store-images.microsoft.com",
|
||||
"store-images.s-microsoft.com",
|
||||
"storecatalogrevocation.storequality.microsoft.com",
|
||||
"storeedgefd.dsx.mp.microsoft.com",
|
||||
"telecommand.telemetry.microsoft.com",
|
||||
".telecommand.telemetry.microsoft.com.akadns.net",
|
||||
"tile-service.weather.microsoft.com",
|
||||
".tlu.dl.delivery.mp.microsoft.com",
|
||||
".tlu.dl.delivery.mp.microsoft.com.c.footprint.net",
|
||||
"tsfe.trafficshaping.dsp.mp.microsoft.com",
|
||||
"v10.vortex-win.data.microsoft.com",
|
||||
"vip5.afdorigin-prod-am02.afdogw.com",
|
||||
"vip5.afdorigin-prod-ch02.afdogw.com",
|
||||
".wac.edgecastcdn.net",
|
||||
"wac.edgecastcdn.net",
|
||||
".wac.phicdn.net",
|
||||
"wac.phicdn.net",
|
||||
"wallet-frontend-prod-westus.cloudapp.net",
|
||||
"wallet.microsoft.com",
|
||||
|
@ -148,10 +142,16 @@
|
|||
"wdcp.microsoft.akadns.net",
|
||||
"wdcp.microsoft.com",
|
||||
"wildcard.twimg.com",
|
||||
".windowsupdate.com",
|
||||
".wns.windows.com",
|
||||
"www.bing.com",
|
||||
"www.microsoft.com",
|
||||
"www.msftconnecttest.com"
|
||||
]
|
||||
],
|
||||
"matching_attributes": [
|
||||
"domain",
|
||||
"hostname",
|
||||
"domain|ip"
|
||||
],
|
||||
"name": "List of known Windows 10 connection endpoints",
|
||||
"type": "hostname",
|
||||
"version": 1
|
||||
}
|
||||
|
|
|
@ -1,13 +1,5 @@
|
|||
{
|
||||
"name": "List of known microsoft domains",
|
||||
"version": 3,
|
||||
"description": "Event contains one or more entries of known microsoft domains",
|
||||
"matching_attributes": [
|
||||
"domain",
|
||||
"hostname",
|
||||
"domain|ip"
|
||||
],
|
||||
"type": "hostname",
|
||||
"list": [
|
||||
".aadrm.com",
|
||||
".afx.ms",
|
||||
|
@ -121,9 +113,9 @@
|
|||
".windowsphone-int.net",
|
||||
".windowsphone.com",
|
||||
".windowsphone.net",
|
||||
".windowsupdate.com",
|
||||
".windowssearch.com",
|
||||
".windowsstore.com",
|
||||
".windowsupdate.com",
|
||||
".wlxrs.com",
|
||||
".xbox.com",
|
||||
".xboxlive.com",
|
||||
|
@ -200,5 +192,13 @@
|
|||
"watson.telemetry.microsoft.com",
|
||||
"www.insidersurveys.windows.com",
|
||||
"za.microsoftstore.com"
|
||||
]
|
||||
],
|
||||
"matching_attributes": [
|
||||
"domain",
|
||||
"hostname",
|
||||
"domain|ip"
|
||||
],
|
||||
"name": "List of known microsoft domains",
|
||||
"type": "hostname",
|
||||
"version": 3
|
||||
}
|
||||
|
|
|
@ -1,8 +1,5 @@
|
|||
{
|
||||
"description": "Event contains one or more entries from the top 500 of the most used domains (Mozilla).",
|
||||
"version": 20190424,
|
||||
"name": "Top 500 domains and pages from https://moz.com/top500",
|
||||
"type": "hostname",
|
||||
"list": [
|
||||
"123-reg-expired.co.uk",
|
||||
"163.com",
|
||||
|
@ -966,5 +963,8 @@
|
|||
"domain",
|
||||
"uri",
|
||||
"url"
|
||||
]
|
||||
],
|
||||
"name": "Top 500 domains and pages from https://moz.com/top500",
|
||||
"type": "hostname",
|
||||
"version": 20190424
|
||||
}
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
{
|
||||
"description": "Event contains one or more entries part of the RFC 5771 multicast CIDR blocks",
|
||||
"list": [
|
||||
"224.0.0.0/8",
|
||||
"225.0.0.0/8",
|
||||
|
@ -17,13 +18,12 @@
|
|||
"238.0.0.0/8",
|
||||
"239.0.0.0/8"
|
||||
],
|
||||
"type": "cidr",
|
||||
"matching_attributes": [
|
||||
"ip-src",
|
||||
"ip-dst",
|
||||
"domain|ip"
|
||||
],
|
||||
"description": "Event contains one or more entries part of the RFC 5771 multicast CIDR blocks",
|
||||
"version": 3,
|
||||
"name": "List of RFC 5771 multicast CIDR blocks"
|
||||
"name": "List of RFC 5771 multicast CIDR blocks",
|
||||
"type": "cidr",
|
||||
"version": 3
|
||||
}
|
||||
|
|
|
@ -1,8 +1,75 @@
|
|||
{
|
||||
"name": "List of known Ovh Cluster IP",
|
||||
"version": 20180222,
|
||||
"description": "OVH Cluster IP address (https://docs.ovh.com/fr/hosting/liste-des-adresses-ip-des-clusters-et-hebergements-web/)",
|
||||
"list": [
|
||||
"137.74.180.117",
|
||||
"137.74.234.211",
|
||||
"137.74.48.119",
|
||||
"164.132.150.73",
|
||||
"164.132.235.17",
|
||||
"178.32.129.72",
|
||||
"178.32.138.102",
|
||||
"178.32.140.171",
|
||||
"178.32.140.172",
|
||||
"178.32.149.185",
|
||||
"178.32.17.246",
|
||||
"178.32.205.96",
|
||||
"178.32.52.5",
|
||||
"178.32.59.150",
|
||||
"178.32.59.194",
|
||||
"178.33.34.108",
|
||||
"178.33.38.88",
|
||||
"188.165.129.145",
|
||||
"188.165.130.4",
|
||||
"188.165.138.2",
|
||||
"188.165.139.219",
|
||||
"188.165.143.16",
|
||||
"188.165.143.17",
|
||||
"188.165.143.18",
|
||||
"188.165.143.19",
|
||||
"188.165.143.2",
|
||||
"188.165.143.24",
|
||||
"188.165.143.3",
|
||||
"188.165.143.4",
|
||||
"188.165.143.40",
|
||||
"188.165.143.48",
|
||||
"188.165.143.50",
|
||||
"188.165.143.87",
|
||||
"188.165.16.78",
|
||||
"188.165.23.19",
|
||||
"188.165.26.160",
|
||||
"188.165.29.126",
|
||||
"188.165.30.41",
|
||||
"188.165.31.16",
|
||||
"188.165.31.17",
|
||||
"188.165.31.18",
|
||||
"188.165.31.19",
|
||||
"188.165.31.2",
|
||||
"188.165.31.24",
|
||||
"188.165.31.3",
|
||||
"188.165.31.4",
|
||||
"188.165.31.40",
|
||||
"188.165.31.48",
|
||||
"188.165.31.50",
|
||||
"188.165.31.87",
|
||||
"188.165.4.35",
|
||||
"188.165.53.185",
|
||||
"188.165.59.25",
|
||||
"188.165.6.20",
|
||||
"188.165.6.81",
|
||||
"188.165.6.82",
|
||||
"188.165.61.82",
|
||||
"188.165.7.16",
|
||||
"188.165.7.17",
|
||||
"188.165.7.18",
|
||||
"188.165.7.19",
|
||||
"188.165.7.2",
|
||||
"188.165.7.24",
|
||||
"188.165.7.3",
|
||||
"188.165.7.4",
|
||||
"188.165.7.40",
|
||||
"188.165.7.48",
|
||||
"188.165.7.50",
|
||||
"188.165.7.87",
|
||||
"2001:41d0:1:1b00:188:165:143:16",
|
||||
"2001:41d0:1:1b00:188:165:143:17",
|
||||
"2001:41d0:1:1b00:188:165:143:18",
|
||||
|
@ -153,30 +220,24 @@
|
|||
"2001:41d0:301:11::24",
|
||||
"2001:41d0:301:11::25",
|
||||
"2001:41d0:301:11::26",
|
||||
"2001:41d0:301:1::20",
|
||||
"2001:41d0:301:1::21",
|
||||
"2001:41d0:301:12::2",
|
||||
"2001:41d0:301:12::20",
|
||||
"2001:41d0:301:12::21",
|
||||
"2001:41d0:301:12::23",
|
||||
"2001:41d0:301:12::24",
|
||||
"2001:41d0:301:12::26",
|
||||
"2001:41d0:301:1::20",
|
||||
"2001:41d0:301:1::21",
|
||||
"2001:41d0:301:1::23",
|
||||
"2001:41d0:301:1::24",
|
||||
"2001:41d0:301:1::25",
|
||||
"2001:41d0:301:1::26",
|
||||
"2001:41d0:301::20",
|
||||
"2001:41d0:301::21",
|
||||
"2001:41d0:301:2::20",
|
||||
"2001:41d0:301:2::21",
|
||||
"2001:41d0:301:2::23",
|
||||
"2001:41d0:301:2::24",
|
||||
"2001:41d0:301:2::25",
|
||||
"2001:41d0:301:2::26",
|
||||
"2001:41d0:301::23",
|
||||
"2001:41d0:301::24",
|
||||
"2001:41d0:301::25",
|
||||
"2001:41d0:301::26",
|
||||
"2001:41d0:301:3::20",
|
||||
"2001:41d0:301:3::23",
|
||||
"2001:41d0:301:3::24",
|
||||
|
@ -218,75 +279,12 @@
|
|||
"2001:41d0:301:9::24",
|
||||
"2001:41d0:301:9::25",
|
||||
"2001:41d0:301:9::26",
|
||||
"137.74.180.117",
|
||||
"137.74.234.211",
|
||||
"137.74.48.119",
|
||||
"164.132.150.73",
|
||||
"164.132.235.17",
|
||||
"178.32.129.72",
|
||||
"178.32.138.102",
|
||||
"178.32.140.171",
|
||||
"178.32.140.172",
|
||||
"178.32.149.185",
|
||||
"178.32.17.246",
|
||||
"178.32.205.96",
|
||||
"178.32.52.5",
|
||||
"178.32.59.150",
|
||||
"178.32.59.194",
|
||||
"178.33.34.108",
|
||||
"178.33.38.88",
|
||||
"188.165.129.145",
|
||||
"188.165.130.4",
|
||||
"188.165.138.2",
|
||||
"188.165.139.219",
|
||||
"188.165.143.16",
|
||||
"188.165.143.17",
|
||||
"188.165.143.18",
|
||||
"188.165.143.19",
|
||||
"188.165.143.2",
|
||||
"188.165.143.24",
|
||||
"188.165.143.3",
|
||||
"188.165.143.4",
|
||||
"188.165.143.40",
|
||||
"188.165.143.48",
|
||||
"188.165.143.50",
|
||||
"188.165.143.87",
|
||||
"188.165.16.78",
|
||||
"188.165.23.19",
|
||||
"188.165.26.160",
|
||||
"188.165.29.126",
|
||||
"188.165.30.41",
|
||||
"188.165.31.16",
|
||||
"188.165.31.17",
|
||||
"188.165.31.18",
|
||||
"188.165.31.19",
|
||||
"188.165.31.2",
|
||||
"188.165.31.24",
|
||||
"188.165.31.3",
|
||||
"188.165.31.4",
|
||||
"188.165.31.40",
|
||||
"188.165.31.48",
|
||||
"188.165.31.50",
|
||||
"188.165.31.87",
|
||||
"188.165.4.35",
|
||||
"188.165.53.185",
|
||||
"188.165.59.25",
|
||||
"188.165.61.82",
|
||||
"188.165.6.20",
|
||||
"188.165.6.81",
|
||||
"188.165.6.82",
|
||||
"188.165.7.16",
|
||||
"188.165.7.17",
|
||||
"188.165.7.18",
|
||||
"188.165.7.19",
|
||||
"188.165.7.2",
|
||||
"188.165.7.24",
|
||||
"188.165.7.3",
|
||||
"188.165.7.4",
|
||||
"188.165.7.40",
|
||||
"188.165.7.48",
|
||||
"188.165.7.50",
|
||||
"188.165.7.87",
|
||||
"2001:41d0:301::20",
|
||||
"2001:41d0:301::21",
|
||||
"2001:41d0:301::23",
|
||||
"2001:41d0:301::24",
|
||||
"2001:41d0:301::25",
|
||||
"2001:41d0:301::26",
|
||||
"213.186.33.16",
|
||||
"213.186.33.17",
|
||||
"213.186.33.18",
|
||||
|
@ -305,6 +303,12 @@
|
|||
"37.59.236.156",
|
||||
"37.59.69.122",
|
||||
"46.105.57.169",
|
||||
"5.135.108.219",
|
||||
"5.135.59.60",
|
||||
"5.135.68.66",
|
||||
"5.135.68.67",
|
||||
"5.196.129.52",
|
||||
"5.196.208.117",
|
||||
"51.254.146.179",
|
||||
"51.254.154.69",
|
||||
"51.254.16.36",
|
||||
|
@ -313,12 +317,6 @@
|
|||
"51.254.78.227",
|
||||
"51.254.94.183",
|
||||
"51.255.132.41",
|
||||
"5.135.108.219",
|
||||
"5.135.59.60",
|
||||
"5.135.68.66",
|
||||
"5.135.68.67",
|
||||
"5.196.129.52",
|
||||
"5.196.208.117",
|
||||
"79.137.112.24",
|
||||
"87.98.154.146",
|
||||
"87.98.230.241",
|
||||
|
@ -435,10 +433,12 @@
|
|||
"94.23.79.87",
|
||||
"94.23.88.105"
|
||||
],
|
||||
"type": "string",
|
||||
"matching_attributes": [
|
||||
"ip-src",
|
||||
"ip-dst",
|
||||
"domain|ip"
|
||||
]
|
||||
],
|
||||
"name": "List of known Ovh Cluster IP",
|
||||
"type": "string",
|
||||
"version": 20180222
|
||||
}
|
||||
|
|
|
@ -25347,7 +25347,7 @@
|
|||
"url",
|
||||
"domain|ip"
|
||||
],
|
||||
"type": "hostname",
|
||||
"name": "List of known public DNS resolvers expressed as hostname",
|
||||
"type": "hostname",
|
||||
"version": 20171224
|
||||
}
|
||||
|
|
|
@ -38369,6 +38369,7 @@
|
|||
"89.97.225.69",
|
||||
"89.97.5.242",
|
||||
"89.97.52.13",
|
||||
"9.9.9.9",
|
||||
"90.102.97.81",
|
||||
"90.102.97.89",
|
||||
"90.145.145.69",
|
||||
|
@ -40648,15 +40649,14 @@
|
|||
"99.71.229.19",
|
||||
"99.72.128.193",
|
||||
"99.93.97.238",
|
||||
"99.99.99.193",
|
||||
"9.9.9.9"
|
||||
"99.99.99.193"
|
||||
],
|
||||
"matching_attributes": [
|
||||
"ip-src",
|
||||
"ip-dst",
|
||||
"domain|ip"
|
||||
],
|
||||
"type": "string",
|
||||
"name": "List of known IPv4 public DNS resolvers",
|
||||
"type": "string",
|
||||
"version": 20181114
|
||||
}
|
||||
|
|
|
@ -1,8 +1,6 @@
|
|||
{
|
||||
"description": "Event contains one or more public IPv6 DNS resolvers as attribute with an IDS flag set",
|
||||
"list": [
|
||||
"2606:4700:4700::1111",
|
||||
"2606:4700:4700::1001",
|
||||
"2001:1488:800:400::130",
|
||||
"2001:14b8:100:350::2",
|
||||
"2001:14b8:100:8350::1",
|
||||
|
@ -111,6 +109,8 @@
|
|||
"2604:a880:1:20::c5b:1001",
|
||||
"2604:a880:400:d0::6d6:2001",
|
||||
"2605:f700:c0:1::1089:53ef",
|
||||
"2606:4700:4700::1001",
|
||||
"2606:4700:4700::1111",
|
||||
"2607:fa88:1::2",
|
||||
"2610:130:100:3::200",
|
||||
"2610:a1:1018::22",
|
||||
|
@ -280,7 +280,7 @@
|
|||
"ip-dst",
|
||||
"domain|ip"
|
||||
],
|
||||
"type": "string",
|
||||
"name": "List of known IPv6 public DNS resolvers",
|
||||
"type": "string",
|
||||
"version": 20181114
|
||||
}
|
||||
|
|
|
@ -1,16 +1,16 @@
|
|||
{
|
||||
"description": "Event contains one or more entries part of the RFC 1918 CIDR blocks",
|
||||
"list": [
|
||||
"10.0.0.0/8",
|
||||
"172.16.0.0/12",
|
||||
"192.168.0.0/16"
|
||||
],
|
||||
"type": "cidr",
|
||||
"matching_attributes": [
|
||||
"ip-src",
|
||||
"ip-dst",
|
||||
"domain|ip"
|
||||
],
|
||||
"description": "Event contains one or more entries part of the RFC 1918 CIDR blocks",
|
||||
"version": 3,
|
||||
"name": "List of RFC 1918 CIDR blocks"
|
||||
"name": "List of RFC 1918 CIDR blocks",
|
||||
"type": "cidr",
|
||||
"version": 3
|
||||
}
|
||||
|
|
|
@ -1,14 +1,14 @@
|
|||
{
|
||||
"description": "Event contains one or more entries part of the IPv6 documentation prefix (RFC 3849)",
|
||||
"list": [
|
||||
"2001:DB8::/32"
|
||||
],
|
||||
"type": "cidr",
|
||||
"matching_attributes": [
|
||||
"ip-src",
|
||||
"ip-dst",
|
||||
"domain|ip"
|
||||
],
|
||||
"description": "Event contains one or more entries part of the IPv6 documentation prefix (RFC 3849)",
|
||||
"version": 3,
|
||||
"name": "List of RFC 3849 CIDR blocks"
|
||||
"name": "List of RFC 3849 CIDR blocks",
|
||||
"type": "cidr",
|
||||
"version": 3
|
||||
}
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
{
|
||||
"description": "Event contains one or more entries part of the RFC 5735 CIDR blocks - Special Use IPv4 Addresses",
|
||||
"list": [
|
||||
"0.0.0.0/8",
|
||||
"10.0.0.0/8",
|
||||
|
@ -7,8 +8,8 @@
|
|||
"172.16.0.0/12",
|
||||
"192.0.0.0/24",
|
||||
"192.0.2.0/24",
|
||||
"192.88.99.0/24",
|
||||
"192.168.0.0/16",
|
||||
"192.88.99.0/24",
|
||||
"198.18.0.0/15",
|
||||
"198.51.100.0/24",
|
||||
"203.0.113.0/24",
|
||||
|
@ -16,13 +17,12 @@
|
|||
"240.0.0.0/4",
|
||||
"255.255.255.255/32"
|
||||
],
|
||||
"type": "cidr",
|
||||
"matching_attributes": [
|
||||
"ip-src",
|
||||
"ip-dst",
|
||||
"domain|ip"
|
||||
],
|
||||
"description": "Event contains one or more entries part of the RFC 5735 CIDR blocks - Special Use IPv4 Addresses",
|
||||
"version": 3,
|
||||
"name": "List of RFC 5735 CIDR blocks"
|
||||
"name": "List of RFC 5735 CIDR blocks",
|
||||
"type": "cidr",
|
||||
"version": 3
|
||||
}
|
||||
|
|
|
@ -1,14 +1,14 @@
|
|||
{
|
||||
"description": "Event contains one or more entries part of the RFC 6598 CIDR blocks - Special Use IPv4 Addresses",
|
||||
"list": [
|
||||
"100.64.0.0/10"
|
||||
],
|
||||
"type": "cidr",
|
||||
"matching_attributes": [
|
||||
"ip-src",
|
||||
"ip-dst",
|
||||
"domain|ip"
|
||||
],
|
||||
"description": "Event contains one or more entries part of the RFC 6598 CIDR blocks - Special Use IPv4 Addresses",
|
||||
"version": 3,
|
||||
"name": "List of RFC 6598 CIDR blocks"
|
||||
"name": "List of RFC 6598 CIDR blocks",
|
||||
"type": "cidr",
|
||||
"version": 3
|
||||
}
|
||||
|
|
|
@ -1,11 +1,9 @@
|
|||
{
|
||||
"description": "Event contains one or more entries part of the RFC 6761 Special-Use Domain Names",
|
||||
"list": [
|
||||
"example.com",
|
||||
"example.net",
|
||||
"example.org",
|
||||
"10.in-addr.arpa",
|
||||
"16.172.in-addr.arpa",
|
||||
"168.192.in-addr.arpa",
|
||||
"17.172.in-addr.arpa",
|
||||
"18.172.in-addr.arpa",
|
||||
"19.172.in-addr.arpa",
|
||||
|
@ -21,14 +19,16 @@
|
|||
"29.172.in-addr.arpa",
|
||||
"30.172.in-addr.arpa",
|
||||
"31.172.in-addr.arpa",
|
||||
"168.192.in-addr.arpa"
|
||||
"example.com",
|
||||
"example.net",
|
||||
"example.org"
|
||||
],
|
||||
"matching_attributes": [
|
||||
"hostname",
|
||||
"domain",
|
||||
"domain|ip"
|
||||
],
|
||||
"type": "string",
|
||||
"name": "List of RFC 6761 Special-Use Domain Names",
|
||||
"type": "string",
|
||||
"version": 1
|
||||
}
|
||||
|
|
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
|
@ -1,20 +1,13 @@
|
|||
{
|
||||
"name": "List of known sinkholes",
|
||||
"version": 1,
|
||||
"description": "List of known sinkholes",
|
||||
"matching_attributes": [
|
||||
"ip-src",
|
||||
"ip-dst"
|
||||
],
|
||||
"type": "cidr",
|
||||
"list": [
|
||||
"104.155.11.149",
|
||||
"104.244.12.0/22",
|
||||
"106.187.96.49",
|
||||
"109.74.196.143",
|
||||
"136.161.101.53",
|
||||
"131.253.18.11",
|
||||
"131.253.18.12",
|
||||
"136.161.101.53",
|
||||
"139.146.167.25",
|
||||
"142.0.36.234",
|
||||
"143.215.130.0/24",
|
||||
|
@ -75,8 +68,8 @@
|
|||
"86.124.164.25",
|
||||
"87.106.140.254",
|
||||
"87.106.141.15",
|
||||
"87.106.240.162",
|
||||
"87.106.24.200",
|
||||
"87.106.240.162",
|
||||
"87.106.250.34",
|
||||
"87.106.26.9",
|
||||
"87.106.86.28",
|
||||
|
@ -87,5 +80,12 @@
|
|||
"94.23.175.2",
|
||||
"95.211.172.143",
|
||||
"95.211.174.92"
|
||||
]
|
||||
],
|
||||
"matching_attributes": [
|
||||
"ip-src",
|
||||
"ip-dst"
|
||||
],
|
||||
"name": "List of known sinkholes",
|
||||
"type": "cidr",
|
||||
"version": 1
|
||||
}
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
{
|
||||
"description": "Event contains one or more TLDs as attribute with an IDS flag set",
|
||||
"list": [
|
||||
"AAA",
|
||||
"AARP",
|
||||
|
@ -1297,8 +1298,7 @@
|
|||
"domain",
|
||||
"domain|ip"
|
||||
],
|
||||
"name": "TLDs as known by IANA",
|
||||
"type": "string",
|
||||
"description": "Event contains one or more TLDs as attribute with an IDS flag set",
|
||||
"version": 6,
|
||||
"name": "TLDs as known by IANA"
|
||||
"version": 6
|
||||
}
|
||||
|
|
|
@ -1,8 +1,5 @@
|
|||
{
|
||||
"description": "Event contains one or more entries from the top 1,000,000 most-used sites (Tranco).",
|
||||
"version": 20200305,
|
||||
"name": "Top 1,000,000 most-used sites from Tranco",
|
||||
"type": "hostname",
|
||||
"list": [
|
||||
"0-1.ir",
|
||||
"0-1.ru",
|
||||
|
@ -1000010,5 +1000007,8 @@
|
|||
"domain",
|
||||
"url",
|
||||
"domain|ip"
|
||||
]
|
||||
],
|
||||
"name": "Top 1,000,000 most-used sites from Tranco",
|
||||
"type": "hostname",
|
||||
"version": 20200305
|
||||
}
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -1,21 +1,11 @@
|
|||
{
|
||||
"name": "List of known URL Shorteners domains",
|
||||
"version": 7,
|
||||
"description": "Event contains one or more entries of known Shorteners domains",
|
||||
"matching_attributes": [
|
||||
"domain",
|
||||
"hostname",
|
||||
"domain|ip",
|
||||
"url",
|
||||
"uri"
|
||||
],
|
||||
"type": "hostname",
|
||||
"list": [
|
||||
"1url.com",
|
||||
"adcraft.co",
|
||||
"adcrun.ch",
|
||||
"adflav.com",
|
||||
"adf.ly",
|
||||
"adflav.com",
|
||||
"aka.gr",
|
||||
"amzn.to",
|
||||
"bc.vc",
|
||||
|
@ -42,11 +32,12 @@
|
|||
"hyperurl.co",
|
||||
"id.tl",
|
||||
"iplogger.com",
|
||||
"iplogger.org",
|
||||
"is.gd",
|
||||
"ity.im",
|
||||
"j.mp",
|
||||
"linkto.im",
|
||||
"link.zip.net",
|
||||
"linkto.im",
|
||||
"lnk.co",
|
||||
"lnk.direct",
|
||||
"lnkd.in",
|
||||
|
@ -61,24 +52,24 @@
|
|||
"q.gs",
|
||||
"qr.ae",
|
||||
"qr.net",
|
||||
"s.rlp.de",
|
||||
"scrnch.me",
|
||||
"shortquik.com",
|
||||
"sk.gy",
|
||||
"smarturl.it",
|
||||
"snip.ly",
|
||||
"su.pr",
|
||||
"s.rlp.de",
|
||||
"t.co",
|
||||
"tinyarrows.com",
|
||||
"tiny.cc",
|
||||
"tinyarrows.com",
|
||||
"tinyurl.com",
|
||||
"tota2.com",
|
||||
"tr.im",
|
||||
"tweez.me",
|
||||
"twitthis.com",
|
||||
"u.bb",
|
||||
"urlz.fr",
|
||||
"u.to",
|
||||
"urlz.fr",
|
||||
"v.gd",
|
||||
"vzturl.com",
|
||||
"wp.me",
|
||||
|
@ -88,7 +79,16 @@
|
|||
"yourls.org",
|
||||
"youtu.be",
|
||||
"yu2.it",
|
||||
"zpag.es",
|
||||
"iplogger.org"
|
||||
]
|
||||
"zpag.es"
|
||||
],
|
||||
"matching_attributes": [
|
||||
"domain",
|
||||
"hostname",
|
||||
"domain|ip",
|
||||
"url",
|
||||
"uri"
|
||||
],
|
||||
"name": "List of known URL Shorteners domains",
|
||||
"type": "hostname",
|
||||
"version": 7
|
||||
}
|
||||
|
|
|
@ -1,15 +1,5 @@
|
|||
{
|
||||
"name": "List of known domains to know external IP",
|
||||
"version": 7,
|
||||
"description": "Event contains one or more entries of known 'what's my ip' domains",
|
||||
"matching_attributes": [
|
||||
"domain",
|
||||
"hostname",
|
||||
"domain|ip",
|
||||
"uri",
|
||||
"url"
|
||||
],
|
||||
"type": "hostname",
|
||||
"list": [
|
||||
"2ip.ru",
|
||||
"2ip.tools",
|
||||
|
@ -18,6 +8,8 @@
|
|||
"api.wipmania.com",
|
||||
"bearsmyip.com",
|
||||
"bot.whatismyipaddress.com",
|
||||
"check-my-ip.net",
|
||||
"checkip-waw.dyndns.com",
|
||||
"checkip.amazonaws.com",
|
||||
"checkip.dns.he.net",
|
||||
"checkip.dyndns.com",
|
||||
|
@ -25,8 +17,6 @@
|
|||
"checkip.dyndns.org",
|
||||
"checkip.narak.com",
|
||||
"checkmyip.com",
|
||||
"check-my-ip.net",
|
||||
"checkip-waw.dyndns.com",
|
||||
"cmyip.com",
|
||||
"cmyip.net",
|
||||
"crymyip.com",
|
||||
|
@ -38,13 +28,14 @@
|
|||
"dpool.sina.com.cn",
|
||||
"e-localizaip.com",
|
||||
"extreme-ip-lookup.com",
|
||||
"findmyipaddress.com",
|
||||
"findmyip.org",
|
||||
"findmyipaddress.com",
|
||||
"formyip.com",
|
||||
"freegeoip.app",
|
||||
"freegeoip.live",
|
||||
"geoip.co.uk",
|
||||
"geoiptool.com",
|
||||
"geoip.vmn.net",
|
||||
"geoiptool.com",
|
||||
"get-myip.com",
|
||||
"getmyip.org",
|
||||
"hostip.info",
|
||||
|
@ -56,72 +47,73 @@
|
|||
"ilmioip.it",
|
||||
"indirizzo-ip.com",
|
||||
"inet-ip.info",
|
||||
"ip138.com",
|
||||
"ip-1.com",
|
||||
"ip2location.com",
|
||||
"ip2nation.com",
|
||||
"ip4.me",
|
||||
"ip-addr.es",
|
||||
"ip-address.cc",
|
||||
"ipaddresscheck.com",
|
||||
"ipaddress.com",
|
||||
"ipaddress.org",
|
||||
"ip-address.ru",
|
||||
"ip-adress.com",
|
||||
"ip-adress.eu",
|
||||
"ip.amulex.com",
|
||||
"ip.anysrc.net",
|
||||
"ip-api.com",
|
||||
"ip.cctv.pk",
|
||||
"ipchecker.info",
|
||||
"ip-check.info",
|
||||
"ipchicken.com",
|
||||
"ip.chinaz.com",
|
||||
"ip.cn",
|
||||
"ip-detect.net",
|
||||
"ipecho.net",
|
||||
"ipify.org",
|
||||
"ipinfodb.com",
|
||||
"ipinfo.info",
|
||||
"ipinfo.io",
|
||||
"ip-info.ff.avast.com",
|
||||
"ip-info.org",
|
||||
"ip-info.xyz",
|
||||
"ip-ping.ru",
|
||||
"ip-score.com",
|
||||
"ip-secrets.com",
|
||||
"ip-who-is.com",
|
||||
"ip-whois.net",
|
||||
"ip.amulex.com",
|
||||
"ip.anysrc.net",
|
||||
"ip.cctv.pk",
|
||||
"ip.chinaz.com",
|
||||
"ip.cn",
|
||||
"ip.my-proxy.com",
|
||||
"ip.taobao.com",
|
||||
"ip.tool.la",
|
||||
"ip.tyk.nu",
|
||||
"ip.webmasterhome.cn",
|
||||
"ip138.com",
|
||||
"ip2location.com",
|
||||
"ip2nation.com",
|
||||
"ip4.me",
|
||||
"ipaddress.com",
|
||||
"ipaddress.org",
|
||||
"ipaddresscheck.com",
|
||||
"ipapi.co",
|
||||
"ipchecker.info",
|
||||
"ipchicken.com",
|
||||
"ipecho.net",
|
||||
"ipify.org",
|
||||
"ipinfo.info",
|
||||
"ipinfo.io",
|
||||
"ipinfodb.com",
|
||||
"ipleak.net",
|
||||
"iplocation.net",
|
||||
"iplogger.ru",
|
||||
"ipmonkey.com",
|
||||
"ip.my-proxy.com",
|
||||
"ip-ping.ru",
|
||||
"ip-score.com",
|
||||
"ip-secrets.com",
|
||||
"ip.taobao.com",
|
||||
"ip.tool.la",
|
||||
"iptrackeronline.com",
|
||||
"ip.tyk.nu",
|
||||
"ipv4bot.whatismyipaddress.com",
|
||||
"ipv6bot.whatismyipaddress.com",
|
||||
"ipv6-test.com",
|
||||
"ip.webmasterhome.cn",
|
||||
"ip-who-is.com",
|
||||
"ip-whois.net",
|
||||
"l2.io",
|
||||
"ipv6bot.whatismyipaddress.com",
|
||||
"keliweb.it/mioip.php",
|
||||
"l2.io",
|
||||
"localizaip.com.br",
|
||||
"meip.eu",
|
||||
"meuip.net.br",
|
||||
"mioip.ch",
|
||||
"mio-ip.it",
|
||||
"mioip.biz",
|
||||
"mioip.ch",
|
||||
"mioip.info",
|
||||
"mioip.it",
|
||||
"mioip.org",
|
||||
"mioip.win",
|
||||
"mio-ip.it",
|
||||
"mon-ip.com",
|
||||
"my-ip-address.net",
|
||||
"mycamip.com",
|
||||
"myexternalip.com",
|
||||
"myglobalip.com",
|
||||
"myipaddress.com",
|
||||
"my-ip-address.net",
|
||||
"myip.am",
|
||||
"myip.by",
|
||||
"myip.cc",
|
||||
|
@ -129,10 +121,10 @@
|
|||
"myip.ch",
|
||||
"myip.cn",
|
||||
"myip.co.il",
|
||||
"myip.co.nz",
|
||||
"myip.com.br",
|
||||
"myip.com.tw",
|
||||
"myip.com.ua",
|
||||
"myip.co.nz",
|
||||
"myip.cz",
|
||||
"myip.dk",
|
||||
"myip.dnsdynamic.org",
|
||||
|
@ -146,7 +138,6 @@
|
|||
"myip.heltech.se",
|
||||
"myip.ht",
|
||||
"myip.info",
|
||||
"myipinfo.net",
|
||||
"myip.io",
|
||||
"myip.is",
|
||||
"myip.israel.net",
|
||||
|
@ -161,10 +152,8 @@
|
|||
"myip.nl",
|
||||
"myip.nmonitoring.com",
|
||||
"myip.northstate.net",
|
||||
"myipnow.com",
|
||||
"myip.nu",
|
||||
"myipnumber.com",
|
||||
"myiponline.com",
|
||||
"myip.opendns.com",
|
||||
"myip.ozymo.com",
|
||||
"myip.report",
|
||||
"myip.rs.sr",
|
||||
|
@ -180,20 +169,25 @@
|
|||
"myip.uconn.edu",
|
||||
"myip.v6shell.org",
|
||||
"myip.zone",
|
||||
"myipaddress.com",
|
||||
"myipinfo.net",
|
||||
"myipnow.com",
|
||||
"myipnumber.com",
|
||||
"myiponline.com",
|
||||
"mylocation.org",
|
||||
"readip.info",
|
||||
"shmyip.com",
|
||||
"show-ip.com",
|
||||
"showipinfo.net",
|
||||
"show-my-ip.de",
|
||||
"showip.net",
|
||||
"showipinfo.net",
|
||||
"showmemyip.com",
|
||||
"showmyipaddress.com",
|
||||
"showmyipaddress.eu",
|
||||
"showmyip.co.uk",
|
||||
"showmyip.com",
|
||||
"showmyip.com.ar",
|
||||
"showmyip.co.uk",
|
||||
"show-my-ip.de",
|
||||
"showmyip.gr",
|
||||
"showmyipaddress.com",
|
||||
"showmyipaddress.eu",
|
||||
"showmyipnow.com",
|
||||
"smart-ip.net",
|
||||
"tell-my-ip.com",
|
||||
|
@ -207,23 +201,24 @@
|
|||
"vermiip.es",
|
||||
"vinflag.com",
|
||||
"whatismybrowser.com",
|
||||
"whatismyipaddress.com",
|
||||
"whatismyip.akamai.com",
|
||||
"whatismyip.ca",
|
||||
"whatismyip.com",
|
||||
"whatismyip.com.br",
|
||||
"whatismyip.everdot.org",
|
||||
"whatismyip.li",
|
||||
"whatismyip.net",
|
||||
"whatismyip.org",
|
||||
"whatismyipaddress.com",
|
||||
"whatismypublicip.com",
|
||||
"whatmyip.us",
|
||||
"whatsmyipaddress.com",
|
||||
"whatsmyipaddress.net",
|
||||
"whats-my-ip-address.org",
|
||||
"whatsmyip.ie",
|
||||
"whatsmyip.net",
|
||||
"whatsmyip.org",
|
||||
"whatsmyip.us",
|
||||
"whatsmyipaddress.com",
|
||||
"whatsmyipaddress.net",
|
||||
"whereisip.net",
|
||||
"whoer.net",
|
||||
"wtfismyip.com",
|
||||
|
@ -232,11 +227,16 @@
|
|||
"yougetsignal.com",
|
||||
"youip.net",
|
||||
"your-ip-address.com",
|
||||
"yourip.us",
|
||||
"myip.opendns.com",
|
||||
"whatismyip.everdot.org",
|
||||
"ip-info.ff.avast.com",
|
||||
"ipapi.co",
|
||||
"freegeoip.live"
|
||||
]
|
||||
"yourip.us"
|
||||
],
|
||||
"matching_attributes": [
|
||||
"domain",
|
||||
"hostname",
|
||||
"domain|ip",
|
||||
"uri",
|
||||
"url"
|
||||
],
|
||||
"name": "List of known domains to know external IP",
|
||||
"type": "hostname",
|
||||
"version": 7
|
||||
}
|
||||
|
|
|
@ -1,8 +1,5 @@
|
|||
{
|
||||
"name": "List of known Wikimedia address ranges",
|
||||
"version": 20190912,
|
||||
"description": "Wikimedia address ranges (http://noc.wikimedia.org/conf/reverse-proxy.php.txt)",
|
||||
"type": "cidr",
|
||||
"list": [
|
||||
"208.80.153.0/27",
|
||||
"208.80.153.32/27",
|
||||
|
@ -27,5 +24,8 @@
|
|||
"ip-src",
|
||||
"ip-dst",
|
||||
"domain|ip"
|
||||
]
|
||||
],
|
||||
"name": "List of known Wikimedia address ranges",
|
||||
"type": "cidr",
|
||||
"version": 20190912
|
||||
}
|
||||
|
|
44
schema.json
44
schema.json
|
@ -1,42 +1,40 @@
|
|||
{
|
||||
"$schema": "http://json-schema.org/schema#",
|
||||
"title": "Validator for misp-warninglists",
|
||||
"id": "https://www.github.com/MISP/misp-warninglists/schema.json",
|
||||
"type": "object",
|
||||
"additionalProperties": false,
|
||||
"id": "https://www.github.com/MISP/misp-warninglists/schema.json",
|
||||
"properties": {
|
||||
"description": {
|
||||
"type": "string"
|
||||
},
|
||||
"list": {
|
||||
"items": {
|
||||
"type": "string"
|
||||
},
|
||||
"type": "array",
|
||||
"uniqueItems": true
|
||||
},
|
||||
"matching_attributes": {
|
||||
"items": {
|
||||
"type": "string"
|
||||
},
|
||||
"type": "array",
|
||||
"uniqueItems": true
|
||||
},
|
||||
"name": {
|
||||
"type": "string"
|
||||
},
|
||||
"version": {
|
||||
"type": "integer"
|
||||
},
|
||||
"list": {
|
||||
"type": "array",
|
||||
"uniqueItems": true,
|
||||
"items": {
|
||||
"type": "string"
|
||||
}
|
||||
},
|
||||
"type": {
|
||||
"type": "string",
|
||||
"enum": [
|
||||
"string",
|
||||
"substring",
|
||||
"hostname",
|
||||
"cidr",
|
||||
"regex"
|
||||
]
|
||||
},
|
||||
"matching_attributes": {
|
||||
"type": "array",
|
||||
"uniqueItems": true,
|
||||
"items": {
|
||||
],
|
||||
"type": "string"
|
||||
}
|
||||
},
|
||||
"version": {
|
||||
"type": "integer"
|
||||
}
|
||||
},
|
||||
"required": [
|
||||
|
@ -45,5 +43,7 @@
|
|||
"version",
|
||||
"name",
|
||||
"type"
|
||||
]
|
||||
],
|
||||
"title": "Validator for misp-warninglists",
|
||||
"type": "object"
|
||||
}
|
||||
|
|
|
@ -8,38 +8,36 @@ import datetime
|
|||
url = 'https://raw.githubusercontent.com/krassi/covid19-related/master/whitelist-domains.txt'
|
||||
r = requests.get(url)
|
||||
whitelist = r.text
|
||||
whitelist = whitelist.split()
|
||||
whitelist = list(set(whitelist.split()))
|
||||
|
||||
warninglist = {
|
||||
'name': 'Covid-19 Krassi\'s Whitelist',
|
||||
'uuid': 'b600900c-aacc-4860-acf4-7e24a1b08202',
|
||||
'description': 'Krassimir\'s Covid-19 whitelist of known good Covid-19 related websites.',
|
||||
'type': 'hostname',
|
||||
'matching_attributes': ['domain', 'hostname', 'url'],
|
||||
'version': int(datetime.date.today().strftime('%Y%m%d')),
|
||||
'list': whitelist
|
||||
'list': sorted(whitelist)
|
||||
}
|
||||
|
||||
with open('../lists/covid-19-krassi-whitelist/list.json', 'w+') as data_file:
|
||||
json.dump(warninglist, data_file, indent=4, sort_keys=True)
|
||||
json.dump(warninglist, data_file, indent=2, sort_keys=True)
|
||||
|
||||
url = 'https://raw.githubusercontent.com/Cyber-Threat-Coalition/goodlist/master/hostnames.txt'
|
||||
r = requests.get(url)
|
||||
whitelist = r.text
|
||||
whitelist = whitelist.split()
|
||||
whitelist = list(set(whitelist.split()))
|
||||
|
||||
warninglist = {
|
||||
'name': 'Covid-19 Cyber Threat Coalition\'s Whitelist',
|
||||
'uuid': '535002a9-0dec-4363-b29b-1b365cff060d',
|
||||
'description': 'The Cyber Threat Coalition\'s whitelist of COVID-19 related websites.',
|
||||
'type': 'hostname',
|
||||
'matching_attributes': ['domain', 'hostname', 'url'],
|
||||
'version': int(datetime.date.today().strftime('%Y%m%d')),
|
||||
'list': whitelist
|
||||
'list': sorted(whitelist)
|
||||
}
|
||||
|
||||
with open('../lists/covid-19-cyber-threat-coalition-whitelist/list.json', 'w+') as data_file:
|
||||
json.dump(warninglist, data_file, indent=4, sort_keys=True)
|
||||
json.dump(warninglist, data_file, indent=2, sort_keys=True)
|
||||
|
||||
|
||||
|
||||
|
|
|
@ -0,0 +1,15 @@
|
|||
#!/usr/bin/env python3
|
||||
# -*- coding: utf-8 -*-
|
||||
|
||||
from pathlib import Path
|
||||
import json
|
||||
|
||||
|
||||
for p in Path('../lists/').glob('*/*.json'):
|
||||
with p.open() as _f:
|
||||
warninglist = json.load(_f, encoding="utf-8")
|
||||
warninglist['list'] = sorted(list(set(warninglist['list'])))
|
||||
|
||||
with p.open('w') as _f:
|
||||
warninglist = json.dump(warninglist, _f, indent=2, sort_keys=True, ensure_ascii=False)
|
||||
_f.write('\n')
|
Loading…
Reference in New Issue