chg: Add script to make lists unique, and sort the keys.

Update covid lists.
pull/145/head
Raphaël Vinot 2020-04-03 13:37:17 +02:00
parent bad8b17fff
commit 300d823638
49 changed files with 17726 additions and 17726 deletions

View File

@ -7,7 +7,7 @@ set -x
for dir in lists/*/list.json
do
cat ${dir} | jq . | sponge ${dir}
cat ${dir} | jq -S . | sponge ${dir}
done
cat schema.json | jq . | sponge schema.json
cat schema.json | jq -S . | sponge schema.json

View File

@ -1,8 +1,5 @@
{
"description": "Event contains one or more entries from the top 1000 of the most used website (Alexa).",
"version": 20190424,
"name": "Top 1000 website from Alexa",
"type": "hostname",
"list": [
"104.com.tw",
"11st.co.kr",
@ -1008,5 +1005,8 @@
"matching_attributes": [
"hostname",
"domain"
]
],
"name": "Top 1000 website from Alexa",
"type": "hostname",
"version": 20190424
}

View File

@ -1,8 +1,5 @@
{
"name": "List of known Amazon AWS IP address ranges",
"version": 20200210,
"description": "Amazon AWS IP address ranges (https://ip-ranges.amazonaws.com/ip-ranges.json)",
"type": "cidr",
"list": [
"100.20.0.0/14",
"100.24.0.0/13",
@ -1695,5 +1692,8 @@
"ip-src",
"ip-dst",
"domain|ip"
]
],
"name": "List of known Amazon AWS IP address ranges",
"type": "cidr",
"version": 20200210
}

View File

@ -1,40 +1,40 @@
{
"name": "List of known domains used by automated malware analysis services & security vendors",
"version": 5,
"description": "Domains used by automated malware analysis services & security vendors",
"type": "substring",
"list": [
"akana.mobiseclab.org",
"analyze.intezer.com",
"anlyz.io",
"app.any.run",
"app.sndbox.com",
"cape.contextis.com",
"capesandbox.com",
"carbonblack.com",
"detux.org",
"emergingthreats.net",
"hybrid-analysis.com",
"jevereg.amnpardaz.com",
"joesandbox.com",
"koodous.com",
"malwr.com",
"mcafee.com",
"reverse.it",
"sandbox.pikker.ee",
"sanddroid.xjtu.edu.cn",
"securelist.com",
"symantec.com",
"tria.ge",
"undroid.av-comparatives.org",
"virustotal.com",
"www.threatexpert.com",
"www.vicheck.ca"
],
"matching_attributes": [
"domain",
"hostname",
"domain|ip",
"url"
],
"list": [
"virustotal.com",
"malwr.com",
"hybrid-analysis.com",
"emergingthreats.net",
"joesandbox.com",
"anlyz.io",
"detux.org",
"akana.mobiseclab.org",
"sandbox.pikker.ee",
"www.threatexpert.com",
"www.vicheck.ca",
"reverse.it",
"mcafee.com",
"symantec.com",
"securelist.com",
"carbonblack.com",
"app.any.run",
"cape.contextis.com",
"tria.ge",
"koodous.com",
"undroid.av-comparatives.org",
"sanddroid.xjtu.edu.cn",
"jevereg.amnpardaz.com",
"analyze.intezer.com",
"app.sndbox.com",
"capesandbox.com"
]
"name": "List of known domains used by automated malware analysis services & security vendors",
"type": "substring",
"version": 5
}

View File

@ -1,13 +1,5 @@
{
"name": "List of known bank domains",
"version": 2,
"description": "Event contains one or more entries of known banking website",
"matching_attributes": [
"domain",
"hostname",
"domain|ip"
],
"type": "hostname",
"list": [
".02bancorp.com",
".1822direkt.com",
@ -1501,8 +1493,8 @@
".spk-suedholstein.de",
".spk-vorpommern.de",
".spk-westholstein.de",
".spkhb.de",
".spkef.is",
".spkhb.de",
".ssbia.com",
".ssbnd.com",
".ssbnet.com",
@ -1763,5 +1755,13 @@
".zionsbank.com",
".ziraatbank.de",
".zvezabank.at"
]
],
"matching_attributes": [
"domain",
"hostname",
"domain|ip"
],
"name": "List of known bank domains",
"type": "hostname",
"version": 2
}

View File

@ -1,9 +1,4 @@
{
"matching_attributes": [
"hostname",
"domain",
"domain|ip"
],
"description": "Event contains one or more entries from the top 1000 of the most used website (Cisco Umbrella).",
"list": [
"0.client-channel.google.com",
@ -1007,7 +1002,12 @@
"z.moatads.com",
"zemanta.com"
],
"version": 20190309,
"matching_attributes": [
"hostname",
"domain",
"domain|ip"
],
"name": "Top 1000 website from Cisco Umbrella",
"type": "hostname",
"name": "Top 1000 website from Cisco Umbrella"
"version": 20190309
}

View File

@ -1,34 +1,34 @@
{
"description": "List of known Cloudflare IP ranges (https://www.cloudflare.com/ips/)",
"list": [
"188.114.96.0/20",
"2405:8100::/32",
"2c0f:f248::/32",
"190.93.240.0/20",
"173.245.48.0/20",
"103.21.244.0/22",
"103.22.200.0/22",
"103.31.4.0/22",
"104.16.0.0/12",
"108.162.192.0/18",
"131.0.72.0/22",
"141.101.64.0/18",
"162.158.0.0/15",
"172.64.0.0/13",
"173.245.48.0/20",
"188.114.96.0/20",
"190.93.240.0/20",
"197.234.240.0/22",
"198.41.128.0/17",
"2400:cb00::/32",
"2405:8100::/32",
"2405:b500::/32",
"2606:4700::/32",
"2803:f800::/32",
"2400:cb00::/32",
"141.101.64.0/18",
"198.41.128.0/17",
"172.64.0.0/13",
"108.162.192.0/18",
"197.234.240.0/22",
"2405:b500::/32",
"103.31.4.0/22",
"131.0.72.0/22",
"2a06:98c0::/29",
"162.158.0.0/15",
"103.22.200.0/22"
"2c0f:f248::/32"
],
"type": "cidr",
"matching_attributes": [
"ip-dst",
"ip-src",
"domain|ip"
],
"name": "List of known Cloudflare IP ranges",
"version": 20200210,
"description": "List of known Cloudflare IP ranges (https://www.cloudflare.com/ips/)"
"type": "cidr",
"version": 20200210
}

View File

@ -1,8 +1,5 @@
{
"name": "Common contact e-mail addresses",
"version": 20200226,
"description": "A list of commonly used abuse and contact e-mail addresses, including the ones denoted in RFC2142.",
"type": "regex",
"list": [
"/^(security|noc|soc|abuse)\\@.*\\..*$/i"
],
@ -10,5 +7,8 @@
"email-dst",
"email-src",
"target-email"
]
],
"name": "Common contact e-mail addresses",
"type": "regex",
"version": 20200226
}

View File

@ -1,7 +1,76 @@
{
"name": "List of known hashes with common false-positives (based on Florian Roth input list)",
"version": 2,
"description": "Event contains one or more entries with common false-positives",
"list": [
"01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b",
"048846ed8ed185a26394adeb3f63274d1029bbd59cffa8e73a4ef8b19456de1d",
"06f7826c2862d184a49e3672c0aa6097b11e7771a4bf613ec37941236c1a8e20",
"07c4c7ae2c4c7cb3ccd2ba9cd70a94382395ca8e2b0312c1631d09d790b6db33",
"0f343b0931126a20f133d67c2b018a3b",
"10400c6faf166902b52fb97042f1e0eb",
"125da188e26bd119ce8cad7eeb1fc2dfa147ad47",
"16e8e953c65d610c3bfc595240f3f5b7",
"183d0929423da2aa83441ee625de92b213f33948",
"1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d",
"200ceb26807d6bf99fd6f4f0d1ca54d4",
"231a802e6ff1fae42f2b12561fff2767d473210b",
"2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a",
"325472601571f31e1bf00674c368d335",
"4194d1706ed1f408d5e02d672777019f4d5385c766a8c6ca8acba3167d36a7b9",
"41f958d2d3e9ed4504b6a8863fd72b49",
"4a15a6777284035dfd8df4ecf496b4f0557a9cc4ffaaf5887659031e843865e1",
"4b298058e1d5fd3f2fa20ead21773912a5dc38da3c0da0bbc7de1adfb6011f1c",
"4b6c7f3146f86136507497232d2f04a0",
"4dde54cfc600dbd9a610645d197a632e064115ffaa3a1b595c3a23036e501678",
"5ba93c9db0cff93f52b521d7420e43f6eda2784f",
"5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef",
"605db3fdbaff4ba13729371ad0c4fbab3889378e",
"60cacbf3d72e1e7834203da608037b1bf83b40e8",
"620f0b67a91f7f74151bc5be745b7110",
"68b329da9893e34099c7d8ad5cb9c940",
"6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d",
"72c2dbbb1fe642073002b30987fcd68921a6b140",
"7eb70257593da06f682a3ddda54a9d260d4fc514f645237f5ca74b08f8da61a6",
"8094af5ee310714caebccaeee7769ffb08048503ba478b879edfef5f1a24fefe",
"81051bcc2cf1bedf378224b0a93e2877",
"86f1895ae8c5e8b17d99ece768a70732",
"8a798890fe93817163b10b5f7bd2ca4d25d84c52739a645a889c173eee7d9d3d",
"93b885adfe0da089cdf634904fd59f71",
"995c770caeb45f7f0c1bc3affc60f11d8c40e16027df2cf711f95824f3534b6f",
"a11a2f0cfe6d0b4c50945989db6360cd",
"a6105c0a611b41b08f1209506350279e",
"ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7",
"adc83b19e793491b1c6ea0fd8b46cd9f32e592fc",
"b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b",
"b3aca92c793ee0e9b1a9b0a5f5fc044e05140df3",
"b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c",
"b6f9aa44c5f0565b5deb761b1926e9b6",
"ba8ab5a0280b953aa97435ff8946cbcbb2755a27",
"c4232ddd4d37b9c0884bd44d8476578c54d7f98d58945728e425736a6a07e102",
"c5e389341a0b19b6f045823abffc9814",
"c82cee5f957ad01068f487eecd430a1389e0d922",
"c929701c67a05f90827563eedccf5eba8e65b2da970189a0371f28cd896708b8",
"c99a74c555371a433d121f551d6c6398",
"d378bffb70923139d6a4f546864aa61c",
"d3b07384d113edec49eaa6238ad5ff00",
"d41d8cd98f00b204e9800998ecf8427e",
"d5502a1d00787d68f548ddeebbde1eca5e2b38ca",
"d583c3aa489ed954df3be71e71deae3a9895857e",
"d991c16949bd5e85e768385440e18d493ce3aa46",
"da39a3ee5e6b4b0d3255bfef95601890afd80709",
"deabe082bc0f0f503292e537b2675c7c93dca40f",
"df4e26a04a444901b95afef44e4a96cfae34690fff2ad2c66389c70079cdff2b",
"e24133dd836d99182a6227dcf6613d08",
"e2516fcd1573e70334c8f50bee5241cdfdf48a00",
"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
"e5a00aa9991ac8a5ee3109844d84a55583bd20572ad3ffcd42792f3c36b183ad",
"e617348b8947f28e2a280dd93c75a6ad",
"f00aa51c2ed8b2f656318fdc01ee1cf5441011a4",
"f1d2d2f924e986ac86fdf7b36c94bcdf32beec15",
"f6d380b256b0e66ef347adc78195fd0f228b3e33",
"fa8715078d45101200a6e2bf7321aa04",
"fb360f9c09ac8c5edb2f18be5de4e80ea4c430d0",
"fc4623b113a1f603c0d9ad5f83130bd6de1c62b973be9892305132389c8588de"
],
"matching_attributes": [
"md5",
"sha1",
@ -14,76 +83,7 @@
"filename|sha256",
"filename|sha512"
],
"name": "List of known hashes with common false-positives (based on Florian Roth input list)",
"type": "string",
"list": [
"d41d8cd98f00b204e9800998ecf8427e",
"da39a3ee5e6b4b0d3255bfef95601890afd80709",
"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
"68b329da9893e34099c7d8ad5cb9c940",
"adc83b19e793491b1c6ea0fd8b46cd9f32e592fc",
"01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b",
"81051bcc2cf1bedf378224b0a93e2877",
"ba8ab5a0280b953aa97435ff8946cbcbb2755a27",
"7eb70257593da06f682a3ddda54a9d260d4fc514f645237f5ca74b08f8da61a6",
"93b885adfe0da089cdf634904fd59f71",
"5ba93c9db0cff93f52b521d7420e43f6eda2784f",
"6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d",
"0f343b0931126a20f133d67c2b018a3b",
"60cacbf3d72e1e7834203da608037b1bf83b40e8",
"5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef",
"c99a74c555371a433d121f551d6c6398",
"605db3fdbaff4ba13729371ad0c4fbab3889378e",
"e5a00aa9991ac8a5ee3109844d84a55583bd20572ad3ffcd42792f3c36b183ad",
"fa8715078d45101200a6e2bf7321aa04",
"d991c16949bd5e85e768385440e18d493ce3aa46",
"4b298058e1d5fd3f2fa20ead21773912a5dc38da3c0da0bbc7de1adfb6011f1c",
"620f0b67a91f7f74151bc5be745b7110",
"1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d",
"ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7",
"c5e389341a0b19b6f045823abffc9814",
"c82cee5f957ad01068f487eecd430a1389e0d922",
"995c770caeb45f7f0c1bc3affc60f11d8c40e16027df2cf711f95824f3534b6f",
"325472601571f31e1bf00674c368d335",
"2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a",
"b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b",
"e617348b8947f28e2a280dd93c75a6ad",
"125da188e26bd119ce8cad7eeb1fc2dfa147ad47",
"06f7826c2862d184a49e3672c0aa6097b11e7771a4bf613ec37941236c1a8e20",
"200ceb26807d6bf99fd6f4f0d1ca54d4",
"b3aca92c793ee0e9b1a9b0a5f5fc044e05140df3",
"4194d1706ed1f408d5e02d672777019f4d5385c766a8c6ca8acba3167d36a7b9",
"d3b07384d113edec49eaa6238ad5ff00",
"fb360f9c09ac8c5edb2f18be5de4e80ea4c430d0",
"b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c",
"a6105c0a611b41b08f1209506350279e",
"f1d2d2f924e986ac86fdf7b36c94bcdf32beec15",
"8a798890fe93817163b10b5f7bd2ca4d25d84c52739a645a889c173eee7d9d3d",
"10400c6faf166902b52fb97042f1e0eb",
"d583c3aa489ed954df3be71e71deae3a9895857e",
"df4e26a04a444901b95afef44e4a96cfae34690fff2ad2c66389c70079cdff2b",
"4b6c7f3146f86136507497232d2f04a0",
"deabe082bc0f0f503292e537b2675c7c93dca40f",
"4a15a6777284035dfd8df4ecf496b4f0557a9cc4ffaaf5887659031e843865e1",
"a11a2f0cfe6d0b4c50945989db6360cd",
"e2516fcd1573e70334c8f50bee5241cdfdf48a00",
"fc4623b113a1f603c0d9ad5f83130bd6de1c62b973be9892305132389c8588de",
"16e8e953c65d610c3bfc595240f3f5b7",
"231a802e6ff1fae42f2b12561fff2767d473210b",
"048846ed8ed185a26394adeb3f63274d1029bbd59cffa8e73a4ef8b19456de1d",
"e24133dd836d99182a6227dcf6613d08",
"72c2dbbb1fe642073002b30987fcd68921a6b140",
"4dde54cfc600dbd9a610645d197a632e064115ffaa3a1b595c3a23036e501678",
"41f958d2d3e9ed4504b6a8863fd72b49",
"f6d380b256b0e66ef347adc78195fd0f228b3e33",
"c929701c67a05f90827563eedccf5eba8e65b2da970189a0371f28cd896708b8",
"d378bffb70923139d6a4f546864aa61c",
"f00aa51c2ed8b2f656318fdc01ee1cf5441011a4",
"c4232ddd4d37b9c0884bd44d8476578c54d7f98d58945728e425736a6a07e102",
"86f1895ae8c5e8b17d99ece768a70732",
"d5502a1d00787d68f548ddeebbde1eca5e2b38ca",
"8094af5ee310714caebccaeee7769ffb08048503ba478b879edfef5f1a24fefe",
"b6f9aa44c5f0565b5deb761b1926e9b6",
"183d0929423da2aa83441ee625de92b213f33948",
"07c4c7ae2c4c7cb3ccd2ba9cd70a94382395ca8e2b0312c1631d09d790b6db33"
]
"version": 2
}

File diff suppressed because it is too large Load Diff

View File

@ -3,7 +3,6 @@
"list": [
"akkure4covid.com",
"bag-coronavirus.ch",
"bag-coronavirus.ch",
"co19.oracle.com",
"corona-data.ch",
"coronamadrid.com",
@ -36,6 +35,5 @@
],
"name": "Covid-19 Krassi's Whitelist",
"type": "hostname",
"uuid": "b600900c-aacc-4860-acf4-7e24a1b08202",
"version": 20200403
}

View File

@ -1,9 +1,8 @@
{
"name": "Valid covid-19 related domains",
"version": 7,
"description": "Maintained using different lists (such as Jaime Blasco's and Krassimir's lists).",
"list": [
"3d.nicovideo.jp",
"aatishb.com",
"account.nicovideo.jp",
"ads.nicovideo.jp",
"againstcovid19.com",
@ -17,8 +16,13 @@
"api.nicovideo.jp",
"arcgis.com",
"asuntosdelsur.org",
"bag-coronavirus.ch",
"balad.ir",
"basemaps.arcgis.com",
"bestcoronavirusprotect.tk",
"bgvfr.coronavirusware.xyz",
"blog.nicovideo.jp",
"blogcoronacl.canalcero.digital",
"bnnrc.net",
"bnpb-inacovid19.hub.arcgis.com",
"boisestate-covid-19.slack.com",
@ -27,6 +31,7 @@
"cas.dev.nicovideo.jp",
"cas.nicovideo.jp",
"cdc-covid19-healthbot.azurefd.net",
"cdn.arcgis.com",
"cdtcovid.akstd.azureedge.net",
"ch.nicovideo.jp",
"checkupcovid19.jatimprov.go.id",
@ -34,6 +39,7 @@
"cluster.covid19india.org",
"commons.nicovideo.jp",
"corona helden",
"corona-data.ch",
"corona.cloud",
"corona.gov.bd",
"corona.help",
@ -51,14 +57,17 @@
"coronavirus-dashboard.utah.gov",
"coronavirus-disasterresponse.hub.arcgis.com",
"coronavirus-map.com",
"coronavirus-realtime.com",
"coronavirus-vulnerable-people.service.gov.uk",
"coronavirus-wvgovstatus-cdn.afd.azureedge.net",
"coronavirus.app",
"coronavirus.cc",
"coronavirus.datafree.co",
"coronavirus.dc.gov",
"coronavirus.delaware.gov",
"coronavirus.fairwork.gov.au",
"coronavirus.gob.mx",
"coronavirus.gouvernement.lu",
"coronavirus.gov",
"coronavirus.health.ny.gov",
"coronavirus.health.ok.gov",
@ -74,16 +83,20 @@
"coronavirus.wa.gov",
"coronavirus.wvgovstatus.com",
"coronavirus.zone",
"coronavirusaware.xyz",
"coronavirusecuador.com",
"coronavirusinfections.org",
"coronaviruslive.it",
"coronavirusnow.com",
"coronavirusstatus.space",
"coronavirusupdate.tk",
"covid-19-assets.htvtools.us",
"covid-19.alibabacloud.com",
"covid-19.bccdc.ca",
"covid-19.chinadaily.com.cn",
"covid-19.chinatimes.com",
"covid-19.direct",
"covid-19.iglocska.eu",
"covid-19.kapook.com",
"covid-19.livephotos.my",
"covid-19.ontario.ca",
@ -96,6 +109,7 @@
"covid-19training.gov.au",
"covid-api.com",
"covid-global-hackathon.devpost.com",
"covid-misp.ncsc.gov.ie",
"covid-monitoring.kemkes.go.id",
"covid-response-moa-muniorg.hub.arcgis.com",
"covid-sheets-mirror.web.app",
@ -129,7 +143,9 @@
"covid19.jogjaprov.go.id",
"covid19.kedirikab.go.id",
"covid19.kemkes.go.id",
"covid19.lu",
"covid19.mathdro.id",
"covid19.min-saude.pt",
"covid19.moph.go.th",
"covid19.mt.gov",
"covid19.nashville.gov",
@ -153,6 +169,7 @@
"covid19india.github.io",
"covid19india.org",
"covid19info.live",
"covid19japan.com",
"covid19japan.s3.ap-northeast-1.amazonaws.com",
"covid19musicrelief.byspotify.com",
"covid19ph.com",
@ -161,6 +178,7 @@
"covid19stats.live",
"covid19tracker.ca",
"covid19vm01.azurewebsites.net",
"covid3d.fr",
"covidabruzzo.it",
"covidactnow.org",
"covideo.com",
@ -201,6 +219,7 @@
"ichiba.nicovideo.jp",
"inacovid19.maps.arcgis.com",
"indonesia-covid-19.mathdro.id",
"info-coronavirus.be",
"infocovid19.jatimprov.go.id",
"italy.coronavirusinfections.org",
"jabarprov-covid19.netlify.com",
@ -240,6 +259,7 @@
"seiga.dev.nicovideo.jp",
"seiga.nicovideo.jp",
"servicecovid.tpasaigon.vn",
"services9.arcgis.com",
"sgwuhan.xose.net",
"shiny.john-coene.com",
"site.nicovideo.jp",
@ -262,13 +282,16 @@
"stopcov.ge",
"stopcovid19.metro.tokyo.lg.jp",
"sug.search.nicovideo.jp",
"survivecoronavirus.org",
"talksub.com",
"test.nicovideo.jp",
"the2019ncov.com",
"thewuhanvirus.com",
"tiles.arcgis.com",
"trackcorona-images.s3.amazonaws.com",
"trackcorona.live",
"us-central1-covid-19-live.cloudfunctions.net",
"vaccine-coronavirus.com",
"veille-coronavirus.fr",
"verificovid.mx",
"wirvsvirushackathon.org",
@ -290,47 +313,19 @@
"www.covideo.com",
"www.covidvisualizer.com",
"www.dev.nicovideo.jp",
"www.info-coronavirus.be",
"www.internet-covid19.com",
"www.kycovid19.ky.gov",
"www.nicovideo.jp",
"www.test.nicovideo.jp",
"www.voluntarioscoronavirus.rj.gov.br",
"bag-coronavirus.ch",
"bestcoronavirusprotect.tk",
"bgvfr.coronavirusware.xyz",
"blogcoronacl.canalcero.digital",
"corona-data.ch",
"coronavirus-map.com",
"coronavirus-realtime.com",
"coronavirus.app",
"coronavirus.cc",
"coronavirus.zone",
"coronavirusaware.xyz",
"coronavirusstatus.space",
"coronavirusupdate.tk",
"covid-19.iglocska.eu",
"covid-misp.ncsc.gov.ie",
"covid.apollo247.com",
"covid19india.org",
"covid19japan.com",
"survivecoronavirus.org",
"vaccine-coronavirus.com",
"covid19.min-saude.pt",
"www.info-coronavirus.be",
"info-coronavirus.be",
"coronavirus.gouvernement.lu",
"covid19.lu",
"covid3d.fr",
"aatishb.com",
"basemaps.arcgis.com",
"services9.arcgis.com",
"cdn.arcgis.com",
"tiles.arcgis.com"
"www.voluntarioscoronavirus.rj.gov.br"
],
"type": "hostname",
"matching_attributes": [
"domain",
"hostname",
"url"
]
],
"name": "Valid covid-19 related domains",
"type": "hostname",
"version": 8
}

View File

@ -1,5 +1,383 @@
{
"type": "substring",
"description": "CRL Warninglist from threatstop (https://github.com/threatstop/crl-ocsp-whitelist/)",
"list": [
"104.16.89.188",
"104.16.90.188",
"104.16.91.188",
"104.16.92.188",
"104.16.93.188",
"104.17.102.175",
"104.17.103.175",
"104.17.104.175",
"104.17.105.175",
"104.17.106.175",
"104.215.29.84",
"104.215.54.174",
"104.41.179.244",
"104.91.166.106",
"104.91.166.112",
"104.91.166.82",
"104.91.166.89",
"104.91.166.96",
"104.91.166.98",
"109.70.240.114",
"113.52.156.18",
"116.92.128.12",
"116.92.128.34",
"119.145.171.206",
"119.145.171.215",
"121.50.63.210",
"121.50.63.211",
"13.114.126.114",
"13.33.164.100",
"13.33.164.105",
"13.33.164.164",
"13.33.164.223",
"13.33.164.236",
"13.33.164.37",
"13.33.164.7",
"13.33.164.93",
"13.78.114.232",
"133.242.48.24",
"133.242.50.38",
"133.242.68.56",
"151.101.46.133",
"153.120.128.154",
"153.127.215.13",
"153.127.216.172",
"153.149.154.120",
"153.149.17.219",
"153.149.96.48",
"153.149.98.42",
"155.207.94.23",
"155.207.94.25",
"172.217.1.46",
"172.217.4.243",
"178.255.83.1",
"18.194.140.191",
"184.73.226.63",
"185.102.40.212",
"185.102.40.23",
"185.33.53.5",
"185.62.162.144",
"185.62.162.145",
"185.69.225.3",
"185.69.225.4",
"192.35.177.117",
"192.35.177.153",
"192.35.177.155",
"193.104.0.178",
"193.104.0.210",
"193.140.71.141",
"193.140.71.35",
"193.27.6.240",
"193.42.222.125",
"194.140.12.241",
"194.140.59.23",
"194.145.83.75",
"194.145.83.79",
"194.30.48.30",
"195.77.23.39",
"195.77.23.49",
"195.80.175.18",
"195.80.175.39",
"195.80.175.7",
"195.95.167.129",
"195.95.167.162",
"195.95.167.163",
"2001:4420:aa01:ff01:210:241:69:194",
"2001:4542:2064:7::1010",
"2001:4542:2064:7::1013",
"2001:559:19:5400::173e:e30b",
"2001:559:19:5400::173e:e319",
"2001:559:19:5400::173e:e361",
"2001:559:19:5400::173e:e36a",
"2001:559:19:5400::173e:e378",
"2001:559:19:5400::173e:e380",
"2001:559:19:5c96::201a",
"2001:559:19:5c98::201a",
"2001:559:19:6483::201a",
"2001:559:19:648f::201a",
"2001:559:19:e000::b854:f46a",
"2001:b031:1306:ff00::1010",
"2001:b031:1306:ff00::1013",
"202.32.255.81",
"202.32.255.82",
"210.151.42.156",
"210.241.69.194",
"210.71.154.56",
"210.74.41.123",
"210.74.41.181",
"212.142.249.49",
"212.175.187.26",
"212.175.187.27",
"212.175.187.59",
"212.31.61.102",
"212.31.61.106",
"213.162.193.244",
"213.162.193.245",
"213.229.84.216",
"213.61.227.196",
"216.58.216.78",
"217.150.144.194",
"217.150.144.200",
"217.150.144.202",
"217.170.186.113",
"217.170.186.115",
"219.127.237.69",
"219.87.64.165",
"219.87.64.186",
"23.215.104.10",
"23.215.104.113",
"23.215.104.16",
"23.215.104.19",
"23.215.104.27",
"23.215.104.35",
"23.215.104.49",
"23.215.104.65",
"23.215.105.96",
"23.34.78.114",
"23.4.43.27",
"23.5.251.27",
"23.54.187.27",
"23.62.227.64",
"23.62.227.72",
"23.62.227.9",
"2600:1407:21:2a1::1b01",
"2600:1407:21:2b3::1b01",
"2600:9000:2044:4800:3:6aa6:6180:21",
"2600:9000:2044:a200:3:6aa6:6180:21",
"2600:9000:2044:ae00:3:6aa6:6180:21",
"2600:9000:2044:bc00:3:6aa6:6180:21",
"2600:9000:2044:e200:3:6aa6:6180:21",
"2600:9000:2044:ec00:3:6aa6:6180:21",
"2600:9000:2044:f800:3:6aa6:6180:21",
"2600:9000:2044:fc00:3:6aa6:6180:21",
"2606:4700::6810:59bc",
"2606:4700::6810:5abc",
"2606:4700::6810:5bbc",
"2606:4700::6810:5cbc",
"2606:4700::6810:5dbc",
"2606:4700::6811:66af",
"2606:4700::6811:67af",
"2606:4700::6811:68af",
"2606:4700::6811:69af",
"2606:4700::6811:6aaf",
"2607:f8b0:4009:80d::200e",
"2607:f8b0:4009:815::2013",
"2607:f8b0:4009:816::200e",
"2620:108:700f::22d4:f675",
"2620:108:700f::22d6:45ab",
"2620:108:700f::3426:765e",
"2a00:17f0:1300:3285::2",
"2a00:17f0:1300:3285::3",
"2a02:1788:2fd::b2ff:5301",
"2a04:4e42:2c::645",
"2a04:4e42:b::645",
"35.163.43.72",
"46.137.168.218",
"46.137.183.10",
"46.29.101.81",
"46.29.101.82",
"46.29.101.83",
"46.29.101.84",
"50.63.243.228",
"50.63.243.229",
"50.63.243.230",
"52.207.77.222",
"52.219.73.78",
"52.222.217.106",
"52.222.217.144",
"52.222.217.59",
"52.222.217.88",
"52.239.142.228",
"54.199.233.192",
"59.106.216.193",
"60.250.3.135",
"60.250.3.156",
"61.114.186.157",
"61.203.134.55",
"62.96.224.138",
"66.225.197.197",
"72.21.91.29",
"80.79.96.210",
"80.79.96.44",
"82.223.54.157",
"86.109.121.18",
"88.87.212.233",
"88.87.212.243",
"91.120.239.74",
"91.121.147.17",
"91.194.146.110",
"91.198.11.52",
"91.198.11.79",
"91.198.11.87",
"91.83.236.157",
"93.92.105.115",
"93.92.105.23",
"aces.ocsp.identrust.com",
"cdn.d-trust-cloudcrl.net",
"cdp.elektronicznypodpis.pl",
"cdp1.disig.sk",
"cdp2.disig.sk",
"commercial.ocsp.identrust.com",
"crl-ssl.certificat2.com",
"crl.affirmtrust.com",
"crl.buypass.no",
"crl.camerfirma.com",
"crl.certsign.ro",
"crl.cfca.com.cn",
"crl.comodoca.com",
"crl.d-trust.net",
"crl.e-tugra.com",
"crl.entrust.net",
"crl.firmaprofesional.com",
"crl.gdca.com.cn",
"crl.globalsign.com",
"crl.godaddy.com",
"crl.igc-g3.certinomis.com",
"crl.infocert.it",
"crl.izenpe.com",
"crl.luxtrust.lu",
"crl.managedpki.com",
"crl.netsolssl.com",
"crl.pki.goog",
"crl.quovadisglobal.com",
"crl.sbca.telesec.de",
"crl.serverpass.telesec.de",
"crl.starfieldtech.com",
"crl.swisssign.net",
"crl.trust-provider.com",
"crl.trustcor.ca",
"crl.trustwave.com",
"crl.usertrust.com",
"crl09.actalis.it",
"crl1.camerfirma.com",
"crl1.e-tugra.com",
"crl1.hongkongpost.gov.hk",
"crl1.netlock.hu",
"crl2.firmaprofesional.com",
"crl2.netlock.hu",
"crl3.digicert.com",
"crl3.netlock.hu",
"crl4.digicert.com",
"crls.ssl.com",
"crlv1.harica.gr",
"depo.kamusm.gov.tr",
"epscd.catcert.net",
"ev.ocsp.quovadisglobal.com",
"ev2.ocsp.secomtrust.net",
"evcrl1.managedpki.com",
"evocsp1.managedpki.com",
"evsslocsp.twca.com.tw",
"fe.symcb.com",
"fe.symcd.com",
"fi.symcb.com",
"fi.symcd.com",
"fj.symcb.com",
"fj.symcd.com",
"g2ocsp.managedpki.com",
"g3ocsp.managedpki.com",
"gca.nat.gov.tw",
"gk.symcb.com",
"gk.symcd.com",
"gm.symcb.com",
"gm.symcd.com",
"gn.symcb.com",
"gn.symcd.com",
"gold-ev-g2.ocsp.swisssign.net",
"igc-g3.certinomis.com",
"jcsitlssignpublicca-ocsp.managedpki.ne.jp",
"ocsp-ssl.certificat2.com",
"ocsp.accv.es",
"ocsp.affirmtrust.com",
"ocsp.buypass.com",
"ocsp.buypass.no",
"ocsp.camerfirma.com",
"ocsp.catcert.cat",
"ocsp.certsign.ro",
"ocsp.cfca.com.cn",
"ocsp.comodoca.com",
"ocsp.digicert.com",
"ocsp.e-tugra.com",
"ocsp.entrust.net",
"ocsp.epki.external.trustcor.ca",
"ocsp.ev.hinet.net",
"ocsp.firmaprofesional.com",
"ocsp.godaddy.com",
"ocsp.harica.gr",
"ocsp.int-x3.letsencrypt.org",
"ocsp.izenpe.com",
"ocsp.netsolssl.com",
"ocsp.ovcf.ca3.infocert.it",
"ocsp.pki.goog",
"ocsp.quovadisglobal.com",
"ocsp.sca0a.amazontrust.com",
"ocsp.sca1a.amazontrust.com",
"ocsp.sca2a.amazontrust.com",
"ocsp.sca3a.amazontrust.com",
"ocsp.sca4a.amazontrust.com",
"ocsp.serverpass.telesec.de",
"ocsp.starfieldtech.com",
"ocsp.trust-provider.com",
"ocsp.trustcor.ca",
"ocsp.trustwave.com",
"ocsp.usertrust.com",
"ocsp.wisekey.com",
"ocsp03.sbca.telesec.de",
"ocsp09.actalis.it",
"ocsp1.hongkongpost.gov.hk",
"ocsp1.netlock.hu",
"ocsp1.trustisfps.com",
"ocsp2.globalsign.com",
"ocsp2.netlock.hu",
"ocsp2.wisekey.com",
"ocsp3.gdca.com.cn",
"ocsp3.netlock.hu",
"ocspap.cert.fnmt.es",
"ocsps.ssl.com",
"ocspssls1.kamusm.gov.tr",
"pki-crl.atos.net",
"pki-ocsp.atos.net",
"public.wisekey.com",
"repo1.secomtrust.net",
"repository.ev.hinet.net",
"rtcrl.managedpki.ne.jp",
"sh.symcb.com",
"sh.symcd.com",
"silver-server-g2.ocsp.swisssign.net",
"sn.symcb.com",
"sn.symcd.com",
"sr.symcb.com",
"sr.symcd.com",
"ss.symcb.com",
"ss.symcd.com",
"ssl-c3-ca1-2009.ocsp.d-trust.net",
"ssl-c3-ca1-ev-2009.ocsp.d-trust.net",
"ssl.ocsp.luxtrust.lu",
"sslca2014-crl1.e-szigno.hu",
"sslca2014-crl2.e-szigno.hu",
"sslca2014-crl3.e-szigno.hu",
"sslca2014-ocsp1.e-szigno.hu",
"sslca2014-ocsp2.e-szigno.hu",
"sslca2014-ocsp3.e-szigno.hu",
"sslserver.twca.com.tw",
"subcar2i2-ocsp.disig.sk",
"sureseries-crl.cybertrust.ne.jp",
"sureseries-ocsp.cybertrust.ne.jp",
"tf.symcb.com",
"tf.symcd.com",
"ti.symcb.com",
"ti.symcd.com",
"tq.symcb.com",
"tq.symcd.com",
"validation.identrust.com",
"www.accv.es",
"www.cert.fnmt.es",
"www.certinomis.com",
"www.certsign.ro",
"www.trustis.com"
],
"matching_attributes": [
"hostname",
"domain",
@ -9,384 +387,6 @@
"domain|ip"
],
"name": "CRL Warninglist",
"version": 20190301,
"description": "CRL Warninglist from threatstop (https://github.com/threatstop/crl-ocsp-whitelist/)",
"list": [
"subcar2i2-ocsp.disig.sk",
"ocsp3.gdca.com.cn",
"ocsp.godaddy.com",
"crl.quovadisglobal.com",
"66.225.197.197",
"2001:4420:aa01:ff01:210:241:69:194",
"sslserver.twca.com.tw",
"2606:4700::6811:66af",
"104.16.92.188",
"ssl-c3-ca1-ev-2009.ocsp.d-trust.net",
"91.198.11.52",
"61.114.186.157",
"public.wisekey.com",
"18.194.140.191",
"tq.symcd.com",
"crl.trustcor.ca",
"epscd.catcert.net",
"fi.symcd.com",
"crl.cfca.com.cn",
"ss.symcd.com",
"60.250.3.156",
"sr.symcb.com",
"2620:108:700f::22d4:f675",
"ocsp.cfca.com.cn",
"195.77.23.49",
"ocsp1.trustisfps.com",
"crl.igc-g3.certinomis.com",
"104.16.93.188",
"184.73.226.63",
"ocsp2.globalsign.com",
"ev.ocsp.quovadisglobal.com",
"185.69.225.3",
"23.215.104.19",
"crl.camerfirma.com",
"ocsp.certsign.ro",
"153.149.96.48",
"crl.luxtrust.lu",
"104.91.166.98",
"2600:9000:2044:a200:3:6aa6:6180:21",
"crl1.netlock.hu",
"104.215.54.174",
"54.199.233.192",
"23.215.104.16",
"193.140.71.141",
"sslca2014-crl2.e-szigno.hu",
"tf.symcd.com",
"crl.firmaprofesional.com",
"crl3.digicert.com",
"2001:b031:1306:ff00::1010",
"ocsp.serverpass.telesec.de",
"2600:1407:21:2b3::1b01",
"13.33.164.100",
"72.21.91.29",
"2001:559:19:5400::173e:e378",
"ocsp.sca0a.amazontrust.com",
"93.92.105.23",
"194.140.59.23",
"gn.symcd.com",
"2606:4700::6811:69af",
"192.35.177.117",
"217.170.186.115",
"ssl.ocsp.luxtrust.lu",
"13.78.114.232",
"ocsp.camerfirma.com",
"crl.gdca.com.cn",
"2a00:17f0:1300:3285::3",
"cdn.d-trust-cloudcrl.net",
"crl.izenpe.com",
"2001:4542:2064:7::1013",
"ocsp.catcert.cat",
"silver-server-g2.ocsp.swisssign.net",
"210.151.42.156",
"153.149.98.42",
"2606:4700::6811:6aaf",
"ti.symcd.com",
"194.140.12.241",
"sr.symcd.com",
"202.32.255.81",
"2a00:17f0:1300:3285::2",
"213.61.227.196",
"evocsp1.managedpki.com",
"219.87.64.165",
"52.222.217.106",
"23.215.104.49",
"172.217.4.243",
"193.104.0.210",
"crl.swisssign.net",
"23.215.104.10",
"ocsp2.wisekey.com",
"tf.symcb.com",
"185.102.40.212",
"2600:9000:2044:4800:3:6aa6:6180:21",
"23.34.78.114",
"212.142.249.49",
"193.104.0.178",
"ocsp-ssl.certificat2.com",
"crlv1.harica.gr",
"23.5.251.27",
"sslca2014-ocsp2.e-szigno.hu",
"109.70.240.114",
"crl09.actalis.it",
"185.62.162.145",
"13.114.126.114",
"88.87.212.233",
"gk.symcd.com",
"104.16.91.188",
"195.80.175.39",
"2001:559:19:5400::173e:e380",
"crls.ssl.com",
"crl1.camerfirma.com",
"evsslocsp.twca.com.tw",
"91.198.11.87",
"ocsp03.sbca.telesec.de",
"104.16.90.188",
"23.215.104.65",
"60.250.3.135",
"2001:559:19:5c96::201a",
"13.33.164.164",
"www.certsign.ro",
"sslca2014-ocsp1.e-szigno.hu",
"212.31.61.106",
"46.29.101.84",
"jcsitlssignpublicca-ocsp.managedpki.ne.jp",
"crl.starfieldtech.com",
"185.62.162.144",
"104.91.166.112",
"2600:9000:2044:fc00:3:6aa6:6180:21",
"cdp2.disig.sk",
"crl.comodoca.com",
"104.91.166.89",
"153.149.17.219",
"ocsp.buypass.com",
"ocsp.int-x3.letsencrypt.org",
"2607:f8b0:4009:815::2013",
"fi.symcb.com",
"178.255.83.1",
"ev2.ocsp.secomtrust.net",
"52.222.217.144",
"104.17.106.175",
"194.145.83.79",
"216.58.216.78",
"192.35.177.155",
"50.63.243.229",
"ocsps.ssl.com",
"13.33.164.93",
"212.175.187.59",
"113.52.156.18",
"www.certinomis.com",
"116.92.128.12",
"23.215.104.27",
"sslca2014-crl3.e-szigno.hu",
"82.223.54.157",
"ssl-c3-ca1-2009.ocsp.d-trust.net",
"crl.sbca.telesec.de",
"193.42.222.125",
"depo.kamusm.gov.tr",
"ocsp1.netlock.hu",
"sh.symcb.com",
"gk.symcb.com",
"133.242.68.56",
"ocspap.cert.fnmt.es",
"2600:9000:2044:ae00:3:6aa6:6180:21",
"ocsp.sca1a.amazontrust.com",
"46.29.101.83",
"ocsp.sca4a.amazontrust.com",
"2001:559:19:5400::173e:e30b",
"46.29.101.81",
"23.4.43.27",
"ocsp2.netlock.hu",
"crl.trustwave.com",
"www.cert.fnmt.es",
"195.77.23.39",
"crl3.netlock.hu",
"219.127.237.69",
"46.137.183.10",
"ss.symcb.com",
"crl2.netlock.hu",
"195.95.167.129",
"23.215.104.35",
"80.79.96.210",
"crl.entrust.net",
"194.145.83.75",
"crl.godaddy.com",
"www.accv.es",
"crl1.e-tugra.com",
"91.120.239.74",
"153.127.215.13",
"ocsp.wisekey.com",
"crl.globalsign.com",
"91.194.146.110",
"cdp.elektronicznypodpis.pl",
"217.150.144.200",
"153.120.128.154",
"crl-ssl.certificat2.com",
"13.33.164.37",
"210.74.41.181",
"23.62.227.64",
"www.trustis.com",
"ocsp.izenpe.com",
"13.33.164.105",
"62.96.224.138",
"g2ocsp.managedpki.com",
"121.50.63.210",
"ocsp.usertrust.com",
"fe.symcb.com",
"193.140.71.35",
"185.33.53.5",
"sslca2014-ocsp3.e-szigno.hu",
"52.222.217.59",
"ti.symcb.com",
"195.80.175.7",
"13.33.164.7",
"2001:559:19:6483::201a",
"46.137.168.218",
"121.50.63.211",
"ocsp.digicert.com",
"119.145.171.215",
"50.63.243.228",
"ocsp.affirmtrust.com",
"crl.managedpki.com",
"59.106.216.193",
"crl.trust-provider.com",
"2606:4700::6811:68af",
"217.150.144.194",
"ocsp.accv.es",
"ocsp09.actalis.it",
"2001:559:19:5400::173e:e361",
"igc-g3.certinomis.com",
"23.215.104.113",
"cdp1.disig.sk",
"23.215.105.96",
"195.95.167.162",
"commercial.ocsp.identrust.com",
"91.83.236.157",
"crl1.hongkongpost.gov.hk",
"crl.certsign.ro",
"86.109.121.18",
"202.32.255.82",
"fj.symcd.com",
"sh.symcd.com",
"104.91.166.106",
"ocsp.ev.hinet.net",
"fj.symcb.com",
"185.69.225.4",
"52.207.77.222",
"sureseries-crl.cybertrust.ne.jp",
"crl.pki.goog",
"119.145.171.206",
"219.87.64.186",
"gold-ev-g2.ocsp.swisssign.net",
"crl.usertrust.com",
"133.242.50.38",
"2620:108:700f::3426:765e",
"ocsp.harica.gr",
"192.35.177.153",
"sn.symcd.com",
"ocsp.netsolssl.com",
"crl.netsolssl.com",
"52.222.217.88",
"91.121.147.17",
"ocspssls1.kamusm.gov.tr",
"217.170.186.113",
"2606:4700::6810:5abc",
"185.102.40.23",
"93.92.105.115",
"ocsp.ovcf.ca3.infocert.it",
"gn.symcb.com",
"ocsp.starfieldtech.com",
"116.92.128.34",
"ocsp.entrust.net",
"212.31.61.102",
"crl2.firmaprofesional.com",
"ocsp.buypass.no",
"104.91.166.82",
"212.175.187.26",
"ocsp.trustwave.com",
"fe.symcd.com",
"104.17.104.175",
"23.62.227.72",
"217.150.144.202",
"ocsp.comodoca.com",
"2620:108:700f::22d6:45ab",
"sslca2014-crl1.e-szigno.hu",
"ocsp.pki.goog",
"ocsp.e-tugra.com",
"gm.symcd.com",
"2606:4700::6810:5dbc",
"212.175.187.27",
"crl.serverpass.telesec.de",
"pki-crl.atos.net",
"13.33.164.223",
"104.17.102.175",
"193.27.6.240",
"210.241.69.194",
"2001:b031:1306:ff00::1013",
"50.63.243.230",
"46.29.101.82",
"ocsp.trust-provider.com",
"213.162.193.244",
"crl.e-tugra.com",
"ocsp.epki.external.trustcor.ca",
"155.207.94.23",
"23.62.227.9",
"ocsp.firmaprofesional.com",
"133.242.48.24",
"tq.symcb.com",
"104.16.89.188",
"2606:4700::6810:59bc",
"validation.identrust.com",
"ocsp.sca3a.amazontrust.com",
"91.198.11.79",
"sureseries-ocsp.cybertrust.ne.jp",
"153.127.216.172",
"2600:9000:2044:f800:3:6aa6:6180:21",
"61.203.134.55",
"2607:f8b0:4009:816::200e",
"210.74.41.123",
"crl.affirmtrust.com",
"104.17.105.175",
"155.207.94.25",
"52.219.73.78",
"2600:9000:2044:bc00:3:6aa6:6180:21",
"104.215.29.84",
"ocsp3.netlock.hu",
"repository.ev.hinet.net",
"2600:9000:2044:e200:3:6aa6:6180:21",
"151.101.46.133",
"2a04:4e42:2c::645",
"195.80.175.18",
"evcrl1.managedpki.com",
"194.30.48.30",
"2607:f8b0:4009:80d::200e",
"213.162.193.245",
"35.163.43.72",
"2001:559:19:5c98::201a",
"104.41.179.244",
"88.87.212.243",
"g3ocsp.managedpki.com",
"2a02:1788:2fd::b2ff:5301",
"210.71.154.56",
"13.33.164.236",
"52.239.142.228",
"2606:4700::6811:67af",
"104.91.166.96",
"23.54.187.27",
"ocsp1.hongkongpost.gov.hk",
"2001:4542:2064:7::1010",
"crl.buypass.no",
"pki-ocsp.atos.net",
"195.95.167.163",
"crl.d-trust.net",
"2606:4700::6810:5cbc",
"crl4.digicert.com",
"crl.infocert.it",
"2a04:4e42:b::645",
"213.229.84.216",
"2600:9000:2044:ec00:3:6aa6:6180:21",
"ocsp.sca2a.amazontrust.com",
"sn.symcb.com",
"2606:4700::6810:5bbc",
"2001:559:19:e000::b854:f46a",
"2600:1407:21:2a1::1b01",
"repo1.secomtrust.net",
"rtcrl.managedpki.ne.jp",
"172.217.1.46",
"ocsp.quovadisglobal.com",
"104.17.103.175",
"2001:559:19:5400::173e:e36a",
"aces.ocsp.identrust.com",
"gm.symcb.com",
"2001:559:19:5400::173e:e319",
"2001:559:19:648f::201a",
"gca.nat.gov.tw",
"80.79.96.44",
"ocsp.trustcor.ca",
"153.149.154.120"
]
"type": "substring",
"version": 20190301
}

View File

@ -1,26 +1,26 @@
{
"name": "List of known dax30 webpages",
"version": 1,
"description": "Event contains one or more entries of known dax30 webpages",
"list": [
".bmw.de",
".deutsche-boerse.com",
".innogy.com",
".linde.de",
".lufthansa.com",
".rwe.com",
".siemens.com",
".t-mobile.de",
".t-systems.com",
".telekom.com",
".telekom.de",
".the-linde-group.com",
".volkswagen.de"
],
"matching_attributes": [
"domain",
"hostname",
"domain|ip"
],
"name": "List of known dax30 webpages",
"type": "hostname",
"list": [
".telekom.com",
".telekom.de",
".t-systems.com",
".t-mobile.de",
".innogy.com",
".linde.de",
".the-linde-group.com",
".deutsche-boerse.com",
".lufthansa.com",
".rwe.com",
".siemens.com",
".volkswagen.de",
".bmw.de"
]
"version": 1
}

View File

@ -1,7 +1,22 @@
{
"name": "List of hashes for EICAR test virus",
"version": 2,
"description": "Event contains one or more entries based on hashes for EICAR test virus",
"list": [
"2546dcffc5ad854d4ddc64fbf056871cd5a00f2471cb7a5bfd4ac23b6e9eedad",
"275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f",
"3395856ce81f2b7382dee72602f798b642f14140",
"44d88612fea8a8f36de82e1278abb02f",
"6ce6f415d8475545be5ba114f208b0ff",
"73d6b0ca9c5554fd2b37ff8af6b51812f3af49962cebd6e042d0883a45794ddb8a53724275d26f3e18cebf1cd1d67740acc920aba16965038c0cc75b87030fbe",
"765dceb9a8c8ff4318e3ccaf7dbb9b05c0a53a819d24a50714aebe6c",
"b31bb2cf25d7e654c694ffb85b426d164a210ead66affc3b004702be",
"b42ec8b47deb2dc75edebd01132d63f8e8d4cd08e5d26d8bd366bdc5",
"bec1b52d350d721c7e22a6d4bb0a92909893a3ae",
"cc805d5fab1fd71a4ab352a9c533e65fb2d5b885518f4e565e68847223b8e6b85cb48f3afad842726d99239c9e36505c64b0dc9a061d9e507d833277ada336ab",
"d27265074c9eac2e2122ed69294dbc4d7cce9141",
"d9305862fe0bf552718d19db43075d88cffd768974627db60fa1a90a8d45563e035a6449663b8f66aac53791d77f37dbb5035159aa08e69fc473972022f80010",
"e1105070ba828007508566e28a2b8d4c65d192e9eaf3b7868382b7cae747b397",
"e4968ef99266df7c9a1f0637d2389dab"
],
"matching_attributes": [
"md5",
"sha1",
@ -12,22 +27,7 @@
"filename|sha256",
"filename|sha512"
],
"name": "List of hashes for EICAR test virus",
"type": "string",
"list": [
"44d88612fea8a8f36de82e1278abb02f",
"6ce6f415d8475545be5ba114f208b0ff",
"e4968ef99266df7c9a1f0637d2389dab",
"3395856ce81f2b7382dee72602f798b642f14140",
"d27265074c9eac2e2122ed69294dbc4d7cce9141",
"bec1b52d350d721c7e22a6d4bb0a92909893a3ae",
"b42ec8b47deb2dc75edebd01132d63f8e8d4cd08e5d26d8bd366bdc5",
"b31bb2cf25d7e654c694ffb85b426d164a210ead66affc3b004702be",
"765dceb9a8c8ff4318e3ccaf7dbb9b05c0a53a819d24a50714aebe6c",
"275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f",
"2546dcffc5ad854d4ddc64fbf056871cd5a00f2471cb7a5bfd4ac23b6e9eedad",
"e1105070ba828007508566e28a2b8d4c65d192e9eaf3b7868382b7cae747b397",
"cc805d5fab1fd71a4ab352a9c533e65fb2d5b885518f4e565e68847223b8e6b85cb48f3afad842726d99239c9e36505c64b0dc9a061d9e507d833277ada336ab",
"d9305862fe0bf552718d19db43075d88cffd768974627db60fa1a90a8d45563e035a6449663b8f66aac53791d77f37dbb5035159aa08e69fc473972022f80010",
"73d6b0ca9c5554fd2b37ff8af6b51812f3af49962cebd6e042d0883a45794ddb8a53724275d26f3e18cebf1cd1d67740acc920aba16965038c0cc75b87030fbe"
]
"version": 2
}

View File

@ -1,7 +1,13 @@
{
"name": "List of known hashes for empty files",
"version": 3,
"description": "Event contains one or more entries of empty files based on known hashed",
"list": [
"3::",
"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e",
"d14a028c2a3a2bc9476102bb288234c415a2b01f828ea62ac5b3e42f",
"d41d8cd98f00b204e9800998ecf8427e",
"da39a3ee5e6b4b0d3255bfef95601890afd80709",
"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
],
"matching_attributes": [
"md5",
"sha1",
@ -16,13 +22,7 @@
"ssdeep",
"filename|ssdeep"
],
"name": "List of known hashes for empty files",
"type": "string",
"list": [
"d41d8cd98f00b204e9800998ecf8427e",
"da39a3ee5e6b4b0d3255bfef95601890afd80709",
"d14a028c2a3a2bc9476102bb288234c415a2b01f828ea62ac5b3e42f",
"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e",
"3::"
]
"version": 3
}

View File

@ -1,32 +1,32 @@
{
"description": "List of known gmail sending IP ranges (https://support.google.com/a/answer/27642?hl=en )",
"list": [
"108.177.8.0/21",
"172.217.0.0/19",
"173.194.0.0/16",
"2001:4860:4000::/36",
"207.126.144.0/20",
"209.85.128.0/17",
"216.239.32.0/19",
"216.58.192.0/19",
"2404:6800:4000::/36",
"2607:f8b0:4000::/36",
"2800:3f0:4000::/36",
"2a00:1450:4000::/36",
"2c0f:fb50:4000::/36",
"64.18.0.0/20",
"64.233.160.0/19",
"66.102.0.0/20",
"66.249.80.0/20",
"72.14.192.0/18",
"74.125.0.0/16",
"108.177.8.0/21",
"172.217.0.0/19",
"173.194.0.0/16",
"207.126.144.0/20",
"209.85.128.0/17",
"216.58.192.0/19",
"216.239.32.0/19",
"2001:4860:4000::/36",
"2404:6800:4000::/36",
"2607:f8b0:4000::/36",
"2800:3f0:4000::/36",
"2a00:1450:4000::/36",
"2c0f:fb50:4000::/36"
"74.125.0.0/16"
],
"type": "cidr",
"matching_attributes": [
"ip-dst",
"ip-src",
"domain|ip"
],
"name": "List of known gmail sending IP ranges",
"version": 20190809,
"description": "List of known gmail sending IP ranges (https://support.google.com/a/answer/27642?hl=en )"
"type": "cidr",
"version": 20190809
}

View File

@ -1,131 +1,36 @@
{
"name": "List of known google domains",
"version": 4,
"description": "Event contains one or more entries of known google domains",
"type": "hostname",
"matching_attributes": [
"domain",
"hostname",
"domain|ip"
],
"list": [
"1e100.net",
"466453.com",
"abc.xyz",
"admob.com",
"adsense.com",
"advertisercommunity.com",
"adwords.com",
"ai.google",
"android.com",
"blogger.com",
"blog.google",
"blogspot.com",
"capitalg.com",
"chromebook.com",
"chromecast.com",
"chrome.com",
"chromium.org",
"cobrasearch.com",
"com.google",
"domains.google",
"doubleclickbygoogle.com",
"doubleclick.com",
"duck.com",
"elgoog.im",
"feedburner.com",
"foofle.com",
"froogle.com",
"g.co",
"ggpht.com",
"gmail.com",
"gmodules.com",
"gogle.com",
"gogole.com",
"googel.com",
"googil.com",
"goo.gl",
"googl.com",
"google.ac",
".google.ad",
"google.ad",
"googleadservices.com",
".google.ae",
"google.ae",
"google.af",
"google.ag",
"google.ai",
".google.al",
"google.al",
".google.am",
"google.am",
"google-analytics.com",
"google.ao",
"googleapis.com",
"googleapps.com",
"google.ar",
"googlearth.com",
".google.as",
"google.as",
".google.at",
"google.at",
"google.au",
".google.az",
"google.az",
".google.ba",
"google.ba",
"google.bd",
".google.be",
"google.be",
".google.bf",
"google.bf",
".google.bg",
"google.bg",
"google.bh",
".google.bi",
"google.bi",
".google.bj",
"google.bj",
"google.bn",
"google.bo",
"googlebot.com",
"google.br",
".google.bs",
"google.bs",
".google.bt",
"google.bt",
"google.bw",
".google.by",
"google.by",
"google.bz",
".google.ca",
"google.ca",
".google.cat",
"google.cat",
"google.cc",
".google.cd",
"google.cd",
".google.cf",
"google.cf",
".google.cg",
"google.cg",
".google.ch",
"google.ch",
".google.ci",
"google.ci",
"google.ck",
".google.cl",
"google.cl",
".google.cm",
"google.cm",
".google.cn",
"google.cn",
"google.co",
".google.co.ao",
".google.co.bw",
".google.co.ck",
".google.co.cr",
"googlecode.com",
".google.co.id",
".google.co.il",
".google.co.in",
@ -133,9 +38,20 @@
".google.co.ke",
".google.co.kr",
".google.co.ls",
".google.com",
"google.com",
".google.co.ma",
".google.co.mz",
".google.co.nz",
".google.co.th",
".google.co.tz",
".google.co.ug",
".google.co.uk",
".google.co.uz",
".google.co.ve",
".google.co.vi",
".google.co.za",
".google.co.zm",
".google.co.zw",
".google.com",
".google.com.af",
".google.com.ag",
".google.com.ai",
@ -164,7 +80,6 @@
".google.com.kw",
".google.com.lb",
".google.com.ly",
"googlecommerce.com",
".google.com.mm",
".google.com.mt",
".google.com.mx",
@ -195,249 +110,312 @@
".google.com.uy",
".google.com.vc",
".google.com.vn",
".google.co.mz",
".google.co.nz",
".google.co.th",
".google.co.tz",
".google.co.ug",
".google.co.uk",
".google.co.uz",
".google.co.ve",
".google.co.vi",
".google.co.za",
".google.co.zm",
".google.co.zw",
".google.cv",
".google.cz",
".google.de",
".google.dj",
".google.dk",
".google.dm",
".google.dz",
".google.ee",
".google.es",
".google.fi",
".google.fm",
".google.fr",
".google.ga",
".google.ge",
".google.gg",
".google.gl",
".google.gm",
".google.gp",
".google.gr",
".google.gy",
".google.hn",
".google.hr",
".google.ht",
".google.hu",
".google.ie",
".google.im",
".google.iq",
".google.is",
".google.it",
".google.je",
".google.jo",
".google.kg",
".google.ki",
".google.kz",
".google.la",
".google.li",
".google.lk",
".google.lt",
".google.lu",
".google.lv",
".google.md",
".google.me",
".google.mg",
".google.mk",
".google.ml",
".google.mn",
".google.ms",
".google.mu",
".google.mv",
".google.mw",
".google.ne",
".google.nl",
".google.no",
".google.nr",
".google.nu",
".google.pl",
".google.pn",
".google.ps",
".google.pt",
".google.ro",
".google.rs",
".google.ru",
".google.rw",
".google.sc",
".google.se",
".google.sh",
".google.si",
".google.sk",
".google.sm",
".google.sn",
".google.so",
".google.sr",
".google.st",
".google.td",
".google.tg",
".google.tk",
".google.tl",
".google.tm",
".google.tn",
".google.to",
".google.tt",
".google.vg",
".google.vu",
".google.ws",
"1e100.net",
"466453.com",
"abc.xyz",
"admob.com",
"adsense.com",
"advertisercommunity.com",
"adwords.com",
"ai.google",
"android.com",
"blog.google",
"blogger.com",
"blogspot.com",
"capitalg.com",
"chrome.com",
"chromebook.com",
"chromecast.com",
"chromium.org",
"cobrasearch.com",
"com.google",
"domains.google",
"doubleclick.com",
"doubleclickbygoogle.com",
"duck.com",
"elgoog.im",
"feedburner.com",
"foofle.com",
"froogle.com",
"g.co",
"ggpht.com",
"gmail.com",
"gmodules.com",
"gogle.com",
"gogole.com",
"goo.gl",
"googel.com",
"googil.com",
"googl.com",
"google-analytics.com",
"google.ac",
"google.ad",
"google.ae",
"google.af",
"google.ag",
"google.ai",
"google.al",
"google.am",
"google.ao",
"google.ar",
"google.as",
"google.at",
"google.au",
"google.az",
"google.ba",
"google.bd",
"google.be",
"google.bf",
"google.bg",
"google.bh",
"google.bi",
"google.bj",
"google.bn",
"google.bo",
"google.br",
"google.bs",
"google.bt",
"google.bw",
"google.by",
"google.bz",
"google.ca",
"google.cat",
"google.cc",
"google.cd",
"google.cf",
"google.cg",
"google.ch",
"google.ci",
"google.ck",
"google.cl",
"google.cm",
"google.cn",
"google.co",
"google.com",
"google.cr",
"google.cu",
".google.cv",
"google.cv",
"google.cx",
"google.cy",
".google.cz",
"google.cz",
".google.de",
"google.de",
".google.dj",
"google.dj",
".google.dk",
"google.dk",
".google.dm",
"google.dm",
"google.do",
"googledrive.com",
".google.dz",
"google.dz",
"googleearth.com",
"google.ec",
"googlee.com",
".google.ee",
"google.ee",
"google.eg",
".google.es",
"google.es",
"google.et",
"google.eu",
".google.fi",
"google.fi",
"google.fj",
".google.fm",
"google.fm",
".google.fr",
"google.fr",
".google.ga",
"google.ga",
".google.ge",
"google.ge",
"google.gf",
".google.gg",
"google.gg",
"google.gh",
"google.gi",
".google.gl",
"google.gl",
".google.gm",
"google.gm",
".google.gp",
"google.gp",
".google.gr",
"google.gr",
"google.gt",
".google.gy",
"google.gy",
"google.hk",
".google.hn",
"google.hn",
".google.hr",
"google.hr",
".google.ht",
"google.ht",
".google.hu",
"google.hu",
"google.id",
".google.ie",
"google.ie",
"google.il",
".google.im",
"google.im",
"google.in",
"google.io",
".google.iq",
"google.iq",
".google.is",
"google.is",
".google.it",
"google.it",
".google.je",
"google.je",
"google.jm",
".google.jo",
"google.jo",
"google.jp",
"google.ke",
".google.kg",
"google.kg",
"google.kh",
".google.ki",
"google.ki",
"google.kr",
"google.kw",
".google.kz",
"google.kz",
".google.la",
"google.la",
"google.lb",
"google.lc",
".google.li",
"google.li",
".google.lk",
"google.lk",
"google.ls",
".google.lt",
"google.lt",
".google.lu",
"google.lu",
".google.lv",
"google.lv",
"google.ly",
"google.ma",
"googlemail.com",
"googlemaps.com",
".google.md",
"google.md",
".google.me",
"google.me",
".google.mg",
"google.mg",
".google.mk",
"google.mk",
".google.ml",
"google.ml",
"google.mm",
".google.mn",
"google.mn",
".google.ms",
"google.ms",
"google.mt",
".google.mu",
"google.mu",
".google.mv",
"google.mv",
".google.mw",
"google.mw",
"google.mx",
"google.my",
"google.mz",
"google.na",
".google.ne",
"google.ne",
"google.net",
"google.nf",
"google.ng",
"google.ni",
".google.nl",
"google.nl",
".google.no",
"google.no",
"google.np",
".google.nr",
"google.nr",
".google.nu",
"google.nu",
"google.nz",
"google.om",
"google.org",
"google.pa",
"googlepagecreator.com",
"google.pe",
"google.pg",
"google.ph",
"google.pk",
".google.pl",
"google.pl",
".google.pn",
"google.pn",
"google.pr",
".google.ps",
"google.ps",
".google.pt",
"google.pt",
"google.py",
"google.qa",
".google.ro",
"google.ro",
".google.rs",
"google.rs",
".google.ru",
"google.ru",
".google.rw",
"google.rw",
"google.sa",
"google.sb",
".google.sc",
"google.sc",
"googlescholar.com",
".google.se",
"google.se",
"google.sg",
".google.sh",
"google.sh",
".google.si",
"google.si",
".google.sk",
"google.sk",
"google.sl",
".google.sm",
"google.sm",
".google.sn",
"google.sn",
".google.so",
"google.so",
"googlesource.com",
".google.sr",
"google.sr",
".google.st",
"google.st",
"google.sv",
"googlesyndication.com",
"googletagmanager.com",
".google.td",
"google.td",
".google.tg",
"google.tg",
"google.th",
"google.tj",
".google.tk",
"google.tk",
".google.tl",
"google.tl",
".google.tm",
"google.tm",
".google.tn",
"google.tn",
".google.to",
"google.to",
"google.tr",
".google.tt",
"google.tt",
"google.tw",
"google.tz",
@ -445,22 +423,36 @@
"google.ug",
"google.uk",
"google.us",
"googleusercontent.com",
"google.uy",
"google.uz",
"google.vc",
"google.ve",
".google.vg",
"google.vg",
"google.vi",
"google.vn",
".google.vu",
"google.vu",
".google.ws",
"google.ws",
"google.za",
"google.zm",
"google.zw",
"googleadservices.com",
"googleapis.com",
"googleapps.com",
"googlearth.com",
"googlebot.com",
"googlecode.com",
"googlecommerce.com",
"googledrive.com",
"googlee.com",
"googleearth.com",
"googlemail.com",
"googlemaps.com",
"googlepagecreator.com",
"googlescholar.com",
"googlesource.com",
"googlesyndication.com",
"googletagmanager.com",
"googleusercontent.com",
"googlr.com",
"goolge.com",
"gooogle.com",
@ -511,8 +503,20 @@
"www.google.co.ke",
"www.google.co.kr",
"www.google.co.ls",
"www.google.com",
"www.google.co.ma",
"www.google.co.mz",
"www.google.co.nz",
"www.google.co.th",
"www.google.co.tz",
"www.google.co.ug",
"www.google.co.uk",
"www.google.co.uz",
"www.google.co.ve",
"www.google.co.vi",
"www.google.co.za",
"www.google.co.zm",
"www.google.co.zw",
"www.google.com",
"www.google.com.af",
"www.google.com.ag",
"www.google.com.ai",
@ -571,18 +575,6 @@
"www.google.com.uy",
"www.google.com.vc",
"www.google.com.vn",
"www.google.co.mz",
"www.google.co.nz",
"www.google.co.th",
"www.google.co.tz",
"www.google.co.ug",
"www.google.co.uk",
"www.google.co.uz",
"www.google.co.ve",
"www.google.co.vi",
"www.google.co.za",
"www.google.co.zm",
"www.google.co.zw",
"www.google.cv",
"www.google.cz",
"www.google.de",
@ -668,11 +660,19 @@
"www.google.vu",
"www.google.ws",
"youtu.be",
"youtube-nocookie.com",
"youtube.com",
"youtubeeducation.com",
"youtubegaming.com",
"youtube-nocookie.com",
"yt.be",
"ytimg.com"
]
],
"matching_attributes": [
"domain",
"hostname",
"domain|ip"
],
"name": "List of known google domains",
"type": "hostname",
"version": 4
}

View File

@ -1,26 +1,8 @@
{
"description": "List of known Googlebot IP ranges (https://www.lifewire.com/what-is-the-ip-address-of-google-818153 )",
"list": [
"64.68.90.0/24",
"64.233.173.193/32",
"64.233.173.194/31",
"64.233.173.196/30",
"64.233.173.200/29",
"64.233.173.208/28",
"64.233.173.224/27",
"66.249.64.1/32",
"66.249.64.2/31",
"66.249.64.4/30",
"66.249.64.8/29",
"66.249.64.16/28",
"66.249.64.32/27",
"66.249.64.64/26",
"66.249.64.128/25",
"66.249.65.0/24",
"66.249.66.0/23",
"66.249.68.0/22",
"66.249.72.0/21",
"216.239.33.96/27",
"216.239.33.128/25",
"216.239.33.96/27",
"216.239.34.0/23",
"216.239.36.0/22",
"216.239.40.0/21",
@ -28,15 +10,33 @@
"216.239.56.0/23",
"216.239.58.0/24",
"216.239.59.0/25",
"216.239.59.128/32"
"216.239.59.128/32",
"64.233.173.193/32",
"64.233.173.194/31",
"64.233.173.196/30",
"64.233.173.200/29",
"64.233.173.208/28",
"64.233.173.224/27",
"64.68.90.0/24",
"66.249.64.1/32",
"66.249.64.128/25",
"66.249.64.16/28",
"66.249.64.2/31",
"66.249.64.32/27",
"66.249.64.4/30",
"66.249.64.64/26",
"66.249.64.8/29",
"66.249.65.0/24",
"66.249.66.0/23",
"66.249.68.0/22",
"66.249.72.0/21"
],
"type": "cidr",
"matching_attributes": [
"ip-dst",
"ip-src",
"domain|ip"
],
"name": "List of known Googlebot IP ranges",
"version": 20190724,
"description": "List of known Googlebot IP ranges (https://www.lifewire.com/what-is-the-ip-address-of-google-818153 )"
"type": "cidr",
"version": 20190724
}

View File

@ -1,14 +1,14 @@
{
"description": "Event contains one or more entries part of the IPv6 link local prefix (RFC 4291)",
"list": [
"FE80::/10"
],
"type": "cidr",
"matching_attributes": [
"ip-src",
"ip-dst",
"domain|ip"
],
"description": "Event contains one or more entries part of the IPv6 link local prefix (RFC 4291)",
"version": 2,
"name": "List of IPv6 link local blocks"
"name": "List of IPv6 link local blocks",
"type": "cidr",
"version": 2
}

View File

@ -1,12 +1,5 @@
{
"name": "Top 10K websites from Majestic Million",
"version": 20200203,
"description": "Event contains one or more entries from the top 10K of the most used websites (Majestic Million - 10K).",
"matching_attributes": [
"hostname",
"domain"
],
"type": "hostname",
"list": [
"00-tv.com",
"000webhost.com",
@ -10008,5 +10001,12 @@
"zyxel.com",
"zzu.edu.cn",
"zzz.com.ua"
]
],
"matching_attributes": [
"hostname",
"domain"
],
"name": "Top 10K websites from Majestic Million",
"type": "hostname",
"version": 20200203
}

View File

@ -1,4 +1,18 @@
{
"description": "Office 365 URLs and IP address ranges used for their attack simulator in Office 365 Threat Intelligence",
"list": [
"52.168.52.134",
"portal.docdeliveryapp.com",
"portal.docdeliveryapp.net",
"portal.docstoreinternal.com",
"portal.hardwarecheck.net",
"portal.hrsupportint.com",
"portal.payrolltooling.com",
"portal.payrolltooling.net",
"portal.prizegiveaway.net",
"portal.prizesforall.com",
"securescore-user-prod.cloudapp.net"
],
"matching_attributes": [
"ip-src",
"ip-dst",
@ -6,21 +20,7 @@
"domain|ip",
"hostname"
],
"version": 20180711,
"list": [
"52.168.52.134",
"securescore-user-prod.cloudapp.net",
"portal.docdeliveryapp.com",
"portal.hardwarecheck.net",
"portal.payrolltooling.com",
"portal.docdeliveryapp.net",
"portal.docstoreinternal.com",
"portal.prizesforall.com",
"portal.payrolltooling.net",
"portal.prizegiveaway.net",
"portal.hrsupportint.com"
],
"name": "List of known Office 365 Attack Simulator used for phishing awareness campaigns",
"description": "Office 365 URLs and IP address ranges used for their attack simulator in Office 365 Threat Intelligence",
"type": "substring"
"type": "substring",
"version": 20180711
}

View File

@ -1,6 +1,5 @@
{
"description": "Microsoft Azure Datacenter IP Ranges",
"type": "cidr",
"list": [
"104.208.0.0/19",
"104.208.128.0/17",
@ -1956,6 +1955,7 @@
"ip-dst",
"domain|ip"
],
"version": 20171229,
"name": "List of known Microsoft Azure Datacenter IP Ranges"
"name": "List of known Microsoft Azure Datacenter IP Ranges",
"type": "cidr",
"version": 20171229
}

View File

@ -1,6 +1,5 @@
{
"type": "cidr",
"name": "List of known Office 365 IP address ranges in China",
"description": "Office 365 IP address ranges in China",
"list": [
"139.217.0.0/19",
"139.217.128.0/19",
@ -76,11 +75,12 @@
"42.159.80.0/20",
"42.159.96.0/19"
],
"description": "Office 365 IP address ranges in China",
"matching_attributes": [
"ip-src",
"ip-dst",
"domain|ip"
],
"name": "List of known Office 365 IP address ranges in China",
"type": "cidr",
"version": 20171229
}

View File

@ -1,42 +1,58 @@
{
"name": "List of known Windows 10 connection endpoints",
"version": 1,
"description": "Event contains one or more entries of known Windows 10 connection endpoints (https://docs.microsoft.com/en-us/windows/privacy/manage-windows-endpoints)",
"type": "hostname",
"matching_attributes": [
"domain",
"hostname",
"domain|ip"
],
"list": [
".1.msftsrvcs.vo.llnwi.net",
".a-msedge.net",
".akamai.net",
".akamaiedge.net",
".b.akamaiedge.net",
".blob.core.windows.net",
".c-msedge.net",
".delivery.dsp.mp.microsoft.com.nsatc.net",
".dl.delivery.mp.microsoft.com",
".dscb1.akamaiedge.net",
".dscd.akamai.net",
".dspb.akamaiedge.net",
".dspg.akamaiedge.net",
".dspw65.akamai.net",
".e-msedge.net",
".g.akamai.net",
".g.akamaiedge.net",
".hwcdn.net",
".l.windowsupdate.com",
".login.msa.akadns6.net",
".m1-msedge.net",
".prod.do.dsp.mp.microsoft.com",
".s-msedge.net",
".search.msn.com",
".telecommand.telemetry.microsoft.com.akadns.net",
".tlu.dl.delivery.mp.microsoft.com",
".tlu.dl.delivery.mp.microsoft.com.c.footprint.net",
".wac.edgecastcdn.net",
".wac.phicdn.net",
".windowsupdate.com",
".wns.windows.com",
"2.dl.delivery.mp.microsoft.com",
"2.tlu.dl.delivery.mp.microsoft.com",
"3.dl.delivery.mp.microsoft.com",
"3.dl.delivery.mp.microsoft.com.c.footprint.net",
"3.tlu.dl.delivery.mp.microsoft.com",
"3.tlu.dl.delivery.mp.microsoft.com.c.footprint.net",
"a-ring.msedge.net",
"a122.dscd.akamai.net",
"a1621.g.akamai.net",
".akamaiedge.net",
".akamai.net",
".a-msedge.net",
"arc.msn.com",
"arc.msn.com.nsatc.net",
"a-ring.msedge.net",
"au.download.windowsupdate.com",
"auth.gfx.ms",
".b.akamaiedge.net",
"bing.com",
".blob.core.windows.net",
"blob.weather.microsoft.com",
"b-ring.msedge.net",
"bing.com",
"blob.weather.microsoft.com",
"candycrushsoda.king.com",
"cdn.content.prod.cms.msn.com",
"cdn.onenote.net",
"cds.d2s7q6s2.hwcdn.net",
"client-office365-tas.msedge.net",
".c-msedge.net",
"co4.telecommand.telemetry.microsoft.com.akadns.net",
"config.edge.skype.com",
"cs12.wpc.v0cdn.net",
@ -47,22 +63,14 @@
"cy2.settings.data.microsoft.com.akadns.net",
"cy2.vortex.data.microsoft.com.akadns.net",
"definitionupdates.microsoft.com",
".delivery.dsp.mp.microsoft.com.nsatc.net",
"displaycatalog.mp.microsoft.com",
".dl.delivery.mp.microsoft.com",
"dl.delivery.mp.microsoft.com",
"dm3p.wns.notify.windows.com.akadns.net",
"dmd.metaservices.microsoft.com",
"dmd.metaservices.microsoft.com.akadns.net",
"download.windowsupdate.com",
".dscb1.akamaiedge.net",
".dscd.akamai.net",
".dspb.akamaiedge.net",
".dspg.akamaiedge.net",
".dspw65.akamai.net",
"dual-a-0001.a-msedge.net",
"emdl.ws.microsoft.com",
".e-msedge.net",
"evoke-windowsservices-tas.msedge.net",
"fe2.update.microsoft.com",
"fe2.update.microsoft.com.nsatc.net",
@ -71,37 +79,31 @@
"fg.download.windowsupdate.com.c.footprint.net",
"fp.msedge.net",
"fs.microsoft.com",
".g.akamaiedge.net",
"g.akamaiedge.net",
".g.akamai.net",
"g.live.com",
"g.msn.com",
"g.msn.com.nsatc.net",
"geo-prod.do.dsp.mp.microsoft.com",
"geo-prod.do.dsp.mp.microsoft.com.nsatc.net",
"geo-prod.dodsp.mp.microsoft.com.nsatc.net",
"geover-prod.do.dsp.mp.microsoft.com",
"g.live.com",
"g.msn.com",
"g.msn.com.nsatc.net",
"go.microsoft.com",
"gpla1.wac.v2cdn.net",
".hwcdn.net",
"img-prod-cms-rt-microsoft-com.akamaized.net",
"ip5.afdorigin-prod-am02.afdogw.com",
"ipv4.login.msa.akadns6.net",
"l-ring.msedge.net",
"licensing.mp.microsoft.com",
"location-inference-westus.cloudapp.net",
"login.live.com",
".login.msa.akadns6.net",
"login.msa.akadns6.net",
"l-ring.msedge.net",
".l.windowsupdate.com",
".m1-msedge.net",
"maps.windows.com",
"mediaredirect.microsoft.com",
"modern.watson.data.microsoft.com.akadns.net",
"msftconnecttest.com",
"msftsrvcs.vo.llnwd.net",
"msnbot-65-52-108-198.search.msn.com",
"msnbot-.search.msn.com",
"msnbot-65-52-108-198.search.msn.com",
"ocos-office365-s2s.msedge.net",
"ocsp.digicert.com",
"oem.twimg.com",
@ -109,7 +111,6 @@
"outlook.office365.com",
"peer1-wst.msedge.net",
"peer4-wst.msedge.net",
".prod.do.dsp.mp.microsoft.com",
"prod.do.dsp.mp.microsoft.com",
"prod.do.dsp.mp.microsoft.com.nsatc.net",
"pti.store.microsoft.com",
@ -118,29 +119,22 @@
"query.prod.cms.rt.microsoft.com",
"ris.api.iris.microsoft.com",
"ris.api.iris.microsoft.com.akadns.net",
".search.msn.com",
"settings.data.microsoft.com",
"settings-win.data.microsoft.com",
"settings.data.microsoft.com",
"sls.update.microsoft.com",
"sls.update.microsoft.com.nsatc.net",
".s-msedge.net",
"star-mini.c10r.facebook.com",
"storecatalogrevocation.storequality.microsoft.com",
"storeedgefd.dsx.mp.microsoft.com",
"store-images.microsoft.com",
"store-images.s-microsoft.com",
"storecatalogrevocation.storequality.microsoft.com",
"storeedgefd.dsx.mp.microsoft.com",
"telecommand.telemetry.microsoft.com",
".telecommand.telemetry.microsoft.com.akadns.net",
"tile-service.weather.microsoft.com",
".tlu.dl.delivery.mp.microsoft.com",
".tlu.dl.delivery.mp.microsoft.com.c.footprint.net",
"tsfe.trafficshaping.dsp.mp.microsoft.com",
"v10.vortex-win.data.microsoft.com",
"vip5.afdorigin-prod-am02.afdogw.com",
"vip5.afdorigin-prod-ch02.afdogw.com",
".wac.edgecastcdn.net",
"wac.edgecastcdn.net",
".wac.phicdn.net",
"wac.phicdn.net",
"wallet-frontend-prod-westus.cloudapp.net",
"wallet.microsoft.com",
@ -148,10 +142,16 @@
"wdcp.microsoft.akadns.net",
"wdcp.microsoft.com",
"wildcard.twimg.com",
".windowsupdate.com",
".wns.windows.com",
"www.bing.com",
"www.microsoft.com",
"www.msftconnecttest.com"
]
],
"matching_attributes": [
"domain",
"hostname",
"domain|ip"
],
"name": "List of known Windows 10 connection endpoints",
"type": "hostname",
"version": 1
}

View File

@ -1,13 +1,5 @@
{
"name": "List of known microsoft domains",
"version": 3,
"description": "Event contains one or more entries of known microsoft domains",
"matching_attributes": [
"domain",
"hostname",
"domain|ip"
],
"type": "hostname",
"list": [
".aadrm.com",
".afx.ms",
@ -121,9 +113,9 @@
".windowsphone-int.net",
".windowsphone.com",
".windowsphone.net",
".windowsupdate.com",
".windowssearch.com",
".windowsstore.com",
".windowsupdate.com",
".wlxrs.com",
".xbox.com",
".xboxlive.com",
@ -200,5 +192,13 @@
"watson.telemetry.microsoft.com",
"www.insidersurveys.windows.com",
"za.microsoftstore.com"
]
],
"matching_attributes": [
"domain",
"hostname",
"domain|ip"
],
"name": "List of known microsoft domains",
"type": "hostname",
"version": 3
}

View File

@ -1,8 +1,5 @@
{
"description": "Event contains one or more entries from the top 500 of the most used domains (Mozilla).",
"version": 20190424,
"name": "Top 500 domains and pages from https://moz.com/top500",
"type": "hostname",
"list": [
"123-reg-expired.co.uk",
"163.com",
@ -966,5 +963,8 @@
"domain",
"uri",
"url"
]
],
"name": "Top 500 domains and pages from https://moz.com/top500",
"type": "hostname",
"version": 20190424
}

View File

@ -1,4 +1,5 @@
{
"description": "Event contains one or more entries part of the RFC 5771 multicast CIDR blocks",
"list": [
"224.0.0.0/8",
"225.0.0.0/8",
@ -17,13 +18,12 @@
"238.0.0.0/8",
"239.0.0.0/8"
],
"type": "cidr",
"matching_attributes": [
"ip-src",
"ip-dst",
"domain|ip"
],
"description": "Event contains one or more entries part of the RFC 5771 multicast CIDR blocks",
"version": 3,
"name": "List of RFC 5771 multicast CIDR blocks"
"name": "List of RFC 5771 multicast CIDR blocks",
"type": "cidr",
"version": 3
}

View File

@ -1,8 +1,75 @@
{
"name": "List of known Ovh Cluster IP",
"version": 20180222,
"description": "OVH Cluster IP address (https://docs.ovh.com/fr/hosting/liste-des-adresses-ip-des-clusters-et-hebergements-web/)",
"list": [
"137.74.180.117",
"137.74.234.211",
"137.74.48.119",
"164.132.150.73",
"164.132.235.17",
"178.32.129.72",
"178.32.138.102",
"178.32.140.171",
"178.32.140.172",
"178.32.149.185",
"178.32.17.246",
"178.32.205.96",
"178.32.52.5",
"178.32.59.150",
"178.32.59.194",
"178.33.34.108",
"178.33.38.88",
"188.165.129.145",
"188.165.130.4",
"188.165.138.2",
"188.165.139.219",
"188.165.143.16",
"188.165.143.17",
"188.165.143.18",
"188.165.143.19",
"188.165.143.2",
"188.165.143.24",
"188.165.143.3",
"188.165.143.4",
"188.165.143.40",
"188.165.143.48",
"188.165.143.50",
"188.165.143.87",
"188.165.16.78",
"188.165.23.19",
"188.165.26.160",
"188.165.29.126",
"188.165.30.41",
"188.165.31.16",
"188.165.31.17",
"188.165.31.18",
"188.165.31.19",
"188.165.31.2",
"188.165.31.24",
"188.165.31.3",
"188.165.31.4",
"188.165.31.40",
"188.165.31.48",
"188.165.31.50",
"188.165.31.87",
"188.165.4.35",
"188.165.53.185",
"188.165.59.25",
"188.165.6.20",
"188.165.6.81",
"188.165.6.82",
"188.165.61.82",
"188.165.7.16",
"188.165.7.17",
"188.165.7.18",
"188.165.7.19",
"188.165.7.2",
"188.165.7.24",
"188.165.7.3",
"188.165.7.4",
"188.165.7.40",
"188.165.7.48",
"188.165.7.50",
"188.165.7.87",
"2001:41d0:1:1b00:188:165:143:16",
"2001:41d0:1:1b00:188:165:143:17",
"2001:41d0:1:1b00:188:165:143:18",
@ -153,30 +220,24 @@
"2001:41d0:301:11::24",
"2001:41d0:301:11::25",
"2001:41d0:301:11::26",
"2001:41d0:301:1::20",
"2001:41d0:301:1::21",
"2001:41d0:301:12::2",
"2001:41d0:301:12::20",
"2001:41d0:301:12::21",
"2001:41d0:301:12::23",
"2001:41d0:301:12::24",
"2001:41d0:301:12::26",
"2001:41d0:301:1::20",
"2001:41d0:301:1::21",
"2001:41d0:301:1::23",
"2001:41d0:301:1::24",
"2001:41d0:301:1::25",
"2001:41d0:301:1::26",
"2001:41d0:301::20",
"2001:41d0:301::21",
"2001:41d0:301:2::20",
"2001:41d0:301:2::21",
"2001:41d0:301:2::23",
"2001:41d0:301:2::24",
"2001:41d0:301:2::25",
"2001:41d0:301:2::26",
"2001:41d0:301::23",
"2001:41d0:301::24",
"2001:41d0:301::25",
"2001:41d0:301::26",
"2001:41d0:301:3::20",
"2001:41d0:301:3::23",
"2001:41d0:301:3::24",
@ -218,75 +279,12 @@
"2001:41d0:301:9::24",
"2001:41d0:301:9::25",
"2001:41d0:301:9::26",
"137.74.180.117",
"137.74.234.211",
"137.74.48.119",
"164.132.150.73",
"164.132.235.17",
"178.32.129.72",
"178.32.138.102",
"178.32.140.171",
"178.32.140.172",
"178.32.149.185",
"178.32.17.246",
"178.32.205.96",
"178.32.52.5",
"178.32.59.150",
"178.32.59.194",
"178.33.34.108",
"178.33.38.88",
"188.165.129.145",
"188.165.130.4",
"188.165.138.2",
"188.165.139.219",
"188.165.143.16",
"188.165.143.17",
"188.165.143.18",
"188.165.143.19",
"188.165.143.2",
"188.165.143.24",
"188.165.143.3",
"188.165.143.4",
"188.165.143.40",
"188.165.143.48",
"188.165.143.50",
"188.165.143.87",
"188.165.16.78",
"188.165.23.19",
"188.165.26.160",
"188.165.29.126",
"188.165.30.41",
"188.165.31.16",
"188.165.31.17",
"188.165.31.18",
"188.165.31.19",
"188.165.31.2",
"188.165.31.24",
"188.165.31.3",
"188.165.31.4",
"188.165.31.40",
"188.165.31.48",
"188.165.31.50",
"188.165.31.87",
"188.165.4.35",
"188.165.53.185",
"188.165.59.25",
"188.165.61.82",
"188.165.6.20",
"188.165.6.81",
"188.165.6.82",
"188.165.7.16",
"188.165.7.17",
"188.165.7.18",
"188.165.7.19",
"188.165.7.2",
"188.165.7.24",
"188.165.7.3",
"188.165.7.4",
"188.165.7.40",
"188.165.7.48",
"188.165.7.50",
"188.165.7.87",
"2001:41d0:301::20",
"2001:41d0:301::21",
"2001:41d0:301::23",
"2001:41d0:301::24",
"2001:41d0:301::25",
"2001:41d0:301::26",
"213.186.33.16",
"213.186.33.17",
"213.186.33.18",
@ -305,6 +303,12 @@
"37.59.236.156",
"37.59.69.122",
"46.105.57.169",
"5.135.108.219",
"5.135.59.60",
"5.135.68.66",
"5.135.68.67",
"5.196.129.52",
"5.196.208.117",
"51.254.146.179",
"51.254.154.69",
"51.254.16.36",
@ -313,12 +317,6 @@
"51.254.78.227",
"51.254.94.183",
"51.255.132.41",
"5.135.108.219",
"5.135.59.60",
"5.135.68.66",
"5.135.68.67",
"5.196.129.52",
"5.196.208.117",
"79.137.112.24",
"87.98.154.146",
"87.98.230.241",
@ -435,10 +433,12 @@
"94.23.79.87",
"94.23.88.105"
],
"type": "string",
"matching_attributes": [
"ip-src",
"ip-dst",
"domain|ip"
]
],
"name": "List of known Ovh Cluster IP",
"type": "string",
"version": 20180222
}

View File

@ -25347,7 +25347,7 @@
"url",
"domain|ip"
],
"type": "hostname",
"name": "List of known public DNS resolvers expressed as hostname",
"type": "hostname",
"version": 20171224
}

View File

@ -38369,6 +38369,7 @@
"89.97.225.69",
"89.97.5.242",
"89.97.52.13",
"9.9.9.9",
"90.102.97.81",
"90.102.97.89",
"90.145.145.69",
@ -40648,15 +40649,14 @@
"99.71.229.19",
"99.72.128.193",
"99.93.97.238",
"99.99.99.193",
"9.9.9.9"
"99.99.99.193"
],
"matching_attributes": [
"ip-src",
"ip-dst",
"domain|ip"
],
"type": "string",
"name": "List of known IPv4 public DNS resolvers",
"type": "string",
"version": 20181114
}

View File

@ -1,8 +1,6 @@
{
"description": "Event contains one or more public IPv6 DNS resolvers as attribute with an IDS flag set",
"list": [
"2606:4700:4700::1111",
"2606:4700:4700::1001",
"2001:1488:800:400::130",
"2001:14b8:100:350::2",
"2001:14b8:100:8350::1",
@ -111,6 +109,8 @@
"2604:a880:1:20::c5b:1001",
"2604:a880:400:d0::6d6:2001",
"2605:f700:c0:1::1089:53ef",
"2606:4700:4700::1001",
"2606:4700:4700::1111",
"2607:fa88:1::2",
"2610:130:100:3::200",
"2610:a1:1018::22",
@ -280,7 +280,7 @@
"ip-dst",
"domain|ip"
],
"type": "string",
"name": "List of known IPv6 public DNS resolvers",
"type": "string",
"version": 20181114
}

View File

@ -1,16 +1,16 @@
{
"description": "Event contains one or more entries part of the RFC 1918 CIDR blocks",
"list": [
"10.0.0.0/8",
"172.16.0.0/12",
"192.168.0.0/16"
],
"type": "cidr",
"matching_attributes": [
"ip-src",
"ip-dst",
"domain|ip"
],
"description": "Event contains one or more entries part of the RFC 1918 CIDR blocks",
"version": 3,
"name": "List of RFC 1918 CIDR blocks"
"name": "List of RFC 1918 CIDR blocks",
"type": "cidr",
"version": 3
}

View File

@ -1,14 +1,14 @@
{
"description": "Event contains one or more entries part of the IPv6 documentation prefix (RFC 3849)",
"list": [
"2001:DB8::/32"
],
"type": "cidr",
"matching_attributes": [
"ip-src",
"ip-dst",
"domain|ip"
],
"description": "Event contains one or more entries part of the IPv6 documentation prefix (RFC 3849)",
"version": 3,
"name": "List of RFC 3849 CIDR blocks"
"name": "List of RFC 3849 CIDR blocks",
"type": "cidr",
"version": 3
}

View File

@ -1,4 +1,5 @@
{
"description": "Event contains one or more entries part of the RFC 5735 CIDR blocks - Special Use IPv4 Addresses",
"list": [
"0.0.0.0/8",
"10.0.0.0/8",
@ -7,8 +8,8 @@
"172.16.0.0/12",
"192.0.0.0/24",
"192.0.2.0/24",
"192.88.99.0/24",
"192.168.0.0/16",
"192.88.99.0/24",
"198.18.0.0/15",
"198.51.100.0/24",
"203.0.113.0/24",
@ -16,13 +17,12 @@
"240.0.0.0/4",
"255.255.255.255/32"
],
"type": "cidr",
"matching_attributes": [
"ip-src",
"ip-dst",
"domain|ip"
],
"description": "Event contains one or more entries part of the RFC 5735 CIDR blocks - Special Use IPv4 Addresses",
"version": 3,
"name": "List of RFC 5735 CIDR blocks"
"name": "List of RFC 5735 CIDR blocks",
"type": "cidr",
"version": 3
}

View File

@ -1,14 +1,14 @@
{
"description": "Event contains one or more entries part of the RFC 6598 CIDR blocks - Special Use IPv4 Addresses",
"list": [
"100.64.0.0/10"
],
"type": "cidr",
"matching_attributes": [
"ip-src",
"ip-dst",
"domain|ip"
],
"description": "Event contains one or more entries part of the RFC 6598 CIDR blocks - Special Use IPv4 Addresses",
"version": 3,
"name": "List of RFC 6598 CIDR blocks"
"name": "List of RFC 6598 CIDR blocks",
"type": "cidr",
"version": 3
}

View File

@ -1,11 +1,9 @@
{
"description": "Event contains one or more entries part of the RFC 6761 Special-Use Domain Names",
"list": [
"example.com",
"example.net",
"example.org",
"10.in-addr.arpa",
"16.172.in-addr.arpa",
"168.192.in-addr.arpa",
"17.172.in-addr.arpa",
"18.172.in-addr.arpa",
"19.172.in-addr.arpa",
@ -21,14 +19,16 @@
"29.172.in-addr.arpa",
"30.172.in-addr.arpa",
"31.172.in-addr.arpa",
"168.192.in-addr.arpa"
"example.com",
"example.net",
"example.org"
],
"matching_attributes": [
"hostname",
"domain",
"domain|ip"
],
"type": "string",
"name": "List of RFC 6761 Special-Use Domain Names",
"type": "string",
"version": 1
}

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

View File

@ -1,20 +1,13 @@
{
"name": "List of known sinkholes",
"version": 1,
"description": "List of known sinkholes",
"matching_attributes": [
"ip-src",
"ip-dst"
],
"type": "cidr",
"list": [
"104.155.11.149",
"104.244.12.0/22",
"106.187.96.49",
"109.74.196.143",
"136.161.101.53",
"131.253.18.11",
"131.253.18.12",
"136.161.101.53",
"139.146.167.25",
"142.0.36.234",
"143.215.130.0/24",
@ -75,8 +68,8 @@
"86.124.164.25",
"87.106.140.254",
"87.106.141.15",
"87.106.240.162",
"87.106.24.200",
"87.106.240.162",
"87.106.250.34",
"87.106.26.9",
"87.106.86.28",
@ -87,5 +80,12 @@
"94.23.175.2",
"95.211.172.143",
"95.211.174.92"
]
],
"matching_attributes": [
"ip-src",
"ip-dst"
],
"name": "List of known sinkholes",
"type": "cidr",
"version": 1
}

View File

@ -1,4 +1,5 @@
{
"description": "Event contains one or more TLDs as attribute with an IDS flag set",
"list": [
"AAA",
"AARP",
@ -1297,8 +1298,7 @@
"domain",
"domain|ip"
],
"name": "TLDs as known by IANA",
"type": "string",
"description": "Event contains one or more TLDs as attribute with an IDS flag set",
"version": 6,
"name": "TLDs as known by IANA"
"version": 6
}

View File

@ -1,8 +1,5 @@
{
"description": "Event contains one or more entries from the top 1,000,000 most-used sites (Tranco).",
"version": 20200305,
"name": "Top 1,000,000 most-used sites from Tranco",
"type": "hostname",
"list": [
"0-1.ir",
"0-1.ru",
@ -1000010,5 +1000007,8 @@
"domain",
"url",
"domain|ip"
]
],
"name": "Top 1,000,000 most-used sites from Tranco",
"type": "hostname",
"version": 20200305
}

File diff suppressed because it is too large Load Diff

View File

@ -1,21 +1,11 @@
{
"name": "List of known URL Shorteners domains",
"version": 7,
"description": "Event contains one or more entries of known Shorteners domains",
"matching_attributes": [
"domain",
"hostname",
"domain|ip",
"url",
"uri"
],
"type": "hostname",
"list": [
"1url.com",
"adcraft.co",
"adcrun.ch",
"adflav.com",
"adf.ly",
"adflav.com",
"aka.gr",
"amzn.to",
"bc.vc",
@ -42,11 +32,12 @@
"hyperurl.co",
"id.tl",
"iplogger.com",
"iplogger.org",
"is.gd",
"ity.im",
"j.mp",
"linkto.im",
"link.zip.net",
"linkto.im",
"lnk.co",
"lnk.direct",
"lnkd.in",
@ -61,24 +52,24 @@
"q.gs",
"qr.ae",
"qr.net",
"s.rlp.de",
"scrnch.me",
"shortquik.com",
"sk.gy",
"smarturl.it",
"snip.ly",
"su.pr",
"s.rlp.de",
"t.co",
"tinyarrows.com",
"tiny.cc",
"tinyarrows.com",
"tinyurl.com",
"tota2.com",
"tr.im",
"tweez.me",
"twitthis.com",
"u.bb",
"urlz.fr",
"u.to",
"urlz.fr",
"v.gd",
"vzturl.com",
"wp.me",
@ -88,7 +79,16 @@
"yourls.org",
"youtu.be",
"yu2.it",
"zpag.es",
"iplogger.org"
]
"zpag.es"
],
"matching_attributes": [
"domain",
"hostname",
"domain|ip",
"url",
"uri"
],
"name": "List of known URL Shorteners domains",
"type": "hostname",
"version": 7
}

View File

@ -1,15 +1,5 @@
{
"name": "List of known domains to know external IP",
"version": 7,
"description": "Event contains one or more entries of known 'what's my ip' domains",
"matching_attributes": [
"domain",
"hostname",
"domain|ip",
"uri",
"url"
],
"type": "hostname",
"list": [
"2ip.ru",
"2ip.tools",
@ -18,6 +8,8 @@
"api.wipmania.com",
"bearsmyip.com",
"bot.whatismyipaddress.com",
"check-my-ip.net",
"checkip-waw.dyndns.com",
"checkip.amazonaws.com",
"checkip.dns.he.net",
"checkip.dyndns.com",
@ -25,8 +17,6 @@
"checkip.dyndns.org",
"checkip.narak.com",
"checkmyip.com",
"check-my-ip.net",
"checkip-waw.dyndns.com",
"cmyip.com",
"cmyip.net",
"crymyip.com",
@ -38,13 +28,14 @@
"dpool.sina.com.cn",
"e-localizaip.com",
"extreme-ip-lookup.com",
"findmyipaddress.com",
"findmyip.org",
"findmyipaddress.com",
"formyip.com",
"freegeoip.app",
"freegeoip.live",
"geoip.co.uk",
"geoiptool.com",
"geoip.vmn.net",
"geoiptool.com",
"get-myip.com",
"getmyip.org",
"hostip.info",
@ -56,72 +47,73 @@
"ilmioip.it",
"indirizzo-ip.com",
"inet-ip.info",
"ip138.com",
"ip-1.com",
"ip2location.com",
"ip2nation.com",
"ip4.me",
"ip-addr.es",
"ip-address.cc",
"ipaddresscheck.com",
"ipaddress.com",
"ipaddress.org",
"ip-address.ru",
"ip-adress.com",
"ip-adress.eu",
"ip.amulex.com",
"ip.anysrc.net",
"ip-api.com",
"ip.cctv.pk",
"ipchecker.info",
"ip-check.info",
"ipchicken.com",
"ip.chinaz.com",
"ip.cn",
"ip-detect.net",
"ipecho.net",
"ipify.org",
"ipinfodb.com",
"ipinfo.info",
"ipinfo.io",
"ip-info.ff.avast.com",
"ip-info.org",
"ip-info.xyz",
"ip-ping.ru",
"ip-score.com",
"ip-secrets.com",
"ip-who-is.com",
"ip-whois.net",
"ip.amulex.com",
"ip.anysrc.net",
"ip.cctv.pk",
"ip.chinaz.com",
"ip.cn",
"ip.my-proxy.com",
"ip.taobao.com",
"ip.tool.la",
"ip.tyk.nu",
"ip.webmasterhome.cn",
"ip138.com",
"ip2location.com",
"ip2nation.com",
"ip4.me",
"ipaddress.com",
"ipaddress.org",
"ipaddresscheck.com",
"ipapi.co",
"ipchecker.info",
"ipchicken.com",
"ipecho.net",
"ipify.org",
"ipinfo.info",
"ipinfo.io",
"ipinfodb.com",
"ipleak.net",
"iplocation.net",
"iplogger.ru",
"ipmonkey.com",
"ip.my-proxy.com",
"ip-ping.ru",
"ip-score.com",
"ip-secrets.com",
"ip.taobao.com",
"ip.tool.la",
"iptrackeronline.com",
"ip.tyk.nu",
"ipv4bot.whatismyipaddress.com",
"ipv6bot.whatismyipaddress.com",
"ipv6-test.com",
"ip.webmasterhome.cn",
"ip-who-is.com",
"ip-whois.net",
"l2.io",
"ipv6bot.whatismyipaddress.com",
"keliweb.it/mioip.php",
"l2.io",
"localizaip.com.br",
"meip.eu",
"meuip.net.br",
"mioip.ch",
"mio-ip.it",
"mioip.biz",
"mioip.ch",
"mioip.info",
"mioip.it",
"mioip.org",
"mioip.win",
"mio-ip.it",
"mon-ip.com",
"my-ip-address.net",
"mycamip.com",
"myexternalip.com",
"myglobalip.com",
"myipaddress.com",
"my-ip-address.net",
"myip.am",
"myip.by",
"myip.cc",
@ -129,10 +121,10 @@
"myip.ch",
"myip.cn",
"myip.co.il",
"myip.co.nz",
"myip.com.br",
"myip.com.tw",
"myip.com.ua",
"myip.co.nz",
"myip.cz",
"myip.dk",
"myip.dnsdynamic.org",
@ -146,7 +138,6 @@
"myip.heltech.se",
"myip.ht",
"myip.info",
"myipinfo.net",
"myip.io",
"myip.is",
"myip.israel.net",
@ -161,10 +152,8 @@
"myip.nl",
"myip.nmonitoring.com",
"myip.northstate.net",
"myipnow.com",
"myip.nu",
"myipnumber.com",
"myiponline.com",
"myip.opendns.com",
"myip.ozymo.com",
"myip.report",
"myip.rs.sr",
@ -180,20 +169,25 @@
"myip.uconn.edu",
"myip.v6shell.org",
"myip.zone",
"myipaddress.com",
"myipinfo.net",
"myipnow.com",
"myipnumber.com",
"myiponline.com",
"mylocation.org",
"readip.info",
"shmyip.com",
"show-ip.com",
"showipinfo.net",
"show-my-ip.de",
"showip.net",
"showipinfo.net",
"showmemyip.com",
"showmyipaddress.com",
"showmyipaddress.eu",
"showmyip.co.uk",
"showmyip.com",
"showmyip.com.ar",
"showmyip.co.uk",
"show-my-ip.de",
"showmyip.gr",
"showmyipaddress.com",
"showmyipaddress.eu",
"showmyipnow.com",
"smart-ip.net",
"tell-my-ip.com",
@ -207,23 +201,24 @@
"vermiip.es",
"vinflag.com",
"whatismybrowser.com",
"whatismyipaddress.com",
"whatismyip.akamai.com",
"whatismyip.ca",
"whatismyip.com",
"whatismyip.com.br",
"whatismyip.everdot.org",
"whatismyip.li",
"whatismyip.net",
"whatismyip.org",
"whatismyipaddress.com",
"whatismypublicip.com",
"whatmyip.us",
"whatsmyipaddress.com",
"whatsmyipaddress.net",
"whats-my-ip-address.org",
"whatsmyip.ie",
"whatsmyip.net",
"whatsmyip.org",
"whatsmyip.us",
"whatsmyipaddress.com",
"whatsmyipaddress.net",
"whereisip.net",
"whoer.net",
"wtfismyip.com",
@ -232,11 +227,16 @@
"yougetsignal.com",
"youip.net",
"your-ip-address.com",
"yourip.us",
"myip.opendns.com",
"whatismyip.everdot.org",
"ip-info.ff.avast.com",
"ipapi.co",
"freegeoip.live"
]
"yourip.us"
],
"matching_attributes": [
"domain",
"hostname",
"domain|ip",
"uri",
"url"
],
"name": "List of known domains to know external IP",
"type": "hostname",
"version": 7
}

View File

@ -1,8 +1,5 @@
{
"name": "List of known Wikimedia address ranges",
"version": 20190912,
"description": "Wikimedia address ranges (http://noc.wikimedia.org/conf/reverse-proxy.php.txt)",
"type": "cidr",
"list": [
"208.80.153.0/27",
"208.80.153.32/27",
@ -27,5 +24,8 @@
"ip-src",
"ip-dst",
"domain|ip"
]
],
"name": "List of known Wikimedia address ranges",
"type": "cidr",
"version": 20190912
}

View File

@ -1,42 +1,40 @@
{
"$schema": "http://json-schema.org/schema#",
"title": "Validator for misp-warninglists",
"id": "https://www.github.com/MISP/misp-warninglists/schema.json",
"type": "object",
"additionalProperties": false,
"id": "https://www.github.com/MISP/misp-warninglists/schema.json",
"properties": {
"description": {
"type": "string"
},
"list": {
"items": {
"type": "string"
},
"type": "array",
"uniqueItems": true
},
"matching_attributes": {
"items": {
"type": "string"
},
"type": "array",
"uniqueItems": true
},
"name": {
"type": "string"
},
"version": {
"type": "integer"
},
"list": {
"type": "array",
"uniqueItems": true,
"items": {
"type": "string"
}
},
"type": {
"type": "string",
"enum": [
"string",
"substring",
"hostname",
"cidr",
"regex"
]
},
"matching_attributes": {
"type": "array",
"uniqueItems": true,
"items": {
],
"type": "string"
}
},
"version": {
"type": "integer"
}
},
"required": [
@ -45,5 +43,7 @@
"version",
"name",
"type"
]
],
"title": "Validator for misp-warninglists",
"type": "object"
}

View File

@ -8,38 +8,36 @@ import datetime
url = 'https://raw.githubusercontent.com/krassi/covid19-related/master/whitelist-domains.txt'
r = requests.get(url)
whitelist = r.text
whitelist = whitelist.split()
whitelist = list(set(whitelist.split()))
warninglist = {
'name': 'Covid-19 Krassi\'s Whitelist',
'uuid': 'b600900c-aacc-4860-acf4-7e24a1b08202',
'description': 'Krassimir\'s Covid-19 whitelist of known good Covid-19 related websites.',
'type': 'hostname',
'matching_attributes': ['domain', 'hostname', 'url'],
'version': int(datetime.date.today().strftime('%Y%m%d')),
'list': whitelist
'list': sorted(whitelist)
}
with open('../lists/covid-19-krassi-whitelist/list.json', 'w+') as data_file:
json.dump(warninglist, data_file, indent=4, sort_keys=True)
json.dump(warninglist, data_file, indent=2, sort_keys=True)
url = 'https://raw.githubusercontent.com/Cyber-Threat-Coalition/goodlist/master/hostnames.txt'
r = requests.get(url)
whitelist = r.text
whitelist = whitelist.split()
whitelist = list(set(whitelist.split()))
warninglist = {
'name': 'Covid-19 Cyber Threat Coalition\'s Whitelist',
'uuid': '535002a9-0dec-4363-b29b-1b365cff060d',
'description': 'The Cyber Threat Coalition\'s whitelist of COVID-19 related websites.',
'type': 'hostname',
'matching_attributes': ['domain', 'hostname', 'url'],
'version': int(datetime.date.today().strftime('%Y%m%d')),
'list': whitelist
'list': sorted(whitelist)
}
with open('../lists/covid-19-cyber-threat-coalition-whitelist/list.json', 'w+') as data_file:
json.dump(warninglist, data_file, indent=4, sort_keys=True)
json.dump(warninglist, data_file, indent=2, sort_keys=True)

15
tools/make_list_unique.py Normal file
View File

@ -0,0 +1,15 @@
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from pathlib import Path
import json
for p in Path('../lists/').glob('*/*.json'):
with p.open() as _f:
warninglist = json.load(_f, encoding="utf-8")
warninglist['list'] = sorted(list(set(warninglist['list'])))
with p.open('w') as _f:
warninglist = json.dump(warninglist, _f, indent=2, sort_keys=True, ensure_ascii=False)
_f.write('\n')