diff --git a/README.md b/README.md index cc4d3c6..93a0279 100755 --- a/README.md +++ b/README.md @@ -26,6 +26,7 @@ are available in one of the list. The list can be globally enabled or disabled i - [lists/rfc3849](lists/rfc3849) - RFC 3849 - Documentation prefix for ipv6 - [lists/rfc5735](lists/rfc5735) - RFC 5735 CIDR blocks - Special Use IPv4 Addresses - [lists/rfc6598](lists/rfc6598) - RFC 6598 IANA-Reserved IPv4 Prefix for Shared Address Space (Carrier- Grade NAT (CGN) devices) +- [lists/security-provider-blogpost](lists/security-provider-blogpost) - Security providers or vendors blog domains - [lists/second-level-tlds](lists/second-level-tlds) - Mozilla list of second level top-level domains - [lists/tlds](lists/tlds) - top-level domains - [lists/whats-my-ip](lists/whats-my-ip) - "What's my IP" service diff --git a/lists/security-provider-blogpost/list.json b/lists/security-provider-blogpost/list.json new file mode 100644 index 0000000..cc83d77 --- /dev/null +++ b/lists/security-provider-blogpost/list.json @@ -0,0 +1,735 @@ +{ + "name": "List of known security providers/vendors blog domain", + "version": 1, + "description": "Event contains one or more entries of known security providers/vendors blog domain with an IDS flag set", + "matching_attributes": [ + "domain", + "domain|ip", + "hostname", + "url", + "uri", + "link" + ], + "type": "hostname", + "list": [ + "www.crowdstrike.com", + "technet.microsoft.com", + "www.cve.mitre.org", + "cve.circl.lu", + "www.f-secure.com", + "info.baesystemsdetica.com", + "www.fireeye.com", + "www.welivesecurity.com", + "github.com", + "www.alienvault.com", + "www.virustotal.com", + "labs.bitdefender.com", + "citizenlab.org", + "normanshark.com", + "blog.crysys.hu", + "www.circl.lu", + "www.symantec.com", + "www.securelist.com", + "www.crysys.hu", + "www.trendmicro.com", + "www.threatconnect.com", + "zairon.wordpress.com", + "www.lancope.com", + "cdn.securelist.com", + "malwr.com", + "community.rapid7.com", + "www.cert.pl", + "www.secureworks.com", + "blog.malwaretracker.com", + "blogs.cisco.com", + "joedd.joesecurity.org", + "blogs.technet.com", + "www.malwaretracker.com", + "eromang.zataz.com", + "blog.trendmicro.com", + "www.ca.com", + "www.cybersquared.com", + "sophosnews.files.wordpress.com", + "nakedsecurity.sophos.com", + "blogs.norman.com", + "enterprise.norman.com", + "blogs.rsa.com", + "www.google.com", + "www.sophos.com", + "www.threatexpert.com", + "pastebin.com", + "www.securelist.com", + "www.seculert.com", + "resources.infosecinstitute.com", + "www.mcafee.com", + "blogs.mcafee.com", + "threatgeek.typepad.com", + "podcasts.mcafee.com", + "www.mandiant.com", + "urlquery.net", + "contagiodump.blogspot.be", + "lab.anchiva.com", + "informationonsecurity.blogspot.be", + "permalink.gmane.org", + "research.zscaler.com", + "iocbucket.com", + "www.mysonicwall.com", + "labs.alienvault.com", + "www.malware.lu", + "raw.github.com", + "blog.fox-it.com", + "malwarelab.zendesk.com", + "cyb3rsleuth.blogspot.be", + "cyb3rsleuth.blogspot.co.uk", + "dns.robtex.com", + "www.cyberengineeringservices.com", + "about-threats.trendmicro.com", + "my.opera.com", + "technet.microsoft.com", + "community.qualys.com", + "blog.bit9.com", + "community.websense.com", + "malware.dontneedcoffee.com", + "www.kahusecurity.com", + "www.deependresearch.org", + "blog.erratasec.com", + "www.checkpoint.com", + "www.arbornetworks.com", + "www.fidelissecurity.com", + "www.threatgeek.com", + "techanarchy.net", + "www.circl.lu", + "www.microsoft.com", + "www.facebook.com", + "vrt-blog.snort.org", + "blog.cylance.com", + "blogs.rsa.com", + "www.emc.com", + "www.cyphort.com", + "securityaffairs.co", + "zulu.zscaler.com", + "blogs.cisco.com", + "cryptome.org", + "eternal-todo.com", + "remchp.com", + "publicintelligence.net", + "info.publicintelligence.net", + "www.bleepingcomputer.com", + "blog.mxlab.eu", + "tools.cisco.com", + "www.isightpartners.com", + "phishme.com", + "www.bluecoat.com", + "publicintelligence.net", + "www.vxsecurity.sg", + "www.theregister.co.uk", + "feodotracker.abuse.ch", + "www.abuse.ch", + "intelcrawler.com", + "blog.malwaremustdie.org", + "blog.cassidiancybersecurity.com", + "phishing-mails.blogspot.de", + "securelist.com", + "securityblog.switch.ch", + "blog.trendmicro.de", + "www.bluecoat.com", + "25zbkz3k00wn2tp5092n6di7b5k.wpengine.netdna-cdn.com", + "ics-cert.us-cert.gov", + "usa.kaspersky.com", + "www.ewon.be", + "ics-cert.us-cert.gov", + "threatpost.com", + "securityledger.com", + "www.baesystems.com", + "www.virusbtn.com", + "securelist.com", + "kasperskycontenthub.com", + "isc.sans.edu", + "holisticinfosec.org", + "www.shodanhq.com", + "www.f-secure.com", + "www.kpmg.com", + "tif.mcafee.com", + "blog.dynamoo.com", + "bartblaze.blogspot.be", + "blog.rootshell.be", + "www.lacoon.com", + "code4hk.hackpad.com", + "www.kam.lt", + "labs.opendns.com", + "gist.github.com", + "gist.githubusercontent.com", + "news.drweb.com", + "researchcenter.paloaltonetworks.com", + "r.virscan.org", + "www.volexity.com", + "blog.9bplus.com", + "docs.google.com", + "henrybasset.blogspot.be", + "blog.crowdstrike.com", + "www.nccgroup.com", + "www.novetta.com", + "totalhash.com", + "www.tigersecurity.pro", + "pwc.blogs.com", + "2014.hack.lu", + "twitter.com", + "forum.computerbetrug.de", + "novetta.com", + "raw.githubusercontent.com", + "b161268c3bf5a87bc67309e7c870820f5f39f672.googledrive.com", + "www.csis.dk", + "blog.gdatasoftware.com", + "public.gdatasoftware.com", + "lockboxx.blogspot.com.es", + "www.thesafemac.com", + "www.alienvault.com", + "www.macrumors.com", + "www.securemac.com", + "www.macworld.com", + "www.intego.com", + "code.google.com", + "www.paloaltonetworks.com", + "whoisology.com", + "business.kaspersky.com", + "blog.kaspersky.com", + "targetedthreats.net", + "blogs.sophos.com", + "www.whoismind.com", + "blog.fireeye.com", + "sub0day.com", + "www.virusradar.com", + "blog.malwarebytes.org", + "www.netresec.com", + "contagiodump.blogspot.com.es", + "www.nsslabs.com", + "home.mcafee.com", + "drive.google.com", + "0x1338.blogspot.be", + "2014.zeronights.ru", + "www.bsk-consulting.de", + "firstlook.org", + "www.fireeye.com", + "t.co", + "mobile.twitter.com", + "www2.fireeye.com", + "www.abuse.ch", + "www.cylance.com", + "www.robtex.com", + "www.scam.cz", + "www.phishtank.com", + "blog.sucuri.net", + "www.kernelmode.info", + "www.prnewswire.com", + "comgenjournal.blogspot.be", + "blog.didierstevens.com", + "didierstevens.com", + "app.threatconnect.com", + "www.us-cert.gov", + "www.fox-it.com", + "www.heise.de", + "events.ccc.de", + "malware.prevenity.com", + "journeyintoir.blogspot.de", + "blog.dragonthreatlabs.com", + "insider.domaintools.com", + "www.norse-corp.com", + "www.virustotal.com", + "doc.emergingthreats.net", + "lavasoft.com", + "www.spiegel.de", + "lol.garena.tw", + "www.codeandsec.com", + "www.blackhat.com", + "seclists.org", + "blog.cert.societegenerale.com", + "blog.0x3a.com", + "www.sophos.com", + "bgpranking.circl.lu", + "vms.drweb.com", + "ubuntuforums.org", + "morris.guru", + "www.invincea.com", + "info.isightpartners.com", + "contagiodump.blogspot.de", + "kyuutaro.wordpress.com", + "morphians.wordpress.com", + "vb.vip600.com", + "www.serkey.com", + "www.daniweb.com", + "edu.arabsgate.com", + "motherboard.vice.com", + "www.trustwave.com", + "helpx.adobe.com", + "blog.shadowserver.org", + "malware-traffic-analysis.net", + "labs.umbrella.com", + "stopmalvertising.com", + "www.malware.unam.mx", + "persaxac.blogspot.be", + "wepawet.iseclab.org", + "www.malware-traffic-analysis.net", + "www.packetmail.net", + "lists.clean-mx.com", + "malwaredb.malekal.com", + "labs.opendns.com", + "www.proofpoint.com", + "isc.sans.edu", + "kc.mcafee.com", + "ioc.forensicartifacts.com", + "dnsdb.isc.org", + "labs.m86security.com", + "www.cyberesi.com", + "www.commandfive.com", + "extraexploit.blogspot.com", + "morphick.net", + "ddos.arbornetworks.com", + "alienvault-labs-garage.googlecode.com", + "www.digitalbond.com", + "blog.ioactive.com", + "ossectools.blogspot.be", + "sec.sexy", + "www.pandasecurity.com", + "www.rackspace.com", + "telussecuritylabs.com", + "securityintelligence.com", + "blogs.mcafee.com", + "gtrack.h3x.eu", + "now.avg.com", + "boomstick.emergingthreats.net", + "portal.sec.ibm.com", + "camas.comodo.com", + "ocelot.li", + "yararules.com", + "virusradar.com", + "sjc1-te-ftp.trendmicro.com", + "cdn.securelist.com", + "www.marc.info", + "labs.snort.org", + "labs.snort.org", + "www.liveleak.com", + "blog.sucuri.net", + "shoplift.byte.nl", + "heimdalsecurity.com", + "techhelplist.com", + "www.threattracksecurity.com", + "www.mediafire.com", + "la.trendmicro.com", + "kasperskycontenthub.com", + "www.malwaredigger.com", + "krebsonsecurity.com", + "blog.appriver.com", + "middleeastmalware.blogspot.com", + "www.hybrid-analysis.com", + "webcache.googleusercontent.com", + "drops.wooyun.org", + "malwarefor.me", + "www.dropbox.com", + "www.antiy.net", + "groups.google.com", + "www.clearskysec.com", + "virustotal.com", + "cyberx-labs.com", + "zeustracker.abuse.ch", + "documents.trendmicro.com", + "blog.idiom.ca", + "malwareconfig.com", + "contagiodump.blogspot.com", + "www.cyberoam.com", + "christophe.rieunier.name", + "blog.team-cymru.org", + "live.paloaltonetworks.com", + "passivedns.mnemonic.no", + "infotomb.com", + "www.threatstream.com", + "cryptam.com", + "info.publicintelligence.net", + "securityblog.s21sec.com", + "netzpolitik.org", + "www.rooksecurity.com", + "asert.arbornetworks.com", + "www.slideshare.net", + "malware-research.org", + "www.defcon.org", + "s3-us-west-2.amazonaws.com", + "www.passivetotal.org", + "www.4armed.com", + "www.reddit.com", + "www.cyintanalysis.com", + "www.damballa.com", + "otx.alienvault.com", + "blog.ropchain.com", + "kernelmode.info", + "www.symantec.com", + "blog.fortinet.com", + "www.eff.org", + "exchange.xforce.ibmcloud.com", + "pages.arbornetworks.com", + "www.csis.dk", + "labsblog.f-secure.com", + "nakedsecurity.sophos.com", + "www.govcert.admin.ch", + "blog.kleissner.org", + "www.sekoia.fr", + "cdn2.hubspot.net", + "blog.cari.net", + "www.kudelskisecurity.com", + "cyber-peace.org", + "dea.gov.ge", + "go.recordedfuture.com", + "arstechnica.co.uk", + "thisissecurity.net", + "www.coresecurity.com", + "www.fortinet.com", + "www.drchaos.com", + "talosintel.com", + "cymon.io", + "www.reverse.it", + "news.netcraft.com", + "www.lexsi.com", + "passivetotal.org", + "cdn2.hubspot.net", + "blog.checkpoint.com", + "blog.pagefair.com", + "hybrid-analysis.com", + "www.fidelissecurity.com", + "download01.norman.no", + "serveradmin.ru", + "blog.airbuscybersecurity.com", + "bartblaze.blogspot.com", + "www.cmcm.com", + "kz-cert.kz", + "download.microsoft.com", + "www.rsaconference.com", + "s3-eu-west-1.amazonaws.com", + "en.community.dell.com", + "blog.safebit.mn", + "labs.lastline.com", + "infoarmor.com", + "reaqta.com", + "myonlinesecurity.co.uk", + "easyviruskilling.com", + "sensorstechforum.com", + "blog.talosintel.com", + "malwrpost.wordpress.com", + "puluka.com", + "proofpoint.com", + "www.root9b.com", + "blog.jpcert.or.jp", + "www.novetta.com", + "sites.google.com", + "cve.circl.lu", + "www.cloudsek.com", + "ics.sans.org", + "mobile.reuters.com", + "malwarejake.blogspot.fr", + "blog.sensecy.com", + "cys-centrum.com", + "blogs.quickheal.com", + "www.proofpoint.com", + "mlwre.github.io", + "www.ibpt.be", + "fe-ddis.dk", + "blog.knownsec.com", + "cert.gov.ua", + "labs.sucuri.net", + "blogs.forcepoint.com", + "blog.malwareclipboard.com", + "securityfactory.tistory.com", + "www.hauri.co.kr", + "pastebin.lu", + "blog.passivetotal.org", + "stackoverflow.com", + "blogs.forcepoint.com", + "www.cylance.com", + "www.operationblockbuster.com", + "v2ex.com", + "blog.linuxmint.com", + "reverse.put.as", + "www.threatstop.com", + "zaufanatrzeciastrona.pl", + "blog.xanda.org", + "freebeacon.com", + "en.wikipedia.org", + "foxglovesecurity.com", + "access.redhat.com", + "reqrypt.org", + "threatbook.cn", + "www.verfassungsschutz.de", + "www.listaspam.com", + "sync.me", + "labs.bitdefender.com", + "download.bitdefender.com", + "b0n1.blogspot.fr", + "marcoramilli.blogspot.dk", + "nyxbone.com", + "www.gdata.fr", + "blog.eset.ie", + "www.link11.de", + "www.microsoft.com", + "www.talosintel.com", + "blog.threatstop.com", + "blog.fox-it.com", + "virustotal.com", + "blog.gdatasoftware.com", + "www.aptgroups.com", + "digital-forensics.sans.org", + "resources.sei.cmu.edu", + "paloaltonetworks.com", + "threatpost.com", + "missatsamtal.se", + "www.arbornetworks.com", + "www.endgame.com", + "blogs.technet.microsoft.com", + "www.sentinelone.com", + "blog.cylance.com", + "baesystemsai.blogspot.lu", + "ddanchev.blogspot.com", + "baesystemsai.blogspot.fr", + "www.zscaler.com", + "community.ubnt.com", + "www.melani.admin.ch", + "www.kaspersky.com", + "artemonsecurity.com", + "blog.anomali.com", + "www.secureworks.com", + "www.govcert.admin.ch", + "www.infosecdailynews.com", + "williamshowalter.com", + "securelist.ru", + "newsroom.trendmicro.com", + "www.419scam.org", + "www.slideshare.net", + "breakingmalware.com", + "www.malware-reversing.com", + "www.xylibox.com", + "helpx.adobe.com", + "www.isightpartners.com", + "www.lac.co.jp", + "www.crowdstrike.com", + "community.blueliv.com", + "blog.fortinet.com", + "www.securityweek.com", + "recon.cx", + "takahiroharuyama.github.io", + "blog.emsisoft.com", + "blog.malwarebytes.com", + "blog.avast.com", + "bitninja.io", + "www.cymmetria.com", + "luminosity.link", + "www.aqniu.com", + "threatconnect.com", + "www.threatminer.org", + "sentinelone.com", + "securityintelligence.com", + "www.threatconnect.com", + "www.youtube.com", + "www.washingtontimes.com", + "www.hotforsecurity.com", + "kas.pr", + "blog.deniable.org", + "www.broadanalysis.com", + "krebsonsecurity.com", + "bizlive.vn", + "e.gov.vn", + "info.phishlabs.com", + "thisissecurity.net", + "reversewhois.domaintools.com", + "vms.drweb.ru", + "iranthreats.github.i", + "info.lookout.com", + "www.prensa.com", + "www.wirtschaftsschutz.info", + "app.response.ncr.com", + "www.intego.com", + "iranthreats.github.io", + "www.wipo.int", + "virusguides.com", + "joesecurity.org", + "www.blueliv.com", + "www.nyxbone.com", + "paper.seebug.org", + "malwarebreakdown.com", + "www.dshield.org", + "www.flashpoint-intel.com", + "www.cert.ssi.gouv.fr", + "pastebin.com", + "www.skycure.com", + "soc.tdc.dk", + "www.blacknurse.dk", + "rednaga.io", + "bartblaze.blogspot.lu", + "badcyber.com", + "detux.org", + "www.nbu.gov.sk", + "pytosquatting.org", + "cysinfo.com", + "garwarner.blogspot.lu", + "www.bleepingcomputer.com", + "blog.netlab.360.com", + "ics-cert.kaspersky.com", + "www.group-ib.com", + "researchcenter.paloaltonetworks.com", + "dirtycow.ninja", + "autofocus.paloaltonetworks.com", + "www.agi.it", + "bartblaze.blogspot.com", + "security.web.cern.ch", + "wiki.egi.eu", + "blog.opendns.com", + "www.cert.pl", + "benkowlab.blogspot.fr", + "translate.google.com", + "securingtomorrow.mcafee.com", + "www.wordfence.com", + "blog.0day.jp", + "enigma0x3.net", + "cyber.wtf", + "niebezpiecznik.pl", + "www.digitalshadows.com", + "baesystemsai.blogspot.com", + "cyberx-labs.com", + "www.rsa.com", + "censys.io", + "blog.talosintelligence.com", + "www.guardicore.com", + "ghostbin.com", + "www.riskiq.com", + "arstechnica.com", + "zerophagemalware.com", + "sandbox.deepviz.com", + "marcmaiffret.com", + "www.cyphort.com", + "sslbl.abuse.ch", + "sf.riskiq.net", + "productforums.google.com", + "research.riskiq.net", + "blog.domaintools.com", + "myonlinesecurity.co.uk", + "www.welivesecurity.com", + "contagiodump.blogspot.lu", + "www.pwc.co.uk", + "security.googleblog.com", + "securitymadein.lu", + "blog.cyber4sight.com", + "sitecheck.sucuri.net", + "medium.com", + "www.cybermerchantsofdeath.com", + "documents.trendmicro.com", + "plus.google.com", + "www.helpnetsecurity.com", + "www.cyberscoop.com", + "blockchain.info", + "www.malwaretech.com", + "web.archive.org", + "blog.secdo.com", + "www.recordedfuture.com", + "theintercept.com", + "assets.documentcloud.org", + "panacea.threatgrid.com", + "dragos.com", + "www.bellingcat.com", + "www.nytimes.com", + "www.pwc.co.uk", + "marcoramilli.blogspot.it", + "blog.morphisec.com", + "forums.malwarebytes.com", + "threatintel.proofpoint.com", + "www.ad.nl", + "support.microsoft.com", + "blog.trendmicro.com", + "attack.mitre.org", + "blog.kaspersky.com", + "ddecode.com", + "resources.netskope.com", + "www.gdatasoftware.com", + "file.gdatasoftware.com", + "www.securityartwork.es", + "noticeofpleadings.com", + "www.noticeofpleadings.com", + "www.eldo.lu", + "www.volexity.com", + "blog.zimperium.com", + "www.netsarang.com", + "aviatrix25.rssing.com", + "community.rsa.com", + "www.ilspy.net", + "www.nttsecurity.com", + "forum.nginx.org", + "www.dfn-cert.de", + "www.polizei-praevention.de", + "itsicherheitsblog.de", + "community.saas.hpe.com", + "security-is-just-an-illusion.blogspot.nl", + "hazmalware.wordpress.com", + "blog.newskysecurity.com", + "www.votiro.com", + "www.intezer.com", + "www.vkremez.com", + "urlscan.io", + "malware.sekoia.fr", + "blog.lookout.com", + "app.any.run", + "mjolnirsecurity.com", + "www.group-ib.com", + "www.csoonline.com", + "www.darkreading.com", + "www.infosecurity-magazine.com", + "www.itnews.com.au", + "motherboard.vice.com", + "www.reuters.com", + "thehackernews.com", + "www.theregister.co.uk", + "www.kaspersky.com", + "www.pcmag.com", + "www.technologyreview.com", + "www.bloomberg.com", + "www.washingtontimes.com", + "techcrunch.com", + "www.bbc.co.uk", + "www.zdnet.com", + "www.wired.com", + "www.scmagazine.com", + "www.bangkokpost.com", + "gizmodo.com", + "money.cnn.com", + "www.windowscentral.com", + "www.cybereason.com", + "www.joesandbox.com", + "phishme.com", + "securitydaily.org", + "www.ncsc.gov.uk", + "www.carbonblack.com", + "www.reversinglabs.com", + "www.checkpoint.com", + "community.riskiq.com", + "citizenlab.ca", + "bgpmon.net", + "blog.barracuda.com", + "blogs.bromium.com", + "blog.macnica.net", + "f5.com", + "www.rtl.lu", + "www.cobaltstrike.com", + "imgur.com", + "nvd.nist.gov", + "devcentral.f5.com", + "www.oracle.com", + "objective-see.com", + "www.virusbulletin.com", + "www.cybersixgill.com", + "blog.checkpoint.com", + "www.oracle.com", + "www.exploit-db.com", + "www.icebrg.io", + "www.certego.net", + "www.devttys0.com", + "csecybsec.com", + "marcoramilli.blogspot.nl", + "www.netskope.com", + "digitasecurity.com", + "www.krcert.or.kr", + "blogs.securiteam.com" + ] +}