Skip to content

Instantly share code, notes, and snippets.

@andreajparker

andreajparker/resources-compromised_domains.md

Created January 8, 2019 22:57
Show Gist options
  • Save andreajparker/fccef89bebd5f613f1507def719e693d to your computer and use it in GitHub Desktop.
Save andreajparker/fccef89bebd5f613f1507def719e693d to your computer and use it in GitHub Desktop.
Download ZIP
Compromised domain name aggregation sites
Raw
resources-compromised_domains.md

potential sources

Note to self Archive/mirror these sites in case they go poof.

Zonefiles.io #1 #2 offers a few thousand free API calls per day to its APIs (1 call / domain, so with 330 million + domains... Yeah, that'd take a while to get a complete set of domain names...)

  • abuse.ch: several great datasets: SSL blacklist, C&C server list, etc.

  • isc.sans.edu - Err, this is a list of CVEs, color-coded by severity... Literally copy-pasta from NIST... Under the Data heading we find some datasets that might be of use: Suspicious domains, etc. https://isc.sans.edu/reports.html Suspicious domains datasets https://isc.sans.edu/suspicious_domains.html API: https://isc.sans.edu/api/

  • networksec.org

  • malwaredomains.com - Lists of malware and spyware domains over time Mirror #1 All mirrors Might be useful to if (how?) malicious domains have changed over time? I'd expect to see more app-related domains (mobile payment processing, ride share, etc.) in the past few years whereas data from 5-10 years ago would probably have more 'traditional' banking-related malware domains, e.g., Bank of [xyz]', '[abc] Credit Union, etc.

domain registration data

Augment domain registration data w/

  • opencorporates.org -->
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment