Note to self Archive/mirror these sites in case they go poof.
Zonefiles.io #1 #2 offers a few thousand free API calls per day to its APIs (1 call / domain, so with 330 million + domains... Yeah, that'd take a while to get a complete set of domain names...)
-
abuse.ch: several great datasets: SSL blacklist, C&C server list, etc.
-
isc.sans.edu - Err, this is a list of CVEs, color-coded by severity... Literally copy-pasta from NIST... Under the Data heading we find some datasets that might be of use: Suspicious domains, etc. https://isc.sans.edu/reports.html Suspicious domains datasets https://isc.sans.edu/suspicious_domains.html API: https://isc.sans.edu/api/
-
networksec.org -
malwaredomains.com - Lists of malware and spyware domains over time Mirror #1 All mirrors Might be useful to if (how?) malicious domains have changed over time? I'd expect to see more app-related domains (mobile payment processing, ride share, etc.) in the past few years whereas data from 5-10 years ago would probably have more 'traditional' banking-related malware domains, e.g.,
Bank of [xyz]', '[abc] Credit Union
, etc.
Augment domain registration data w/
- opencorporates.org -->