Skip to content

Latest commit

 

History

History
44 lines (29 loc) · 2.87 KB

README.md

File metadata and controls

44 lines (29 loc) · 2.87 KB

Malicious Data Repository

Description

This repository compiles consolidated lists of IP addresses, FQDNs, domains, URLs, JA3, and more. These data, sourced from various public feeds, have been merged and pruned of false positives to provide up-to-date and pertinent information. Each entry is designed to expire after 7 days to ensure long-term relevance. As a rule, all data can be considered malicious and should be handled with caution.

Data Quality

To minimize false negatives and false positives, we've adopted rigorous measures. While some of these measures remain our "secret sauce," it's important to note that this project is currently a free initiative. Adjustments will continue to be made in the long term as availability and community feedback allow.

Usage

The lists are in plain text format, ensuring compatibility with most security devices, such as firewalls, DNS servers, IDS/IPS systems, proxies, and SIEM solutions. Three main formats are offered for each list:

  • malicious-list
  • malicious-list.50k (limited to 50,000 lines/items)
  • malicious-list.100k (limited to 100,000 lines/items)

If another format is needed, please open an issue or submit a pull request.

The block lists are organized in the following format in the directory "public.dir":

  • ./public.dir/domain/ - primarily contains domains marked as malicious.
  • ./public.dir/fqdn/ - primarily contains FQDNs marked as malicious.
  • ./public.dir/ip/ - primarily contains IPs marked as malicious, bad-reputation, crypto-miners, open-proxies, scanners, spammers, and tor exit nodes.
  • ./public.dir/ja3/ or ./public.dir/ssl/ - primarily contains SSL fingerprints marked as malicious.
  • ./public.dir/url/ - primarily contains URLs marked as malicious, as well as the pathname and fragment of these URLs.

Target Audience

This resource is primarily aimed at network engineers, network security professionals, and cybersecurity researchers for various applications.

Updates & Support

Data is updated regularly. To illustrate the expiration principle, data added on 01.01 would be removed by 08.01. The update frequency may vary depending on the dataset content. If more frequent updates or support are required, please contact us to discuss a potential professional support contract.

Contribution

Any contribution to improve the data quality, report false positives, or suggest improvements is highly encouraged. You can open an issue, submit a pull request, or contact us directly. Sponsors and other forms of support are also welcome to continue enhancing the quality of this project.

Investigation

Although this project mainly focuses on data provision, we also offer services to contextualize this information. If your organization requires expertise in this area, please contact us.


For more information or to contact us: