threat-intelligence auto-update

2021-10-23 21:56:22 +02:00 · 2021-10-23 21:56:22 +02:00 · b0aa9ce939
parent 432288e6e2
commit b0aa9ce939
2 changed files with 64 additions and 28 deletions
--- a/threat-intelligence.adblock
+++ b/threat-intelligence.adblock
@ -41,7 +41,7 @@
 !    2 |     407 | hosts   | http   | online  | unchanged | https://curben.gitlab.io/malware-filter/pup-filter-hosts.txt
 !    3 |    8884 | hosts   | http   | online  | unchanged | https://curben.gitlab.io/malware-filter/urlhaus-filter-hosts.txt
 !    4 |    3496 | hosts   | http   | online  | unchanged | https://gitlab.com/ZeroDot1/CoinBlockerLists/raw/master/hosts_browser
-!    5 |   33674 | hosts   | http   | online  | changed   | https://hole.cert.pl/domains/domains_hosts.txt
+!    5 |   33675 | hosts   | http   | online  | changed   | https://hole.cert.pl/domains/domains_hosts.txt
 !    6 |     550 | hosts   | http   | online  | unchanged | https://paulgb.github.io/BarbBlock/blacklists/hosts-file.txt
 !    7 |    5997 | hosts   | http   | online  | unchanged | https://raw.githubusercontent.com/DandelionSprout/adfilt/master/Alternate%20versions%20Anti-Malware%20List/AntiMalwareHosts.txt
 !    8 |    2204 | hosts   | http   | online  | unchanged | https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.Risk/hosts
@ -56,24 +56,24 @@
 !   17 |   13465 | hosts   | http   | online  | unchanged | https://raw.githubusercontent.com/mitchellkrogza/The-Big-List-of-Hacked-Malware-Web-Sites/master/hosts
 !   18 |    1555 | hosts   | http   | OFFLINE | unchanged | USE LOCAL COPY: urlhaus.abuse.ch_downloads_hostfile_.txt
 !   19 |     883 | adblock | http   | online  | unchanged | https://raw.githubusercontent.com/piperun/iploggerfilter/master/filterlist
-!   20 |     914 | domains | http   | online  | unchanged | https://azorult-tracker.net/api/list/domain?format=plain
+!   20 |     914 | domains | http   | online  | changed   | https://azorult-tracker.net/api/list/domain?format=plain
 !   21 |  122584 | domains | http   | online  | unchanged | https://blocklist.cyberthreatcoalition.org/vetted/domain.txt
 !   22 |     549 | domains | http   | online  | unchanged | https://feeds.alphasoc.net/ryuk.txt
 !   23 |    9233 | domains | http   | online  | unchanged | https://gitlab.com/KevinThomas0/cryptoscamdb-lists/-/raw/master/cryptoscamdb-blocklist.txt
 !   24 |     365 | domains | http   | online  | unchanged | https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-malware.txt
-!   25 |   33674 | domains | http   | online  | changed   | https://hole.cert.pl/domains/domains.txt
+!   25 |   33675 | domains | http   | online  | changed   | https://hole.cert.pl/domains/domains.txt
 !   26 |   73323 | domains | http   | online  | unchanged | https://joewein.net/dl/bl/dom-bl-base.txt
 !   27 |     767 | domains | http   | online  | unchanged | https://joewein.net/dl/bl/dom-bl.txt
-!   28 |    2000 | domains | http   | online  | changed   | https://kriskintel.com/feeds/ktip_covid_domains.txt
-!   29 |    1998 | domains | http   | online  | changed   | https://kriskintel.com/feeds/ktip_malicious_domains.txt
+!   28 |    2000 | domains | http   | online  | unchanged | https://kriskintel.com/feeds/ktip_covid_domains.txt
+!   29 |    1998 | domains | http   | online  | unchanged | https://kriskintel.com/feeds/ktip_malicious_domains.txt
 !   30 |     397 | domains | http   | online  | unchanged | https://kriskintel.com/feeds/ktip_ransomware_feeds.txt
 !   31 |    2245 | domains | http   | online  | unchanged | https://orca.pet/notonmyshift/domains.txt
 !   32 |      52 | domains | http   | online  | unchanged | https://osint.digitalside.it/Threat-Intel/lists/latestdomains.txt
 !   33 |   44826 | domains | http   | online  | unchanged | https://phishing.army/download/phishing_army_blocklist.txt
-!   34 |   54484 | domains | http   | online  | changed   | https://phishing.army/download/phishing_army_blocklist_extended.txt
+!   34 |   54484 | domains | http   | online  | unchanged | https://phishing.army/download/phishing_army_blocklist_extended.txt
 !   35 |    1406 | domains | http   | online  | unchanged | https://raw.githubusercontent.com/AmnestyTech/investigations/master/2021-07-18_nso/domains.txt
 !   36 |      27 | domains | http   | online  | unchanged | https://raw.githubusercontent.com/DRSDavidSoft/additional-hosts/master/domains/blacklist/fake-domains.txt
-!   37 |   35464 | domains | http   | online  | changed   | https://raw.githubusercontent.com/PolishFiltersTeam/KADhosts/master/KADomains.txt
+!   37 |   35464 | domains | http   | online  | unchanged | https://raw.githubusercontent.com/PolishFiltersTeam/KADhosts/master/KADomains.txt
 !   38 |     675 | domains | http   | online  | unchanged | https://raw.githubusercontent.com/ShadowWhisperer/BlockLists/master/Lists/Cryptocurrency
 !   39 |   22769 | domains | http   | online  | unchanged | https://raw.githubusercontent.com/ShadowWhisperer/BlockLists/master/Lists/Malware
 !   40 |     179 | domains | http   | online  | unchanged | https://raw.githubusercontent.com/ShadowWhisperer/BlockLists/master/Lists/Risk
@ -87,7 +87,7 @@
 !   48 |    3239 | domains | http   | online  | unchanged | https://raw.githubusercontent.com/iam-py-test/my_filters_001/main/Alternative%20list%20formats/antimalware_domains.txt
 !   49 |    2079 | domains | http   | online  | unchanged | https://raw.githubusercontent.com/matomo-org/referrer-spam-blacklist/master/spammers.txt
 !   50 |   71289 | domains | http   | online  | unchanged | https://raw.githubusercontent.com/mitchellkrogza/Phishing.Database/master/phishing-domains-ACTIVE.txt
-!   51 |     495 | domains | http   | online  | unchanged | https://raw.githubusercontent.com/mitchellkrogza/Phishing.Database/master/phishing-domains-NEW-today.txt
+!   51 |     550 | domains | http   | online  | changed   | https://raw.githubusercontent.com/mitchellkrogza/Phishing.Database/master/phishing-domains-NEW-today.txt
 !   52 |   10000 | domains | http   | online  | unchanged | https://raw.githubusercontent.com/prodaft/malware-ioc/master/FluBot/v3.7_5000_domain.txt
 !   53 |   10000 | domains | http   | online  | unchanged | https://raw.githubusercontent.com/prodaft/malware-ioc/master/FluBot/v3.7_germany.txt
 !   54 |   10000 | domains | http   | online  | unchanged | https://raw.githubusercontent.com/prodaft/malware-ioc/master/FluBot/v3.8_domains.txt
@ -117,7 +117,7 @@
 !   78 |  101569 | domains | http   | online  | unchanged | https://www.usom.gov.tr/url-list.txt
 !   79 |      29 | domains | local  | online  | unchanged | black.list.threat-intelligence
 !
-! 319457 unique Domains - Version 2021.1023.213015
+! 319493 unique Domains - Version 2021.1023.215119
 !
 ||00000000000000000000000000000000000000dfjjjhv.000webhostapp.com^
 ||000000000000000000000000000000000000dbscrfg.000webhostapp.com^
@ -12377,6 +12377,7 @@
 ||absorbball.cam^
 ||absorb.buzz^
 ||absorbedexistence.com^
+||absorbent-gum.000webhostapp.com^
 ||absorbent-spokes.000webhostapp.com^
 ||absorbg.cam^
 ||absorbgil.cam^
@ -21650,6 +21651,18 @@
 ||amaote.org.ar^
 ||amaozan.com^
 ||amaozedractue.ru^
+||amaozom.damzgik.cn^
+||amaozom.dbkebsn.cn^
+||amaozom.izpyjoj.cn^
+||amaozom.ndtsvjz.cn^
+||amaozom.omtiiaq.cn^
+||amaozom.qt201.cn^
+||amaozom.tourmorrow.cn^
+||amaozom.uoeivhu.cn^
+||amaozom.vsfxata.cn^
+||amaozom.vuifjzf.cn^
+||amaozom.xfosmln.cn^
+||amaozom.zxbjpya.cn^
 ||amapai-technologies.digital^
 ||amapai-technologies.site^
 ||amapai-technologies.space^
@ -23417,6 +23430,7 @@
 ||anazi.co.za^
 ||anazno.co.ip.6.cn^
 ||anazonejp.com^
+||anazon.ip.nvwmxm.cn^
 ||anbackup.com^
 ||anbbobootg.duckdns.org^
 ||anblllmpsgtbcsuecodrelolfjwyjwaydmmf-dot-cryptic-now-290917.ey.r.appspot.com^
@ -25099,6 +25113,7 @@
 ||anzerbrokers.com^
 ||anzfinance.com^
 ||anzhuo6.com^
+||anznon.tklifc.cn^
 ||anzo.capital^
 ||anzsearch.com.au^
 ||anz.sms-security.live^
@ -36141,6 +36156,7 @@
 ||b24-1w75w4.bitrix24.site^
 ||b24-39274t.bitrix24.site^
 ||b24-46p2vx.bitrix24site.ua^
+||b24-68n6i2.bitrix24.site^
 ||b24-asbm8i.bitrix24.site^
 ||b24-eng16w.bitrix24.site^
 ||b24.in^
@ -54493,6 +54509,7 @@
 ||bwnzxewafjxtlnrc-dot-millinium.ey.r.appspot.com^
 ||bwogvorkjynijldd-dot-millinium.ey.r.appspot.com^
 ||bwojktzgzutadpfiydqzkxovohqqpkpgpewp-dot-cryptic-now-290917.ey.r.appspot.com^
+||bw-online-kso.smallbusinesscoach.online^
 ||bwoslmylnsrr.biz^
 ||bwpcr.com^
 ||bwpgnluybkv.com^
@ -68179,6 +68196,7 @@
 ||conference.unila.ac.id^
 ||conferenciel.com^
 ||conferido.com.br^
+||conferma-e-completa-fusione-gruppo.000webhostapp.com^
 ||confermatiapp-isp.000webhostapp.com^
 ||conferrable-voucher.000webhostapp.com^
 ||confessed-principle.000webhostapp.com^
@ -83186,6 +83204,7 @@
 ||determinationharold.com^
 ||determined2.net^
 ||determined-wilson-e0dff1.netlify.app^
+||determ.myvnc.com^
 ||determ.org^
 ||deterquasi.com^
 ||detes.sk^
@ -101331,6 +101350,8 @@
 ||etc-kwt.com^
 ||etc-malsai.cqi92.cn^
 ||etc-malsai.sibu88996.cn^
+||etc-mersari.jp.px070e.cn^
+||etc-mersari.jp.qf89jj.cn^
 ||etcmine.pro^
 ||et-code.ru^
 ||etcoin.xyz^
@ -102675,6 +102696,7 @@
 ||everleeafter.com^
 ||everlikillz.viewdns.net^
 ||evernote-lgln.com^
+||evernote-login.amalfisa.com^
 ||evernote-logln.com^
 ||everokqroup.com^
 ||eversafe.xyz^
@ -112791,6 +112813,7 @@
 ||followersitefre.000webhostapp.com^
 ||followersize.net^
 ||followers-like-increaser.000webhostapp.com^
+||followersltd.000webhostapp.com^
 ||followers-special.ml^
 ||follow-friends.co^
 ||followhell.ru^
@ -126204,6 +126227,7 @@
 ||greece-travel.servepics.com^
 ||gree-climat.ru^
 ||greeclimat-yug.ru^
+||greed.3utilities.com^
 ||greedert56.cyou^
 ||greedrum.net^
 ||greedy-absence.000webhostapp.com^
@ -137011,6 +137035,7 @@
 ||holynewshsdj.us^
 ||holyrichesglobal.com^
 ||holyroodarchaeology.org^
+||holy-ser-0142.main.jp^
 ||holyshit1234.duckdns.org^
 ||holy-shit.ubuntu.workers.dev^
 ||holyshiturgay.duckdns.org^
@ -175247,6 +175272,7 @@
 ||lyl-hygge.top^
 ||lylloofmvujwdgqg-dot-millinium.ey.r.appspot.com^
 ||lylpmpdybcaracazguzzvwbmvh-dot-gleowayel400503.uc.r.appspot.com^
+||lylqefrfff.duckdns.org^
 ||lylydressforless.com^
 ||lymbtafehotg.info^
 ||lymetwithta.biz^
@ -187172,6 +187198,7 @@
 ||mistakemargarineprimrose.com^
 ||mistakemovieconsideratio.com^
 ||mistake-remain.com^
+||mistake.servehalflife.com^
 ||mistc.es^
 ||mistcinemas.com^
 ||mister-al.com^
@ -187418,6 +187445,7 @@
 ||mizarstvo-marolt.si^
 ||mizaxcrykiwkmokd-dot-millinium.ey.r.appspot.com^
 ||mizdok.com^
+||mizelle-johnson.com^
 ||mizells.com^
 ||mizono.noip.me^
 ||mizosiri3.web.fc2.com^
@ -187762,6 +187790,7 @@
 ||mlx0u6i.com^
 ||mlx8.com^
 ||mlxmaivknhthoorwuvyremeccrtjxkzpwrqe-dot-glenxpecial3009493.ey.r.appspot.com^
+||mlxxwkjwvu.duckdns.org^
 ||mlynarskastezka.cz^
 ||m.lyxiwanji.com^
 ||mlzange.com^
@ -187911,6 +187940,7 @@
 ||mmnr.intained.com^
 ||mmnrsmrdyuycdxko-dot-millinium.ey.r.appspot.com^
 ||mmnr.wirelax.com^
+||mmnzskzhzs.duckdns.org^
 ||mmo4tools.xyz^
 ||mmoadvanced.com^
 ||mmocity.com^
@ -202075,6 +202105,7 @@
 ||nikotsu.000webhostapp.com^
 ||nikotte.net^
 ||nikpalmer.com^
+||nikpaymentokt.000webhostapp.com^
 ||nikpst.work^
 ||nikresut015js.no-ip.org^
 ||nikresut015js.zapto.org^
@ -223700,6 +223731,7 @@
 ||pointcaptchaspot.com^
 ||pointcome.net^
 ||point-device-curl.000webhostapp.com^
+||pointed.servehttp.com^
 ||pointeresources.com^
 ||pointer.no-ip.info^
 ||pointer.oss-ap-southeast-2.aliyuncs.com^
@ -240606,6 +240638,7 @@
 ||rightpricecaravans.com^
 ||rightput.com^
 ||rightreveal.org^
+||right.servehalflife.com^
 ||rightsinvest.top^
 ||rightspotshing.com^
 ||rightstats.com^
@ -252955,6 +252988,8 @@
 ||serohiv.com^
 ||serom38.fr^
 ||seromc.000webhostapp.com^
+||seronlie.amazon.c4-b.top^
+||seronlie.amazon.t6-b.top^
 ||seron.top^
 ||serophene.us.com^
 ||serotest.com^
@ -281852,6 +281887,7 @@
 ||toledoagenda.com.br^
 ||toledocare.com^
 ||toledo.pro^
+||toleran.servehttp.com^
 ||tolerantfoundationcolor33.com^
 ||tolgaustun.com^
 ||toliku.com^
--- a/threat-intelligence.stats
+++ b/threat-intelligence.stats
@ -28,7 +28,7 @@ Initialize ...
   2 |     407 | hosts   | http   | online  | unchanged | https://curben.gitlab.io/malware-filter/pup-filter-hosts.txt
   3 |    8884 | hosts   | http   | online  | unchanged | https://curben.gitlab.io/malware-filter/urlhaus-filter-hosts.txt
   4 |    3496 | hosts   | http   | online  | unchanged | https://gitlab.com/ZeroDot1/CoinBlockerLists/raw/master/hosts_browser
-   5 |   33674 | hosts   | http   | online  | changed   | https://hole.cert.pl/domains/domains_hosts.txt
+   5 |   33675 | hosts   | http   | online  | changed   | https://hole.cert.pl/domains/domains_hosts.txt
   6 |     550 | hosts   | http   | online  | unchanged | https://paulgb.github.io/BarbBlock/blacklists/hosts-file.txt
   7 |    5997 | hosts   | http   | online  | unchanged | https://raw.githubusercontent.com/DandelionSprout/adfilt/master/Alternate%20versions%20Anti-Malware%20List/AntiMalwareHosts.txt
   8 |    2204 | hosts   | http   | online  | unchanged | https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.Risk/hosts
@ -43,24 +43,24 @@ Initialize ...
  17 |   13465 | hosts   | http   | online  | unchanged | https://raw.githubusercontent.com/mitchellkrogza/The-Big-List-of-Hacked-Malware-Web-Sites/master/hosts
  18 |    1555 | hosts   | http   | OFFLINE | unchanged | USE LOCAL COPY: urlhaus.abuse.ch_downloads_hostfile_.txt
  19 |     883 | adblock | http   | online  | unchanged | https://raw.githubusercontent.com/piperun/iploggerfilter/master/filterlist
-  20 |     914 | domains | http   | online  | unchanged | https://azorult-tracker.net/api/list/domain?format=plain
+  20 |     914 | domains | http   | online  | changed   | https://azorult-tracker.net/api/list/domain?format=plain
  21 |  122584 | domains | http   | online  | unchanged | https://blocklist.cyberthreatcoalition.org/vetted/domain.txt
  22 |     549 | domains | http   | online  | unchanged | https://feeds.alphasoc.net/ryuk.txt
  23 |    9233 | domains | http   | online  | unchanged | https://gitlab.com/KevinThomas0/cryptoscamdb-lists/-/raw/master/cryptoscamdb-blocklist.txt
  24 |     365 | domains | http   | online  | unchanged | https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-malware.txt
-  25 |   33674 | domains | http   | online  | changed   | https://hole.cert.pl/domains/domains.txt
+  25 |   33675 | domains | http   | online  | changed   | https://hole.cert.pl/domains/domains.txt
  26 |   73323 | domains | http   | online  | unchanged | https://joewein.net/dl/bl/dom-bl-base.txt
  27 |     767 | domains | http   | online  | unchanged | https://joewein.net/dl/bl/dom-bl.txt
-  28 |    2000 | domains | http   | online  | changed   | https://kriskintel.com/feeds/ktip_covid_domains.txt
-  29 |    1998 | domains | http   | online  | changed   | https://kriskintel.com/feeds/ktip_malicious_domains.txt
+  28 |    2000 | domains | http   | online  | unchanged | https://kriskintel.com/feeds/ktip_covid_domains.txt
+  29 |    1998 | domains | http   | online  | unchanged | https://kriskintel.com/feeds/ktip_malicious_domains.txt
  30 |     397 | domains | http   | online  | unchanged | https://kriskintel.com/feeds/ktip_ransomware_feeds.txt
  31 |    2245 | domains | http   | online  | unchanged | https://orca.pet/notonmyshift/domains.txt
  32 |      52 | domains | http   | online  | unchanged | https://osint.digitalside.it/Threat-Intel/lists/latestdomains.txt
  33 |   44826 | domains | http   | online  | unchanged | https://phishing.army/download/phishing_army_blocklist.txt
-  34 |   54484 | domains | http   | online  | changed   | https://phishing.army/download/phishing_army_blocklist_extended.txt
+  34 |   54484 | domains | http   | online  | unchanged | https://phishing.army/download/phishing_army_blocklist_extended.txt
  35 |    1406 | domains | http   | online  | unchanged | https://raw.githubusercontent.com/AmnestyTech/investigations/master/2021-07-18_nso/domains.txt
  36 |      27 | domains | http   | online  | unchanged | https://raw.githubusercontent.com/DRSDavidSoft/additional-hosts/master/domains/blacklist/fake-domains.txt
-  37 |   35464 | domains | http   | online  | changed   | https://raw.githubusercontent.com/PolishFiltersTeam/KADhosts/master/KADomains.txt
+  37 |   35464 | domains | http   | online  | unchanged | https://raw.githubusercontent.com/PolishFiltersTeam/KADhosts/master/KADomains.txt
  38 |     675 | domains | http   | online  | unchanged | https://raw.githubusercontent.com/ShadowWhisperer/BlockLists/master/Lists/Cryptocurrency
  39 |   22769 | domains | http   | online  | unchanged | https://raw.githubusercontent.com/ShadowWhisperer/BlockLists/master/Lists/Malware
  40 |     179 | domains | http   | online  | unchanged | https://raw.githubusercontent.com/ShadowWhisperer/BlockLists/master/Lists/Risk
@ -74,7 +74,7 @@ Initialize ...
  48 |    3239 | domains | http   | online  | unchanged | https://raw.githubusercontent.com/iam-py-test/my_filters_001/main/Alternative%20list%20formats/antimalware_domains.txt
  49 |    2079 | domains | http   | online  | unchanged | https://raw.githubusercontent.com/matomo-org/referrer-spam-blacklist/master/spammers.txt
  50 |   71289 | domains | http   | online  | unchanged | https://raw.githubusercontent.com/mitchellkrogza/Phishing.Database/master/phishing-domains-ACTIVE.txt
-  51 |     495 | domains | http   | online  | unchanged | https://raw.githubusercontent.com/mitchellkrogza/Phishing.Database/master/phishing-domains-NEW-today.txt
+  51 |     550 | domains | http   | online  | changed   | https://raw.githubusercontent.com/mitchellkrogza/Phishing.Database/master/phishing-domains-NEW-today.txt
  52 |   10000 | domains | http   | online  | unchanged | https://raw.githubusercontent.com/prodaft/malware-ioc/master/FluBot/v3.7_5000_domain.txt
  53 |   10000 | domains | http   | online  | unchanged | https://raw.githubusercontent.com/prodaft/malware-ioc/master/FluBot/v3.7_germany.txt
  54 |   10000 | domains | http   | online  | unchanged | https://raw.githubusercontent.com/prodaft/malware-ioc/master/FluBot/v3.8_domains.txt
@ -108,14 +108,14 @@ Initialize ...

 Stats threat-intelligence:

-** Source (raw):    1188148
-== Source (unique): 860303 (-327845)
-- White:           859531 (-772)
-- White(*):        857894 (-1637)
-- Dead:            367621 (-490273)
+** Source (raw):    1188205
+== Source (unique): 860348 (-327857)
+-- White:           859576 (-772)
+-- White(*):        857939 (-1637)
+-- Dead:            367666 (-490273)

-367621 unique Domains - Version 2021.1023.213015
-MD5 Domains RAW: 8ffd6b86d6336f369d6485938df6ab8a
+367666 unique Domains - Version 2021.1023.215119
+MD5 Domains RAW: ca75400fb4442f7ca12fc672e463eeed

 # Convert threat-intelligence to Hostlist ... 

@ -141,10 +141,10 @@ Prepare domain list for compiling ... done.
    ]
 }
 ℹ Start compiling threat-intelligence.adblock.raw
-ℹ Original length is 347453
-ℹ Length after applying transformations is 347453
-ℹ The list was compressed from 347456 to 319461
-ℹ Final length of the list is 319467
+ℹ Original length is 347498
+ℹ Length after applying transformations is 347498
+ℹ The list was compressed from 347501 to 319497
+ℹ Final length of the list is 319503
 ℹ Writing output to /media/nas/git/rpi/pihole/blocklists/build/threat-intelligence/out/threat-intelligence.adblock
 ℹ Finished compiling