Using tracker.h3x.eu
-
I saw the following list referenced here in the forum:
https://tracker.h3x.eu/api/sites_1month.php
but it doesn't really specify how to use it. It looks like the follwing
#family,type,url,status,first_seen,first_active,last_active,last_update
"cerber","download","http://86.106.131.141/10.mov","down","2017-01-13 11:50:05.999183+00","","","2017-01-13 12:01:41.222595+00"
"cerber","download","http://aoopoerope.top/read.php?f=0.dat","active","2017-01-13 11:49:37.292593+00","2017-01-13 12:01:51.325939+00","2017-01-13 12:01:51.325939+00","2017-01-13 12:01:51.325939+00"
[snip]Can pfBlockerNG parse this? If not, I could certainly writhe a python script to pull out the field that is needed, but then how would I integrate it with pfBlockerNG?
-
PR # 156/157 have been posted for pfBlockerNG v2.1.1
CHANGELOG:
Other Improvements
- Add Malware Corpus Tracker to the DNSBL parser www.h3x.eu
Here are the links for Malware Corpus Tracker which can be used w/ pfBlockerNG DNSBL:
Site:
http://track.h3x.eu/about/400Available Feeds:
https://tracker.h3x.eu/api/sites_1month.php
https://tracker.h3x.eu/api/sites_1week.php
https://tracker.h3x.eu/api/sites_1day.php
https://tracker.h3x.eu/api/sites_1hour.phpDO NOT Select all of these Feeds. You should pick only one Feed. For example: the "1Month" will include the "1Week/1Day/1Hour".
[ Edit - change to https ]
Twitter:
https://twitter.com/h3x2b
