Using tracker.h3x.eu

guardian

I saw the following list referenced here in the forum:

https://tracker.h3x.eu/api/sites_1month.php

but it doesn't really specify how to use it.  It looks like the follwing

#family,type,url,status,first_seen,first_active,last_active,last_update
"cerber","download","http://86.106.131.141/10.mov","down","2017-01-13 11:50:05.999183+00","","","2017-01-13 12:01:41.222595+00"
"cerber","download","http://aoopoerope.top/read.php?f=0.dat","active","2017-01-13 11:49:37.292593+00","2017-01-13 12:01:51.325939+00","2017-01-13 12:01:51.325939+00","2017-01-13 12:01:51.325939+00"
[snip]

Can pfBlockerNG parse this?  If not, I could certainly writhe a python script to pull out the field that is needed, but then how would I integrate it with pfBlockerNG?

RonpfS

@BBcan177:

PR # 156/157 have been posted for pfBlockerNG v2.1.1

CHANGELOG:

Other Improvements

• Add Malware Corpus Tracker to the DNSBL parser www.h3x.eu

@BBcan177:

Here are the links for Malware Corpus Tracker which can be used w/ pfBlockerNG DNSBL:

Site:
http://track.h3x.eu/about/400

Available Feeds:
https://tracker.h3x.eu/api/sites_1month.php
https://tracker.h3x.eu/api/sites_1week.php
https://tracker.h3x.eu/api/sites_1day.php
https://tracker.h3x.eu/api/sites_1hour.php

DO NOT Select all of these Feeds. You should pick only one Feed. For example: the "1Month" will include the "1Week/1Day/1Hour".

[ Edit - change to https ]

Twitter:
https://twitter.com/h3x2b