enemieslist

Internet security & antispam

News

new patterns posted - 20191121 (maintenance patterns release)

227081 patterns in 75292 domains, 15404 right anchor strings, 898947 test IPs

New patterns and updates from the various contributing feeds and scans.

new patterns posted - 20191120 (maintenance patterns release)

227036 patterns in 75253 domains, 15404 right anchor strings, 898902 test IPs

New patterns and updates from the various contributing feeds and scans.

new patterns posted - 20191119 (maintenance patterns release)

226944 patterns in 75215 domains, 15403 right anchor strings, 898803 test IPs

New patterns and updates from the various contributing feeds and scans.

new patterns posted - 20191118 (maintenance patterns release)

226895 patterns in 75197 domains, 15401 right anchor strings, 898752 test IPs

New patterns and updates from the various contributing feeds and scans.

new patterns posted - 20191116 (maintenance patterns release)

226251 patterns in 75197 domains, 15401 right anchor strings, 897671 test IPs

New patterns and updates from the various contributing feeds and scans.

new patterns posted - 20191115 (maintenance patterns release)

226209 patterns in 75175 domains, 15396 right anchor strings, 897624 test IPs

New patterns and updates from the various contributing feeds and scans.

new patterns posted - 20191112 (maintenance patterns release)

225151 patterns in 75173 domains, 15394 right anchor strings, 895722 test IPs

New patterns and updates from the various contributing feeds and scans.

new patterns posted - 20191111 (maintenance patterns release)

224955 patterns in 75165 domains, 15392 right anchor strings, 895291 test IPs

New patterns and updates from the various contributing feeds and scans.

new patterns posted - 20191110 (maintenance patterns release)

224794 patterns in 75159 domains, 15392 right anchor strings, 894978 test IPs

New patterns and updates from the various contributing feeds and scans.

new patterns posted - 20191109 (maintenance patterns release)

224716 patterns in 75130 domains, 15391 right anchor strings, 894816 test IPs

New patterns and updates from the various contributing feeds and scans.

Fun with Brazil and WHOIS

With the recent large-scale gutting of WHOIS databases worldwide, I've been having quite a time trying to work. Although this is seldom, if ever, used by anyone using the Enemieslist patterns dataset, I do my best to keep some metadata associated with each domain for which I've collected patterns and classifications.

Two of the data points I try to find are a rough guess at the industry or type of provider (corporate, isp, telco, cable, etc.) and the entity to which the domain is registered. Both of these help me classify each pattern and associated technology (eg, 'dynamic/cable', 'static/fiber', etc.) because of historic commonalities and patterns of use - DSL in the US is usually dynamically assigned, whereas in the Netherlands it's almost always statically assigned, for example. When the WHOIS record for a domain is useless or absent, it makes my work harder because then I have to skip over to the rwhois for the IP, go to the (often non-English) Web site, if there is one, or use a variety of other resources that require manual research, all for something that is really only of minimal value to the project and certainly of almost zero value to our licensees, beyond helping us guarantee a certain standard of quality.

Brazil, however, is a special case, and has been for as long as I've been doing this. Their WHOIS servers are often rate-limited to "zero queries", or instead of a corporate entity they associate a given domain with an engineer or suchlike. So, for example, if I look up 'netlimit.net.br', I get 'Andreza Cristina Ceschim de Souza' as the owner. The Web site associated with the domain is "em construção". If I look up my sample IP address for the domain's most popular naming convention, 45.177.120.0, I can get to the meat of the matter and find that it's registered to 'NETLIMIT TELECOM', so now I know that it's a telco, not an ISP (despite '.net.br'). But often even the whois output is useless from this standpoint, so I have to resort to grabbing the ASN and looking that up instead, which leads to a myriad of Web sites offering up certain data about autonomous systems.

One of these, ipinfo.io, often comes up first in the search results, though there are many others. One of the nice things about the output it gives for a lookup is that the corporate entity I'm looking for is the only content in the markup surrounded by HTML 'h2' tags, making it easy to grab using curl and parse out. But of course I need the ASN to do that, so I use a handy hack Joe St. Sauver gave me long ago called 'getasn' that is just a bash script that queries asn.routeviews.org and parses out the AS associated with an IP, which I can then feed to the query to ipinfo.io. Et voila! Given any IP, I now have a quickie shell script that can grab the description of the owner I was looking for given a single IP and WHOIS can go jump in a lake.

new patterns posted - 20191108 (maintenance patterns release)

224641 patterns in 75072 domains, 15390 right anchor strings, 894731 test IPs

New patterns and updates from the various contributing feeds and scans.

new patterns posted - 20191107 (maintenance patterns release)

224577 patterns in 75034 domains, 15390 right anchor strings, 894661 test IPs

New patterns and updates from the various contributing feeds and scans.
There was a minor release since 20191106.

new patterns posted - 20191106 (maintenance patterns release)

224504 patterns in 75010 domains, 15390 right anchor strings, 894075 test IPs

New patterns and updates from the various contributing feeds and scans.

new patterns posted - 20191105 (maintenance patterns release)

224476 patterns in 74995 domains, 15389 right anchor strings, 894043 test IPs

New patterns and updates from the various contributing feeds and scans.

new patterns posted - 20191104 (maintenance patterns release)

224397 patterns in 74992 domains, 15389 right anchor strings, 893868 test IPs

New patterns and updates from the various contributing feeds and scans.

new patterns posted - 20191103 (maintenance patterns release)

224363 patterns in 74970 domains, 15386 right anchor strings, 893827 test IPs

New patterns and updates from the various contributing feeds and scans.

new patterns posted - 20191031 (maintenance patterns release)

224276 patterns in 74950 domains, 15384 right anchor strings, 893734 test IPs

New patterns and updates from the various contributing feeds and scans.

new patterns posted - 20191029 (maintenance patterns release)

224236 patterns in 74947 domains, 15384 right anchor strings, 893407 test IPs

New patterns and updates from the various contributing feeds and scans.

new patterns posted - 20191028 (maintenance patterns release)

224200 patterns in 74920 domains, 15383 right anchor strings, 893366 test IPs

New patterns and updates from the various contributing feeds and scans.

new patterns posted - 20191027 (maintenance patterns release)

224159 patterns in 74886 domains, 15382 right anchor strings, 893323 test IPs

New patterns and updates from the various contributing feeds and scans.

new patterns posted - 20191025 (maintenance patterns release)

224119 patterns in 74868 domains, 15380 right anchor strings, 893281 test IPs

New patterns and updates from the various contributing feeds and scans.

new patterns posted - 20191024 (maintenance patterns release)

224083 patterns in 74844 domains, 15378 right anchor strings, 893244 test IPs

New patterns and updates from the various contributing feeds and scans.

new patterns posted - 20191022 (maintenance patterns release)

224008 patterns in 74801 domains, 15373 right anchor strings, 893162 test IPs

New patterns and updates from the various contributing feeds and scans.