Publishing free threat intelligence data via twitter in JSON format.
If you like it and/or find it useful - feel free to follow, retweet or
whatever else it is that people do on twitter. The retweets and follows
are what I will use to justify to the layer 8 powers that be that I
should be allowed to keep doing it.
There are two types of data that are getting published right now.
1. DPRK_DNS feed. This is a feed in near-realtime of hosts observed in
well known North Korean infrastructure. As the DPRK has been expanding
their state sponsored activity, we thought we would help highlight their
2. BPH_DNS feed. This is a feed (24h delayed) of hosts and domains which
are observed hosted on bulletproof infrastructure. Although there is no
guarantee they are malicious - the price of this hosting increases the
statistical odds that it is by enough of a margin to warrant additional
investigation of matching events in your logs.
Also - I have made free to the public an anti-spam rhsbl, with limits.
Because queries are rate limited, I would recommend using it via your
own DNS infrastructure - as shared ISP and Public infrastructure is
frequently timed out due to the large volume of scanning and abuse of
free services that occur via this infrastructure. More information is
available at https://oscontext.com/fdsupport.osc
There is an option for a trial (that gives you unlimited queries from
dedicated infrastructure) - but it is NOT required. No email or other
information is required either.
If I am violating community standards - my apologies, I'll serve and
accept my punishment. I am just trying to get the word out on some of
the free things I am giving to the community, this is not a marketing email.