Closed fpietrosanti closed 9 years ago
I implemented a nice test version that returns a plain text list of the domains. It can be used as a malware feed and Tor2web blocklist.
For instance, as we know that the title element of CTB-Locker site is "Recovering the private key for the CTB-Locker encryption", see https://ahmia.fi/search/?q=CTB-Locker, we can search this title pattern using the API: https://ahmia.fi/search/API?q=title=Recovering%20the%20private%20key%20for%20the%20CTB-Locker%20encryption
Very useful for those who are hunting malware servers on Tor. This list can be handled to Tor2web as a blocklist.
Let's take another example: F-Secure published, see https://www.f-secure.com/weblog/archives/00002777.html, that there is a new malware called OphionLocker. We can easily find more of it's servers just by searching https://ahmia.fi/search/API?q=h1=please+enter+your+hwid
In general, if we are interested to look for a list of sites that are seized by FBI and Homeland Security we can just look one of these sites and see that there is a title element "Alert!" and after this look similar sites https://ahmia.fi/search/API?q=title=alert
This ticket is to implement a filterlist export for Tor2web import with known pattern of malware.
That way a tor2web node would be able to important such list to apply malware blacklist.