I had this idea that we could monitor weirdness in our network by checking proxy connections to poor reputation TLDs. Besides that, matching on some specific extensions would also be interesting.
Example.: GET request to some .party with request_url: .bin
I had this idea that we could monitor weirdness in our network by checking proxy connections to poor reputation TLDs. Besides that, matching on some specific extensions would also be interesting.
Example.: GET request to some .party with request_url: .bin
SpamHaus - Reference