search

threatexpress / domainhunter

Checks expired domains for categorization/reputation and Archive.org history to determine good candidates for phishing and C2 domain names
http://threatexpress.com
BSD 3-Clause "New" or "Revised" License
1.53k stars 288 forks source link

Cisco and Bluecoat issues #41

Open MrTiptop opened 2 years ago

MrTiptop commented 2 years ago

Hello, these two checks are giving errors. any ideas?

[*] Fetching domain reputation for: google.com
[*] BlueCoat: google.com
[+] google.com: HTTP Error (400-) - Is your IP blocked?
[*] IBM xForce: google.com
[+] google.com: Search Engines / Web Catalogues / Portals, (Score: 1)
[*] Cisco Talos: google.com
[-] Error retrieving Talos reputation! Expecting value: line 1 column 1 (char 0)
[+] google.com: error
TimmiORG commented 2 years ago

Hi @MrTiptop this means that the IP you are using to perform the request might be blocked by them. Run the check manually via: https://sitereview.bluecoat.com/ from the same IP.

Best regards Christoph

MrTiptop commented 2 years ago

Hello, no this is error 400 (Bad Request). 423 would be blocked

- Regards

Robbie

From: Timmi @.> Reply to: threatexpress/domainhunter @.> Date: Thursday, 12 May 2022 at 11:02 To: threatexpress/domainhunter @.> Cc: MrTiptop @.>, Mention @.***> Subject: Re: [threatexpress/domainhunter] Cisco and Bluecoat issues (Issue #41)

Hi @MrTiptophttps://github.com/MrTiptop this means that the IP you are using to perform the request might be blocked by them. Run the check manually via: https://sitereview.bluecoat.com/ from the same IP.

Best regards Christoph

— Reply to this email directly, view it on GitHubhttps://github.com/threatexpress/domainhunter/issues/41#issuecomment-1124715727, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AHYCIQUJ5H3VXL7M44DI6XTVJTCCXANCNFSM5VXQOH4A. You are receiving this because you were mentioned.Message ID: @.***>

TimmiORG commented 2 years ago

OK, so you can run the check manually. In that case I'm sorry I can't help.

MrTiptop commented 2 years ago

So, just FYI, PR #37 fixed the issues

- Regards

Robbie

From: Timmi @.> Reply to: threatexpress/domainhunter @.> Date: Thursday, 12 May 2022 at 11:08 To: threatexpress/domainhunter @.> Cc: MrTiptop @.>, Mention @.***> Subject: Re: [threatexpress/domainhunter] Cisco and Bluecoat issues (Issue #41)

OK, so you can run the check manually. In that case I'm sorry I can't help.

— Reply to this email directly, view it on GitHubhttps://github.com/threatexpress/domainhunter/issues/41#issuecomment-1124723035, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AHYCIQRYQ4NVOMF6N6LGWLLVJTC5PANCNFSM5VXQOH4A. You are receiving this because you were mentioned.Message ID: @.***>