zFeed is a realtime datafeed with information about worldwide datacenter and online infrastructure attacks.
Features:
- qualified IP-dataset (see below), allowing our customers to
get valuable information for each IP, like:
- probability of a botnet-member
- badness-factor
- member of a malicious cidr/asn
- design protection-strategies, based on the data
- High Coverage on global Botnet-Activity
- Search-API
- Statistics based on CIDR and ASN available
-
ML-based automated Exploit-Campaign-Detection
-
REST-API for retrieving datasets in JSON-Format
- PUSH-Solutions for realtime available
-
capable of being easily integrable into SIEMS and Firewalls
-
Malware-Domains (stream and search)
Protection-Strategies based on zFeed-Dataset
-
conservative:
- usefull for browser-based Webapps with an anonymous userbase
- block only the very bad guys
- protect from botnet-attacks
-
progressive:
- usefull for public APIs
- block any identified bad guy on a certain threshold
-
aggressive:
- usefull for anything that must be on the internet but is not available to everyone
- block any bad activity
Contact:
- zfeed@zero.bs
Sample-API-Resonse (stream)
"stats":{
"timestamp":1520123456,
"more_data":false,
"resultset":16787,
"last_event":1520223456
},
"results":{
"31.162.0.126":{
"cidr":"31.162.0.0/18",
"last_seen":1520223456,
"asn_name":"PJSC Rostelecom",
"asn":12389,
"scores":{
"XXXscore":3,
"YYYscore":0,
"ZZZscore":4,
"AAAscore":0,
"BBBscore":100
}
},
"144.48.9.147":{
"cidr":"144.48.8.0/22",
"last_seen":1520223456,
"asn_name":"Cloudie Limited",
"asn":55933,
"scores":{
"XXXscore":14,
"YYYscore":2,
"ZZZscore":4792,
"AAAscore":0,
"BBBscore":100
}
},
"58.218.200.29":{
"cidr":"58.208.0.0/12",
"last_seen":1520223456,
"asn_name":"No.31,Jin-rong Street",
"asn":4134,
"scores":{
"XXXscore":36,
"YYYscore":2,
"ZZZscore":48,
"AAAscore":100,
"BBBscore":0
}
},
...
}
Malware-Domains (Search and Stream)
we provide a list of known Malware-Domains, grouped into different categories:
- phishlink - identified and confirmed phishlink
- malware - generic malware-link
- malware:SPECIFIC (like emotet, lokibot, ryuk)
[
{
"domain": "zen.yandex.ru",
"url": "https://zen.yandex.ru/media/i...",
"threat": "phishing",
"timestamp": "2018-10-23T17:08:26.020079+02:00"
},
{
"domain": "dropbox.com",
"url": "https://www.dropbox.com/s/XX...",
"threat": "malware:lokibot",
"timestamp": "2018-10-17T02:14:26+00:00"
},
{
"domain": "429days.com",
"url": "http://429days.com/Dec2018/EN...",
"threat": "malware:emotet",
"timestamp": "2018-11-05T08:22:17+00:00"
},
{ ... }
]
Search-API
zFeed provides an endpoint to search for events and statistics for a given IP. The result includes statistics for contamination of the CIDR and ASN the IP belongs to as well.
{
"scores": {
"XXXscore": 30,
"YYYscore": 2,
"ZZZscore": 1287,
"AAAscore": 0,
"BBBscore": 80
},
"ip": {
"network_size": 1,
"bad_ip_count": 0,
"event_count": 0,
"bad_ip_ratio": 0,
"overall_ranking": 1
},
"cidr": {
"network_size": 255,
"bad_ip_count": 7,
"event_count": 65,
"bad_ip_ratio": 0,
"overall_ranking": 0.9579139981701739
},
"asn": {
"network_size": 2048,
"bad_ip_count": 54,
"event_count": 62377,
"bad_ip_ratio": 0.002828125,
"overall_ranking": 0.8172371638141809
}
}