From 4701a5dba977cc845e4d38ecac2bf67ea86557fb Mon Sep 17 00:00:00 2001 From: Patryk Cieszkowski Date: Thu, 7 Apr 2022 16:51:37 +0000 Subject: [PATCH 01/14] add: ip blacklist/validator --- src/index.ts | 2 ++ src/lib/malware/client.ts | 15 +++++++++++++++ src/lib/malware/ip.ts | 39 +++++++++++++++++++++++++++++++++++++++ 3 files changed, 56 insertions(+) create mode 100644 src/lib/malware/client.ts create mode 100644 src/lib/malware/ip.ts diff --git a/src/index.ts b/src/index.ts index 2462351d..18996f3d 100644 --- a/src/index.ts +++ b/src/index.ts @@ -4,11 +4,13 @@ import './lib/appsignal.js'; import process from 'node:process'; import {scopedLogger} from './lib/logger.js'; import {createServer} from './lib/server.js'; +import {updateList as updateMalwareList} from './lib/malware/client.js'; const logger = scopedLogger('global'); const port = process.env['PORT'] ?? 3000; const workerFn = async () => { + await updateMalwareList(); const server = await createServer(); server.listen(port, () => { diff --git a/src/lib/malware/client.ts b/src/lib/malware/client.ts new file mode 100644 index 00000000..7ae38361 --- /dev/null +++ b/src/lib/malware/client.ts @@ -0,0 +1,15 @@ +import { + updateList as updateIpList, + validate as validateIp, +} from './ip.js'; + +export const updateList = async (): Promise => { + await updateIpList(); +}; + +export const validate = async (target: string): Promise => { + const ipCheck = await validateIp(target); + + // Todo: add domain check + return ipCheck; +}; diff --git a/src/lib/malware/ip.ts b/src/lib/malware/ip.ts new file mode 100644 index 00000000..97fa31d3 --- /dev/null +++ b/src/lib/malware/ip.ts @@ -0,0 +1,39 @@ +import {writeFile, readFile} from 'node:fs/promises'; +import path from 'node:path'; +import got from 'got'; +import validator from 'validator'; + +const ipSourceList = [ + 'https://osint.digitalside.it/Threat-Intel/lists/latestips.txt', + 'https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level2.netset', + 'https://raw.githubusercontent.com/stamparm/ipsum/master/levels/2.txt', +]; + +const ipListPath = path.join(path.resolve(), 'IP_BLACKLIST.json'); + +const isFulfilled = (input: PromiseSettledResult): input is PromiseFulfilledResult => + input.status === 'fulfilled'; + +export const query = async (url: string): Promise => { + const {body} = await got(url, { + timeout: {request: 5000}, + }); + + const result = body.split(/r?\n/).filter(l => validator.isIP(l)); + + return result; +}; + +export const updateList = async (): Promise => { + const result = await Promise.allSettled(ipSourceList.map(async source => query(source))); + const ipList = [...new Set(result.flatMap(r => isFulfilled(r) ? r.value : []))]; + + await writeFile(ipListPath, JSON.stringify(ipList), {encoding: 'utf8'}); +}; + +export const validate = async (target: string): Promise => { + const data = await readFile(ipListPath, 'utf8'); + const ipList = JSON.parse(data) as string[]; + + return ipList.includes(target); +}; From 760d8098841e337d6a5f7a39e6318bd1bffee943 Mon Sep 17 00:00:00 2001 From: Patryk Cieszkowski Date: Thu, 7 Apr 2022 17:18:15 +0000 Subject: [PATCH 02/14] add: domain blacklist/validator --- src/lib/malware/client.ts | 10 ++++++++-- src/lib/malware/domain.ts | 40 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 48 insertions(+), 2 deletions(-) create mode 100644 src/lib/malware/domain.ts diff --git a/src/lib/malware/client.ts b/src/lib/malware/client.ts index 7ae38361..3a58870b 100644 --- a/src/lib/malware/client.ts +++ b/src/lib/malware/client.ts @@ -3,13 +3,19 @@ import { validate as validateIp, } from './ip.js'; +import { + updateList as updateDomainList, + validate as validateDomain, +} from './domain.js'; + export const updateList = async (): Promise => { await updateIpList(); + await updateDomainList(); }; export const validate = async (target: string): Promise => { const ipCheck = await validateIp(target); + const domainCheck = await validateDomain(target); - // Todo: add domain check - return ipCheck; + return ipCheck || domainCheck; }; diff --git a/src/lib/malware/domain.ts b/src/lib/malware/domain.ts new file mode 100644 index 00000000..8392219e --- /dev/null +++ b/src/lib/malware/domain.ts @@ -0,0 +1,40 @@ +import {writeFile, readFile} from 'node:fs/promises'; +import path from 'node:path'; +import got from 'got'; +import validator from 'validator'; + +const sourceList = [ + 'https://zonefiles.io/f/compromised/domains/full/', + 'https://phishing.army/download/phishing_army_blocklist.txt', + 'https://osint.digitalside.it/Threat-Intel/lists/latestdomains.txt', + 'https://urlhaus.abuse.ch/downloads/hostfile/', +]; + +const domainListPath = path.join(path.resolve(), 'DOMAIN_BLACKLIST.json'); + +const isFulfilled = (input: PromiseSettledResult): input is PromiseFulfilledResult => + input.status === 'fulfilled'; + +export const query = async (url: string): Promise => { + const {body} = await got(url, { + timeout: {request: 5000}, + }); + + const result = body.split(/r?\n?\s+/).filter(l => validator.isFQDN(l)); + + return result; +}; + +export const updateList = async (): Promise => { + const result = await Promise.allSettled(sourceList.map(async source => query(source))); + const list = [...new Set(result.flatMap(r => isFulfilled(r) ? r.value : []))]; + + await writeFile(domainListPath, JSON.stringify(list), {encoding: 'utf8'}); +}; + +export const validate = async (target: string): Promise => { + const data = await readFile(domainListPath, 'utf8'); + const list = JSON.parse(data) as string[]; + + return list.includes(target); +}; From b87d6b0a6b97b53dccb44d32781fde9dd2a43004 Mon Sep 17 00:00:00 2001 From: Patryk Cieszkowski Date: Thu, 7 Apr 2022 17:18:54 +0000 Subject: [PATCH 03/14] add: install validator package --- package-lock.json | 39 ++++++++++++++++++++++++++++++++------- package.json | 4 +++- 2 files changed, 35 insertions(+), 8 deletions(-) diff --git a/package-lock.json b/package-lock.json index 7700f927..8410dda4 100644 --- a/package-lock.json +++ b/package-lock.json @@ -15,11 +15,12 @@ "@koa/router": "^10.1.1", "@socket.io/redis-adapter": "^7.1.0", "@types/koa-response-time": "^2.1.2", + "@types/validator": "^13.7.2", "any-ascii": "^0.3.0", "config": "^3.3.7", "countries-list": "^2.6.1", "crypto-random-string": "^4.0.0", - "got": "^12.0.1", + "got": "^12.0.3", "gunzip-maybe": "^1.4.2", "http-errors": "^2.0.0", "joi": "^17.6.0", @@ -34,6 +35,7 @@ "request-ip": "^2.1.3", "socket.io": "^4.4.1", "throng": "^5.0.0", + "validator": "^13.7.0", "winston": "^3.6.0" }, "devDependencies": { @@ -996,6 +998,11 @@ "integrity": "sha512-Pt8Bunl40PyFvIcQ5berMYXt0XT94hWI4+5J7Ojl/k9NU75zHJibHUt3oRjiloy4x1rPcX0UJyq+yBjkMmv8zQ==", "dev": true }, + "node_modules/@types/validator": { + "version": "13.7.2", + "resolved": "https://registry.npmjs.org/@types/validator/-/validator-13.7.2.tgz", + "integrity": "sha512-KFcchQ3h0OPQgFirBRPZr5F/sVjxZsOrQHedj3zi8AH3Zv/hOLx2OLR4hxR5HcfoU+33n69ZuOfzthKVdMoTiw==" + }, "node_modules/@ungap/promise-all-settled": { "version": "1.1.2", "resolved": "https://registry.npmjs.org/@ungap/promise-all-settled/-/promise-all-settled-1.1.2.tgz", @@ -4042,9 +4049,9 @@ } }, "node_modules/got": { - "version": "12.0.2", - "resolved": "https://registry.npmjs.org/got/-/got-12.0.2.tgz", - "integrity": "sha512-Zi4yHiqCgaorUbknr/RHFBsC3XqjSodaw0F3qxlqAqyj+OGYZl37/uy01R0qz++KANKQYdY5FHJ0okXZpEzwWQ==", + "version": "12.0.3", + "resolved": "https://registry.npmjs.org/got/-/got-12.0.3.tgz", + "integrity": "sha512-hmdcXi/S0gcAtDg4P8j/rM7+j3o1Aq6bXhjxkDhRY2ipe7PHpvx/14DgTY2czHOLaGeU8VRvRecidwfu9qdFug==", "dependencies": { "@sindresorhus/is": "^4.6.0", "@szmarczak/http-timer": "^5.0.1", @@ -8095,6 +8102,14 @@ "spdx-expression-parse": "^3.0.0" } }, + "node_modules/validator": { + "version": "13.7.0", + "resolved": "https://registry.npmjs.org/validator/-/validator-13.7.0.tgz", + "integrity": "sha512-nYXQLCBkpJ8X6ltALua9dRrZDHVYxjJ1wgskNt1lH9fzGjs3tgojGSCBjmEPwkWS1y29+DrizMTW19Pr9uB2nw==", + "engines": { + "node": ">= 0.10" + } + }, "node_modules/vary": { "version": "1.1.2", "resolved": "https://registry.npmjs.org/vary/-/vary-1.1.2.tgz", @@ -10266,6 +10281,11 @@ "integrity": "sha512-Pt8Bunl40PyFvIcQ5berMYXt0XT94hWI4+5J7Ojl/k9NU75zHJibHUt3oRjiloy4x1rPcX0UJyq+yBjkMmv8zQ==", "dev": true }, + "@types/validator": { + "version": "13.7.2", + "resolved": "https://registry.npmjs.org/@types/validator/-/validator-13.7.2.tgz", + "integrity": "sha512-KFcchQ3h0OPQgFirBRPZr5F/sVjxZsOrQHedj3zi8AH3Zv/hOLx2OLR4hxR5HcfoU+33n69ZuOfzthKVdMoTiw==" + }, "@ungap/promise-all-settled": { "version": "1.1.2", "resolved": "https://registry.npmjs.org/@ungap/promise-all-settled/-/promise-all-settled-1.1.2.tgz", @@ -12615,9 +12635,9 @@ } }, "got": { - "version": "12.0.2", - "resolved": "https://registry.npmjs.org/got/-/got-12.0.2.tgz", - "integrity": "sha512-Zi4yHiqCgaorUbknr/RHFBsC3XqjSodaw0F3qxlqAqyj+OGYZl37/uy01R0qz++KANKQYdY5FHJ0okXZpEzwWQ==", + "version": "12.0.3", + "resolved": "https://registry.npmjs.org/got/-/got-12.0.3.tgz", + "integrity": "sha512-hmdcXi/S0gcAtDg4P8j/rM7+j3o1Aq6bXhjxkDhRY2ipe7PHpvx/14DgTY2czHOLaGeU8VRvRecidwfu9qdFug==", "requires": { "@sindresorhus/is": "^4.6.0", "@szmarczak/http-timer": "^5.0.1", @@ -15629,6 +15649,11 @@ "spdx-expression-parse": "^3.0.0" } }, + "validator": { + "version": "13.7.0", + "resolved": "https://registry.npmjs.org/validator/-/validator-13.7.0.tgz", + "integrity": "sha512-nYXQLCBkpJ8X6ltALua9dRrZDHVYxjJ1wgskNt1lH9fzGjs3tgojGSCBjmEPwkWS1y29+DrizMTW19Pr9uB2nw==" + }, "vary": { "version": "1.1.2", "resolved": "https://registry.npmjs.org/vary/-/vary-1.1.2.tgz", diff --git a/package.json b/package.json index 048ffb95..9cb35c20 100644 --- a/package.json +++ b/package.json @@ -13,11 +13,12 @@ "@koa/router": "^10.1.1", "@socket.io/redis-adapter": "^7.1.0", "@types/koa-response-time": "^2.1.2", + "@types/validator": "^13.7.2", "any-ascii": "^0.3.0", "config": "^3.3.7", "countries-list": "^2.6.1", "crypto-random-string": "^4.0.0", - "got": "^12.0.1", + "got": "^12.0.3", "gunzip-maybe": "^1.4.2", "http-errors": "^2.0.0", "joi": "^17.6.0", @@ -32,6 +33,7 @@ "request-ip": "^2.1.3", "socket.io": "^4.4.1", "throng": "^5.0.0", + "validator": "^13.7.0", "winston": "^3.6.0" }, "devDependencies": { From cfe8a9977bd4a5cd1093f7a962ec235193700939 Mon Sep 17 00:00:00 2001 From: Patryk Cieszkowski Date: Thu, 7 Apr 2022 19:24:29 +0000 Subject: [PATCH 04/14] fix: validate should return negative - not on list --- src/lib/malware/client.ts | 2 +- src/lib/malware/domain.ts | 2 +- src/lib/malware/ip.ts | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/lib/malware/client.ts b/src/lib/malware/client.ts index 3a58870b..3aa0de25 100644 --- a/src/lib/malware/client.ts +++ b/src/lib/malware/client.ts @@ -17,5 +17,5 @@ export const validate = async (target: string): Promise => { const ipCheck = await validateIp(target); const domainCheck = await validateDomain(target); - return ipCheck || domainCheck; + return !(ipCheck || domainCheck); }; diff --git a/src/lib/malware/domain.ts b/src/lib/malware/domain.ts index 8392219e..cbdf7757 100644 --- a/src/lib/malware/domain.ts +++ b/src/lib/malware/domain.ts @@ -36,5 +36,5 @@ export const validate = async (target: string): Promise => { const data = await readFile(domainListPath, 'utf8'); const list = JSON.parse(data) as string[]; - return list.includes(target); + return !list.includes(target); }; diff --git a/src/lib/malware/ip.ts b/src/lib/malware/ip.ts index 97fa31d3..ee9b61b7 100644 --- a/src/lib/malware/ip.ts +++ b/src/lib/malware/ip.ts @@ -35,5 +35,5 @@ export const validate = async (target: string): Promise => { const data = await readFile(ipListPath, 'utf8'); const ipList = JSON.parse(data) as string[]; - return ipList.includes(target); + return !ipList.includes(target); }; From 1711d2a22697e66acb29aaec4702e2193a0843b4 Mon Sep 17 00:00:00 2001 From: Patryk Cieszkowski Date: Thu, 7 Apr 2022 19:44:22 +0000 Subject: [PATCH 05/14] add: malware/ip: test updateList + validate --- src/lib/malware/ip.ts | 6 ++-- test/mocks/malware/nock-ip.txt | 57 +++++++++++++++++++++++++++++++++ test/tests/unit/malware.test.ts | 53 ++++++++++++++++++++++++++++++ 3 files changed, 113 insertions(+), 3 deletions(-) create mode 100644 test/mocks/malware/nock-ip.txt create mode 100644 test/tests/unit/malware.test.ts diff --git a/src/lib/malware/ip.ts b/src/lib/malware/ip.ts index ee9b61b7..331f24df 100644 --- a/src/lib/malware/ip.ts +++ b/src/lib/malware/ip.ts @@ -3,13 +3,13 @@ import path from 'node:path'; import got from 'got'; import validator from 'validator'; -const ipSourceList = [ +export const sourceList = [ 'https://osint.digitalside.it/Threat-Intel/lists/latestips.txt', 'https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level2.netset', 'https://raw.githubusercontent.com/stamparm/ipsum/master/levels/2.txt', ]; -const ipListPath = path.join(path.resolve(), 'IP_BLACKLIST.json'); +export const ipListPath = path.join(path.resolve(), 'IP_BLACKLIST.json'); const isFulfilled = (input: PromiseSettledResult): input is PromiseFulfilledResult => input.status === 'fulfilled'; @@ -25,7 +25,7 @@ export const query = async (url: string): Promise => { }; export const updateList = async (): Promise => { - const result = await Promise.allSettled(ipSourceList.map(async source => query(source))); + const result = await Promise.allSettled(sourceList.map(async source => query(source))); const ipList = [...new Set(result.flatMap(r => isFulfilled(r) ? r.value : []))]; await writeFile(ipListPath, JSON.stringify(ipList), {encoding: 'utf8'}); diff --git a/test/mocks/malware/nock-ip.txt b/test/mocks/malware/nock-ip.txt new file mode 100644 index 00000000..96ea5ebc --- /dev/null +++ b/test/mocks/malware/nock-ip.txt @@ -0,0 +1,57 @@ +# The list contains uniques IPs collected over # +# the last 7 days by OSINT.digitalside.it # +# The list is released without any warranty to the end users. # +# INFO: info@digitalside.it # +# PGP key ID: 30B31BDA # +# PGP fingerprint: 0B4C F801 E8FF E9A3 A602 D2C7 9C36 93B2 30B3 1BDA # +# Every link reported should be considered harmefull and should # +# result in an unwanted malware download. Use this file carefully # +# Generated at: 2022-04-07 09:16:55 # +####################################################################### +100.0.41.228 +100.12.102.168 +100.12.115.24 +100.12.181.52 +100.2.231.58 +100.33.107.62 +100.33.225.244 +100.33.75.218 +101.108.10.224 +101.108.103.38 +101.108.106.55 +101.108.107.2 +101.108.107.242 +101.108.108.101 +101.108.110.138 +101.108.1.121 +101.108.11.251 +101.108.12.5 +101.108.128.101 +101.108.128.148 +101.108.128.187 +101.108.128.254 +101.108.128.96 +101.108.129.152 +101.108.130.109 +101.108.133.211 +101.108.134.213 +101.108.134.4 +101.108.134.97 +101.108.135.203 +101.108.135.75 +101.108.144.244 +101.108.147.137 +101.108.148.250 +101.108.149.109 +101.108.15.183 +101.108.177.135 +101.108.181.187 +101.108.185.79 +101.108.243.132 +101.108.244.86 +101.108.246.79 +101.108.247.105 +101.108.247.54 +101.108.251.137 +101.108.252.211 +101.108.3.89 diff --git a/test/tests/unit/malware.test.ts b/test/tests/unit/malware.test.ts new file mode 100644 index 00000000..f3affc83 --- /dev/null +++ b/test/tests/unit/malware.test.ts @@ -0,0 +1,53 @@ +import {readFile, writeFile} from 'node:fs/promises'; +import path from 'node:path'; +import {expect} from 'chai'; +import nock from 'nock'; +import { + sourceList as ipSourceList, + updateList as ipUpdateList, + validate as validateIp, + ipListPath, +} from '../../../src/lib/malware/ip.js'; + +const mockDataPath = path.join(path.resolve(), 'test/mocks/malware'); + +const ipMockResult = await readFile(path.join(mockDataPath, 'nock-ip.txt'), 'utf8'); + +describe('malware blacklist', () => { + describe('ip', () => { + describe('updateList', () => { + for (const source of ipSourceList) { + const url = new URL(source); + + nock(url.origin) + .get(url.pathname) + .reply(200, ipMockResult); + } + + it('should override blacklist file', async () => { + // Reset the file + await writeFile(ipListPath, '', {encoding: 'utf8'}); + + const preFile = await readFile(ipListPath, 'utf8').catch(() => null); + await ipUpdateList(); + const postFile = await readFile(ipListPath, 'utf8'); + + expect(preFile).to.not.equal(postFile); + }); + }); + + describe('validate', () => { + it('should fail (ip present on the list)', async () => { + const isIpValid = await validateIp('100.0.41.228'); + + expect(isIpValid).to.be.false; + }); + + it('should succeed(ip not on the list)', async () => { + const isIpValid = await validateIp('127.0.0.1'); + + expect(isIpValid).to.be.true; + }); + }); + }); +}); From 502c9004aef724871c18b95dfeae2ee5deb59687 Mon Sep 17 00:00:00 2001 From: Patryk Cieszkowski Date: Thu, 7 Apr 2022 19:53:25 +0000 Subject: [PATCH 06/14] add: malware/domain: test updateList + validate --- src/lib/malware/domain.ts | 4 +- test/mocks/malware/nock-domain.txt | 1531 ++++++++++++++++++++++++++++ test/tests/unit/malware.test.ts | 53 +- 3 files changed, 1582 insertions(+), 6 deletions(-) create mode 100644 test/mocks/malware/nock-domain.txt diff --git a/src/lib/malware/domain.ts b/src/lib/malware/domain.ts index cbdf7757..e75f2d48 100644 --- a/src/lib/malware/domain.ts +++ b/src/lib/malware/domain.ts @@ -3,14 +3,14 @@ import path from 'node:path'; import got from 'got'; import validator from 'validator'; -const sourceList = [ +export const sourceList = [ 'https://zonefiles.io/f/compromised/domains/full/', 'https://phishing.army/download/phishing_army_blocklist.txt', 'https://osint.digitalside.it/Threat-Intel/lists/latestdomains.txt', 'https://urlhaus.abuse.ch/downloads/hostfile/', ]; -const domainListPath = path.join(path.resolve(), 'DOMAIN_BLACKLIST.json'); +export const domainListPath = path.join(path.resolve(), 'DOMAIN_BLACKLIST.json'); const isFulfilled = (input: PromiseSettledResult): input is PromiseFulfilledResult => input.status === 'fulfilled'; diff --git a/test/mocks/malware/nock-domain.txt b/test/mocks/malware/nock-domain.txt new file mode 100644 index 00000000..69c38f5a --- /dev/null +++ b/test/mocks/malware/nock-domain.txt @@ -0,0 +1,1531 @@ +################################################################ +# abuse.ch URLhaus Host file # +# Last updated: 2022-04-07 17:06:36 (UTC) # +# # +# Terms Of Use: https://urlhaus.abuse.ch/api/ # +# For questions please contact urlhaus [at] abuse.ch # +################################################################ +# +127.0.0.1 00517985.widget.windsorbongvape.com +127.0.0.1 0440b72c.widget.windsorbongvape.com +127.0.0.1 047e6905.widget.windsorbongvape.com +127.0.0.1 0547af5e.host.integrativehealthpartners.com +127.0.0.1 05964888.xen.hill-family.us +127.0.0.1 07fcbff8.upstream.fishslayerjigco.com +127.0.0.1 0809097f.host.integrativehealthpartners.com +127.0.0.1 08d4178b.widget.windsorbongvape.com +127.0.0.1 0aa7cb9a.widget.windsorbongvape.com +127.0.0.1 0b53f392.widget.windsorbongvape.com +127.0.0.1 0bd07146.host.integrativehealthpartners.com +127.0.0.1 0d54fc96.lines.fasttracklegal.com +127.0.0.1 0e43043a.widget.windsorbongvape.com +127.0.0.1 0e8bcde4.host.integrativehealthpartners.com +127.0.0.1 0ee9170d.host.integrativehealthpartners.com +127.0.0.1 0f8ec8f8.platform.windsorbongvape.ca +127.0.0.1 0fbd7ade.lines.fasttracklegal.com +127.0.0.1 1008691.com +127.0.0.1 103-136-42-153.hosted-by-worldstream.net +127.0.0.1 123hpcom.site +127.0.0.1 13657e2f.widget.windsorbongvape.com +127.0.0.1 14d9fe77.widget.windsorbongvape.com +127.0.0.1 15b9eabd.xen.hill-family.us +127.0.0.1 15e4671a.widget.windsorbongvape.com +127.0.0.1 168c39dd.apps.weightlossihp.com +127.0.0.1 16f2b4d2.widget.windsorbongvape.com +127.0.0.1 170b0e4d.host.integrativehealthpartners.com +127.0.0.1 17cf6c50.widget.windsorbongvape.com +127.0.0.1 17dc58a9.xen.hill-family.us +127.0.0.1 19768f54.host.integrativehealthpartners.com +127.0.0.1 19dfeaab.widget.windsorbongvape.com +127.0.0.1 1adfec4c.widget.windsorbongvape.com +127.0.0.1 1c49c140.widget.windsorbongvape.com +127.0.0.1 1eeaaf4d.xen.hill-family.us +127.0.0.1 2.indexsinas.me +127.0.0.1 2020disposalservices.com +127.0.0.1 21robo.com +127.0.0.1 23ec0e5c.host.integrativehealthpartners.com +127.0.0.1 247a2ab8.widget.windsorbongvape.com +127.0.0.1 2529b21e.widget.windsorbongvape.com +127.0.0.1 284af5bb.widget.windsorbongvape.com +127.0.0.1 28ceedfd.host.integrativehealthpartners.com +127.0.0.1 2984472a.xen.hill-family.us +127.0.0.1 29c67225.widget.windsorbongvape.com +127.0.0.1 2a32c49f.widget.windsorbongvape.com +127.0.0.1 2b8158ef.widget.windsorbongvape.com +127.0.0.1 2c494eed.widget.windsorbongvape.com +127.0.0.1 2f776c5a.widget.windsorbongvape.com +127.0.0.1 30288f56.widget.windsorbongvape.com +127.0.0.1 310a2918.host.integrativehealthpartners.com +127.0.0.1 34858856.widget.windsorbongvape.com +127.0.0.1 34c667d6.widget.windsorbongvape.com +127.0.0.1 353e1732.widget.windsorbongvape.com +127.0.0.1 3595c5a2.widget.windsorbongvape.com +127.0.0.1 360.lcy2zzx.pw +127.0.0.1 360down7.miiyun.cn +127.0.0.1 387dded2.widget.windsorbongvape.com +127.0.0.1 3990c1e5.widget.windsorbongvape.com +127.0.0.1 3ca1424f.platform.windsorbongvape.ca +127.0.0.1 3caf0426.host.integrativehealthpartners.com +127.0.0.1 3d081e2a.host.integrativehealthpartners.com +127.0.0.1 3ecdc937.xen.hill-family.us +127.0.0.1 3fbcb600.widget.windsorbongvape.com +127.0.0.1 420creditcardmachine.com +127.0.0.1 425b3918.widget.windsorbongvape.com +127.0.0.1 43006106.widget.windsorbongvape.com +127.0.0.1 44dea308.widget.windsorbongvape.com +127.0.0.1 4692e8b2.widget.windsorbongvape.com +127.0.0.1 47de2b21.widget.windsorbongvape.com +127.0.0.1 48227d79.widget.windsorbongvape.com +127.0.0.1 48bb0f7a.widget.windsorbongvape.com +127.0.0.1 4944706b.widget.windsorbongvape.com +127.0.0.1 49ac3d8c.widget.windsorbongvape.com +127.0.0.1 4aa168a4.widget.windsorbongvape.com +127.0.0.1 4ac4ff81.widget.windsorbongvape.com +127.0.0.1 4bdd5714.widget.windsorbongvape.com +127.0.0.1 4c3c207e.widget.windsorbongvape.com +127.0.0.1 4f117ccc.widget.windsorbongvape.com +127.0.0.1 4mationdrilling.com +127.0.0.1 50d35e4e.host.integrativehealthpartners.com +127.0.0.1 51c0de07.host.integrativehealthpartners.com +127.0.0.1 51caffy.com +127.0.0.1 5244e87a.lines.fasttracklegal.com +127.0.0.1 55cc716e.widget.windsorbongvape.com +127.0.0.1 568e60bd.widget.windsorbongvape.com +127.0.0.1 56b98e92.widget.windsorbongvape.com +127.0.0.1 5c466a9c.widget.windsorbongvape.com +127.0.0.1 5fbbea50.widget.windsorbongvape.com +127.0.0.1 60036a84.widget.windsorbongvape.com +127.0.0.1 60f5d136.widget.windsorbongvape.com +127.0.0.1 614dff12.widget.windsorbongvape.com +127.0.0.1 63f8687c.widget.windsorbongvape.com +127.0.0.1 65148dda.widget.windsorbongvape.com +127.0.0.1 65455972.widget.windsorbongvape.com +127.0.0.1 6579bc6a.widget.windsorbongvape.com +127.0.0.1 6882f5f0.widget.windsorbongvape.com +127.0.0.1 68c1c0b6.widget.windsorbongvape.com +127.0.0.1 69e35242.widget.windsorbongvape.com +127.0.0.1 6b63d410.widget.windsorbongvape.com +127.0.0.1 6ef270f2.push.youbyashboutique.com +127.0.0.1 6f020a07.widget.windsorbongvape.com +127.0.0.1 6f5ab83b.widget.windsorbongvape.com +127.0.0.1 6f78e74c.widget.windsorbongvape.com +127.0.0.1 71f749ae.widget.windsorbongvape.com +127.0.0.1 754a0274.widget.windsorbongvape.com +127.0.0.1 76ca8e81.widget.windsorbongvape.com +127.0.0.1 77homolog.com.br +127.0.0.1 788994c5.widget.windsorbongvape.com +127.0.0.1 78a1c69e.widget.windsorbongvape.com +127.0.0.1 79a62b50.widget.windsorbongvape.com +127.0.0.1 7b59ffe0.widget.windsorbongvape.com +127.0.0.1 7c28a2ce.widget.windsorbongvape.com +127.0.0.1 7c943789.widget.windsorbongvape.com +127.0.0.1 7e919375.platform.windsorbongvape.ca +127.0.0.1 7eminotopark.com +127.0.0.1 7f3d2ecb.widget.windsorbongvape.com +127.0.0.1 7fe78dbd.host.integrativehealthpartners.com +127.0.0.1 7gallery.com +127.0.0.1 82a401c6.host.integrativehealthpartners.com +127.0.0.1 835c246a.widget.windsorbongvape.com +127.0.0.1 835f38a5.host.integrativehealthpartners.com +127.0.0.1 839a082a.widget.windsorbongvape.com +127.0.0.1 83fe47d1.host.integrativehealthpartners.com +127.0.0.1 852b88de.host.integrativehealthpartners.com +127.0.0.1 8589368e.widget.windsorbongvape.com +127.0.0.1 85a889b0.widget.windsorbongvape.com +127.0.0.1 863be9c1.host.integrativehealthpartners.com +127.0.0.1 876fe882.widget.windsorbongvape.com +127.0.0.1 88661d5c.widget.windsorbongvape.com +127.0.0.1 8a6a8dec.widget.windsorbongvape.com +127.0.0.1 8box.8boxerp.com +127.0.0.1 8de87874.xen.hill-family.us +127.0.0.1 8def7d90.widget.windsorbongvape.com +127.0.0.1 8e0bd6ab.widget.windsorbongvape.com +127.0.0.1 8e1c472d.widget.windsorbongvape.com +127.0.0.1 8ff27649.widget.windsorbongvape.com +127.0.0.1 903fc636.widget.windsorbongvape.com +127.0.0.1 905c62a7.widget.windsorbongvape.com +127.0.0.1 9094ff1b.widget.windsorbongvape.com +127.0.0.1 910f5c55.platform.windsorbongvape.ca +127.0.0.1 92abbf08.widget.windsorbongvape.com +127.0.0.1 93e3f4f6.widget.windsorbongvape.com +127.0.0.1 9592a29a.xen.hill-family.us +127.0.0.1 96a6486b.widget.windsorbongvape.com +127.0.0.1 97d73bc7.host.integrativehealthpartners.com +127.0.0.1 9886c24f.xen.hill-family.us +127.0.0.1 9928d3ef.widget.windsorbongvape.com +127.0.0.1 99861280.widget.windsorbongvape.com +127.0.0.1 9a9db954.widget.windsorbongvape.com +127.0.0.1 9aaa0c23.widget.windsorbongvape.com +127.0.0.1 9b76d0ab.widget.windsorbongvape.com +127.0.0.1 9da8de2a.widget.windsorbongvape.com +127.0.0.1 9f504d95.host.integrativehealthpartners.com +127.0.0.1 a.oracleservice.top +127.0.0.1 a1336d1b.xen.hill-family.us +127.0.0.1 a18d08ee.widget.windsorbongvape.com +127.0.0.1 a1a4e2bb.services.accountablitypartner.com +127.0.0.1 a46801b9.lines.fasttracklegal.com +127.0.0.1 a53cbf23.services.accountablitypartner.com +127.0.0.1 a5eeace6.widget.windsorbongvape.com +127.0.0.1 a80cf615.widget.windsorbongvape.com +127.0.0.1 a9e21203.widget.windsorbongvape.com +127.0.0.1 aaeb17bb.widget.windsorbongvape.com +127.0.0.1 aal.deals +127.0.0.1 aarogya-seva.com +127.0.0.1 aarsaindustries.com +127.0.0.1 aaticd.co.za +127.0.0.1 abbalin.com +127.0.0.1 abbmedikal.com +127.0.0.1 abissnet.net +127.0.0.1 abj.noveltypolytechnic.edu.ng +127.0.0.1 abmaxdigital.com +127.0.0.1 ac268e4c.widget.windsorbongvape.com +127.0.0.1 academiaoslo.com.uy +127.0.0.1 acceleraliaplatform.com +127.0.0.1 acellr.co.uk +127.0.0.1 acera.co.uk +127.0.0.1 acmvietnamjsc.com +127.0.0.1 actwell.fr +127.0.0.1 adityasolsurf.in +127.0.0.1 admin.classified.pointsource.ng +127.0.0.1 adon.dobest.ir +127.0.0.1 aduanasctpp.com +127.0.0.1 advconstructora.cl +127.0.0.1 advogadogoiania.com.br +127.0.0.1 aeb29435.host.integrativehealthpartners.com +127.0.0.1 af134c08.widget.windsorbongvape.com +127.0.0.1 africanhiddenchampions.com +127.0.0.1 agdm.ml +127.0.0.1 agemn.co.za +127.0.0.1 agenciaml.com.br +127.0.0.1 aggarwalpethawala.com +127.0.0.1 aimeos.softuvo.xyz +127.0.0.1 ainoriya.net +127.0.0.1 akashbariholidays.com +127.0.0.1 alberts.diamondrelationscrm.us +127.0.0.1 aldibiki.com +127.0.0.1 alemelektronik.com +127.0.0.1 aleph.org.ng +127.0.0.1 alfaniajaya.com +127.0.0.1 alicehui.com +127.0.0.1 alinac.ca +127.0.0.1 allamapianoawards.com +127.0.0.1 alnasrassociation.com +127.0.0.1 alojamientos.com.co +127.0.0.1 alshurooqae.com +127.0.0.1 altadominiomallorca.fr +127.0.0.1 amarteargentina.com.ar +127.0.0.1 amazingholidaysmaldives.com +127.0.0.1 amazinghoustoncomiccon.com +127.0.0.1 amazingshowerdoor.ca +127.0.0.1 amjadali.ca +127.0.0.1 ammouriarts.com +127.0.0.1 amooma.sourcetaggers.com +127.0.0.1 amorespasalon.com +127.0.0.1 amrstewardshipuganda.org +127.0.0.1 amtechprinting.com +127.0.0.1 anat-bar.co.il +127.0.0.1 andredalcarobo.com.br +127.0.0.1 andres.ug +127.0.0.1 andrewpharma.com +127.0.0.1 angel.bk.idv.tw +127.0.0.1 anmmediallc.com +127.0.0.1 annesimonnot.com +127.0.0.1 anshintravel.com.br +127.0.0.1 api-ms.cobainaja.id +127.0.0.1 api.52kkg.com +127.0.0.1 api.cstdevs.com +127.0.0.1 api.huokejinglingvip.com +127.0.0.1 api.ishen365.com +127.0.0.1 app.sbmtechns.com +127.0.0.1 appleinfoway.com +127.0.0.1 applepaybanker.com +127.0.0.1 apportta.com +127.0.0.1 apps.saintsoporte.com +127.0.0.1 appsorent.com +127.0.0.1 appyhorsey.com +127.0.0.1 ara-choob.com +127.0.0.1 areyoulivingwell.com +127.0.0.1 argentinacar.org +127.0.0.1 arkipl.com +127.0.0.1 arkpp.com +127.0.0.1 armandotechnology.com.br +127.0.0.1 arminus.co.in +127.0.0.1 aroralawgroup.com +127.0.0.1 arshadbrother.com +127.0.0.1 artpushing.com.tw +127.0.0.1 artursemth.com +127.0.0.1 arunnurserygarden.com +127.0.0.1 arushagems.com +127.0.0.1 ashutoshgauttam.com +127.0.0.1 ashwagandha.co.in +127.0.0.1 asianol.com +127.0.0.1 asrar.edu.kw +127.0.0.1 assets.dsztfso.cn +127.0.0.1 assura.jadecreative.co.nz +127.0.0.1 astatech-cn.com +127.0.0.1 asu.com.vn +127.0.0.1 atozams.com +127.0.0.1 atpanache.com +127.0.0.1 atsyemek.com +127.0.0.1 aulist.com +127.0.0.1 autocarrozzeriamoro.it +127.0.0.1 autodiscover.immigrationgateway.ca +127.0.0.1 autofficinaguerreri.it +127.0.0.1 automotorahorizonte.uy +127.0.0.1 ayadaonline.com +127.0.0.1 aykybj.com +127.0.0.1 ayswzds.com +127.0.0.1 azerbaijan-tourism.com +127.0.0.1 azmeasurement.com +127.0.0.1 b.dxyzgame.com +127.0.0.1 b2926227.widget.windsorbongvape.com +127.0.0.1 b3f0bb9f.widget.windsorbongvape.com +127.0.0.1 b41e7405.widget.windsorbongvape.com +127.0.0.1 b5690fa9.widget.windsorbongvape.com +127.0.0.1 b7f61d31.widget.windsorbongvape.com +127.0.0.1 b8b00845.widget.windsorbongvape.com +127.0.0.1 b94c3406.widget.windsorbongvape.com +127.0.0.1 b96469ab.host.integrativehealthpartners.com +127.0.0.1 ba10eb45.host.integrativehealthpartners.com +127.0.0.1 baanhnbeli.org.pk +127.0.0.1 backgrounds.pk +127.0.0.1 backoffice.inmenu.ca +127.0.0.1 badeggdesign.com +127.0.0.1 bae7e747.widget.windsorbongvape.com +127.0.0.1 balance.co.me +127.0.0.1 bandbmedscrubs.com +127.0.0.1 bangkok-orchids.com +127.0.0.1 bangplamahospital.com +127.0.0.1 barkodsolutions.com +127.0.0.1 barnhart-studios.com +127.0.0.1 basepainters.com +127.0.0.1 bastinhoneybeefarm.com +127.0.0.1 batco.global +127.0.0.1 bawatingbarter.com +127.0.0.1 baykusoglu.com.tr +127.0.0.1 bb2play.com +127.0.0.1 bbg.az +127.0.0.1 bbia.co.uk +127.0.0.1 bbq.zzhreceive.top +127.0.0.1 bc0169a6.widget.windsorbongvape.com +127.0.0.1 bd.vomitbox.org +127.0.0.1 be51580f.lines.fasttracklegal.com +127.0.0.1 be753981.widget.windsorbongvape.com +127.0.0.1 be784539.host.integrativehealthpartners.com +127.0.0.1 be80fa2a.widget.windsorbongvape.com +127.0.0.1 be9a9eba.widget.windsorbongvape.com +127.0.0.1 bearcatpumps.com.cn +127.0.0.1 beeabouttown.com +127.0.0.1 belisip.net +127.0.0.1 bencevendeghaz.hu +127.0.0.1 benconry.com +127.0.0.1 bendhardwoodflooring.com +127.0.0.1 benwellgroup.co.uk +127.0.0.1 benzo-pl.com +127.0.0.1 beprecisiontech.com +127.0.0.1 bespokeweddings.ie +127.0.0.1 best-beauty.work +127.0.0.1 beta.profissaopiloto.com.br +127.0.0.1 bethelmbcarvada.org +127.0.0.1 bethesdainternationalschool.com +127.0.0.1 bhaagya.app +127.0.0.1 bhandariclub.com +127.0.0.1 bhartipackermovers.in +127.0.0.1 bigmikesupplies.co.za +127.0.0.1 binnuryetikdanismanlik.com.tr +127.0.0.1 bitplay.gg +127.0.0.1 blanche.gr +127.0.0.1 bleskoindustries.com +127.0.0.1 blit.co.za +127.0.0.1 blog.aeromus.com +127.0.0.1 blog.searstownonline.com +127.0.0.1 blog.stetgzs.cn +127.0.0.1 blog.sun913.cn +127.0.0.1 blog.takbelit.com +127.0.0.1 bloggerrana.com +127.0.0.1 bluemixacademy.com +127.0.0.1 blueprogress.org +127.0.0.1 blumer.com.br +127.0.0.1 blupoxy.biz +127.0.0.1 bmn.lpmpbanten.id +127.0.0.1 bmpgradnja.com +127.0.0.1 bmss.org.in +127.0.0.1 bmwchinhhang.vn +127.0.0.1 bobcatminer-store.e-mantra.in +127.0.0.1 bondpertayenergy.com +127.0.0.1 bor4omkin.ru +127.0.0.1 boreateam.com +127.0.0.1 bosny.com +127.0.0.1 boxtelreport.com +127.0.0.1 boysexy.net +127.0.0.1 brasslineindia.com +127.0.0.1 brendancleary.net +127.0.0.1 brideofmessiah.com +127.0.0.1 bridgetobalance.com +127.0.0.1 british-shorthair.es +127.0.0.1 britspizzeria.com +127.0.0.1 bsprabodhini.org +127.0.0.1 btjinsurance.net +127.0.0.1 bucbuc.in +127.0.0.1 buffetmazzi.com.br +127.0.0.1 buigiaphat.com.vn +127.0.0.1 bukuonline2u.com +127.0.0.1 bulldogironworksllc.com +127.0.0.1 buscascolegios.diit.cl +127.0.0.1 bustopaslaptys.lt +127.0.0.1 c0735532.widget.windsorbongvape.com +127.0.0.1 c0d7901f.widget.windsorbongvape.com +127.0.0.1 c15547c9.widget.windsorbongvape.com +127.0.0.1 c17d4387.widget.windsorbongvape.com +127.0.0.1 c23130da.widget.windsorbongvape.com +127.0.0.1 c3b2e0f9.widget.windsorbongvape.com +127.0.0.1 c535f928.widget.windsorbongvape.com +127.0.0.1 c7a905a9.widget.windsorbongvape.com +127.0.0.1 c9b0618e.widget.windsorbongvape.com +127.0.0.1 ca70cdc4.widget.windsorbongvape.com +127.0.0.1 caioaraujo.vip +127.0.0.1 callswayroofco.com +127.0.0.1 calzadoyuyin.com +127.0.0.1 camminachetipassa.it +127.0.0.1 canconsulting.in +127.0.0.1 caragudigital.com.mx +127.0.0.1 cariustadz.org +127.0.0.1 carprom.eu +127.0.0.1 casadorothea.com +127.0.0.1 casamuseoayerbe.co +127.0.0.1 cathuren.nl +127.0.0.1 cc996e3d.widget.windsorbongvape.com +127.0.0.1 cdaonline.com.ar +127.0.0.1 cdcbuilding.vn +127.0.0.1 cdn.doxbin.org +127.0.0.1 ce9dd528.host.integrativehealthpartners.com +127.0.0.1 ceb4748e.widget.windsorbongvape.com +127.0.0.1 ceibadiseno.com.mx +127.0.0.1 centralcdmx.gq +127.0.0.1 centrichotel.com +127.0.0.1 centrodenegociosellider.com +127.0.0.1 centuryfilms.in +127.0.0.1 ceremoniesbykaren.com +127.0.0.1 ceysaenerji.com.tr +127.0.0.1 ch1.spacermodem.com +127.0.0.1 chafferimpex.com +127.0.0.1 chap24pro.com +127.0.0.1 chastongroditski.com +127.0.0.1 chezalice.co.za +127.0.0.1 chickensolutions.net +127.0.0.1 childselect.com +127.0.0.1 chpopesco.com +127.0.0.1 chuckozeas.com +127.0.0.1 cifeer.net +127.0.0.1 ciidental.com.ec +127.0.0.1 cipro.mx +127.0.0.1 circleeducational.com +127.0.0.1 cksacoustics.com +127.0.0.1 clanfog.co.uk +127.0.0.1 classicpaint.net +127.0.0.1 clickcrazy.com.au +127.0.0.1 clickzenis.com +127.0.0.1 client.meetsusolutions.com +127.0.0.1 clingcard.co.uk +127.0.0.1 cliniquepourenfants.com +127.0.0.1 cloud.fc.co.mz +127.0.0.1 cloudblogongo.me +127.0.0.1 cloudsoft.or.ke +127.0.0.1 clovekwealth.com +127.0.0.1 clovisclark.com +127.0.0.1 clubmanager.net.ar +127.0.0.1 cnapril.com +127.0.0.1 cnjeje.com +127.0.0.1 codego-soluciones.com +127.0.0.1 cofenator.ru +127.0.0.1 coinince.com +127.0.0.1 colonna.ug +127.0.0.1 computec-zim.com.mx +127.0.0.1 confirmation.at +127.0.0.1 connecticutaccident.net +127.0.0.1 contacloud.ch +127.0.0.1 contactlink.top +127.0.0.1 continentalgroup.net.in +127.0.0.1 coop-host.com +127.0.0.1 coopacredito.com +127.0.0.1 corpolevesuplementos.com.br +127.0.0.1 corpotechgroup.com +127.0.0.1 count.mail.163.com.impactmedfoundation.com +127.0.0.1 courtesytitle.net +127.0.0.1 courtneyjones.ac.ug +127.0.0.1 covid19.cyberschool.or.id +127.0.0.1 cp-saofacundo.pt +127.0.0.1 crearechile.cl +127.0.0.1 crecerco.com +127.0.0.1 crecercreando.com +127.0.0.1 credit-law-center-reviews.org +127.0.0.1 creditshoppers.com.ng +127.0.0.1 cricket.theglobalindia.net +127.0.0.1 crittersbythebay.com +127.0.0.1 crm.iqkitchen.biz +127.0.0.1 crmfarko.manivelasst.com +127.0.0.1 crmroche.manivelasst.com +127.0.0.1 cryptoforextrading56.com +127.0.0.1 ctha.uy +127.0.0.1 ctmibd.com +127.0.0.1 cucedu.com +127.0.0.1 curcu-b.com +127.0.0.1 cursodeparapsicologia.org +127.0.0.1 cursos.jccempresas.com.br +127.0.0.1 curtainshare.su +127.0.0.1 cyberco2.com +127.0.0.1 cynkon.kairoscs.net +127.0.0.1 d.powerofwish.com +127.0.0.1 d1b2433a.widget.windsorbongvape.com +127.0.0.1 d25b5a81.host.integrativehealthpartners.com +127.0.0.1 d2e0a977.host.integrativehealthpartners.com +127.0.0.1 d342c947.xen.hill-family.us +127.0.0.1 d38ec699.widget.windsorbongvape.com +127.0.0.1 d3a49b0c.widget.windsorbongvape.com +127.0.0.1 d40800ea.lines.fasttracklegal.com +127.0.0.1 d46593be.widget.windsorbongvape.com +127.0.0.1 d4bcc79d.widget.windsorbongvape.com +127.0.0.1 d4c53896.widget.windsorbongvape.com +127.0.0.1 d9.99ddd.com +127.0.0.1 d9c6b2ca.widget.windsorbongvape.com +127.0.0.1 da.alibuf.com +127.0.0.1 danaevara.com +127.0.0.1 danialteb.com +127.0.0.1 danoblab.com +127.0.0.1 dantama.org +127.0.0.1 darkchemical.com +127.0.0.1 darna-online.org +127.0.0.1 dashboard.khholdings.co.za +127.0.0.1 data.green-iraq.com +127.0.0.1 databaza.top +127.0.0.1 datainline.com +127.0.0.1 davidmcguinness.info +127.0.0.1 dcaingenieria.com.co +127.0.0.1 dcsdesenvolvimento.com.br +127.0.0.1 de9f115b.host.integrativehealthpartners.com +127.0.0.1 deagroup-ks.com +127.0.0.1 deborarachelle.com +127.0.0.1 decorusfinancial.com +127.0.0.1 deepakkerkar.digital +127.0.0.1 delmarpropertyservices.com +127.0.0.1 demo.energianmittaus.fi +127.0.0.1 demo.fontecsys.net +127.0.0.1 demo.nhabe360.com +127.0.0.1 demo.shooes.in +127.0.0.1 dental.xiaoxiao.media +127.0.0.1 deria.com.tr +127.0.0.1 dermasensor.com +127.0.0.1 design-ed.com +127.0.0.1 design.mahwy.com +127.0.0.1 designerliving.co.za +127.0.0.1 designinrio.com.br +127.0.0.1 destinymc.co.za +127.0.0.1 dev.crystalclearvapestore.co.uk +127.0.0.1 dev.sebpo.net +127.0.0.1 dev2-admin.ycbnt.net +127.0.0.1 dezcom.com +127.0.0.1 dfe9543d.xen.hill-family.us +127.0.0.1 dieselpartesymotores.com +127.0.0.1 dijicom.net +127.0.0.1 dinkam.com +127.0.0.1 dinkovtips.ml +127.0.0.1 diresaapurimac.gob.pe +127.0.0.1 discoveryast.com +127.0.0.1 disweb.sk +127.0.0.1 divinaprovidenciaautlan.com +127.0.0.1 djmarcao.com.br +127.0.0.1 djoutlet.arrowtech89.com +127.0.0.1 djtransport.ch +127.0.0.1 dk-chic.com +127.0.0.1 dl.1003b.56a.com +127.0.0.1 dl.9xu.com +127.0.0.1 dl.uploadgram.me +127.0.0.1 dlfreight.com +127.0.0.1 dlnffy.com +127.0.0.1 dlqsclub.com +127.0.0.1 dmastermovers.co.za +127.0.0.1 docmasterpassb.top +127.0.0.1 dodsonimaging.com +127.0.0.1 donbaham.com +127.0.0.1 dongnaitw.com +127.0.0.1 dongphucdaiphat.com +127.0.0.1 down.pcclear.com +127.0.0.1 down.rxgif.cn +127.0.0.1 down.webbora.com +127.0.0.1 down.yjhyjl.cn +127.0.0.1 download.doumaibiji.cn +127.0.0.1 download.pdf00.cn +127.0.0.1 download.studymathlive.com +127.0.0.1 downloads.bcweb.org.uk +127.0.0.1 downloads.mjrxf0.cn +127.0.0.1 dpvipracollege.in +127.0.0.1 drive.google.com.it-barcelona.com +127.0.0.1 drkalan.com +127.0.0.1 drrahulcitydental.com +127.0.0.1 drsha.innovativesolutions.mobi +127.0.0.1 drvikaskakkar.in +127.0.0.1 dstny.net +127.0.0.1 dtnam.com +127.0.0.1 du-wizards.com +127.0.0.1 dubasky.ae +127.0.0.1 duir.com.co +127.0.0.1 dukaree.com +127.0.0.1 dulhagharnh.com +127.0.0.1 dulichdichvu.net +127.0.0.1 dunyaaslan.com +127.0.0.1 duosmart.se +127.0.0.1 dutapp.wisolve.co.za +127.0.0.1 dwayneeddings.com +127.0.0.1 dwwmaster.com +127.0.0.1 dznainre.heliohost.us +127.0.0.1 e-commerce.saleensuporte.com.br +127.0.0.1 e-fistik.com +127.0.0.1 e-life2020.com +127.0.0.1 e-weddingcardswala.in +127.0.0.1 e0b16190.widget.windsorbongvape.com +127.0.0.1 e2ekijutol.tk +127.0.0.1 e33ee51c.xen.hill-family.us +127.0.0.1 e4b8d248.widget.windsorbongvape.com +127.0.0.1 e5web.com.br +127.0.0.1 e8ed5bc2.widget.windsorbongvape.com +127.0.0.1 easiercommunications.com +127.0.0.1 easybrand.vn +127.0.0.1 easyrentbyowner.com +127.0.0.1 easyviettravel.vn +127.0.0.1 ecim.azneomedia.ro +127.0.0.1 ecoarch.com.tw +127.0.0.1 ecommercebestpractice.com +127.0.0.1 economizesa.com.br +127.0.0.1 ecopipoculiacan.com +127.0.0.1 ecoracing.info +127.0.0.1 ed5042c3.widget.windsorbongvape.com +127.0.0.1 ed7c0704.widget.windsorbongvape.com +127.0.0.1 edu-media.cn +127.0.0.1 edu.pmvanini.rs.gov.br +127.0.0.1 educajuris.cl +127.0.0.1 educatiolink.com +127.0.0.1 educationlink.su +127.0.0.1 edumahir.com +127.0.0.1 ee33d229.host.integrativehealthpartners.com +127.0.0.1 ee8c57ec.xen.hill-family.us +127.0.0.1 ee8c9106.widget.windsorbongvape.com +127.0.0.1 eephysiotherapy.co.uk +127.0.0.1 eeuamd.com +127.0.0.1 ef-web.com +127.0.0.1 ef0ce38a.widget.windsorbongvape.com +127.0.0.1 efex.net.br +127.0.0.1 egwis.com +127.0.0.1 ehsanenterprises.com +127.0.0.1 eidoss.mx +127.0.0.1 eighteenpixels.in +127.0.0.1 eipweb.com +127.0.0.1 ekinbodrum.com +127.0.0.1 electricsaman.com +127.0.0.1 elevate10x.com +127.0.0.1 elmaadiimad.com +127.0.0.1 emaids.co.za +127.0.0.1 emd.agency +127.0.0.1 emesconcontabil.com.br +127.0.0.1 en.baoend.com +127.0.0.1 endpointwellness.com +127.0.0.1 environmentalaw.com +127.0.0.1 erebate.in +127.0.0.1 ergotherapeia-kalamata.gr +127.0.0.1 erkaradyator.com.tr +127.0.0.1 escueladecinemza.com.ar +127.0.0.1 esigninrio.com.br +127.0.0.1 esquiudigital.com +127.0.0.1 estiloymadera.com.py +127.0.0.1 etisalatbuyback.com +127.0.0.1 ets-touristic.com +127.0.0.1 etsymedix.com +127.0.0.1 evaluation-centennial.studyinusa-canada.com +127.0.0.1 evinvestrade.com +127.0.0.1 excelsales.co.in +127.0.0.1 exhaleconsulting.com +127.0.0.1 exilum.com +127.0.0.1 expansion360.net +127.0.0.1 f.gogamef.com +127.0.0.1 f2c7f217.host.integrativehealthpartners.com +127.0.0.1 f3b4aaa8.host.integrativehealthpartners.com +127.0.0.1 f5ad28e2.xen.hill-family.us +127.0.0.1 f6a71cc7.widget.windsorbongvape.com +127.0.0.1 f98d9411.widget.windsorbongvape.com +127.0.0.1 faai-international.com +127.0.0.1 farmacia.eliteacademy.com.br +127.0.0.1 farschid.de +127.0.0.1 fashionbyprincessmelodicaah.com +127.0.0.1 fb9520ab.lines.fasttracklegal.com +127.0.0.1 fc.co.mz +127.0.0.1 fccatinsaat.com +127.0.0.1 fcpneus.com.br +127.0.0.1 febo.mx +127.0.0.1 femeback.com +127.0.0.1 ferroconsultora.com.ar +127.0.0.1 ffbfa37e.lines.fasttracklegal.com +127.0.0.1 fik.com.pl +127.0.0.1 fikirteknesi.com +127.0.0.1 filecabinet.digitalechoes.co.uk +127.0.0.1 files.fastbestapp.com +127.0.0.1 filmfestival.sourcetaggers.com +127.0.0.1 financialfitnessservices.co.za +127.0.0.1 fireandsafety.ie +127.0.0.1 firstpacific-bk.com +127.0.0.1 fisioterapiaweb.com.br +127.0.0.1 fitfabtherapy.com +127.0.0.1 fitsystems.at +127.0.0.1 fkd.derpcity.ru +127.0.0.1 flappy.pe +127.0.0.1 flumedya.com +127.0.0.1 fmesperanza945.com +127.0.0.1 fontecmobile.com +127.0.0.1 foodienfit.in +127.0.0.1 football.g-sports.gr +127.0.0.1 forgione.com.ar +127.0.0.1 formedable.nl +127.0.0.1 formularapida.com.br +127.0.0.1 formulationdrugstore.com +127.0.0.1 fortcomfurniture.com +127.0.0.1 foto.kathybossa.com +127.0.0.1 fotoobjetivo.com +127.0.0.1 foundationrepairhoustontx.net +127.0.0.1 foxeps.com.br +127.0.0.1 fpd.cl +127.0.0.1 freedomhomecare.lk +127.0.0.1 freereadmanga.com +127.0.0.1 freesoftwares.ml +127.0.0.1 fse.in.ua +127.0.0.1 ftalkmondo.com +127.0.0.1 ftsneaker.com +127.0.0.1 full.choitrai.net +127.0.0.1 fullelectronica.com.ar +127.0.0.1 funletters.net +127.0.0.1 g10.asadal.net +127.0.0.1 gaddco.com +127.0.0.1 galaxy-catering.com.vn +127.0.0.1 gan-n.cloud-downloader.com +127.0.0.1 gandhitoday.org +127.0.0.1 gbsports.theapplab.org +127.0.0.1 gccon.in +127.0.0.1 gees.com.pl +127.0.0.1 genccagdas.com.tr +127.0.0.1 genesishealing.co.uk +127.0.0.1 gengxin.poxiaowy.com +127.0.0.1 geo-lines.com +127.0.0.1 georgesghantous.com +127.0.0.1 geowf.ge +127.0.0.1 get.udontsay.xyz +127.0.0.1 gethomevaluerestoration.com +127.0.0.1 getondial.com +127.0.0.1 ghainaa.net +127.0.0.1 giadinhviet.com +127.0.0.1 giasotti.com +127.0.0.1 gijsvanroij.nl +127.0.0.1 gillbanks.com.au +127.0.0.1 giotradingltd.com +127.0.0.1 gla.ge +127.0.0.1 glm.andyhanne.de +127.0.0.1 globalpowermyanmar.com +127.0.0.1 globalxre.com +127.0.0.1 globartmag.com +127.0.0.1 gocnhotaichinh.com +127.0.0.1 godubai.club +127.0.0.1 goldenasiacapital.com +127.0.0.1 goldservicehomecare.co.uk +127.0.0.1 goldstarindia.in +127.0.0.1 golfsportasia.com +127.0.0.1 gonorthhalifax.com +127.0.0.1 gotovacoil.com +127.0.0.1 grand-element.ru +127.0.0.1 graydonscrossing.com +127.0.0.1 greatsound.ng +127.0.0.1 greenhillsacademy.org +127.0.0.1 greenothon.in +127.0.0.1 greycoconut.com +127.0.0.1 grimmcm.com +127.0.0.1 group-celit.com +127.0.0.1 gruzof.by +127.0.0.1 gs.monerorx.com +127.0.0.1 gscapital.com.pe +127.0.0.1 gt-max.com.my +127.0.0.1 guillermomanrique.com.mx +127.0.0.1 gumpertdrucker.com +127.0.0.1 gurunanakinternational.com +127.0.0.1 guysgolds.com +127.0.0.1 h.epelcdn.com +127.0.0.1 haircutbar.com +127.0.0.1 hairsalondc.com +127.0.0.1 halalgoats.com +127.0.0.1 haribuilders.com +127.0.0.1 haringhatamahavidyalaya.org +127.0.0.1 harleyqueretaro.com +127.0.0.1 harperhouseproducts.com +127.0.0.1 hashtagmedia.co.in +127.0.0.1 hatipogluhali.com +127.0.0.1 havnet.net +127.0.0.1 hb888.luminati-china.net +127.0.0.1 hcsnet.com.br +127.0.0.1 heaventechnologies.com.pk +127.0.0.1 helpdeskserver.epelcdn.com +127.0.0.1 helpfoundation.uxgorilla.com +127.0.0.1 hepatologiaonline.com.mx +127.0.0.1 herchinfitout.com.sg +127.0.0.1 herringtons.co.uk +127.0.0.1 hightechsjc.com +127.0.0.1 hilse.me +127.0.0.1 himetore.com +127.0.0.1 hitstation.nl +127.0.0.1 hlm-indonesia.com +127.0.0.1 hoianorganic.com.vn +127.0.0.1 holandaproducciones.cl +127.0.0.1 holidayonehotel.com +127.0.0.1 homi-egypt.com +127.0.0.1 hongluosi.com +127.0.0.1 honours.com.ng +127.0.0.1 hookedupboatclub.com +127.0.0.1 hospital.shuleyanguonline.co.ke +127.0.0.1 hostingbolivia.com +127.0.0.1 hostingparacolombia.com +127.0.0.1 hostrola.com +127.0.0.1 hotelhadieh.ir +127.0.0.1 houseatthebeachinoc.com +127.0.0.1 houseproinspection.com +127.0.0.1 howebeautiful.com +127.0.0.1 howimetyourdata.com +127.0.0.1 hr2019.vrcom7.com +127.0.0.1 hsaanime.com +127.0.0.1 hseda.com +127.0.0.1 htownbars.com +127.0.0.1 huchaoyang.com +127.0.0.1 hudnhatrang.vn +127.0.0.1 hugebonus.drfelipecosta.com +127.0.0.1 humvegetarian.w3.eyeteam.vn +127.0.0.1 hunggiang.vn +127.0.0.1 hzxydesign.com +127.0.0.1 i-love-git.com +127.0.0.1 iamgangadharm.com +127.0.0.1 ibrra.com.br +127.0.0.1 idesign-bruceberman.com +127.0.0.1 idilsoft.com +127.0.0.1 igsn.us +127.0.0.1 ikejaclub.org +127.0.0.1 iloop.sourcetaggers.com +127.0.0.1 ilpem-ar.com +127.0.0.1 imaarat.in +127.0.0.1 images.jermiau.com +127.0.0.1 imaginationtoon.com +127.0.0.1 imbueautoworx.co.za +127.0.0.1 immunotec.network +127.0.0.1 imobiles.pk +127.0.0.1 implastec.com.br +127.0.0.1 incmarketplace.org +127.0.0.1 incredicole.com +127.0.0.1 indiamarriagebureau.in +127.0.0.1 indianjewellery.art +127.0.0.1 indonesias.me +127.0.0.1 indrasbikaner.com +127.0.0.1 ingelagos.cl +127.0.0.1 ingelse.net +127.0.0.1 innosolv-idine.com +127.0.0.1 instratghs.com +127.0.0.1 introvokedev.lightweightworks.com +127.0.0.1 inventory.sourcetaggers.com +127.0.0.1 iptel.cy +127.0.0.1 iqraacfindia.org +127.0.0.1 irc.service-exec.net +127.0.0.1 irsconsulting.ma +127.0.0.1 isaac.mikhailmotoringschool.com +127.0.0.1 ismartplayschool.com +127.0.0.1 j-92403.colinmcdonald.ca +127.0.0.1 j.xyzgamej.com +127.0.0.1 jackytpload.su +127.0.0.1 jaipurfitness.com +127.0.0.1 jamaclothmarket.com +127.0.0.1 jamshed.pk +127.0.0.1 jay.diamondrelationscrm.us +127.0.0.1 jcedu.org +127.0.0.1 jcon.in +127.0.0.1 jdkems.com +127.0.0.1 jeffdahlke.com +127.0.0.1 jemkon.com +127.0.0.1 jhayesconsulting.com +127.0.0.1 jirehbusiness.tech +127.0.0.1 jmmiranda.com.br +127.0.0.1 jodhpurtourtaxi.com +127.0.0.1 jointings.org +127.0.0.1 joodline.com +127.0.0.1 josymixmyhome.com.br +127.0.0.1 jswl.jdaili.xyz +127.0.0.1 juancarloshernandez.us +127.0.0.1 juliusprado.com.br +127.0.0.1 julypart.com +127.0.0.1 jumaidabros.com +127.0.0.1 jxwd.cc +127.0.0.1 kadigital.co.uk +127.0.0.1 kaizmed.com +127.0.0.1 kalajigiftstationary.com +127.0.0.1 kamac.com.br +127.0.0.1 kamakurapen.club +127.0.0.1 kaptured.io +127.0.0.1 karer.by +127.0.0.1 kenaridjaja.com +127.0.0.1 kenbrown-photo.com +127.0.0.1 kenjisramen.com +127.0.0.1 keyesforsteuben.com +127.0.0.1 kgtpk.com +127.0.0.1 khbd.41319.top +127.0.0.1 khbd.mbtuan.com +127.0.0.1 kickofflaos.com +127.0.0.1 kimjikuk.luxeone.cn +127.0.0.1 kimtanoto.online +127.0.0.1 kimyen.net +127.0.0.1 kingspalmhomes.com +127.0.0.1 kinmirai.org +127.0.0.1 klearning.co.uk +127.0.0.1 klija.net +127.0.0.1 kochimatsuri.com.br +127.0.0.1 kodekode.ac.ug +127.0.0.1 korrectconceptservices.com +127.0.0.1 krisbadminton.com +127.0.0.1 krusevo.gov.mk +127.0.0.1 ksansari.pk +127.0.0.1 kumardeal.com +127.0.0.1 kutegiagoc.com +127.0.0.1 la-csi.com +127.0.0.1 laesmeralda.ec +127.0.0.1 lafourmiliere.ma +127.0.0.1 lakeridgeartgallery.com +127.0.0.1 lameguard.ru +127.0.0.1 landmarkbahrain.com +127.0.0.1 lapchallenge.co.uk +127.0.0.1 laptopsrent.com +127.0.0.1 lasermobilesounds.co.uk +127.0.0.1 latinaked.club +127.0.0.1 laufke.se +127.0.0.1 lceventos.net +127.0.0.1 ldgcorp.com +127.0.0.1 learnfastearn.com +127.0.0.1 leasiacherise.com +127.0.0.1 lecielhotel.com +127.0.0.1 legend.nu +127.0.0.1 lennart.serv.se +127.0.0.1 lensrent.co.za +127.0.0.1 leon-inc.com +127.0.0.1 lestesteux.ca +127.0.0.1 letea.eu +127.0.0.1 library.arihantmbainstitute.ac.in +127.0.0.1 lindnerelektroanlagen.de +127.0.0.1 linkintec.cn +127.0.0.1 linkupdaddyimc.com +127.0.0.1 lista33rivera.uy +127.0.0.1 livehelpco.com +127.0.0.1 livetrack.in +127.0.0.1 lizarddesign.co.za +127.0.0.1 lm.stagingarea.co.za +127.0.0.1 lms.cstdevs.com +127.0.0.1 location-voitures.ma +127.0.0.1 loginline.top +127.0.0.1 loginlines.top +127.0.0.1 loja.brancauto.com.br +127.0.0.1 lovedepositbox.com +127.0.0.1 lp.artefactory.co +127.0.0.1 ls-droid.com +127.0.0.1 ls.com.co +127.0.0.1 ltc.typoten.com +127.0.0.1 lucro.importsbr.com +127.0.0.1 lumanate.xyz +127.0.0.1 luminouspneuma.com +127.0.0.1 lupusmarketing.com +127.0.0.1 lutanedukasi.co.id +127.0.0.1 lydt.cc +127.0.0.1 m-technics.kz +127.0.0.1 m.ashiwenhua.net +127.0.0.1 machltda.cl +127.0.0.1 macmor-media.com.au +127.0.0.1 madicon.co.za +127.0.0.1 maestrosymilagros.com +127.0.0.1 mafertuz.com +127.0.0.1 mail.filastiniyat.org +127.0.0.1 makeupuccino.com +127.0.0.1 maknsons.com +127.0.0.1 mall.payarena.com +127.0.0.1 manarestaurante.com +127.0.0.1 marcowine.com +127.0.0.1 marcyovcx.ru +127.0.0.1 mario-sunjic.com +127.0.0.1 marketingguru.co.in +127.0.0.1 marketshares43.com +127.0.0.1 marksidfgs.ug +127.0.0.1 marquesvogt.com +127.0.0.1 marriageceremonynyc.com +127.0.0.1 martintourish.ie +127.0.0.1 maskaniranian.com +127.0.0.1 mbgrm.com +127.0.0.1 medequipargos.com +127.0.0.1 medianews.ge +127.0.0.1 meeweb.com +127.0.0.1 meigue.com +127.0.0.1 melinapena.my +127.0.0.1 melon.pk +127.0.0.1 meratecenterprises.com +127.0.0.1 meridianites.com +127.0.0.1 metawarspace.com +127.0.0.1 microcomm-group.com +127.0.0.1 microfastacademy.com +127.0.0.1 middyshop.com +127.0.0.1 mikhailmotoringschool.com +127.0.0.1 milagromed.in +127.0.0.1 milky-dog.com +127.0.0.1 mirkastudio.com +127.0.0.1 mirror.mypage.sk +127.0.0.1 misterson.com +127.0.0.1 mistydeblasiophotography.com +127.0.0.1 mkontakt.az +127.0.0.1 mmcharitabletrust.com +127.0.0.1 mncarteam.com +127.0.0.1 morganhkdesigns.com +127.0.0.1 morrobaydrugandgift.com +127.0.0.1 mpca.cl +127.0.0.1 mpesa.shuleyanguonline.co.ke +127.0.0.1 mr-mahmoud-hassan.com +127.0.0.1 msautopart.com +127.0.0.1 mspkptmanora.ac.in +127.0.0.1 mtmusicaemercado.com.br +127.0.0.1 mtwealth.in +127.0.0.1 mulmatdol.com +127.0.0.1 multigiene.bo +127.0.0.1 multilevelcarparkingindia.com +127.0.0.1 mumgee.co.za +127.0.0.1 mwu.com.mx +127.0.0.1 mysura.it +127.0.0.1 mywebstack.in +127.0.0.1 mywestchiropractic.com +127.0.0.1 namma.farm +127.0.0.1 nasapaul.com +127.0.0.1 nazrultheking.com +127.0.0.1 nbs.vizzhost.com +127.0.0.1 necocheasexshop.com +127.0.0.1 nenlineasv.com +127.0.0.1 nettube.com.br +127.0.0.1 networkwheels.co.za +127.0.0.1 new.saco-group.com +127.0.0.1 newdevjyq.devjyq.com +127.0.0.1 newsite.ugbswebakenyaltd.com +127.0.0.1 ngdaycare.co.za +127.0.0.1 nhorangtreem.com +127.0.0.1 nimble-learners.com +127.0.0.1 niplaw.com +127.0.0.1 niwf.sourcetaggers.com +127.0.0.1 njc.edu.pk +127.0.0.1 njtiledesigncenter.com +127.0.0.1 nmkonline.com +127.0.0.1 nobius.org +127.0.0.1 nominally.ru +127.0.0.1 noonimpex.com +127.0.0.1 nooraniwings.com +127.0.0.1 nsb.org.uk +127.0.0.1 oazahotel.com.mk +127.0.0.1 oceancityrentalbyowner.com +127.0.0.1 ocmdbeachrentals.com +127.0.0.1 office365.bellboyindia.com +127.0.0.1 ohsewgorgeous.co.uk +127.0.0.1 oknoplastik.sk +127.0.0.1 oldschoolhospitality.com +127.0.0.1 oleholeh.memangbeda.website +127.0.0.1 oliveiraadvogadoscatanduva.adv.br +127.0.0.1 ombrapiatta.com +127.0.0.1 oms.pappai.com +127.0.0.1 omscoc.pappai.com +127.0.0.1 online.creedglobal.in +127.0.0.1 operafurnitures.com.au +127.0.0.1 opornik55.ru +127.0.0.1 oracle.zzhreceive.top +127.0.0.1 orchidbg.com +127.0.0.1 order.redroseofbristol.com +127.0.0.1 ordereasy.hk +127.0.0.1 orientgatewayltd.com +127.0.0.1 originaltoner.fr +127.0.0.1 orsan.gruporhynous.com +127.0.0.1 osmektvafrica.com +127.0.0.1 outdoortacklebox.com +127.0.0.1 oxygen.theglorious.agency +127.0.0.1 oyeeeautos.com +127.0.0.1 ozemag.com +127.0.0.1 ozvita.club +127.0.0.1 p-col.com +127.0.0.1 p2.d9media.cn +127.0.0.1 pablobrothel.com.ar +127.0.0.1 pacwebdesigns.com +127.0.0.1 paharaava.com +127.0.0.1 paint-regen.club +127.0.0.1 palomino.embarcar.com.pe +127.0.0.1 pancook.com +127.0.0.1 parabigfilms.com +127.0.0.1 parallel.rockvideos.at +127.0.0.1 parking1.samayiot.com +127.0.0.1 parkwooddoors.co.nz +127.0.0.1 parrotbay.net +127.0.0.1 part-co.org +127.0.0.1 pastetext.net +127.0.0.1 pataphysics.net.au +127.0.0.1 patch2.99ddd.com +127.0.0.1 patch3.99ddd.com +127.0.0.1 patriciamirapsicologa.com +127.0.0.1 paulmercier.biz +127.0.0.1 pay.ewalletgold.com +127.0.0.1 pe-ape.ro +127.0.0.1 peersads.com +127.0.0.1 petparadise.biz +127.0.0.1 petrol.ir +127.0.0.1 pharmacycareerleap.co.uk +127.0.0.1 phasdesign.com +127.0.0.1 phuket-expat-vaccinations.com +127.0.0.1 physioacademy.co.uk +127.0.0.1 pink99.com +127.0.0.1 pivot-to-virtual.com +127.0.0.1 pklawchamber.com +127.0.0.1 plasfan.ind.br +127.0.0.1 platinostereo.com +127.0.0.1 playground.oaklife.ca +127.0.0.1 populaceindia.com +127.0.0.1 port.web-enzima.com +127.0.0.1 portrettenbeeld.nl +127.0.0.1 posmicrosystems.com +127.0.0.1 ppdb.smk-ciptaskill.sch.id +127.0.0.1 preesah.com +127.0.0.1 prestasicash.com.ar +127.0.0.1 prestigehomeautomation.net +127.0.0.1 prevenzioneformazionelavoro.it +127.0.0.1 primaflor-sby.com +127.0.0.1 primefind.com +127.0.0.1 printee.shop +127.0.0.1 prisma.ae +127.0.0.1 prodoors.com.au +127.0.0.1 projet.com.tn +127.0.0.1 promas.com +127.0.0.1 propiedadesacr.cl +127.0.0.1 prosoc.nl +127.0.0.1 protechasia.com +127.0.0.1 protokol.mx +127.0.0.1 proyectartpanama.com +127.0.0.1 punjabdevelopersassociation.com.pk +127.0.0.1 pv-energy.net +127.0.0.1 qamaraltaf.com +127.0.0.1 qingtianxcx.top +127.0.0.1 qlcollections.com +127.0.0.1 qmsled.com +127.0.0.1 rakeshkhatri.in +127.0.0.1 ramseywetruss.com +127.0.0.1 rangsay.com +127.0.0.1 raqmnh.com +127.0.0.1 raquelraney.com +127.0.0.1 rbmimport.com +127.0.0.1 realty-sky.com +127.0.0.1 recuperandotuamor.com +127.0.0.1 redbats.co.in +127.0.0.1 redcormedical.com +127.0.0.1 redwoodfamilycamp.com +127.0.0.1 regenisyn.com +127.0.0.1 reifenquick.de +127.0.0.1 relaxindulge.co.nz +127.0.0.1 renton.apttechsol.com +127.0.0.1 reservacionesdevuelos.com +127.0.0.1 restauracionfamiliar.org +127.0.0.1 resultsrma.com +127.0.0.1 retailelectricprovider.com +127.0.0.1 retailexpertscloud.com +127.0.0.1 reviewrecap.co +127.0.0.1 ricambi.fixtofix.it +127.0.0.1 rinaefoundation.org.za +127.0.0.1 risingstarsacademyllc.org +127.0.0.1 ritualstudio.tv +127.0.0.1 rizwansulehria.com +127.0.0.1 robertmchilespe.com +127.0.0.1 rogerschultz.com +127.0.0.1 romanianpoints.com +127.0.0.1 roofsupplyco.com +127.0.0.1 ruay-asia.com +127.0.0.1 ruay-vvip.net +127.0.0.1 ruisgood.ru +127.0.0.1 rxquickpay.com +127.0.0.1 rylanderrichter.com +127.0.0.1 s.51shijuan.com +127.0.0.1 saabri.com +127.0.0.1 saajj.in +127.0.0.1 safcol-colors.com +127.0.0.1 safetyshoesformen.com +127.0.0.1 saffronflourmill.com +127.0.0.1 saffrontheindiankitchen.com +127.0.0.1 sainzim.co.za +127.0.0.1 sanaaihmarket.com +127.0.0.1 sanqi1688.cn +127.0.0.1 satgurutravels.in +127.0.0.1 sbss.com.pk +127.0.0.1 sceh.net +127.0.0.1 scglobal.co.th +127.0.0.1 schoolofspanish.co.za +127.0.0.1 scrapbuyernearme.com +127.0.0.1 seacupps.com +127.0.0.1 seasidesolutions.com +127.0.0.1 securetunnel.co +127.0.0.1 sedes.si +127.0.0.1 segredosdasupermaquiagem.com.br +127.0.0.1 senbiaojita.com +127.0.0.1 seniorweekoc.net +127.0.0.1 server.easysalepage.in.th +127.0.0.1 server.toeicswt.co.kr +127.0.0.1 service.easytrace.mn +127.0.0.1 sexe777.com +127.0.0.1 sexshopnatural.co +127.0.0.1 sh-huangyi.com +127.0.0.1 shaheentbfoundation.com +127.0.0.1 shahikhana.cstdevs.com +127.0.0.1 shahu66.com +127.0.0.1 shailsoft.com +127.0.0.1 shanghailihunlvshiwang.com +127.0.0.1 shanghailudi.com +127.0.0.1 sharaninterio.in +127.0.0.1 share.webkeks.at +127.0.0.1 shfpudpqth.top +127.0.0.1 shinoavto.com +127.0.0.1 shivfurnishings.com +127.0.0.1 shivsarthi.online +127.0.0.1 shop.mediasova.ru +127.0.0.1 short.extrafandome.com +127.0.0.1 shreejiselection.com +127.0.0.1 shunda321.com +127.0.0.1 shuttlezonebt.com +127.0.0.1 sicilianostra.online +127.0.0.1 sifcomercial.com +127.0.0.1 simgftesting.kabtakalar.id +127.0.0.1 simproce.com +127.0.0.1 sindicato1ucm.cl +127.0.0.1 siquerespodemosavancemos.org +127.0.0.1 skyviewonlineltd.com +127.0.0.1 slatorm.com +127.0.0.1 sleepstarlite-ozark.com +127.0.0.1 socialeyefoundation.com +127.0.0.1 soft.110route.com +127.0.0.1 softuvo.softuvo.xyz +127.0.0.1 software-house.co.uk +127.0.0.1 solar4africa.co.za +127.0.0.1 solarforafrica.net +127.0.0.1 solenica.com +127.0.0.1 solidbytes.vn +127.0.0.1 solutech-group.com +127.0.0.1 somelco.com +127.0.0.1 sonipspace.com +127.0.0.1 soomaal.softuvo.xyz +127.0.0.1 sorathlions.com +127.0.0.1 source3.boys4dayz.com +127.0.0.1 spa.grupokayros.org +127.0.0.1 spaceframe.mobi.space-frame.co.za +127.0.0.1 spaceran.com +127.0.0.1 sparcalabar.lightzillion.com +127.0.0.1 spent.com.pl +127.0.0.1 spetsesyachtcharter.gr +127.0.0.1 spices.com.sg +127.0.0.1 spinoffyarnshop.com +127.0.0.1 src1.minibai.com +127.0.0.1 sreedevidigitals.com +127.0.0.1 srgbroker.com +127.0.0.1 srv1.aztronic.com.br +127.0.0.1 sspbluebox.com +127.0.0.1 st-florenceacademy.com +127.0.0.1 stackdigital.co.uk +127.0.0.1 staginbuilds.com +127.0.0.1 staging.jetking.infinilive.com +127.0.0.1 stagingbuilds.com +127.0.0.1 staqinqbuilds.com +127.0.0.1 static.cz01.cn +127.0.0.1 stayinoceancitymd.com +127.0.0.1 sterongroup.com.ng +127.0.0.1 sticker.jewsjuice.com +127.0.0.1 stmikkomputama.ac.id +127.0.0.1 storewel.com +127.0.0.1 subhagruha.in +127.0.0.1 successfulnumerology.com +127.0.0.1 sudariocontabilidade.com.br +127.0.0.1 supercenturion.com +127.0.0.1 superintima.com +127.0.0.1 support.clz.kr +127.0.0.1 swiftfilms.co.uk +127.0.0.1 swwbia.com +127.0.0.1 synergeia.lightweightsolutions.xyz +127.0.0.1 sz-yxsl.com +127.0.0.1 t.honker.info +127.0.0.1 tahakasramehr.ir +127.0.0.1 tajir.com +127.0.0.1 talkmondo.com +127.0.0.1 tandemdgtl.com +127.0.0.1 tanlayseong.com +127.0.0.1 tara.globodyinc.biz +127.0.0.1 taskmgrdev.com +127.0.0.1 taxclubpk.com +127.0.0.1 tbs.net.bd +127.0.0.1 tc.snpsresidential.com +127.0.0.1 tcb.co.mz +127.0.0.1 teamazmog.xyz +127.0.0.1 teammsup.com +127.0.0.1 techybhai.online +127.0.0.1 teekdesign.ro +127.0.0.1 temptmag.com +127.0.0.1 teslinq.co.ke +127.0.0.1 test.fontecsys.net +127.0.0.1 test.reachhealth.asia +127.0.0.1 test.typoten.com +127.0.0.1 test.ugbswebakenyaltd.com +127.0.0.1 test2.marrenconstruction.ie +127.0.0.1 tgwebservice.in +127.0.0.1 tharringtonsponsorship.com +127.0.0.1 theelitebox.com +127.0.0.1 thegift.live +127.0.0.1 thekeycorner.com +127.0.0.1 thekitchengastronomy.com +127.0.0.1 themaverickstudios.com +127.0.0.1 thenetbrite.com +127.0.0.1 thesalons.in +127.0.0.1 thesitebuilders.in +127.0.0.1 thevedicschool.co.in +127.0.0.1 thomasmanton.com +127.0.0.1 thosewebbs.com +127.0.0.1 tianangdep.com +127.0.0.1 timamollo.co.za +127.0.0.1 timegonebuy.com +127.0.0.1 tk.w3.eyeteam.vn +127.0.0.1 tmlaug.no +127.0.0.1 tobecoaching.co.uk +127.0.0.1 todoapp.cstdevs.com +127.0.0.1 tolidisayan.ir +127.0.0.1 tonydong.com +127.0.0.1 tonyzone.com +127.0.0.1 torresquinterocorp.com +127.0.0.1 torshshop.ir +127.0.0.1 tournhatrang.asia +127.0.0.1 towardsun.net +127.0.0.1 tradecopiersoftware.com +127.0.0.1 tradingview-brokers.learnforcareer.com +127.0.0.1 traigym.com +127.0.0.1 trainghiemkhachhang.vn +127.0.0.1 training.globodyinc.biz +127.0.0.1 traubenfeld.com +127.0.0.1 traveladmin.sourcetaggers.com +127.0.0.1 travels.cdtscorp.com +127.0.0.1 travelwithmanta.co.za +127.0.0.1 treeleaf.sourcetaggers.com +127.0.0.1 trevobahia.com.br +127.0.0.1 trieutin.com +127.0.0.1 troyadigital.id +127.0.0.1 trtmyanmar.com +127.0.0.1 trueepicconsultancy.in +127.0.0.1 truongthinhcharcoal.com +127.0.0.1 tsms.ogcs-tn.com +127.0.0.1 tt.ruppersalimentos.com.br +127.0.0.1 tugrulcelik.av.tr +127.0.0.1 twinings.grupoformax.net +127.0.0.1 txpcrescue.com +127.0.0.1 ublretailerdemo.cstdevs.com +127.0.0.1 udboxes.com +127.0.0.1 ueemporium.net +127.0.0.1 ujianonline.net +127.0.0.1 ukguk71.ru +127.0.0.1 unbi.ba +127.0.0.1 uniby.app +127.0.0.1 unicorpbrunei.com +127.0.0.1 unimed-corporated.com +127.0.0.1 unisoftcc.com +127.0.0.1 universalplastoind.com +127.0.0.1 unlockingdreamsfinancial.com +127.0.0.1 upiterremont.ru +127.0.0.1 upsb.edu.pe +127.0.0.1 urbansurvivalguy.com +127.0.0.1 utdpmipekanbaru.or.id +127.0.0.1 utenze-app-2022.net +127.0.0.1 uxsingh.com +127.0.0.1 uyomall.lightzillion.com +127.0.0.1 vanamali.co.in +127.0.0.1 vape.co.za +127.0.0.1 vardhamandiam.com +127.0.0.1 vesinhcongnghiep.web500k.org +127.0.0.1 vfocus.net +127.0.0.1 victorysanitizer.com +127.0.0.1 villaquiranasociados.com +127.0.0.1 villatera.com +127.0.0.1 virutcham.co.in +127.0.0.1 visionimex.com +127.0.0.1 vivationdesign.com +127.0.0.1 vivolt.com.br +127.0.0.1 vjvschool.in +127.0.0.1 vksales.com +127.0.0.1 vocoptions.net +127.0.0.1 vplatform.ae +127.0.0.1 vpts.co.za +127.0.0.1 vrstar-park.com +127.0.0.1 vscgroup.org +127.0.0.1 vshorts.in +127.0.0.1 vulkanvegasbonus.jeunete.com +127.0.0.1 w1.zypaint.com +127.0.0.1 walkindrivetoday.com +127.0.0.1 washatsanjose.com +127.0.0.1 wawanhar.id +127.0.0.1 web.geomegasoft.net +127.0.0.1 web.innoservwebsites.in +127.0.0.1 web.weldbuz.com +127.0.0.1 webdesignme.xyz +127.0.0.1 webmk.de +127.0.0.1 webs-up.com +127.0.0.1 weddinglink.net +127.0.0.1 weinsteincounseling.com +127.0.0.1 wellcalls.com +127.0.0.1 whizcraft.co.uk +127.0.0.1 whyatrip.com +127.0.0.1 wildnights.co.uk +127.0.0.1 williamshops.com +127.0.0.1 windsorapartmentsga.com +127.0.0.1 winonvulkan.ringhio.net +127.0.0.1 winonvulkan.syrox-kosova.com +127.0.0.1 witumart.com +127.0.0.1 wkitservices.com +127.0.0.1 woolmusic.ru +127.0.0.1 worldofjain.com +127.0.0.1 wp.seletoh.com +127.0.0.1 wpbakes.com +127.0.0.1 wshsoft.company +127.0.0.1 www.0sheji.com +127.0.0.1 www.21robo.com +127.0.0.1 www.aal.media +127.0.0.1 www.afyonmagazin.com +127.0.0.1 www.al-wahd.com +127.0.0.1 www.alertsecurities.in +127.0.0.1 www.almoeqatar.com +127.0.0.1 www.altoxi.com +127.0.0.1 www.ara-choob.com +127.0.0.1 www.arkidecture.com +127.0.0.1 www.arkpp.com +127.0.0.1 www.automatic-taps.com +127.0.0.1 www.berekethaber.com +127.0.0.1 www.biglog.vn +127.0.0.1 www.bsagroup.com.br +127.0.0.1 www.bsi.com.vn +127.0.0.1 www.cagataygunes.com.tr +127.0.0.1 www.campusconindigital.org +127.0.0.1 www.cellas.sk +127.0.0.1 www.chemsky.tn +127.0.0.1 www.chotdonhang.com +127.0.0.1 www.clasite.com +127.0.0.1 www.clearconstruction.co.uk +127.0.0.1 www.construlandia.com +127.0.0.1 www.crazy97.com +127.0.0.1 www.ctsdemos.in +127.0.0.1 www.cursossemana.com +127.0.0.1 www.dacui.online +127.0.0.1 www.davidludlow.com +127.0.0.1 www.dental.xiaoxiao.media +127.0.0.1 www.destinocuenca.com +127.0.0.1 www.divedigital.in +127.0.0.1 www.doctorcasenave.com +127.0.0.1 www.duchessadimotta.com +127.0.0.1 www.duoyuhudong.cn +127.0.0.1 www.e-komersantai.lt +127.0.0.1 www.elgatoconbotaseventos.es +127.0.0.1 www.empowercareer.com +127.0.0.1 www.enc-tech.com +127.0.0.1 www.ens-setif.dz +127.0.0.1 www.escassez.com +127.0.0.1 www.escueladecinemza.com.ar +127.0.0.1 www.etoileinfosolutions.com +127.0.0.1 www.everyonedeservesart.com +127.0.0.1 www.f1cheats.org +127.0.0.1 www.faitmaison.uk +127.0.0.1 www.federation-sardaniste.fr +127.0.0.1 www.fixstudio.co.kr +127.0.0.1 www.flash-inc.com +127.0.0.1 www.fzditu.com +127.0.0.1 www.garantihaliyikama.com +127.0.0.1 www.godfathersjunk.com +127.0.0.1 www.guedala.com.br +127.0.0.1 www.hachihon.com +127.0.0.1 www.hafiyawe.rw +127.0.0.1 www.hangaryapi.com.tr +127.0.0.1 www.hellojohnwebb.com +127.0.0.1 www.hongbo868.com +127.0.0.1 www.hseda.com +127.0.0.1 www.impactad.co.kr +127.0.0.1 www.isatechnology.com +127.0.0.1 www.izeltelekom.com +127.0.0.1 www.kjcpromo.com +127.0.0.1 www.ks.cn +127.0.0.1 www.landing.yetiapp.ec +127.0.0.1 www.levohistam.com +127.0.0.1 www.littleplanetclass.com +127.0.0.1 www.manchesterot.co.uk +127.0.0.1 www.manchesterslt.co.uk +127.0.0.1 www.mfevr.com +127.0.0.1 www.moninediy.com +127.0.0.1 www.mybjfwzx.com +127.0.0.1 www.myladystore.com.br +127.0.0.1 www.mytunetalklegend.com +127.0.0.1 www.nagoriksangbad24.com +127.0.0.1 www.naifen1234.com +127.0.0.1 www.nexovate.in +127.0.0.1 www.nutrigoat.co.id +127.0.0.1 www.officeinsumos.com +127.0.0.1 www.opolis.io +127.0.0.1 www.orientgatewayltd.com +127.0.0.1 www.originalelectrics.com +127.0.0.1 www.pasionportufuturo.pe +127.0.0.1 www.paulsaudiovideo.com +127.0.0.1 www.prashantkaushik.com +127.0.0.1 www.prestasicash.com.ar +127.0.0.1 www.productosnaturalesonline.com +127.0.0.1 www.programmedforsuccess.org +127.0.0.1 www.reacredit.com.br +127.0.0.1 www.reifenquick.de +127.0.0.1 www.reiwo-service.de +127.0.0.1 www.resultacontabilidade.com.br +127.0.0.1 www.roofing.galacticleads.com +127.0.0.1 www.ruay-vvip.net +127.0.0.1 www.sindicato1ucm.cl +127.0.0.1 www.skyscan.com +127.0.0.1 www.solotrainingcenter.com +127.0.0.1 www.soprointel.com +127.0.0.1 www.sota-france.fr +127.0.0.1 www.ssgroupss.in +127.0.0.1 www.starcountry.net +127.0.0.1 www.sterlitecamotech.com +127.0.0.1 www.successfulnumerology.com +127.0.0.1 www.swaong.com +127.0.0.1 www.sxcymo.com +127.0.0.1 www.teknoarge.com +127.0.0.1 www.teleargentina.com +127.0.0.1 www.tractorandinas.com +127.0.0.1 www.TradeInsights.net +127.0.0.1 www.travelmodus.com +127.0.0.1 www.ukeg.it +127.0.0.1 www.vivacuscoperu.com +127.0.0.1 www.volieskincare.com +127.0.0.1 www.wbaca.com +127.0.0.1 www.weinsteincounseling.com +127.0.0.1 www.wpkms.com +127.0.0.1 www.yafa-coach.co.il +127.0.0.1 www.ysbaojia.com +127.0.0.1 wxoperate.bb2play.com +127.0.0.1 x.233sy.cn +127.0.0.1 x.rune-spectrals.com +127.0.0.1 xariatowing.co.za +127.0.0.1 xixicos.com +127.0.0.1 xn----7sbhgfcdscaa3cdd6dq3e3dvf.xn--p1ai +127.0.0.1 xn--cheggl-videos-fr-gastronomie-g7c.de +127.0.0.1 xt.lykj988.com +127.0.0.1 xyshentai.net +127.0.0.1 xz.8dashi.com +127.0.0.1 yeichner.com +127.0.0.1 yestech.com.ng +127.0.0.1 yp.hnggzyjy.cn +127.0.0.1 yzkzixun.com +127.0.0.1 zerit.top +127.0.0.1 zhgaoming.com +127.0.0.1 zsantool.com +127.0.0.1 ztekkhosting.com +127.0.0.1 zwkiwierzyce.pl +# Number of entries: 1522 diff --git a/test/tests/unit/malware.test.ts b/test/tests/unit/malware.test.ts index f3affc83..9bc0bc1f 100644 --- a/test/tests/unit/malware.test.ts +++ b/test/tests/unit/malware.test.ts @@ -9,9 +9,17 @@ import { ipListPath, } from '../../../src/lib/malware/ip.js'; +import { + sourceList as domainSourceList, + updateList as domainUpdateList, + validate as validateDomain, + domainListPath, +} from '../../../src/lib/malware/domain.js'; + const mockDataPath = path.join(path.resolve(), 'test/mocks/malware'); const ipMockResult = await readFile(path.join(mockDataPath, 'nock-ip.txt'), 'utf8'); +const domainMockResult = await readFile(path.join(mockDataPath, 'nock-domain.txt'), 'utf8'); describe('malware blacklist', () => { describe('ip', () => { @@ -38,15 +46,52 @@ describe('malware blacklist', () => { describe('validate', () => { it('should fail (ip present on the list)', async () => { - const isIpValid = await validateIp('100.0.41.228'); + const isValid = await validateIp('100.0.41.228'); - expect(isIpValid).to.be.false; + expect(isValid).to.be.false; }); it('should succeed(ip not on the list)', async () => { - const isIpValid = await validateIp('127.0.0.1'); + const isValid = await validateIp('127.0.0.1'); + + expect(isValid).to.be.true; + }); + }); + }); + + describe('domain', () => { + describe('updateList', () => { + for (const source of domainSourceList) { + const url = new URL(source); + + nock(url.origin) + .get(url.pathname) + .reply(200, domainMockResult); + } + + it('should override blacklist file', async () => { + // Reset the file + await writeFile(domainListPath, '', {encoding: 'utf8'}); + + const preFile = await readFile(domainListPath, 'utf8').catch(() => null); + await domainUpdateList(); + const postFile = await readFile(domainListPath, 'utf8'); + + expect(preFile).to.not.equal(postFile); + }); + }); + + describe('validate', () => { + it('should fail (domain present on the list)', async () => { + const isValid = await validateDomain('00517985.widget.windsorbongvape.com'); + + expect(isValid).to.be.false; + }); + + it('should succeed(domain not on the list)', async () => { + const isValid = await validateDomain('google.com'); - expect(isIpValid).to.be.true; + expect(isValid).to.be.true; }); }); }); From 8387b04d4a2be6546f7fa20ae558a1bf0222504f Mon Sep 17 00:00:00 2001 From: Patryk Cieszkowski Date: Thu, 7 Apr 2022 19:59:26 +0000 Subject: [PATCH 07/14] fix: malware/client/validate --- src/lib/malware/client.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/malware/client.ts b/src/lib/malware/client.ts index 3aa0de25..b31238fb 100644 --- a/src/lib/malware/client.ts +++ b/src/lib/malware/client.ts @@ -17,5 +17,5 @@ export const validate = async (target: string): Promise => { const ipCheck = await validateIp(target); const domainCheck = await validateDomain(target); - return !(ipCheck || domainCheck); + return ipCheck && domainCheck; }; From b9ee4015eaf727700af136831c1944075135a89c Mon Sep 17 00:00:00 2001 From: Patryk Cieszkowski Date: Thu, 7 Apr 2022 20:01:14 +0000 Subject: [PATCH 08/14] add: test client/validate method --- test/tests/unit/malware.test.ts | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/test/tests/unit/malware.test.ts b/test/tests/unit/malware.test.ts index 9bc0bc1f..c53222d7 100644 --- a/test/tests/unit/malware.test.ts +++ b/test/tests/unit/malware.test.ts @@ -16,6 +16,8 @@ import { domainListPath, } from '../../../src/lib/malware/domain.js'; +import {validate} from '../../../src/lib/malware/client.js'; + const mockDataPath = path.join(path.resolve(), 'test/mocks/malware'); const ipMockResult = await readFile(path.join(mockDataPath, 'nock-ip.txt'), 'utf8'); @@ -95,4 +97,34 @@ describe('malware blacklist', () => { }); }); }); + + describe('validate any', () => { + describe('domain', () => { + it('should fail (domain present on the list)', async () => { + const isValid = await validate('00517985.widget.windsorbongvape.com'); + + expect(isValid).to.be.false; + }); + + it('should succeed (domain not on the list)', async () => { + const isValid = await validate('google.com'); + + expect(isValid).to.be.true; + }); + }); + + describe('ip', () => { + it('should fail (ip present on the list)', async () => { + const isValid = await validate('100.0.41.228'); + + expect(isValid).to.be.false; + }); + + it('should succeed(ip not on the list)', async () => { + const isValid = await validate('127.0.0.1'); + + expect(isValid).to.be.true; + }); + }); + }); }); From 0f2bdb3489c4768fadb33aef53735c6fa62601f7 Mon Sep 17 00:00:00 2001 From: Patryk Cieszkowski Date: Fri, 8 Apr 2022 11:56:21 +0000 Subject: [PATCH 09/14] add: implement joiValidate + validatsSync methods --- src/lib/malware/client.ts | 19 +++++++++++++++++++ src/lib/malware/domain.ts | 19 +++++++++++++++++++ src/lib/malware/ip.ts | 18 ++++++++++++++++++ src/measurement/schema/command-schema.ts | 11 +++++++---- 4 files changed, 63 insertions(+), 4 deletions(-) diff --git a/src/lib/malware/client.ts b/src/lib/malware/client.ts index b31238fb..9fd0b3d9 100644 --- a/src/lib/malware/client.ts +++ b/src/lib/malware/client.ts @@ -1,11 +1,13 @@ import { updateList as updateIpList, validate as validateIp, + validateSync as validateIpSync, } from './ip.js'; import { updateList as updateDomainList, validate as validateDomain, + validateSync as validateDomainSync, } from './domain.js'; export const updateList = async (): Promise => { @@ -19,3 +21,20 @@ export const validate = async (target: string): Promise => { return ipCheck && domainCheck; }; + +export const validateSync = (target: string): boolean => { + const ipCheck = validateIpSync(target); + const domainCheck = validateDomainSync(target); + + return ipCheck && domainCheck; +}; + +export const joiValidate = (value: string): string | Error => { + const isValid = validateSync(value); + + if (!isValid) { + throw new Error('any.blacklisted'); + } + + return String(value); +}; diff --git a/src/lib/malware/domain.ts b/src/lib/malware/domain.ts index e75f2d48..59a2cc01 100644 --- a/src/lib/malware/domain.ts +++ b/src/lib/malware/domain.ts @@ -1,4 +1,5 @@ import {writeFile, readFile} from 'node:fs/promises'; +import {readFileSync} from 'node:fs'; import path from 'node:path'; import got from 'got'; import validator from 'validator'; @@ -38,3 +39,21 @@ export const validate = async (target: string): Promise => { return !list.includes(target); }; + +export const validateSync = (target: string): boolean => { + const data = readFileSync(domainListPath, 'utf8'); + const list = JSON.parse(data) as string[]; + + return !list.includes(target); +}; + +export const joiValidate = (value: string): string | Error => { + const isValid = validateSync(value); + + if (!isValid) { + throw new Error('domain.blacklisted'); + } + + return String(value); +}; + diff --git a/src/lib/malware/ip.ts b/src/lib/malware/ip.ts index 331f24df..7f1414bc 100644 --- a/src/lib/malware/ip.ts +++ b/src/lib/malware/ip.ts @@ -1,4 +1,5 @@ import {writeFile, readFile} from 'node:fs/promises'; +import {readFileSync} from 'node:fs'; import path from 'node:path'; import got from 'got'; import validator from 'validator'; @@ -37,3 +38,20 @@ export const validate = async (target: string): Promise => { return !ipList.includes(target); }; + +export const validateSync = (target: string): boolean => { + const data = readFileSync(ipListPath, 'utf8'); + const ipList = JSON.parse(data) as string[]; + + return !ipList.includes(target); +}; + +export const joiValidate = (value: string): string | Error => { + const isValid = validateSync(value); + + if (!isValid) { + throw new Error('ip.blacklisted'); + } + + return String(value); +}; diff --git a/src/measurement/schema/command-schema.ts b/src/measurement/schema/command-schema.ts index 7c48ead1..973a8815 100644 --- a/src/measurement/schema/command-schema.ts +++ b/src/measurement/schema/command-schema.ts @@ -1,14 +1,17 @@ import Joi from 'joi'; +import {joiValidate} from '../../lib/malware/client.js'; +import {joiValidate as joiValidateIp} from '../../lib/malware/ip.js'; +import {joiValidate as joiValidateDomain} from '../../lib/malware/domain.js'; export const pingSchema = Joi.object({ type: Joi.string().valid('ping').insensitive().required(), - target: Joi.string().required(), + target: Joi.alternatives().try(Joi.string().ip(), Joi.string().domain()).custom(joiValidate).required(), packets: Joi.number().min(1).max(16).default(3), }); export const tracerouteSchema = Joi.object({ type: Joi.string().valid('traceroute').insensitive().required(), - target: Joi.string().required(), + target: Joi.alternatives().try(Joi.string().ip(), Joi.string().domain()).custom(joiValidate).required(), protocol: Joi.string().valid('TCP', 'UDP', 'ICMP').insensitive().default('ICMP'), port: Joi.number().port().default(80), }); @@ -18,10 +21,10 @@ const allowedProtocols = ['UDP', 'TCP']; export const dnsSchema = Joi.object({ type: Joi.string().valid('dns').insensitive().required(), - target: Joi.string().required(), + target: Joi.string().domain().custom(joiValidateDomain).required(), query: Joi.object({ type: Joi.string().valid(...allowedTypes).insensitive().default('A'), - resolver: Joi.string(), + resolver: Joi.string().ip().custom(joiValidateIp), protocol: Joi.string().valid(...allowedProtocols).insensitive().default('UDP'), port: Joi.number().default('53'), }).default({}), From 35e5d5875eefbba9038d5f075afd5cc0ea6f0bcb Mon Sep 17 00:00:00 2001 From: Patryk Cieszkowski Date: Fri, 8 Apr 2022 11:59:00 +0000 Subject: [PATCH 10/14] fix: normalize domain case --- src/lib/malware/domain.ts | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/lib/malware/domain.ts b/src/lib/malware/domain.ts index 59a2cc01..88d25da0 100644 --- a/src/lib/malware/domain.ts +++ b/src/lib/malware/domain.ts @@ -28,7 +28,7 @@ export const query = async (url: string): Promise => { export const updateList = async (): Promise => { const result = await Promise.allSettled(sourceList.map(async source => query(source))); - const list = [...new Set(result.flatMap(r => isFulfilled(r) ? r.value : []))]; + const list = [...new Set(result.flatMap(r => isFulfilled(r) ? r.value : []))].map(d => d.toLowerCase()); await writeFile(domainListPath, JSON.stringify(list), {encoding: 'utf8'}); }; @@ -37,14 +37,14 @@ export const validate = async (target: string): Promise => { const data = await readFile(domainListPath, 'utf8'); const list = JSON.parse(data) as string[]; - return !list.includes(target); + return !list.includes(target.toLowerCase()); }; export const validateSync = (target: string): boolean => { const data = readFileSync(domainListPath, 'utf8'); const list = JSON.parse(data) as string[]; - return !list.includes(target); + return !list.includes(target.toLowerCase()); }; export const joiValidate = (value: string): string | Error => { From 2d6b58bf194f365dd6788dfa429bd931988b4de4 Mon Sep 17 00:00:00 2001 From: Patryk Cieszkowski Date: Fri, 8 Apr 2022 12:56:29 +0000 Subject: [PATCH 11/14] add: malware util methods --- test/utils/http.ts | 7 +++++++ test/utils/malware.ts | 42 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 49 insertions(+) create mode 100644 test/utils/malware.ts diff --git a/test/utils/http.ts b/test/utils/http.ts index 8c302b4a..20d8c31a 100644 --- a/test/utils/http.ts +++ b/test/utils/http.ts @@ -1,9 +1,16 @@ import type {Server} from 'node:http'; import {createServer} from '../../src/lib/server.js'; +import { + populateIpList, + populateDomainList, +} from './malware.js'; let app: Server; export const getTestServer = async (): Promise => { + await populateIpList(); + await populateDomainList(); + if (!app) { app = await createServer(); app.listen(0); diff --git a/test/utils/malware.ts b/test/utils/malware.ts new file mode 100644 index 00000000..b5a27d47 --- /dev/null +++ b/test/utils/malware.ts @@ -0,0 +1,42 @@ +import {readFile} from 'node:fs/promises'; +import path from 'node:path'; +import nock from 'nock'; + +import { + sourceList as ipSourceList, + updateList as updateListIp, +} from '../../src/lib/malware/ip.js'; + +import { + sourceList as domainSourceList, + updateList as updateListDomain, +} from '../../src/lib/malware/domain.js'; + +const mockDataPath = path.join(path.resolve(), 'test/mocks/malware'); + +const ipMockResult = await readFile(path.join(mockDataPath, 'nock-ip.txt'), 'utf8'); +const domainMockResult = await readFile(path.join(mockDataPath, 'nock-domain.txt'), 'utf8'); + +export const populateIpList = async (): Promise => { + for (const source of ipSourceList) { + const url = new URL(source); + + nock(url.origin) + .get(url.pathname) + .reply(200, ipMockResult); + } + + await updateListIp(); +}; + +export const populateDomainList = async (): Promise => { + for (const source of domainSourceList) { + const url = new URL(source); + + nock(url.origin) + .get(url.pathname) + .reply(200, domainMockResult); + } + + await updateListDomain(); +}; From 2aed24de1dbb4c9e29cee302b7d86a8bfdeb808f Mon Sep 17 00:00:00 2001 From: Patryk Cieszkowski Date: Fri, 8 Apr 2022 12:57:43 +0000 Subject: [PATCH 12/14] add: gitignore: ip/domain blacklists --- .gitignore | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 873ee44e..ed6b78d3 100644 --- a/.gitignore +++ b/.gitignore @@ -3,4 +3,6 @@ node_modules/ coverage/ dist/ -config/local.cjs \ No newline at end of file +config/local.cjs +DOMAIN_BLACKLIST.json +IP_BLACKLIST.json From c069bd4e1daaa2fc1be23fc8f846e52b153e857a Mon Sep 17 00:00:00 2001 From: Patryk Cieszkowski Date: Fri, 8 Apr 2022 12:59:07 +0000 Subject: [PATCH 13/14] ref: more descriptive method name --- test/tests/unit/malware.test.ts | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/test/tests/unit/malware.test.ts b/test/tests/unit/malware.test.ts index c53222d7..07c15c52 100644 --- a/test/tests/unit/malware.test.ts +++ b/test/tests/unit/malware.test.ts @@ -4,14 +4,14 @@ import {expect} from 'chai'; import nock from 'nock'; import { sourceList as ipSourceList, - updateList as ipUpdateList, + updateList as updateListIp, validate as validateIp, ipListPath, } from '../../../src/lib/malware/ip.js'; import { sourceList as domainSourceList, - updateList as domainUpdateList, + updateList as updateListDomain, validate as validateDomain, domainListPath, } from '../../../src/lib/malware/domain.js'; @@ -39,7 +39,7 @@ describe('malware blacklist', () => { await writeFile(ipListPath, '', {encoding: 'utf8'}); const preFile = await readFile(ipListPath, 'utf8').catch(() => null); - await ipUpdateList(); + await updateListIp(); const postFile = await readFile(ipListPath, 'utf8'); expect(preFile).to.not.equal(postFile); @@ -76,7 +76,7 @@ describe('malware blacklist', () => { await writeFile(domainListPath, '', {encoding: 'utf8'}); const preFile = await readFile(domainListPath, 'utf8').catch(() => null); - await domainUpdateList(); + await updateListDomain(); const postFile = await readFile(domainListPath, 'utf8'); expect(preFile).to.not.equal(postFile); From d491d928f4e1868c737cce5145282f0f71746bd4 Mon Sep 17 00:00:00 2001 From: Patryk Cieszkowski Date: Fri, 8 Apr 2022 13:34:24 +0000 Subject: [PATCH 14/14] ref: execute blacklist updater on build cmd --- package.json | 3 ++- src/index.ts | 2 -- src/lib/malware/download.ts | 8 ++++++++ 3 files changed, 10 insertions(+), 3 deletions(-) create mode 100644 src/lib/malware/download.ts diff --git a/package.json b/package.json index 9cb35c20..182f2b6e 100644 --- a/package.json +++ b/package.json @@ -70,11 +70,12 @@ "utf-8-validate": "^5.0.8" }, "scripts": { - "build": "tsc", + "build": "tsc && npm run blacklist", "start": "NODE_ENV=production node dist/index.js", "dev": "NODE_ENV=development node dist/index.js", "lint": "xo", "lint:fix": "xo --fix", + "blacklist": "node dist/lib/malware/download.js", "test": "NODE_ENV=test mocha", "clean": "rimraf coverage", "test:coverage": "npm run clean && c8 mocha", diff --git a/src/index.ts b/src/index.ts index 18996f3d..2462351d 100644 --- a/src/index.ts +++ b/src/index.ts @@ -4,13 +4,11 @@ import './lib/appsignal.js'; import process from 'node:process'; import {scopedLogger} from './lib/logger.js'; import {createServer} from './lib/server.js'; -import {updateList as updateMalwareList} from './lib/malware/client.js'; const logger = scopedLogger('global'); const port = process.env['PORT'] ?? 3000; const workerFn = async () => { - await updateMalwareList(); const server = await createServer(); server.listen(port, () => { diff --git a/src/lib/malware/download.ts b/src/lib/malware/download.ts new file mode 100644 index 00000000..9a5caf47 --- /dev/null +++ b/src/lib/malware/download.ts @@ -0,0 +1,8 @@ +import {scopedLogger} from '../logger.js'; +import {updateList} from './client.js'; + +const logger = scopedLogger('malware.blacklist'); + +logger.info('updating malware blacklist'); +await updateList(); +logger.info('update complete');