On Thu, Mar 22, 2012 at 6:20 PM, Ron Guerin ron@vnetworx.net wrote:
I am making this available in the event it is interesting or useful to someone. It is a really rough first effort, and I expect to do something more useful with it as time goes on.
With the caveat that this should be considered "experimental data", I have finally begun to publish some abuse data. This data is presently re-generated hourly.
http://tighturl.com/tighturl-abuse-ips.csv http://tighturl.com/tighturl-abuse-domains.csv
The IP addresses are those that have submitted URLs that have been banned at tighturl.com within the last 7 days. They are in the format: unixtimestamp,IPv4address
The domains are base domains[1] that have been banned from tighturl.com or have been submitted by currently banned IP addresses within the last 7 days. They are in the format: unixtimestamp,basedomain
I have not found over time that an IP address that submits abuse also submits non-abuse.
I'm interested in comments or suggestions.
- Ron
Hi Ron, Thanks for some interesting research. One thing we might caution about is forming an unintentional feedback loop with abusers. If abuse information is provided publically then it can be used by the attackers to improve their attacks. We don't know that it's happening in this case, but it's something to be aware of.