diff --git a/Packs/FeedDomainTools/.secrets-ignore b/Packs/FeedDomainTools/.secrets-ignore index e69de29bb2d1..1d888443bb22 100644 --- a/Packs/FeedDomainTools/.secrets-ignore +++ b/Packs/FeedDomainTools/.secrets-ignore @@ -0,0 +1 @@ +abuse-complaints@squarespace.com \ No newline at end of file diff --git a/Packs/FeedDomainTools/Integrations/FeedDomainTools/FeedDomainTools.py b/Packs/FeedDomainTools/Integrations/FeedDomainTools/FeedDomainTools.py index aad419610716..5d2b5b9a00f8 100644 --- a/Packs/FeedDomainTools/Integrations/FeedDomainTools/FeedDomainTools.py +++ b/Packs/FeedDomainTools/Integrations/FeedDomainTools/FeedDomainTools.py @@ -21,6 +21,8 @@ class DomainToolsClient(BaseClient): NOD_FEED = "nod" NAD_FEED = "nad" + DOMAINRDAP = "domainrdap" + DOMAINDISCOVERY = "domaindiscovery" FEED_URL = "/v1/feed" DOMAINTOOLS_API_BASE_URL = "https://api.domaintools.com" @@ -155,6 +157,9 @@ def build_iterator( indicator = json_feed.get("domain") indicator_type = auto_detect_indicator_type(indicator) + # for `domainrdap` feed, we have more data to display including the parsed data. + parsed_record = json_feed.get("parsed_record", {}) + if indicator and indicator_type: yield { "value": indicator, @@ -162,6 +167,7 @@ def build_iterator( "timestamp": timestamp, "tags": ["DomainToolsFeeds", self.feed_type] + ud_tags, "tlp_color": self.tlp_color, + "parsed_record": parsed_record } limit_counter += 1 @@ -207,6 +213,7 @@ def fetch_indicators( timestamp_ = item.get("timestamp") tags_ = item.get("tags", []) tlp_color_ = item.get("tlp_color") + parsed_record_ = item.get("parsed_record") indicator_tags = ",".join(tags_).rstrip(",") @@ -216,6 +223,9 @@ def fetch_indicators( "timestamp": timestamp_, } + if parsed_record_: + raw_data["parsed_record"] = parsed_record_ + # Create indicator object for each value. indicator_obj = { "value": value_, @@ -302,22 +312,25 @@ def fetch_indicators_command(client: DomainToolsClient, params: dict[str, Any] = feed_type_ = params.get("feed_type", "ALL") - FEEDS_TO_PROCESS = { - client.NOD_FEED: {"top": top, "after": after, "session_id": session_id}, - client.NAD_FEED: {"top": top, "after": after, "session_id": session_id}, - } + FEEDS_TO_PROCESS = [ + client.NOD_FEED, + client.NAD_FEED, + client.DOMAINRDAP, + client.DOMAINDISCOVERY + ] + + dt_feed_kwargs = {"top": top, "after": after, "session_id": session_id} fetched_indicators = [] - for feed_type, dt_feed_kwargs in FEEDS_TO_PROCESS.items(): + for feed_type in FEEDS_TO_PROCESS: indicators = [] if feed_type_ == "ALL": indicators = fetch_indicators(client, feed_type=feed_type, dt_feed_kwargs=dt_feed_kwargs) - if feed_type_ == feed_type.upper(): + if feed_type_.upper() == feed_type.upper(): indicators = fetch_indicators(client, feed_type=feed_type, dt_feed_kwargs=dt_feed_kwargs) fetched_indicators.extend(indicators) - return fetched_indicators diff --git a/Packs/FeedDomainTools/Integrations/FeedDomainTools/FeedDomainTools.yml b/Packs/FeedDomainTools/Integrations/FeedDomainTools/FeedDomainTools.yml index 0d6637160be8..e1299a845ce2 100644 --- a/Packs/FeedDomainTools/Integrations/FeedDomainTools/FeedDomainTools.yml +++ b/Packs/FeedDomainTools/Integrations/FeedDomainTools/FeedDomainTools.yml @@ -42,8 +42,10 @@ configuration: type: 15 options: - ALL - - NOD - - NAD + - nod + - nad + - domainrdap + - domaindiscovery additionalinfo: The DomainTools feed type fo fetch. Defaults to 'ALL'. section: Collect - display: Fetch indicators @@ -145,7 +147,14 @@ script: execution: false arguments: - name: feed_type - defaultValue: 'nod' + type: String + auto: PREDEFINED + predefined: + - "nod" + - "nad" + - "domainrdap" + - "domaindiscovery" + defaultValue: "nod" description: The DomainTools integration feed type to fetch. isArray: false default: false diff --git a/Packs/FeedDomainTools/Integrations/FeedDomainTools/FeedDomainTools_test.py b/Packs/FeedDomainTools/Integrations/FeedDomainTools/FeedDomainTools_test.py index 6d9d34d79702..11a8c6a6fdc3 100644 --- a/Packs/FeedDomainTools/Integrations/FeedDomainTools/FeedDomainTools_test.py +++ b/Packs/FeedDomainTools/Integrations/FeedDomainTools/FeedDomainTools_test.py @@ -78,7 +78,9 @@ def test_build_iterator_with_limit(self, mocker, dt_feeds_client): return_value=feed_mock_response.NOD_FEED_RESPONSE, ) - indicators = list(dt_feeds_client.build_iterator(feed_type="nod", dt_feed_kwargs={"top": 5})) + indicators = list( + dt_feeds_client.build_iterator(feed_type="nod", dt_feed_kwargs={"top": 5}) + ) [indicator.get("value") for indicator in indicators] assert len(indicators) == 5 @@ -117,6 +119,8 @@ def test_conversion_feed_to_indicato_obj(mocker, dt_feeds_client): [ "nod", "nad", + "domaindiscovery", + "domainrdap" ], ) def test_get_indicators_command(mocker, dt_feeds_client, feed_type): @@ -133,6 +137,8 @@ def test_get_indicators_command(mocker, dt_feeds_client, feed_type): mock_feed_response = { "nod": feed_mock_response.NOD_FEED_RESPONSE, "nad": feed_mock_response.NAD_FEED_RESPONSE, + "domaindiscovery": feed_mock_response.DOMAINDISCOVERY_RESPONSE, + "domainrdap": feed_mock_response.DOMAINRDAP_RESPONSE, } mocker.patch.object( @@ -147,6 +153,8 @@ def test_get_indicators_command(mocker, dt_feeds_client, feed_type): expected_indicator_results = { "nod": feed_mock_response.NOD_PARSED_INDICATOR_RESPONSE, "nad": feed_mock_response.NAD_PARSED_INDICATOR_RESPONSE, + "domaindiscovery": feed_mock_response.DOMAINDISCOVERY_PARSED_INDICATOR_RESPONSE, + "domainrdap": feed_mock_response.DOMAINRDAP_PARSED_INDICATOR_RESPONSE } human_readable = tableToMarkdown( @@ -155,6 +163,7 @@ def test_get_indicators_command(mocker, dt_feeds_client, feed_type): headers=["value", "type", "fields", "rawJSON"], removeNull=True, ) + assert results.readable_output == human_readable @@ -168,15 +177,20 @@ def test_fetch_indicators_command(mocker, dt_feeds_client): - Create indicator objects list """ + + mock_return_value = ( + feed_mock_response.NAD_FEED_RESPONSE + + feed_mock_response.NOD_FEED_RESPONSE + + feed_mock_response.DOMAINDISCOVERY_RESPONSE + ) mocker.patch.object( dt_feeds_client, "_get_dt_feeds", - return_value=feed_mock_response.NAD_FEED_RESPONSE - + feed_mock_response.NOD_FEED_RESPONSE, + return_value=mock_return_value, ) - results = fetch_indicators_command(dt_feeds_client, params={"top": "20"}) + results = fetch_indicators_command(dt_feeds_client, params={"top": "2"}) - assert len(results) == 40 + assert len(results) == 8 def test_calling_command_using_main(mocker, dt_feeds_client): @@ -193,7 +207,9 @@ def test_calling_command_using_main(mocker, dt_feeds_client): mocker.patch.object( demisto, "params", - return_value={"credentials": {"identifier": "test_username", "password": "test_key"}}, + return_value={ + "credentials": {"identifier": "test_username", "password": "test_key"} + }, ) mocker.patch( "FeedDomainTools.DomainToolsClient._get_dt_feeds", diff --git a/Packs/FeedDomainTools/Integrations/FeedDomainTools/test_data/feed_mock_response.py b/Packs/FeedDomainTools/Integrations/FeedDomainTools/test_data/feed_mock_response.py index 9b8a73fed0af..804de26a046e 100644 --- a/Packs/FeedDomainTools/Integrations/FeedDomainTools/test_data/feed_mock_response.py +++ b/Packs/FeedDomainTools/Integrations/FeedDomainTools/test_data/feed_mock_response.py @@ -24,6 +24,23 @@ '{"timestamp":"2025-01-13T13:37:00Z","domain":"vontresesworldofhair.ws"}', ] +DOMAINDISCOVERY_RESPONSE = [ + '{"timestamp":"2025-03-07T17:27:11Z","domain":"yashh.xin"}', + '{"timestamp":"2025-03-07T17:27:11Z","domain":"joinoramaenergy.com"}', + '{"timestamp":"2025-03-07T17:27:11Z","domain":"gampolaayurveda.com"}', + '{"timestamp":"2025-03-07T17:27:11Z","domain":"ladofitness.site"}', + '{"timestamp":"2025-03-07T17:27:11Z","domain":"html5game.info"}', + '{"timestamp":"2025-03-07T17:27:11Z","domain":"sushiwa.id.vn"}', + '{"timestamp":"2025-03-07T17:27:11Z","domain":"discoversp2i.com"}', + '{"timestamp":"2025-03-07T17:27:11Z","domain":"innovu.store"}', + '{"timestamp":"2025-03-07T17:27:11Z","domain":"proxstock.com"}', + '{"timestamp":"2025-03-07T17:27:11Z","domain":"analogsundays.store"}', +] + +DOMAINRDAP_RESPONSE = [ + '{"timestamp":"2025-03-10T16:25:34Z","domain":"parkcitieslincolnoffers.com","raw_record":{"first_request_timestamp":"2025-03-10T16:25:29Z","requests":[{"data":"{\\"objectClassName\\":\\"domain\\",\\"handle\\":\\"2071186162_DOMAIN_COM-VRSN\\",\\"ldhName\\":\\"PARKCITIESLINCOLNOFFERS.COM\\",\\"links\\":[{\\"value\\":\\"https:\\\\/\\\\/rdap.verisign.com\\\\/com\\\\/v1\\\\/domain\\\\/PARKCITIESLINCOLNOFFERS.COM\\",\\"rel\\":\\"self\\",\\"href\\":\\"https:\\\\/\\\\/rdap.verisign.com\\\\/com\\\\/v1\\\\/domain\\\\/PARKCITIESLINCOLNOFFERS.COM\\",\\"type\\":\\"application\\\\/rdap+json\\"},{\\"value\\":\\"https:\\\\/\\\\/rdap.squarespace.domains\\\\/domain\\\\/PARKCITIESLINCOLNOFFERS.COM\\",\\"rel\\":\\"related\\",\\"href\\":\\"https:\\\\/\\\\/rdap.squarespace.domains\\\\/domain\\\\/PARKCITIESLINCOLNOFFERS.COM\\",\\"type\\":\\"application\\\\/rdap+json\\"}],\\"status\\":[\\"client delete prohibited\\",\\"client transfer prohibited\\"],\\"entities\\":[{\\"objectClassName\\":\\"entity\\",\\"handle\\":\\"895\\",\\"roles\\":[\\"registrar\\"],\\"publicIds\\":[{\\"type\\":\\"IANA Registrar ID\\",\\"identifier\\":\\"895\\"}],\\"vcardArray\\":[\\"vcard\\",[[\\"version\\",{},\\"text\\",\\"4.0\\"],[\\"fn\\",{},\\"text\\",\\"Squarespace Domains II LLC\\"]]],\\"entities\\":[{\\"objectClassName\\":\\"entity\\",\\"roles\\":[\\"abuse\\"],\\"vcardArray\\":[\\"vcard\\",[[\\"version\\",{},\\"text\\",\\"4.0\\"],[\\"fn\\",{},\\"text\\",\\"\\"],[\\"tel\\",{\\"type\\":\\"voice\\"},\\"uri\\",\\"tel:+1.6466935324\\"],[\\"email\\",{},\\"text\\",\\"abuse-complaints@squarespace.com\\"]]]}]}],\\"events\\":[{\\"eventAction\\":\\"registration\\",\\"eventDate\\":\\"2016-11-03T02:54:47Z\\"},{\\"eventAction\\":\\"expiration\\",\\"eventDate\\":\\"2025-11-03T02:54:47Z\\"},{\\"eventAction\\":\\"last changed\\",\\"eventDate\\":\\"2024-10-19T06:10:25Z\\"},{\\"eventAction\\":\\"last update of RDAP database\\",\\"eventDate\\":\\"2025-03-10T16:25:18Z\\"}],\\"secureDNS\\":{\\"delegationSigned\\":false},\\"nameservers\\":[{\\"objectClassName\\":\\"nameserver\\",\\"ldhName\\":\\"NS-CLOUD-D1.GOOGLEDOMAINS.COM\\"},{\\"objectClassName\\":\\"nameserver\\",\\"ldhName\\":\\"NS-CLOUD-D2.GOOGLEDOMAINS.COM\\"},{\\"objectClassName\\":\\"nameserver\\",\\"ldhName\\":\\"NS-CLOUD-D3.GOOGLEDOMAINS.COM\\"},{\\"objectClassName\\":\\"nameserver\\",\\"ldhName\\":\\"NS-CLOUD-D4.GOOGLEDOMAINS.COM\\"}],\\"rdapConformance\\":[\\"rdap_level_0\\",\\"icann_rdap_technical_implementation_guide_0\\",\\"icann_rdap_response_profile_0\\"],\\"notices\\":[{\\"title\\":\\"Terms of Use\\",\\"description\\":[\\"Service subject to Terms of Use.\\"],\\"links\\":[{\\"href\\":\\"https:\\\\/\\\\/www.verisign.com\\\\/domain-names\\\\/registration-data-access-protocol\\\\/terms-service\\\\/index.xhtml\\",\\"type\\":\\"text\\\\/html\\"}]},{\\"title\\":\\"Status Codes\\",\\"description\\":[\\"For more information on domain status codes, please visit https:\\\\/\\\\/icann.org\\\\/epp\\"],\\"links\\":[{\\"href\\":\\"https:\\\\/\\\\/icann.org\\\\/epp\\",\\"type\\":\\"text\\\\/html\\"}]},{\\"title\\":\\"RDDS Inaccuracy Complaint Form\\",\\"description\\":[\\"URL of the ICANN RDDS Inaccuracy Complaint Form: https:\\\\/\\\\/icann.org\\\\/wicf\\"],\\"links\\":[{\\"href\\":\\"https:\\\\/\\\\/icann.org\\\\/wicf\\",\\"type\\":\\"text\\\\/html\\"}]}]}","source_type":"registry","timestamp":"2025-03-10T16:25:29Z","url":"https://rdap.verisign.com/com/v1/domain/parkcitieslincolnoffers.com"},{"data":"{\\"rdapConformance\\":[\\"rdap_level_0\\"],\\"objectClassName\\":\\"domain\\",\\"lang\\":\\"en-US\\",\\"events\\":[{\\"eventAction\\":\\"registration\\",\\"eventActor\\":\\"Squarespace Domains II LLC\\",\\"eventDate\\":\\"2016-11-03T02:54:47Z\\"},{\\"eventAction\\":\\"last changed\\",\\"eventActor\\":\\"Squarespace Domains II LLC\\",\\"eventDate\\":\\"2024-10-19T06:10:25Z\\"},{\\"eventAction\\":\\"expiration\\",\\"eventActor\\":\\"Squarespace Domains II LLC\\",\\"eventDate\\":\\"2025-11-03T02:54:47Z\\"}],\\"status\\":[\\"client transfer prohibited\\",\\"client delete prohibited\\"],\\"port43\\":\\"whois.squarespace.domains\\",\\"handle\\":\\"2071186162_DOMAIN_COM-VRSN\\",\\"ldhName\\":\\"parkcitieslincolnoffers.com\\",\\"unicodeName\\":\\"parkcitieslincolnoffers.com\\",\\"secureDNS\\":{\\"delegationSigned\\":false},\\"entities\\":[{\\"objectClassName\\":\\"entity\\",\\"vcardArray\\":[\\"vcard\\",[[\\"version\\",{},\\"text\\",\\"4.0\\"],[\\"fn\\",{},\\"text\\",\\"REDACTED FOR PRIVACY\\"],[\\"adr\\",{},\\"text\\",[\\"\\",\\"\\",\\"REDACTED FOR PRIVACY\\",\\"REDACTED FOR PRIVACY\\",\\"VA\\",\\"REDACTED FOR PRIVACY\\",\\"US\\"]],[\\"org\\",{},\\"text\\",\\"TVM\\"]]],\\"roles\\":[\\"administrative\\"]},{\\"objectClassName\\":\\"entity\\",\\"vcardArray\\":[\\"vcard\\",[[\\"version\\",{},\\"text\\",\\"4.0\\"],[\\"fn\\",{},\\"text\\",\\"REDACTED FOR PRIVACY\\"],[\\"adr\\",{},\\"text\\",[\\"\\",\\"\\",\\"REDACTED FOR PRIVACY\\",\\"REDACTED FOR PRIVACY\\",\\"VA\\",\\"REDACTED FOR PRIVACY\\",\\"US\\"]],[\\"org\\",{},\\"text\\",\\"TVM\\"]]],\\"roles\\":[\\"registrant\\"]},{\\"objectClassName\\":\\"entity\\",\\"vcardArray\\":[\\"vcard\\",[[\\"version\\",{},\\"text\\",\\"4.0\\"],[\\"fn\\",{},\\"text\\",\\"REDACTED FOR PRIVACY\\"],[\\"adr\\",{},\\"text\\",[\\"\\",\\"\\",\\"REDACTED FOR PRIVACY\\",\\"REDACTED FOR PRIVACY\\",\\"VA\\",\\"REDACTED FOR PRIVACY\\",\\"US\\"]],[\\"org\\",{},\\"text\\",\\"TVM\\"]]],\\"roles\\":[\\"technical\\"]}],\\"publicIds\\":[{\\"type\\":\\"IANA Registrar ID\\",\\"identifier\\":\\"895\\"}],\\"nameservers\\":[{\\"objectClassName\\":\\"nameserver\\",\\"ldhName\\":\\"ns-cloud-d2.googledomains.com\\",\\"unicodeName\\":\\"ns-cloud-d2.googledomains.com\\",\\"ipAddresses\\":{\\"v4\\":[],\\"v6\\":[]}},{\\"objectClassName\\":\\"nameserver\\",\\"ldhName\\":\\"ns-cloud-d3.googledomains.com\\",\\"unicodeName\\":\\"ns-cloud-d3.googledomains.com\\",\\"ipAddresses\\":{\\"v4\\":[],\\"v6\\":[]}},{\\"objectClassName\\":\\"nameserver\\",\\"ldhName\\":\\"ns-cloud-d1.googledomains.com\\",\\"unicodeName\\":\\"ns-cloud-d1.googledomains.com\\",\\"ipAddresses\\":{\\"v4\\":[],\\"v6\\":[]}},{\\"objectClassName\\":\\"nameserver\\",\\"ldhName\\":\\"ns-cloud-d4.googledomains.com\\",\\"unicodeName\\":\\"ns-cloud-d4.googledomains.com\\",\\"ipAddresses\\":{\\"v4\\":[],\\"v6\\":[]}}]}","source_type":"registrar","timestamp":"2025-03-10T16:25:32Z","url":"https://rdap.squarespace.domains/domain/PARKCITIESLINCOLNOFFERS.COM"}]},"parsed_record":{"parsed_fields":{"conformance":["rdap_level_0"],"contacts":[{"city":"REDACTED FOR PRIVACY","country":"US","name":"REDACTED FOR PRIVACY","org":"TVM","postal":"REDACTED FOR PRIVACY","region":"VA","roles":["administrative"],"street":"REDACTED FOR PRIVACY"},{"city":"REDACTED FOR PRIVACY","country":"US","name":"REDACTED FOR PRIVACY","org":"TVM","postal":"REDACTED FOR PRIVACY","region":"VA","roles":["registrant"],"street":"REDACTED FOR PRIVACY"},{"city":"REDACTED FOR PRIVACY","country":"US","name":"REDACTED FOR PRIVACY","org":"TVM","postal":"REDACTED FOR PRIVACY","region":"VA","roles":["technical"],"street":"REDACTED FOR PRIVACY"}],"creation_date":"2016-11-03T02:54:47+00:00","dnssec":{"signed":false},"domain":"parkcitieslincolnoffers.com","domain_statuses":["client transfer prohibited","client delete prohibited"],"email_domains":["squarespace.com"],"emails":["abuse-complaints@squarespace.com"],"expiration_date":"2025-11-03T02:54:47+00:00","handle":"2071186162_DOMAIN_COM-VRSN","last_changed_date":"2024-10-19T06:10:25+00:00","links":[{"href":"https://rdap.verisign.com/com/v1/domain/PARKCITIESLINCOLNOFFERS.COM","rel":"self"},{"href":"https://rdap.squarespace.domains/domain/PARKCITIESLINCOLNOFFERS.COM","rel":"related"}],"nameservers":["ns-cloud-d2.googledomains.com","ns-cloud-d3.googledomains.com","ns-cloud-d1.googledomains.com","ns-cloud-d4.googledomains.com"],"registrar":{"contacts":[{"email":"abuse-complaints@squarespace.com","name":"","phone":"tel:+1.6466935324","roles":["abuse"]}],"iana_id":"895","name":"Squarespace Domains II LLC"},"unclassified_emails":[]},"registrar_request_url":"https://rdap.squarespace.domains/domain/PARKCITIESLINCOLNOFFERS.COM","registry_request_url":"https://rdap.verisign.com/com/v1/domain/parkcitieslincolnoffers.com"}}' +] + NOD_PARSED_INDICATOR_RESPONSE = [ { @@ -33,7 +50,7 @@ "tags": "DomainToolsFeeds,nod", "service": "DomainTools Feeds", "firstseenbysource": "2025-01-13T13:36:58Z", - "sourcebrands": "FeedDomainTools" + "sourcebrands": "FeedDomainTools", }, "rawJSON": { "value": "latrysa.online", @@ -48,7 +65,7 @@ "tags": "DomainToolsFeeds,nod", "service": "DomainTools Feeds", "firstseenbysource": "2025-01-13T13:36:57Z", - "sourcebrands": "FeedDomainTools" + "sourcebrands": "FeedDomainTools", }, "rawJSON": { "value": "solarwinds.com.kz", @@ -63,7 +80,7 @@ "tags": "DomainToolsFeeds,nod", "service": "DomainTools Feeds", "firstseenbysource": "2025-01-13T13:36:56Z", - "sourcebrands": "FeedDomainTools" + "sourcebrands": "FeedDomainTools", }, "rawJSON": { "value": "delradoapartments.info", @@ -78,7 +95,7 @@ "tags": "DomainToolsFeeds,nod", "service": "DomainTools Feeds", "firstseenbysource": "2025-01-13T13:36:56Z", - "sourcebrands": "FeedDomainTools" + "sourcebrands": "FeedDomainTools", }, "rawJSON": { "value": "dcoeds.pro", @@ -93,7 +110,7 @@ "tags": "DomainToolsFeeds,nod", "service": "DomainTools Feeds", "firstseenbysource": "2025-01-13T13:36:56Z", - "sourcebrands": "FeedDomainTools" + "sourcebrands": "FeedDomainTools", }, "rawJSON": { "value": "31xx8052a.cc", @@ -108,7 +125,7 @@ "tags": "DomainToolsFeeds,nod", "service": "DomainTools Feeds", "firstseenbysource": "2025-01-13T13:36:56Z", - "sourcebrands": "FeedDomainTools" + "sourcebrands": "FeedDomainTools", }, "rawJSON": { "value": "397dm.my", @@ -123,7 +140,7 @@ "tags": "DomainToolsFeeds,nod", "service": "DomainTools Feeds", "firstseenbysource": "2025-01-13T13:36:55Z", - "sourcebrands": "FeedDomainTools" + "sourcebrands": "FeedDomainTools", }, "rawJSON": { "value": "256adadw.top", @@ -138,7 +155,7 @@ "tags": "DomainToolsFeeds,nod", "service": "DomainTools Feeds", "firstseenbysource": "2025-01-13T13:36:54Z", - "sourcebrands": "FeedDomainTools" + "sourcebrands": "FeedDomainTools", }, "rawJSON": { "value": "gt-press.com", @@ -153,7 +170,7 @@ "tags": "DomainToolsFeeds,nod", "service": "DomainTools Feeds", "firstseenbysource": "2025-01-13T13:36:53Z", - "sourcebrands": "FeedDomainTools" + "sourcebrands": "FeedDomainTools", }, "rawJSON": { "value": "xtxei61366.outsystemscloud.com", @@ -168,7 +185,7 @@ "tags": "DomainToolsFeeds,nod", "service": "DomainTools Feeds", "firstseenbysource": "2025-01-13T13:36:53Z", - "sourcebrands": "FeedDomainTools" + "sourcebrands": "FeedDomainTools", }, "rawJSON": { "value": "www-ledger-live.cfd", @@ -186,7 +203,7 @@ "tags": "DomainToolsFeeds,nad", "service": "DomainTools Feeds", "firstseenbysource": "2025-01-13T13:37:00Z", - "sourcebrands": "FeedDomainTools" + "sourcebrands": "FeedDomainTools", }, "rawJSON": { "value": "freiberger.com.pl", @@ -201,7 +218,7 @@ "tags": "DomainToolsFeeds,nad", "service": "DomainTools Feeds", "firstseenbysource": "2025-01-13T13:37:00Z", - "sourcebrands": "FeedDomainTools" + "sourcebrands": "FeedDomainTools", }, "rawJSON": { "value": "dreambuilderschannel.info", @@ -216,7 +233,7 @@ "tags": "DomainToolsFeeds,nad", "service": "DomainTools Feeds", "firstseenbysource": "2025-01-13T13:37:00Z", - "sourcebrands": "FeedDomainTools" + "sourcebrands": "FeedDomainTools", }, "rawJSON": { "value": "image163.blogspot.sn", @@ -231,7 +248,7 @@ "tags": "DomainToolsFeeds,nad", "service": "DomainTools Feeds", "firstseenbysource": "2025-01-13T13:37:00Z", - "sourcebrands": "FeedDomainTools" + "sourcebrands": "FeedDomainTools", }, "rawJSON": { "value": "xiaoyintao9.vip", @@ -246,7 +263,7 @@ "tags": "DomainToolsFeeds,nad", "service": "DomainTools Feeds", "firstseenbysource": "2025-01-13T13:37:00Z", - "sourcebrands": "FeedDomainTools" + "sourcebrands": "FeedDomainTools", }, "rawJSON": { "value": "hyperionmaterials.ch", @@ -261,7 +278,7 @@ "tags": "DomainToolsFeeds,nad", "service": "DomainTools Feeds", "firstseenbysource": "2025-01-13T13:37:00Z", - "sourcebrands": "FeedDomainTools" + "sourcebrands": "FeedDomainTools", }, "rawJSON": { "value": "hhjt6.vip", @@ -276,7 +293,7 @@ "tags": "DomainToolsFeeds,nad", "service": "DomainTools Feeds", "firstseenbysource": "2025-01-13T13:37:00Z", - "sourcebrands": "FeedDomainTools" + "sourcebrands": "FeedDomainTools", }, "rawJSON": { "value": "hg2998.vip", @@ -291,7 +308,7 @@ "tags": "DomainToolsFeeds,nad", "service": "DomainTools Feeds", "firstseenbysource": "2025-01-13T13:37:00Z", - "sourcebrands": "FeedDomainTools" + "sourcebrands": "FeedDomainTools", }, "rawJSON": { "value": "lyrixmp3skull.ws", @@ -306,7 +323,7 @@ "tags": "DomainToolsFeeds,nad", "service": "DomainTools Feeds", "firstseenbysource": "2025-01-13T13:37:00Z", - "sourcebrands": "FeedDomainTools" + "sourcebrands": "FeedDomainTools", }, "rawJSON": { "value": "bohicaespresso.shop", @@ -321,7 +338,7 @@ "tags": "DomainToolsFeeds,nad", "service": "DomainTools Feeds", "firstseenbysource": "2025-01-13T13:37:00Z", - "sourcebrands": "FeedDomainTools" + "sourcebrands": "FeedDomainTools", }, "rawJSON": { "value": "vontresesworldofhair.ws", @@ -330,3 +347,256 @@ }, }, ] + + +DOMAINDISCOVERY_PARSED_INDICATOR_RESPONSE = [ + { + "value": "yashh.xin", + "type": "Domain", + "fields": { + "tags": "DomainToolsFeeds,domaindiscovery", + "service": "DomainTools Feeds", + "firstseenbysource": "2025-03-07T17:27:11Z", + "sourcebrands": "FeedDomainTools", + }, + "rawJSON": { + "value": "yashh.xin", + "type": "Domain", + "timestamp": "2025-03-07T17:27:11Z" + }, + }, + { + "value": "joinoramaenergy.com", + "type": "Domain", + "fields": { + "tags": "DomainToolsFeeds,domaindiscovery", + "service": "DomainTools Feeds", + "firstseenbysource": "2025-03-07T17:27:11Z", + "sourcebrands": "FeedDomainTools", + }, + "rawJSON": { + "value": "joinoramaenergy.com", + "type": "Domain", + "timestamp": "2025-03-07T17:27:11Z", + }, + }, + { + "value": "gampolaayurveda.com", + "type": "Domain", + "fields": { + "tags": "DomainToolsFeeds,domaindiscovery", + "service": "DomainTools Feeds", + "firstseenbysource": "2025-03-07T17:27:11Z", + "sourcebrands": "FeedDomainTools", + }, + "rawJSON": { + "value": "gampolaayurveda.com", + "type": "Domain", + "timestamp": "2025-03-07T17:27:11Z", + }, + }, + { + "value": "ladofitness.site", + "type": "Domain", + "fields": { + "tags": "DomainToolsFeeds,domaindiscovery", + "service": "DomainTools Feeds", + "firstseenbysource": "2025-03-07T17:27:11Z", + "sourcebrands": "FeedDomainTools", + }, + "rawJSON": { + "value": "ladofitness.site", + "type": "Domain", + "timestamp": "2025-03-07T17:27:11Z", + }, + }, + { + "value": "html5game.info", + "type": "Domain", + "fields": { + "tags": "DomainToolsFeeds,domaindiscovery", + "service": "DomainTools Feeds", + "firstseenbysource": "2025-03-07T17:27:11Z", + "sourcebrands": "FeedDomainTools", + }, + "rawJSON": { + "value": "html5game.info", + "type": "Domain", + "timestamp": "2025-03-07T17:27:11Z", + }, + }, + { + "value": "sushiwa.id.vn", + "type": "Domain", + "fields": { + "tags": "DomainToolsFeeds,domaindiscovery", + "service": "DomainTools Feeds", + "firstseenbysource": "2025-03-07T17:27:11Z", + "sourcebrands": "FeedDomainTools", + }, + "rawJSON": { + "value": "sushiwa.id.vn", + "type": "Domain", + "timestamp": "2025-03-07T17:27:11Z", + }, + }, + { + "value": "discoversp2i.com", + "type": "Domain", + "fields": { + "tags": "DomainToolsFeeds,domaindiscovery", + "service": "DomainTools Feeds", + "firstseenbysource": "2025-03-07T17:27:11Z", + "sourcebrands": "FeedDomainTools", + }, + "rawJSON": { + "value": "discoversp2i.com", + "type": "Domain", + "timestamp": "2025-03-07T17:27:11Z", + }, + }, + { + "value": "innovu.store", + "type": "Domain", + "fields": { + "tags": "DomainToolsFeeds,domaindiscovery", + "service": "DomainTools Feeds", + "firstseenbysource": "2025-03-07T17:27:11Z", + "sourcebrands": "FeedDomainTools", + }, + "rawJSON": { + "value": "innovu.store", + "type": "Domain", + "timestamp": "2025-03-07T17:27:11Z", + }, + }, + { + "value": "proxstock.com", + "type": "Domain", + "fields": { + "tags": "DomainToolsFeeds,domaindiscovery", + "service": "DomainTools Feeds", + "firstseenbysource": "2025-03-07T17:27:11Z", + "sourcebrands": "FeedDomainTools", + }, + "rawJSON": { + "value": "proxstock.com", + "type": "Domain", + "timestamp": "2025-03-07T17:27:11Z", + }, + }, + { + "value": "analogsundays.store", + "type": "Domain", + "fields": { + "tags": "DomainToolsFeeds,domaindiscovery", + "service": "DomainTools Feeds", + "firstseenbysource": "2025-03-07T17:27:11Z", + "sourcebrands": "FeedDomainTools", + }, + "rawJSON": { + "value": "analogsundays.store", + "type": "Domain", + "timestamp": "2025-03-07T17:27:11Z", + }, + }, +] + + +DOMAINRDAP_PARSED_INDICATOR_RESPONSE = [ + { + "value": "parkcitieslincolnoffers.com", + "type": "Domain", + "fields": { + "tags": "DomainToolsFeeds,domainrdap", + "service": "DomainTools Feeds", + "firstseenbysource": "2025-03-10T16:25:34Z", + "sourcebrands": "FeedDomainTools", + }, + "rawJSON": { + "value": "parkcitieslincolnoffers.com", + "type": "Domain", + "timestamp": "2025-03-10T16:25:34Z", + "parsed_record": { + "parsed_fields": { + "conformance": ["rdap_level_0"], + "contacts": [ + { + "city": "REDACTED FOR PRIVACY", + "country": "US", + "name": "REDACTED FOR PRIVACY", + "org": "TVM", + "postal": "REDACTED FOR PRIVACY", + "region": "VA", + "roles": ["administrative"], + "street": "REDACTED FOR PRIVACY", + }, + { + "city": "REDACTED FOR PRIVACY", + "country": "US", + "name": "REDACTED FOR PRIVACY", + "org": "TVM", + "postal": "REDACTED FOR PRIVACY", + "region": "VA", + "roles": ["registrant"], + "street": "REDACTED FOR PRIVACY", + }, + { + "city": "REDACTED FOR PRIVACY", + "country": "US", + "name": "REDACTED FOR PRIVACY", + "org": "TVM", + "postal": "REDACTED FOR PRIVACY", + "region": "VA", + "roles": ["technical"], + "street": "REDACTED FOR PRIVACY", + }, + ], + "creation_date": "2016-11-03T02:54:47+00:00", + "dnssec": {"signed": False}, + "domain": "parkcitieslincolnoffers.com", + "domain_statuses": [ + "client transfer prohibited", + "client delete prohibited", + ], + "email_domains": ["squarespace.com"], + "emails": ["abuse-complaints@squarespace.com"], + "expiration_date": "2025-11-03T02:54:47+00:00", + "handle": "2071186162_DOMAIN_COM-VRSN", + "last_changed_date": "2024-10-19T06:10:25+00:00", + "links": [ + { + "href": "https://rdap.verisign.com/com/v1/domain/PARKCITIESLINCOLNOFFERS.COM", + "rel": "self", + }, + { + "href": "https://rdap.squarespace.domains/domain/PARKCITIESLINCOLNOFFERS.COM", + "rel": "related", + }, + ], + "nameservers": [ + "ns-cloud-d2.googledomains.com", + "ns-cloud-d3.googledomains.com", + "ns-cloud-d1.googledomains.com", + "ns-cloud-d4.googledomains.com", + ], + "registrar": { + "contacts": [ + { + "email": "abuse-complaints@squarespace.com", + "name": "", + "phone": "tel:+1.6466935324", + "roles": ["abuse"], + } + ], + "iana_id": "895", + "name": "Squarespace Domains II LLC", + }, + "unclassified_emails": [], + }, + "registrar_request_url": "https://rdap.squarespace.domains/domain/PARKCITIESLINCOLNOFFERS.COM", + "registry_request_url": "https://rdap.verisign.com/com/v1/domain/parkcitieslincolnoffers.com", + }, + }, + } +]