ioc_parser icon indicating copy to clipboard operation
ioc_parser copied to clipboard

Published 20 hours ago verified publisher icon armbues

domains/urls with -'s

Open ttufts opened this issue 9 years ago • 1 comments

domains with -'s in the like www.malicious-site.com get split down to just 'site.com' which can result in benign sites being pulled as IOCs.

ttufts avatar Sep 22 '15 15:09 ttufts

I found the cause for this but have no fix yet. Reason for the split domain matches is the \b word boundary in the regex pattern which in Python apparently matches the dash character (it doesn't in other regex implementations).

armbues avatar Sep 29 '15 17:09 armbues