fcti-scam-reports
Fetch scam reports from FCTI
fcti-scam-reports [proxy=PROXY] [duration=NUM{mon|w|d|h|m|s}] [from=yyyyMMddHHmmss] [to=yyyyMMddHHmmss]
- proxy=PROXY
- URL of the proxy server
- duration=NUM{mon|w|d|h|m|s}
- Scan only recent data. You should use s(second), m(minute), h(hour), d(day), mon(month) time unit. For example,
10s
means data from 10 seconds earlier. - from=yyyyMMddHHmmss
- Start time of range. yyyyMMddHHmmss format. If you omit time part, it will be padded by zero.
- to=yyyyMMddHHmmss
- End time of range. yyyyMMddHHmmss format. If you omit time part, it will be padded by zero.
Output Fields
Field | Type | Name | Description |
---|---|---|---|
_time | Date | Time | |
domain | String | Domain | Phishing domain |
ip | IP address | IP | Phishing server |
cidr | Integer | CIDR | e.g. 32 |
country | String | Country code | e.g. TW |
country_name | String | Country name | e.g. Taiwan |
importance | String | Severity | H (High), M (Medium), L (Low) |
organization | String | Organization | |
writer | String | Author | |
confirm_yn | String | Confirm request | e.g. Y, N |
confirm_status | String | Confirm status | |
stix_id | String | Stix ID | |
shared_scope | String | Shared scope | e.g. ALL, FSI, BANK, INVEST, INSURANCE, NONBANK, CUSTOM |